summaryrefslogtreecommitdiffstats
path: root/source4/kdc/kpasswdd.c
Commit message (Collapse)AuthorAgeFilesLines
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-031-0/+1
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* lib/util/charset rename iconv_convenience to iconv_handleAndrew Bartlett2011-03-251-2/+2
| | | | | | This better reflects what this structure is Andrew Bartlett
* charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell2011-03-241-2/+2
| | | | | | | | | convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-091-5/+5
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4:kdc/*.c - minimise includesMatthias Dieter Wallnöfer2010-12-121-9/+0
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
* s4:kdc/kpasswdd.c - don't return an uninitialised NT_STATUSMatthias Dieter Wallnöfer2010-12-121-2/+1
| | | | Discovered by Tru64 build
* s4:kdc/kpasswdd.c - fix memory leaksMatthias Dieter Wallnöfer2010-12-041-2/+15
|
* s4-kdc Remove use of heimdal private headers in kpasswd server.Andrew Bartlett2010-11-151-16/+3
| | | | | | | This remains an abuse, because it relies on setting into the krb5_principal structure, but at least it causes less trouble for the server. Andrew Bartlett
* s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell2010-11-121-12/+9
| | | | | | | | | | | | when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
* s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell2010-11-121-22/+22
| | | | | | this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell2010-11-121-1/+1
| | | | kdc.h conflicts with a heimdal header name
* Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer2010-10-171-0/+1
| | | | | | | | | | | | in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
* s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer2010-10-171-1/+0
| | | | | | | | | "dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
* s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett2010-10-111-1/+1
| | | | | | | | | | | | | | By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-3/+3
|
* s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2010-08-231-3/+3
| | | | | | | | | struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-181-3/+3
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4:kdc/kpasswdd.c - let the user change his own password with his own rightsMatthias Dieter Wallnöfer2010-08-171-3/+44
| | | | | | | | Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example).
* s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer2010-08-171-1/+1
| | | | password sets
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-2/+2
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc/kpasswdd.c - remove unreachable codeMatthias Dieter Wallnöfer2010-06-261-2/+0
|
* s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer2010-05-101-31/+4
| | | | | | | | Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
* s4:kdc Add support for changing password of a servicePrincipalNameAndrew Bartlett2010-03-251-10/+32
| | | | | | | | Apparently AD supports setting a password on a servicePrincipalName, not just a user principal name. This should fix (part of) the join of OpenSolaris's internal CIFS server to Samba4 as reported by Bug #7273 Andrew Bartlett
* More spelling fixes across source4/Brad Hards2010-02-221-1/+1
| | | | Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
* s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell2010-02-161-1/+1
| | | | This allows for controls to be added easily where they are needed.
* s4:kdc Use better db context structureSimo Sorce2010-01-281-1/+1
| | | | | | | | This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
* s4:cleanups More trailing spaces and tabsSimo Sorce2009-12-231-108/+108
|
* s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.Andreas Schneider2009-12-161-1/+1
|
* s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn.Andreas Schneider2009-12-161-17/+1
|
* s4-kdc: Migrate to tsocket_address.Andreas Schneider2009-12-151-3/+20
|
* s4:kdc: remove unused struct kpasswd_socketStefan Metzmacher2009-11-051-10/+0
| | | | metze
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-1/+1
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer2009-10-081-9/+8
|
* s4:kdc In the kpasswd server, don't use the client address in mk_privAndrew Bartlett2009-09-161-0/+8
| | | | | | | | | | This code eventually calls into mk_priv in the Heimdal code, and if the client is behind NAT, or somehow has an odd idea about it's own network addresses, it will fail to accept this packet if we set an address. It seems easiser not to. (Found by testing with NetAPP at plugfest) Andrew Bartlett
* s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett2009-07-271-3/+9
| | | | | | | | | | | This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
* Use common header file for character set handling in Samba 3 and Samba 4.Jelmer Vernooij2009-03-011-3/+2
|
* s4: Use same function signature for convert_* as s3.Jelmer Vernooij2009-03-011-8/+5
|
* Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij2009-03-011-2/+2
| | | | consistency with Samba 3.
* Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett2009-02-131-9/+10
| | | | | | | | | | | When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
* s4:lib/tevent: rename structsStefan Metzmacher2008-12-291-1/+1
| | | | | | | | | | | | | | | | | | | | list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
* Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij2008-11-021-1/+3
| | | | should in the future only contain some settings required for gensec.
* Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij2008-10-241-2/+2
| | | | make them wrappers around convert_string{,talloc}_convenience().
* Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij2008-10-241-1/+1
| | | | functions.
* Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett2008-10-161-11/+26
| | | | | | | | | | | | | | | | | | | | | This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
* Fix include paths to new location of libutil.Jelmer Vernooij2008-10-111-1/+1
|
* kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.hStefan Metzmacher2008-08-261-2/+1
| | | | | metze (This used to be commit 65057f17b0d9e83f1b775afdeb7ea91ce0e52cd1)
* libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headersStefan Metzmacher2008-08-011-2/+11
| | | | | metze (This used to be commit cffed8e19e22a1fa7b7a322b153df5d54e4c3be2)
* kdc: use mostly only public kerberos headersStefan Metzmacher2008-08-011-2/+4
| | | | | | | | We shoule avoid using the private heimdal function _krb5_principalname2krb5_principal() metze (This used to be commit 10db07c69addce6e90851fb55738d5f9e142946b)
* kdc: we don't need any *_locl.h header from heimdal in the kdcStefan Metzmacher2008-06-041-1/+1
| | | | | metze (This used to be commit feca16dd6d03730b4a67adf5d912ba2d5e1a3025)
* Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij2008-04-171-2/+2
| | | | (This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
generated by cgit (git 2.34.1) at 2025-08-28 13:27:35 +0000