summaryrefslogtreecommitdiff
path: root/source3/include/ads.h
AgeCommit message (Collapse)AuthorFilesLines
2012-09-12Avoid overriding default ccache for ads operations.Simo Sorce1-0/+1
Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
2012-07-24lib/param: Move all enum declarations to lib/paramAndrew Bartlett1-11/+0
This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-05-26s3-libads: Use a reducing page size to try and cope with a slow LDAP serverAndrew Bartlett1-0/+1
If we cannot get 1000 users downloaded in 15seconds, try with 500, 250 and then 125 users at a time. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2011-09-13s3: Fix some nonempty blank linesVolker Lendecke1-1/+1
2011-05-06s3-includes: no need to globally include libads/ads_status.h.Günther Deschner1-0/+1
Guenther
2011-03-16s3-build: stop including ldap and lber headers everywhere in the code.Günther Deschner1-0/+2
Instead use new header smb_ldap.h where all LDAP API related things are handled, while smbldap.h only deals with our smbldap_X() API. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Mar 16 10:54:51 CET 2011 on sn-devel-104
2010-09-07s3/libads: use monotonic clock for ldap connection timeoutsBjörn Jacke1-1/+1
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-1/+7
Guenther
2010-07-01s3-libads: move ldap posix schema defines to their own header file.Günther Deschner1-48/+0
Guenther
2010-07-01s3-libads: move spnego defines to their appropriate header file.Günther Deschner1-6/+0
Guenther
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-2/+0
Guenther
2010-07-01s3-libads: move keytab macros out of ads.h.Günther Deschner1-18/+0
Guenther
2010-07-01s3-libads: move ads_status to a separate header file.Günther Deschner1-33/+0
Guenther
2010-07-01s3-libads: use shared well known guids.Günther Deschner1-3/+0
Guenther
2010-07-01s3-libads: move KRB5_ENV_CCNAME to separate header krb5_env.h.Günther Deschner1-3/+0
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-53/+18
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-10-02s3-ads: removed 3 unused definesAndrew Tridgell1-3/+0
These are in nbt.idl and netlogon.idl as well, no need to have them here under different names, especially when the comments are wrong
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+6
Guenther
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-125/+2
Guenther
2009-04-20Move gpo_sec to top-level.Jelmer Vernooij1-2/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2009-02-06s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner1-6/+0
Guenther
2008-12-13s3: correctly detect if the current dc is the closest oneStefan Metzmacher1-1/+0
ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
2008-09-16* Allow an admin to define the "uid" attribute for a RFC2307Gerald (Jerry) Carter1-0/+5
user object in AD to be the username alias. For example: $ net ads search "(uid=coffeedude)" distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org sAMAccountName: gcarter memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org uid: coffeedude uidNumber: 10000 gidNumber: 10000 unixHomeDirectory: /home/gcarter loginShell: /bin/bash $ ssh coffeedude@192.168.56.91 Password: coffeedude@orville:~$ id uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers) $ getent passwd PINK\\gcarter coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent passwd coffeedude coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent group PINK\\Unixusers PINK\unixusers:x:10000:coffeedude
2008-08-29kerberos: fix HAVE_KRB5 related build issue.Günther Deschner1-3/+4
Guenther (This used to be commit 7d7ba8397743af52a74d00fd717bdeb5e3e12a28)
2008-08-29kerberos: add KRB5_KT_KEY abstraction macro.Günther Deschner1-1/+9
Guenther (This used to be commit be846d5383ef31136cca6b11eb6181736fb2e29d)
2008-08-29kerberos: move the KRB5_KEY* macros to header file.Günther Deschner1-0/+12
Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
2008-06-27libads: Add API call to connect to a global catalog server.Gerald W. Carter1-1/+3
Extends ads_connect() to a new call ads_connect_gc() which connects on port 3268 rather than port 389. Also makes ads_try_connect() static and only used internally to ldap.c (This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
