summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2004-01-05(merge from 3.0)Andrew Bartlett1-8/+130
Fix for bug 707, getent group for huge ads groups (>1500 members) This introduces range retrieval of ADS attributes. VL rewrote most of Güther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. I rewrote that patch, to ensure that we can keep an eye on the USN (sequence number) of the entry - this allows us to ensure the read was atomic. In particular, the range retrieval is now generic, for strings. It could easily be made generic for any attribute type, if need be. Andrew Bartlett (This used to be commit 08e851c7417d52a86e31982fcfce695c8a6360b7)
2004-01-05(merge from 3.0)Andrew Bartlett1-1/+1
auth/auth_util.c: - Fill in the 'backup' idea of a domain, if the DC didn't supply one. This doesn't seem to occour in reality, hence why we missed the typo. lib/charcnv.c: lib/smbldap.c: libads/ldap.c: libsmb/libsmbclient.c: printing/nt_printing.c: - all the callers to pull_utf8_allocate() pass a char ** as the first parammeter, so don't make them all cast it to a void ** nsswitch/winbind_util.c: - Allow for a more 'correct' view of when usernames should be qualified in winbindd. If we are a PDC, or have 'winbind trusted domains only', then for the authentication returns stip the domain portion. - Fix valgrind warning about use of free()ed name when looking up our local domain. lp_workgroup() is maniplated inside a procedure that uses it's former value. Instead, use the fact that our local domain is always the first in the list. -- Jerry rightly complained that we can't assume that the first domain is our primary domain - new domains are added to the front of the list. :-( Use a much more reliable 'flag test' instead. (note: changes winbind structures, make clean). -- Forgot to commit this for the 'get our primary domain' change. Andrew Bartlett (This used to be commit acacd27ba25f7ebfec40bfa66d34ece543569e23)
2004-01-01After talking with abartlet remove the fix for bug 707 again.Volker Lendecke1-92/+8
Volker (This used to be commit a2e384262d0203772a6237b566c294f15bfd8948)
2004-01-01Fix for bug 707, getent group for huge ads groups (>1500 members)Volker Lendecke1-8/+92
This introduces range retrieval of ADS attributes. I've rewritten most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. Andrew, you told me that you would like to see a check whether the AD sequence number is the same before and after the retrieval to achieve atomicity. This would be trivial to add, but I'm not sure that we want this, as this adds two roundtrips to every membership query. We can not know before the first query whether we get additional range values, and at that point it's too late to ask for the USN. Tested with a group of 4000 members along with lots of small groups. Volker (This used to be commit a2aa6e41e552abfb6d1056ab3a7c75e8fd0a150c)
2003-12-13Fix from ndb@theghet.to to allow an existing LDAP machine account to beJeremy Allison1-12/+29
re-used, rather than created from scratch. Jeremy. (This used to be commit 1bcc4c244dd127643c66ed75550f405e90c99c76)
2003-11-26Get rid of a const warningVolker Lendecke1-1/+1
Volker (This used to be commit ab1096d58e2447bc91370e0a7f913d9375658c4c)
2003-10-30More GUID->struct uuid changes.Jim McDonough1-2/+4
Printer publishing now uses struct uuid. Also changes ads_pull_guid to unpack it from the wire format. (This used to be commit 671b434cc4b422144ab8f5858ae9c2179de701e1)
2003-10-30First round of merging various UUID structures.Jim McDonough1-9/+3
This eliminates RPC_UUID. It creates the following struct: struct uuid { uint32 time_low; uint16 time_mid; uint16 time_hi_and_version; uint8 clock_seq[2]; uint8 node[6]; }; which replaces RPC_UUID and various random struct uuid definitions and a flat version: #define UUID_FLAT_SIZE 16 typedef struct uuid_flat { uint8 info[UUID_FLAT_SIZE]; } UUID_FLAT; which pretty much looks like GUID (which I will start eliminating). I want us to use the FLAT one only on the wire (perhaps in files, too?), and I want it to be obvious to the coder that it is the FLAT version. This leaves a couple of compiler warnings, where GUID isn't completely replaced by FLAT_UUID yet...I'll get to those soon. (This used to be commit 1532b5d2e3c61df232b16394acedf6eac387588b)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-3/+3
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit 5c050a735f86927c7ef2a98b6f3a56abe39e4674)
2003-10-03don't call ads_destroy() twice; fixes segfault in winbindd when DC goes ↵Gerald Carter1-1/+2
down; bug 437 (This used to be commit 9da4d1f7dbb289dd1db5e57a4fd78004bbfbd26b)
2003-09-15Merge from Samba 3.0:Tim Potter1-1/+10
>Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting >to/from utf8 for some calls. The libads code gets this right. Wonder why >the passdb code doesn't use it ? >Jeremy. (This used to be commit 258c106e2243f19c77fe35edd6dcba816a8fc8ee)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-3/+3
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-74/+20
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-23connect to the right realm or domain for trusted AD domainsGerald Carter1-8/+4
(This used to be commit ae14f8364398f07fc3e7c7861cd39fe528f3fe7a)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-134/+79
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett1-3/+5
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-03-25- Support building all auth modules as .so'sJelmer Vernooij1-33/+33
- Change 2 variable names to avoid conflicts (patch by Stephan Kulow <coolo@kde.org>) (This used to be commit 71b05cd14ae6df8340730e7bad1c783dc278c5d3)
2003-02-25tokenGroups are SIDs, so dump them as such.Andrew Bartlett1-0/+1
(This used to be commit 43f07e9de70ad9993265e28a54239caba0121ab6)
2003-02-24Always initialiseAndrew Bartlett1-2/+2
(This used to be commit ff2b5b2f85f2d9dade67077cea1b68719cf65352)
