summaryrefslogtreecommitdiff
path: root/source3/include/ads.h
AgeCommit message (Collapse)AuthorFilesLines
2011-05-06s3-includes: no need to globally include libads/ads_status.h.Günther Deschner1-0/+1
Guenther
2011-03-16s3-build: stop including ldap and lber headers everywhere in the code.Günther Deschner1-0/+2
Instead use new header smb_ldap.h where all LDAP API related things are handled, while smbldap.h only deals with our smbldap_X() API. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Mar 16 10:54:51 CET 2011 on sn-devel-104
2010-09-07s3/libads: use monotonic clock for ldap connection timeoutsBjörn Jacke1-1/+1
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-1/+7
Guenther
2010-07-01s3-libads: move ldap posix schema defines to their own header file.Günther Deschner1-48/+0
Guenther
2010-07-01s3-libads: move spnego defines to their appropriate header file.Günther Deschner1-6/+0
Guenther
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-2/+0
Guenther
2010-07-01s3-libads: move keytab macros out of ads.h.Günther Deschner1-18/+0
Guenther
2010-07-01s3-libads: move ads_status to a separate header file.Günther Deschner1-33/+0
Guenther
2010-07-01s3-libads: use shared well known guids.Günther Deschner1-3/+0
Guenther
2010-07-01s3-libads: move KRB5_ENV_CCNAME to separate header krb5_env.h.Günther Deschner1-3/+0
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-53/+18
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-10-02s3-ads: removed 3 unused definesAndrew Tridgell1-3/+0
These are in nbt.idl and netlogon.idl as well, no need to have them here under different names, especially when the comments are wrong
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+6
Guenther
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-125/+2
Guenther
2009-04-20Move gpo_sec to top-level.Jelmer Vernooij1-2/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2009-02-06s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner1-6/+0
Guenther
2008-12-13s3: correctly detect if the current dc is the closest oneStefan Metzmacher1-1/+0
ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
2008-09-16* Allow an admin to define the "uid" attribute for a RFC2307Gerald (Jerry) Carter1-0/+5
user object in AD to be the username alias. For example: $ net ads search "(uid=coffeedude)" distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org sAMAccountName: gcarter memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org uid: coffeedude uidNumber: 10000 gidNumber: 10000 unixHomeDirectory: /home/gcarter loginShell: /bin/bash $ ssh coffeedude@192.168.56.91 Password: coffeedude@orville:~$ id uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers) $ getent passwd PINK\\gcarter coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent passwd coffeedude coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent group PINK\\Unixusers PINK\unixusers:x:10000:coffeedude
2008-08-29kerberos: fix HAVE_KRB5 related build issue.Günther Deschner1-3/+4
Guenther (This used to be commit 7d7ba8397743af52a74d00fd717bdeb5e3e12a28)
2008-08-29kerberos: add KRB5_KT_KEY abstraction macro.Günther Deschner1-1/+9
Guenther (This used to be commit be846d5383ef31136cca6b11eb6181736fb2e29d)
2008-08-29kerberos: move the KRB5_KEY* macros to header file.Günther Deschner1-0/+12
Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
2008-06-27libads: Add API call to connect to a global catalog server.Gerald W. Carter1-1/+3
Extends ads_connect() to a new call ads_connect_gc() which connects on port 3268 rather than port 389. Also makes ads_try_connect() static and only used internally to ldap.c (This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
2008-06-24libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.Günther Deschner1-8/+9
Guenther (This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
2008-02-28Remove DomainControllerAddressType which we now have in IDL.Günther Deschner1-5/+0
Guenther (This used to be commit 0a012c12d643e627ea1bad2a2ad6214f78918fa7)
2008-01-29Move DS_DOMAIN_FUNCTION defines to ads.h.Günther Deschner1-0/+7
Guenther (This used to be commit 2605c6758ebb2f53c0c91f99d766e3db548e07ce)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-1/+1
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-10r24804: As a temporary workaround, also try to guess the server's principal ↵Günther Deschner1-0/+2
in the "not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds succeed with windows server 2008. Guenther (This used to be commit f5b3de4d3069eaa750240e3422bac5cb169b6c0a)
2007-10-10r24131: - make it more clear what the different min and max fields meanStefan Metzmacher1-4/+5
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation is independed from the req_flags and ret_flags - verify the server supports the wrapping type we want - better handling on negotiated buffer sizes metze (This used to be commit d0ec7323870ca16b28d458ff5f7dacce278b7d54)
2007-10-10r24039: remove unused global variable...Stefan Metzmacher1-1/+1
metze (This used to be commit 05fce8815f2f08f71522ba326224185dcecd62ae)
2007-10-10r23946: add support for NTLMSSP sign and sealStefan Metzmacher1-1/+1
NOTE: windows servers are broken with sign only... metze (This used to be commit 408bb2e6e2171196a2bd314db181d9b124e931a1)
2007-10-10r23945: add infrastructure to select plain, sign or seal LDAP connectionStefan Metzmacher1-1/+12
metze (This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)
2007-10-10r23926: implement output buffer handling for the SASL write wrapperStefan Metzmacher1-2/+2
metze (This used to be commit 65ce6fa21adec704b3cde30c57001e5620f048e4)
2007-10-10r23922: implement input buffer handling for the SASL read wrapperStefan Metzmacher1-15/+46
metze (This used to be commit 7d8518ebd9470062b499b7074a940e14520e99f2)
2007-10-10r23898: rename HAVE_ADS_SASL_WRAPPING -> HAVE_LDAP_SASL_WRAPPINGStefan Metzmacher1-3/+3
metze (This used to be commit 873eaff8febb50f00f9dac64c57b2a22c16f4f9b)
2007-10-10r23896: hopefully fix the build on most systemsStefan Metzmacher1-1/+1
metze (This used to be commit d5512da62a6ae38321709611b04f419cc6c3b190)
2007-10-10r23893: add dummy callbacks for LDAP SASL wrapping,Stefan Metzmacher1-4/+6
they're not used yet... metze (This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965)
2007-10-10r23888: move elements belonging to the current ldap connection to aStefan Metzmacher1-10/+13
substructure. metze (This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
2007-10-10r23838: Allow to store schema and config path in ADS_STRUCT config.Günther Deschner1-0/+2
Guenther (This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
2007-10-10r23826: Fix gpo security filtering by matching the security descriptor ace's ↵Günther Deschner1-0/+3
for the extended apply group policy right. Guenther (This used to be commit d832014a6fef657f484412372b5d09047552b183)
2007-10-10r23766: Add GTYPE_SECURITY_UNIVERSAL_GROUP define.Günther Deschner1-0/+5
Guenther (This used to be commit 964acb2716e230172e716d8d24ee2f888930130d)
2007-10-10r23607: Add legacy support for Services for Unix (SFU) 2.0.Günther Deschner1-4/+12
Guenther (This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
2007-10-10r23128: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit 52fdbbda53df79461322b9d21aba998f19181df8)
2007-10-10r22841: Add comment to endif statement.Lars Müller1-1/+1
(This used to be commit 1351207626ee0f99aef93326ef96bf69651bf472)
2007-10-10r22797: We are only interested in the DACL of the security descriptor, so ↵Günther Deschner1-0/+1
search with the SD_FLAGS control. Guenther (This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
2007-10-10r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the ↵Günther Deschner1-0/+6
NTSTATUS codes directly out of the krb5_error edata. Guenther (This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
2007-10-10r21240: Fix longstanding Bug #4009.Günther Deschner1-1/+2
For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther (This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter1-10/+11
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison1-0/+1
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.Volker Lendecke1-0/+4
Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker (This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)