summaryrefslogtreecommitdiff
path: root/source3/libads/ads_struct.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter1-6/+0
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20173: DNS update fixes:Gerald Carter1-0/+22
* Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() (This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7)
2007-10-10r17945: Store the server and client sitenames in the ADSJeremy Allison1-0/+2
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10r17626: Some C++ WarningsVolker Lendecke1-1/+1
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
2007-10-10r16199: Fix Klocwork #1 - ensure we test the firstJeremy Allison1-10/+12
strtok for NULL. Jeremy. (This used to be commit 98751e8190317416de56b4a19a489c5f4b7d6bc9)
2007-10-10r15697: I take no comments as no objections :)Günther Deschner1-5/+5
Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-3/+3
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r13657: Let winbindd try to obtain the gecos field from the msSFU30GecosGünther Deschner1-0/+1
attribute when "winbind nss info = sfu" is set. Fixes #3539. Guenther (This used to be commit ffce0461de130828345c44293e564ca03227607d)
2007-10-10r11508: Removed incorrect patch hunk. Thanks to AndrewJeremy Allison1-2/+0
Bartlett for pointing this out. Jeremy. (This used to be commit c93a08be4a29854354a16c6e8f984477e19f41c0)
2007-10-10r11504: Added Andrew Bartletts removal of another NTLMSSP implementationJeremy Allison1-0/+2
patch. Jeremy. (This used to be commit 4591984176fd32ba25155fbc6889a1c637019a08)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner1-0/+5
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-6/+6
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2004-03-22bug 1195: add flag to ADS_STRUCT so we know who owns the main structure's ↵Gerald Carter1-8/+11
memory (not the members though) (This used to be commit 4449e0e251190b741f51348819669453f0758f36)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-2/+2
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-06-25large change:Gerald Carter1-2/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-02-04Mem alloc checks.Jeremy Allison1-8/+10
Jeremy. (This used to be commit 46ea028169426fbcad92d3d5bf786e88be8f5112)
2003-01-21sanity checks from Ken CrossGerald Carter1-2/+2
(This used to be commit 9f35846b8e0d711c9101ade9e79394219045383c)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-0/+1
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-82/+25
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-4/+24
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-16much better support for organisational units in ADS joinAndrew Tridgell1-11/+25
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
2001-12-19much better ADS error handling systemAndrew Tridgell1-30/+4
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-19we only have gss_ fns on a krb5 capable boxAndrew Tridgell1-3/+6
(This used to be commit 344b786efe00f72ed81f0eeb4d422c655d866557)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-0/+26
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-13try the PDC for our workgroup if we can't find the ldap serverAndrew Tridgell1-3/+8
(This used to be commit fc9fd2ca19899e757a6d3ccbba3d4a10f27d7a3f)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-44/+5
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05fix link errorAndrew Tridgell1-0/+2
(This used to be commit 58e93a8b7de10f60a1e68570f1bdd6e3d8fa44a5)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+4
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-12-05more memory leak fixesAndrew Tridgell1-4/+4
(This used to be commit eb6f0e91ddd2a97a907a569bc60beca99b494884)
2001-11-29ads->realm must not be NULLAndrew Tridgell1-0/+3
perhaps we should just fail ads_init() in this case? (This used to be commit 2a4ce3de6ae8fb833370d1f9d6e5e7193fafa979)
2001-11-29define LDAP_PORT when not availableAndrew Tridgell1-0/+3
(This used to be commit 5a5f140f84f4dd377d141e352f4cb7f9bea4fe64)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-0/+182
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)