summaryrefslogtreecommitdiffstats
path: root/source4/kdc/kdc.c
Commit message (Collapse)AuthorAgeFilesLines
* lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2012-06-151-1/+5
| | | | | | | | | | | | | | | controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
* Make krb5 context initialization not heimdal specificSimo Sorce2012-04-231-1/+1
| | | | | Turn the logging data to an opaque pointer. Ifdef code and use MIT logging function when built against system MIT.
* s4-kdc Do the KDC PAC checksum validation in the Samba pluginAndrew Bartlett2012-01-121-26/+3
| | | | | | | Here we can fetch the right key, and check if the PAC is likely to be signed by a key that we know. We cannot check the KDC signature on incoming trusts. Andrew Bartlett
* s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATEAndrew Bartlett2012-01-121-1/+1
|
* s4-kdc: Add hdb plugin for samba4, to allow kadmin to workAndrew Bartlett2011-11-301-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will help users who are used to the kadmin interface, and could be extended to import existing MIT or Heimdal keys into a Samba4 AD domain. To use, add to your krb5.conf [kdc] database = { dbname = samba4: } or [kdc] database = { dbname = samba4:/usr/local/samba/etc/smb.conf } And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
* s4:kdc: restore the behavior before the last heimdal importStefan Metzmacher2011-07-201-8/+16
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
* s4:kdc: set *_strongest_*_key to true to restore the old behaviorStefan Metzmacher2011-07-151-0/+13
| | | | | | | | | TODO: check why this is needed. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
* libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett2011-06-201-2/+2
| | | | | | | | | | | | The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
* s4-ipv6: update callers to load_interface_list()Andrew Tridgell2011-06-061-1/+1
|
* s4-ipv6: use iface_list_wildcard() to listen on IPv6Andrew Tridgell2011-06-061-12/+17
| | | | | when we need to listen on a wildcard address, we now listen on a list of sockets, usually 0.0.0.0 and ::
* s4-interfaces Rename interfaces code so not to conflict with source3/Andrew Bartlett2011-05-081-4/+4
| | | | | | | | | The iface_count, iface_n_bcast, and load_interfaces functions conflicted with functions of the same name in source3, so the source4 functions were renamed. Hopefully we can actually wrap one around the other in future. Andrew Bartlett
* source4/kdc: Fix prototypes for all functions.Jelmer Vernooij2011-03-191-0/+2
|
* s4:kdc: split the kdc_tcp_proxy() logic from the main kdc logicStefan Metzmacher2011-03-041-4/+123
| | | | | | | | | | | By having kdc_tcp_proxy_send/recv(), which just asks any writeable dc for a reponse blob, we simplify the interaction between client-local and local-writeable sockets. This allows us to make kdc_socket, kdc_process_fn_t, kdc_tcp_call and kdc_tcp_socket private to kdc.c again. metze
* s4:kdc: split the kdc_udp_proxy() logic from the main kdc logicStefan Metzmacher2011-03-041-2/+66
| | | | | | | | | | | By having kdc_udp_proxy_send/recv(), which just asks any writeable dc for a reponse blob, we simplify the interaction between client-local and local-writeable sockets. This allows us to make kdc_udp_call and kdc_udp_socket private to kdc.c again. metze
* s4:kdc: add a kdc_proxy_unavailable_error() helper functionStefan Metzmacher2011-03-041-0/+24
| | | | metze
* s4:kdc/*.c - minimise includesMatthias Dieter Wallnöfer2010-12-121-10/+1
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
* s4:heimdal: import lorikeet-heimdal-201012010201 (commit ↵Andrew Bartlett2010-12-011-5/+6
| | | | 81fe27bcc0148d410ca4617f8759b9df1a5e935c)
* s4-kdc update startup routines after heimdal updateAndrew Bartlett2010-11-151-1/+13
| | | | | | | We should check the errors from krb5_kdc_windc_init and we now need to additionally run krb5_kdc_pkinit_config() Andrew Bartlett
* s4-kdc: if "bind interfaces only" is false, then also listen on wildcardAndrew Tridgell2010-11-151-20/+44
| | | | | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
* s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell2010-11-121-53/+53
| | | | | | | | | | | | when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
* s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell2010-11-121-24/+24
| | | | | | this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell2010-11-121-1/+1
| | | | kdc.h conflicts with a heimdal header name
* s4-smbd: don't initialise process models more than onceAndrew Tridgell2010-10-301-1/+1
| | | | | | | | | this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc Fix up after import of new lorikeet-heimdalAndrew Bartlett2010-10-031-2/+1
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
* s4-kdc Handle the case where we may be given a ticket from an RODC in db layerAndrew Bartlett2010-09-291-0/+1
| | | | | | | | This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-7/+7
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 ccMatthias Dieter Wallnöfer2010-06-261-2/+2
|
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-181-3/+1
|
* s4-kdc: Fixed the memory context of tstream_bsd_existing()Andreas Schneider2010-02-261-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:kdc remove dead code and commentsSimo Sorce2010-01-281-5/+0
|
* s4:kdc move db functions in their own fileSimo Sorce2010-01-281-0/+1
| | | | | | | | | | Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
* s4:kdc Use better db context structureSimo Sorce2010-01-281-12/+12
| | | | | | | | This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
* s4:windc move windc plugin in its own fileSimo Sorce2010-01-271-0/+1
| | | | | Keep all heimdal related plugin code within wdc-samba4.c Leave only interfaces common to multiple plugins in pac-glue.c
* Fix comment/debug messagesSimo Sorce2010-01-111-4/+4
|
* s4-kdc: Migrate tcp connections to tsocket.Andreas Schneider2010-01-081-89/+188
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:kdc: the ->process function returns "bool"Stefan Metzmacher2010-01-081-9/+9
| | | | metze
* s4:kdc: use the remote and local address from the stream_connection structStefan Metzmacher2009-12-241-41/+2
| | | | metze
* s4:cleanups More trailing spaces and tabsSimo Sorce2009-12-231-45/+45
|
* s4:kdc: setup the local and remote tsocket_address at accept timeStefan Metzmacher2009-12-191-44/+49
| | | | metze
* s4:kdc: convert UDP based communication to tdgram_contextStefan Metzmacher2009-12-191-176/+136
| | | | metze
* s4-kdc: Migrate to tsocket_address.Andreas Schneider2009-12-151-12/+57
|
* s4:kdc - Merged kdc_tcp_accept() and kpasswdd_tcp_accept().Endi S. Dewata2009-12-011-26/+6
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc - Merged kdc_add_kdc_socket() and kdc_add_kpasswd_socket().Endi S. Dewata2009-12-011-75/+27
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc - Disable KDC port when it's set to 0.Endi S. Dewata2009-12-011-42/+63
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer2009-10-141-1/+1
| | | | | | For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
* s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell2009-09-181-14/+14
| | | | | | When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
* s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2009-07-281-9/+0
| | | | | | | | | | | | It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
* s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett2009-07-271-5/+10
| | | | | | | | | | | This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
* s4:kdc Tidy up hdb_samba4 some moreAndrew Bartlett2009-07-271-19/+11
| | | | | | | | | This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett2009-06-121-2/+4
| | | | | | | | | | | 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-09-29 15:35:14 +0000