summaryrefslogtreecommitdiffstats
path: root/source4/kdc/kpasswdd.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix commented out code in kpasswd server to use correct functionAndrew Bartlett2014-09-271-1/+1
| | | | | | | | | | The fix in ac2d31e24cfa24f6674b645b3661a1a2ce9ab060 picked the wrong function name. This is meant to be the remote address, not the local one, if we ever have to re-instate this code. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Put password lockout support in samdb_result_passwords()Andrew Bartlett2014-04-021-2/+7
| | | | | | | | | | | | This seems to be the best choke point to check for locked out accounts, as aside from the KDC, all the password authentication and change callers use it. Andrew Bartlett Change-Id: I0f21a79697cb8b08ef639445bd05a896a2c9ee1b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:kdc: make use of gensec_update_ev()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: Improve grammer and clarity of password change failure messages.Andrew Bartlett2012-09-011-4/+3
| | | | | | | This can still be improved further, but avoid mentioning reasons that clearly do not apply in this case. Andrew Bartlett
* s4-kdc: Give information on how long the password history isAndrew Bartlett2012-08-311-1/+2
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+1
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-kdc: don't look at global catalog NCs in the kdcAndrew Tridgell2011-10-041-6/+10
| | | | | | | | the kdc should not be looking for users in GC partial replicas, as these users do not have all of the attributes needed for the KDC to operate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-031-0/+1
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* lib/util/charset rename iconv_convenience to iconv_handleAndrew Bartlett2011-03-251-2/+2
| | | | | | This better reflects what this structure is Andrew Bartlett
* charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell2011-03-241-2/+2
| | | | | | | | | convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-091-5/+5
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4:kdc/*.c - minimise includesMatthias Dieter Wallnöfer2010-12-121-9/+0
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
* s4:kdc/kpasswdd.c - don't return an uninitialised NT_STATUSMatthias Dieter Wallnöfer2010-12-121-2/+1
| | | | Discovered by Tru64 build
* s4:kdc/kpasswdd.c - fix memory leaksMatthias Dieter Wallnöfer2010-12-041-2/+15
|
* s4-kdc Remove use of heimdal private headers in kpasswd server.Andrew Bartlett2010-11-151-16/+3
| | | | | | | This remains an abuse, because it relies on setting into the krb5_principal structure, but at least it causes less trouble for the server. Andrew Bartlett
* s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell2010-11-121-12/+9
| | | | | | | | | | | | when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
* s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell2010-11-121-22/+22
| | | | | | this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell2010-11-121-1/+1
| | | | kdc.h conflicts with a heimdal header name
* Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer2010-10-171-0/+1
| | | | | | | | | | | | in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
* s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer2010-10-171-1/+0
| | | | | | | | | "dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
* s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett2010-10-111-1/+1
| | | | | | | | | | | | | | By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-3/+3
|
* s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2010-08-231-3/+3
| | | | | | | | | struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-181-3/+3
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4:kdc/kpasswdd.c - let the user change his own password with his own rightsMatthias Dieter Wallnöfer2010-08-171-3/+44
| | | | | | | | Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example).
* s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer2010-08-171-1/+1
| | | | password sets
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-2/+2
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc/kpasswdd.c - remove unreachable codeMatthias Dieter Wallnöfer2010-06-261-2/+0
|
* s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer2010-05-101-31/+4
| | | | | | | | Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
* s4:kdc Add support for changing password of a servicePrincipalNameAndrew Bartlett2010-03-251-10/+32
| | | | | | | | Apparently AD supports setting a password on a servicePrincipalName, not just a user principal name. This should fix (part of) the join of OpenSolaris's internal CIFS server to Samba4 as reported by Bug #7273 Andrew Bartlett
* More spelling fixes across source4/Brad Hards2010-02-221-1/+1
| | | | Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
* s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell2010-02-161-1/+1
| | | | This allows for controls to be added easily where they are needed.
* s4:kdc Use better db context structureSimo Sorce2010-01-281-1/+1
| | | | | | | | This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
* s4:cleanups More trailing spaces and tabsSimo Sorce2009-12-231-108/+108
|
* s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.Andreas Schneider2009-12-161-1/+1
|
* s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn.Andreas Schneider2009-12-161-17/+1
|
* s4-kdc: Migrate to tsocket_address.Andreas Schneider2009-12-151-3/+20
|
* s4:kdc: remove unused struct kpasswd_socketStefan Metzmacher2009-11-051-10/+0
| | | | metze
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-1/+1
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer2009-10-081-9/+8
|
* s4:kdc In the kpasswd server, don't use the client address in mk_privAndrew Bartlett2009-09-161-0/+8
| | | | | | | | | | This code eventually calls into mk_priv in the Heimdal code, and if the client is behind NAT, or somehow has an odd idea about it's own network addresses, it will fail to accept this packet if we set an address. It seems easiser not to. (Found by testing with NetAPP at plugfest) Andrew Bartlett
* s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett2009-07-271-3/+9
| | | | | | | | | | | This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
* Use common header file for character set handling in Samba 3 and Samba 4.Jelmer Vernooij2009-03-011-3/+2
|
* s4: Use same function signature for convert_* as s3.Jelmer Vernooij2009-03-011-8/+5
|
* Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij2009-03-011-2/+2
| | | | consistency with Samba 3.
* Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett2009-02-131-9/+10
| | | | | | | | | | | When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
* s4:lib/tevent: rename structsStefan Metzmacher2008-12-291-1/+1
| | | | | | | | | | | | | | | | | | | | list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
* Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij2008-11-021-1/+3
| | | | should in the future only contain some settings required for gensec.
* Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij2008-10-241-2/+2
| | | | make them wrappers around convert_string{,talloc}_convenience().
* Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij2008-10-241-1/+1
| | | | functions.
generated by cgit (git 2.34.1) at 2025-09-27 11:31:00 +0000