oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
24,976 Commits 2 Branches 2 Tags
cad74796e5d078210e667dd919f04df1c4df8db5
Commit Graph

540 Commits

Author SHA1 Message Date
Love Hornquist Astrand
5813b0a4dd default master key version is 1 2009-11-22 12:53:56 -08:00
Love Hornquist Astrand
df69397c4a add hdb-mitdb.c 2009-11-22 12:53:16 -08:00
Love Hornquist Astrand
89b14e91c2 backend to read the MIT Kerberos databse file directly 2009-11-22 12:52:57 -08:00
Love Hornquist Astrand
7b42f760b8 add _hdb_keytab2hdb_entry 2009-11-22 12:52:08 -08:00
Love Hornquist Astrand
daa2048fd8 simplify? 2009-11-22 12:51:52 -08:00
Love Hornquist Astrand
4dc9ccf0cb add new database backends 2009-11-22 12:49:13 -08:00
Love Hornquist Astrand
570414c12c add hdb-keytab.c 2009-11-22 12:35:26 -08:00
Love Hornquist Astrand
a059382f79 why a large database, lets run the hdb out of the keytab 2009-11-22 12:34:40 -08:00
Love Hornquist Astrand
70835f3119 add hdb_get_realms 2009-11-22 06:34:29 -08:00
Love Hornquist Astrand
0510f7e0cd add more depencies 2009-11-21 23:14:20 -08:00
Love Hornquist Astrand
8ec686805b expose decode_Key 2009-11-17 13:10:04 -08:00
Love Hornquist Astrand
069acd2188 sort 2009-11-17 13:09:12 -08:00
Love Hornquist Astrand
610737fe90 don't shadow variables, from Matthias Wallnöfer 2009-10-21 20:23:19 -07:00
Andrew Bartlett
6243038c9f s4:heimdal A real fix for bug 6801 
The issue was that we would free the entry after the database, not
knowing that the entry was a talloc child of the database.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-10-13 21:44:22 -07:00
Love Hornquist Astrand
39a751d6fb expose hdb_interface_version 2009-10-13 09:35:39 -07:00
Love Hornquist Astrand
d36402a671 Don't assume ldap_bv2escaped_filter_value() is exported 2009-10-11 11:17:56 -07:00
Love Hornquist Astrand
ff87429593 Make LDAP code fetch less attributes from LDAP server when KDC is asking 
Johan Gadsjö did a awesome analysis of the LDAP access pattens
and sent us a patch that reduced the calls the ldap server by 4
times as many. The patch was adopted and change to avoid compile
time depencies and make the determination runtime instead. Thanks!
 2009-10-03 13:20:41 -07:00
Love Hornquist Astrand
3d7488398a abstract out depenecy tracking for tools 2009-09-16 05:40:55 -07:00
Love Hornquist Astrand
dc4e8669ea Abstract out asn1_compile and slc 2009-09-16 00:12:13 -07:00
Love Hornquist Astrand
8e8c155c50 Make example sane and make LDAP style backends work (slight better) 
Fix the format example, parse the string backward to take of the
master key before passing the database name down into the HDB backend
layer.
 2009-09-12 17:26:10 -07:00
Love Hornquist Astrand
36ea29599d there is no database 2009-09-12 16:48:51 -07:00
Love Hornquist Astrand
df00111aaf Don't try to print NULL, solaris printf wont have it 
Reported in [HEIMDAL-635] by John Center
 2009-09-03 09:16:37 -07:00
Love Hornquist Astrand
929559ab2c Switch to using krb5_config_get_list() instead of krb5_config_get() 2009-08-19 04:02:25 -07:00
Love Hornquist Astrand
c8175f83a3 drop __FUNCTION__ 2009-08-15 05:57:07 +02:00
Love Hornquist Astrand
0a92381e98 clean better 2009-08-06 10:19:28 +02:00
Andrew Bartlett
f8c121b282 Add support for user principal names in certificates [HEIMDAL-602] 
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
 2009-08-04 09:34:58 +02:00
Love Hornquist Astrand
e6c2a70678 Indent some more 2009-08-03 12:10:07 +02:00
Love Hornquist Astrand
b2129c0751 Indent the patch from Andrew and make it compile again 2009-08-03 10:54:44 +02:00
Love Hornquist Astrand
ada7c73176 Indent the patch from Andrew and make it compile again 2009-08-03 10:50:50 +02:00
Love Hornquist Astrand
788480d28a heimdal Extend the 'hdb as a keytab' code [HEIMDAL-600] 
This extends the hdb_keytab code to allow enumeration of all the keys.

The plan is to allow ktutil's copy command to copy from Samba4's
hdb_samba4 into a file-based keytab used in wireshark.

From Andrew Bartlett
 2009-08-03 10:43:22 +02:00
Love Hornquist Astrand
311ce98d85 (hdb_sqlite_rename): make rename work when there is a prefix 2009-07-19 18:42:02 -07:00
Love Hornquist Astrand
bd073cfd72 Limit maxinum retries of BUSY/BLOCK/LOCKED operations to MAX_RETRIES (default 10) 2009-07-19 18:01:51 -07:00
Love Hornquist Astrand
82150be255 allow loading sqlite 2009-07-19 17:58:53 -07:00
Love Hörnquist Åstrand
6a24e13678 Use hdb_get_dbinfo() to find the realms. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25326 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:17:30 +00:00
Love Hörnquist Åstrand
d3f16452e0 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25320 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:20:10 +00:00
Love Hörnquist Åstrand
5a9dd54e95 drop RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:09:16 +00:00
Love Hörnquist Åstrand
6aa38c372c Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25318 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:09:04 +00:00
Love Hörnquist Åstrand
ef92d8485a Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25317 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:48 +00:00
Love Hörnquist Åstrand
a18db94691 Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:36 +00:00
Love Hörnquist Åstrand
af77ace518 Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25315 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:26 +00:00
Love Hörnquist Åstrand
48a0f6d995 reset iteration query before continuing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25314 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:15 +00:00
Love Hörnquist Åstrand
e02d83174c set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25313 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:05 +00:00
Love Hörnquist Åstrand
4ff6ed4652 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25312 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:52 +00:00
Love Hörnquist Åstrand
54b5beeb98 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25311 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:41 +00:00
Love Hörnquist Åstrand
4beac004a1 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25310 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:30 +00:00
Love Hörnquist Åstrand
45ef83f6fd add hdb_check_constrained_delegation 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25302 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:25 +00:00
Love Hörnquist Åstrand
5c104ef172 add ->hdb_password and ->hdb_auth_status 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25298 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:25:29 +00:00
Love Hörnquist Åstrand
f65f1f26ef add HDBFlags: locked-out 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25297 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:25:01 +00:00
Love Hörnquist Åstrand
a28a9a1b30 comment about hdb_capability_flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25296 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:24:48 +00:00
Love Hörnquist Åstrand
ba04bad361 From Andrew Bartlet via heimdal-bugs@h5l.org 
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups

    The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
    list user principal name) in an AS-REQ.  Evidence from the wild
    (Win2k8 reportadely) indicates that this is instead valid for all
    types of requests.

    While this is now handled in heimdal/kdc/misc.c, a flag is now defined
    in Heimdal's hdb so that we can take over this handling in future (once we start
    using a system Heimdal, and if we find out there is more to be done
    here).

    Andrew

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25293 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:35 +00:00