summaryrefslogtreecommitdiff
path: root/source4/kdc/wdc-samba4.c
Commit message (Collapse)AuthorAgeFilesLines
* krb5_wrap: Rename krb5_copy_data_contents()Andreas Schneider2016-08-311-3/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_free_data_contents()Andreas Schneider2016-08-311-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: provide a PAC_UPN_DNS_INFO element for logonsStefan Metzmacher2016-07-221-3/+34
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logonsStefan Metzmacher2016-07-221-3/+37
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: correctly update the PAC in samba_wdc_reget_pac()Stefan Metzmacher2016-07-221-4/+213
| | | | | | | | | We need to keep unknown PAC elements and just copy them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: hook into heimdal's windc.pac_pk_generate hookStefan Metzmacher2016-07-221-2/+16
| | | | | | | | | | | This allows PAC_CRENDENTIAL_INFO to be added to the PAC when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains an encrypted PAC_CRENDENTIAL_DATA. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-kdc/wdc-samba4: add a copy of samba_kdc_build_edata_reply for Heimdal.Günther Deschner2015-07-211-0/+41
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db().Günther Deschner2015-03-271-1/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob().Günther Deschner2015-03-271-3/+14
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().Günther Deschner2015-03-271-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:kdc/wdc-samba4.c - fix user logins on specific workstationsMatthias Dieter Wallnöfer2012-08-141-4/+5
| | | | | | | | The decrement operation has been missing. Problem found by Mohammad Ebrahim Abravi <lamp.mia@gmail.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-kdc Do the KDC PAC checksum validation in the Samba pluginAndrew Bartlett2012-01-121-2/+34
| | | | | | | Here we can fetch the right key, and check if the PAC is likely to be signed by a key that we know. We cannot check the KDC signature on incoming trusts. Andrew Bartlett
* s4:kdc: generate the S4U_DELEGATION_INFO in the regenerated pacStefan Metzmacher2011-06-281-3/+26
| | | | metze
* s4:kdc: use KRB5_WINDC_PLUGIN_MINOR define instead of KRB5_WINDC_PLUGING_MINORStefan Metzmacher2011-06-281-1/+1
| | | | metze
* s4:kdc/*.c - minimise includesMatthias Dieter Wallnöfer2010-12-121-3/+0
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
* s4-kdc Don't regenerate the PAC for cross-realm ticketsAndrew Bartlett2010-11-151-0/+3
| | | | | | | | | | | We should never get a cross-realm ticket that was not issued by a full DC, but if someone claims to have such a thing, reject it rather than segfaulting on the NULL client pointer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 23:59:34 UTC 2010 on sn-devel-104
* s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell2010-11-121-1/+1
| | | | kdc.h conflicts with a heimdal header name
* s4-kdc Handle the case where we may be given a ticket from an RODC in db layerAndrew Bartlett2010-09-291-15/+27
| | | | | | | | This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett
* s3: Remove use of iconv_convenience.Jelmer Vernooij2010-05-181-1/+0
|
* s4:kdc/wdc-samba4.c - fix integer counter typesMatthias Dieter Wallnöfer2010-04-121-1/+2
|
* Various source4 spelling fixes.Brad Hards2010-02-221-1/+1
| | | | Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
* s4:kdc Streamline client access verification callSimo Sorce2010-01-311-66/+65
| | | | Move the core to pac-glue so that other plugins can use it.
* s4:kdc Fix netbios name retrievalSimo Sorce2010-01-311-2/+2
| | | | The code was looping but always checking only the first address.
* s4:kdc Use a clearer name for the samba kdc entrySimo Sorce2010-01-281-5/+5
| | | | | | Renames hdb_samba4_private to samba_kdc_entry Streamlines members of the entry and the kdc db contextto avoid unnecessary duplication.
* s4:windc move windc plugin in its own fileSimo Sorce2010-01-271-0/+212
Keep all heimdal related plugin code within wdc-samba4.c Leave only interfaces common to multiple plugins in pac-glue.c
View Lorry Controller Status