2008-06-24libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.Günther Deschner1-8/+9
Guenther (This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
2008-02-28Remove DomainControllerAddressType which we now have in IDL.Günther Deschner1-5/+0
Guenther (This used to be commit 0a012c12d643e627ea1bad2a2ad6214f78918fa7)
2008-01-29Move DS_DOMAIN_FUNCTION defines to ads.h.Günther Deschner1-0/+7
Guenther (This used to be commit 2605c6758ebb2f53c0c91f99d766e3db548e07ce)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-1/+1
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-10r24804: As a temporary workaround, also try to guess the server's principal ↵Günther Deschner1-0/+2
in the "not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds succeed with windows server 2008. Guenther (This used to be commit f5b3de4d3069eaa750240e3422bac5cb169b6c0a)
2007-10-10r24131: - make it more clear what the different min and max fields meanStefan Metzmacher1-4/+5
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation is independed from the req_flags and ret_flags - verify the server supports the wrapping type we want - better handling on negotiated buffer sizes metze (This used to be commit d0ec7323870ca16b28d458ff5f7dacce278b7d54)
2007-10-10r24039: remove unused global variable...Stefan Metzmacher1-1/+1
metze (This used to be commit 05fce8815f2f08f71522ba326224185dcecd62ae)
2007-10-10r23946: add support for NTLMSSP sign and sealStefan Metzmacher1-1/+1
NOTE: windows servers are broken with sign only... metze (This used to be commit 408bb2e6e2171196a2bd314db181d9b124e931a1)
2007-10-10r23945: add infrastructure to select plain, sign or seal LDAP connectionStefan Metzmacher1-1/+12
metze (This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)
2007-10-10r23926: implement output buffer handling for the SASL write wrapperStefan Metzmacher1-2/+2
metze (This used to be commit 65ce6fa21adec704b3cde30c57001e5620f048e4)
2007-10-10r23922: implement input buffer handling for the SASL read wrapperStefan Metzmacher1-15/+46
metze (This used to be commit 7d8518ebd9470062b499b7074a940e14520e99f2)
2007-10-10r23898: rename HAVE_ADS_SASL_WRAPPING -> HAVE_LDAP_SASL_WRAPPINGStefan Metzmacher1-3/+3
metze (This used to be commit 873eaff8febb50f00f9dac64c57b2a22c16f4f9b)
2007-10-10r23896: hopefully fix the build on most systemsStefan Metzmacher1-1/+1
metze (This used to be commit d5512da62a6ae38321709611b04f419cc6c3b190)
2007-10-10r23893: add dummy callbacks for LDAP SASL wrapping,Stefan Metzmacher1-4/+6
they're not used yet... metze (This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965)
2007-10-10r23888: move elements belonging to the current ldap connection to aStefan Metzmacher1-10/+13
substructure. metze (This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
2007-10-10r23838: Allow to store schema and config path in ADS_STRUCT config.Günther Deschner1-0/+2
Guenther (This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
2007-10-10r23826: Fix gpo security filtering by matching the security descriptor ace's ↵Günther Deschner1-0/+3
for the extended apply group policy right. Guenther (This used to be commit d832014a6fef657f484412372b5d09047552b183)
2007-10-10r23766: Add GTYPE_SECURITY_UNIVERSAL_GROUP define.Günther Deschner1-0/+5
Guenther (This used to be commit 964acb2716e230172e716d8d24ee2f888930130d)
2007-10-10r23607: Add legacy support for Services for Unix (SFU) 2.0.Günther Deschner1-4/+12
Guenther (This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
2007-10-10r23128: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit 52fdbbda53df79461322b9d21aba998f19181df8)
2007-10-10r22841: Add comment to endif statement.Lars Müller1-1/+1
(This used to be commit 1351207626ee0f99aef93326ef96bf69651bf472)
2007-10-10r22797: We are only interested in the DACL of the security descriptor, so ↵Günther Deschner1-0/+1
search with the SD_FLAGS control. Guenther (This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
2007-10-10r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the ↵Günther Deschner1-0/+6
NTSTATUS codes directly out of the krb5_error edata. Guenther (This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
generated by cgit (git 2.34.1) at 2024-06-11 03:41:03 +0000