2003-02-22Fix a DEBUG() formatting, add some more debug to our SID pulling code andAndrew Bartlett1-18/+33
inline the call to prs_copy_all_data_out() so that we can know we are not overrunning our buffer. Also check more return values. Andrew Bartlett (This used to be commit e3b73d5d658584428c81c9ef3ccf024687a56e2f)
2003-02-19Fix segv in net ads join...an extra & was the culpritJim McDonough1-1/+1
(This used to be commit 9874b233d55a0b1aea7eb033848f4b63a531833b)
2003-02-19Check return values of various join-related functions, and ensure we alwaysAndrew Bartlett1-9/+16
compare push_* returns with (size_t)-1, not < 0. Andrew Bartlett (This used to be commit 63f5e92536c6bcac54b796d6e91b755e7d328f66)
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett1-4/+20
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-5/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
2003-02-12add a note about a better method for finding netbios name of workgroupAndrew Tridgell1-0/+7
(not implemented yet) (This used to be commit 8a8cca78adebba640c6ce971d8888515bf0ea4be)
2003-02-04Mem alloc failure checks.Jeremy Allison1-11/+28
Jeremy. (This used to be commit 4e33e3f37fd548b9b1ed3c84f673a853b0dc4818)
2003-02-01Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett1-7/+21
blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
2003-01-21sanity checks from Ken CrossGerald Carter1-1/+5
(This used to be commit ec26877f0b4fbe2c651a6069d22b9ac0637aa2d1)
2003-01-02BIG patch...Andrew Bartlett1-2/+2
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-30Catching up with old patches. Add define for VERITAS quota support.Jeremy Allison1-0/+2
Check return in ldap. Jeremy. (This used to be commit e789edbb287319f52f49f2999917a610565144d9)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-7/+7
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-13More printer publishing code.Jim McDonough1-0/+26
- Add published attribute to info2, needed for win clients to work properly - Return proper info on getprinter 7 This means you can now look at the sharing tab of a printer and get correct info about whether it is published or not, and change it. (This used to be commit adda04379ee46f105436262663652f3f576fa3cf)
2002-11-23[merge from APP_HEAD]Gerald Carter1-1/+2
90% fix for CR 1076. The password server parameter will no take things like password server = DC1 * which means to contact DC1 first and the go to auto lookup if it fails. jerry (This used to be commit c31a17889e3e4daf7c1e807038efc2c0fba78be3)
2002-11-15Include the hostname we are trying to match with $@, to allow easier debugging.Andrew Bartlett1-1/+1
(This used to be commit f5d8afc626b8f7792aa7dd7fa7082f55725b539c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-18/+20
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-06Merge of get_dc_list() api change. This was slightly more intrusiveTim Potter1-12/+7
than the version in APPLIANCE so watch out for boogs. (This used to be commit 1e054e3db654801fbb5580211529cdfdea9ed686)
2002-10-18Format objectGUIDs on ads dumps.Jim McDonough1-1/+18
(This used to be commit 7eaf7e7115c75e682b1b9368c6f28c60429885e5)
2002-10-04only set UF_USE_DES_KEY_ONLY if we are using krb5 libraries that can'tAndrew Tridgell1-3/+7
do type 23 (This used to be commit c0612272e8eea3d741854c0b4834bc687d787218)
2002-10-03.NET likes both forms of servicePrincipalName in the machine accountAndrew Tridgell1-1/+8
record (This used to be commit 8ff6d40d7fe4dc11e9ba194a55995c0926202df9)
2002-09-28Try to compile as much as possible with only ldap, but not kerberos.Andrew Bartlett1-32/+1
(This used to be commit 9615ab10c006d8027f6a8b7dd3770eb77304dbdc)
2002-09-28Add the beginings of sam_ads to the tree.Andrew Bartlett1-2/+41
This module, primarilly the work of "Stefan (metze) Metzmacher" <metze@metzemix.de>, uses the Active Directory schema to store the user/group/other information. I've been testing it against a real AD server, and it is intended to work with OpenLDAP as well. I've moved a few functions around in our other libads code, which has made it easier to tap into that existing code. Also, I've made some changes to the SAM interface, I hope there are not too many objections... To ensure we don't get silly bugs in the skel module, it is now in the default compile. This way you should not forget to update it :-) Andrew Bartlett (This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
2002-09-27Move a number of ADS related functions out into utility libs, so that thingsAndrew Bartlett1-25/+74
like metze's sam_ads can also use them. Also add error checking etc to a few more functions. Andrew Bartlett (This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)
2002-09-27Some small cleanups to the libads code (mainly error checking), and give aAndrew Bartlett1-5/+22
sane prototype for the push_utf8_allocate code. Andrew Bartlett (This used to be commit ce00a3238ed8a82639c4d0ee3e960f7000b1a7b0)
2002-09-25Another patch from metze, towards his work on sam_ads.Andrew Bartlett1-1/+1
See mx-ldap.sf.net for his current progress. (This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-12/+54
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-0/+2
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-09-06Add some DEBUG()s to some libads failure modes.Andrew Bartlett1-1/+5
(This used to be commit ad3c8da13b9d510f78fd56364cd0987de88a9b9f)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell1-6/+1
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-20fix irix compile errors - cannot initialize array in declaration statementHerb Lewis1-2/+9
with non-const values - strsep not defined (This used to be commit a5c59b2cd10016ecbd931531602ad1cb3660bbf9)
2002-08-06when using netbios lookup methods make sure we try any BDCs even ifAndrew Tridgell1-9/+21
we get a response from WINS for a PDC, if the PDC isn't responding. (This used to be commit 57916316ffc70b0b6659f3ad9d14aad41fad4c71)