svn commit: samba r12599 - in branches/SAMBA_4_0/source: auth dsdb/samdb dsdb/samdb/ldb_modules kdc lib/ldb/common rpc_server/netlogon rpc_server/samr setup

abartlet at samba.org abartlet at samba.org
Fri Dec 30 08:40:19 GMT 2005


Author: abartlet
Date: 2005-12-30 08:40:16 +0000 (Fri, 30 Dec 2005)
New Revision: 12599

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12599

Log:
This new LDB module (and associated changes) allows Samba4 to operate
using pre-calculated passwords for all kerberos key types.  
(Previously we could only use these for the NT# type).  

The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code.  We also update the msDS-KeyVersionNumber, and the password
history.  This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.

By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic.  (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB.  This simplfies the KDC code.).

It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.  


Added:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
Modified:
   branches/SAMBA_4_0/source/auth/auth_sam.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk
   branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c
   branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
   branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
   branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
   branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c
   branches/SAMBA_4_0/source/setup/provision_init.ldif


Changeset:
Sorry, the patch is too large (1372 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12599


More information about the samba-cvs mailing list