summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12196: patch from Krishna Ganugapati <krishnag@centeris.com>Gerald Carter1-1/+17
Use the subtree delete ldap control when running 'net ads leave' to ensure that the machine account is actually deleted. (This used to be commit e96000c16cd182b2e2cbdc1a287002306d2965e6)
2007-10-10r12043: It's amazing the warnings you find when compiling on a 64-bitJeremy Allison1-5/+5
box with gcc4 and -O6... Fix a bunch of C99 dereferencing type-punned pointer will break strict-aliasing rules errors. Also added prs_int32 (not uint32...) as it's needed in one place. Find places where prs_uint32 was being used to marshall/unmarshall a time_t (a big no no on 64-bits). More warning fixes to come. Thanks to Volker for nudging me to compile like this. Jeremy. (This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c)
2007-10-10r11875: Allow to use START_TLS (by manually setting "ldap ssl = start_tls") forGünther Deschner1-0/+5
LDAP connections to ADS (Windows 2003). Guenther (This used to be commit 95543fab0f6aa1c483b40247c16cde79cbc9c012)
2007-10-10r11863: BUG 3196: patch from Alex Deiter <tiamat@komi.mts.ru> to compile ↵Gerald Carter1-1/+7
against the Sun LDAP client libs. But not for AD support; just ldap support (This used to be commit a33e78acedb37df47905d326411e017794721250)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-2/+2
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8048: Replace "done" with "failed".Günther Deschner1-5/+5
Guenther (This used to be commit 7285edc4fe71f47ab648c31760c357fc2af29ce7)
2007-10-10r8047: "oid" is defined in a heimdal header. With my gcc this generates a ton ofVolker Lendecke1-4/+4
shadowed variable warnings. Fix that. Volker (This used to be commit 3846c0afa1db96239b3aaf2e7ee2427b48f6e2f0)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner1-1/+95
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r6595: This is Volkers new-talloc patch. Just got the go-ahead fromJeremy Allison1-1/+1
Volker to commit. Woo Hoo ! Jeremy. (This used to be commit 316df944a456f150944761dab34add5e8c4ab699)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-4/+4
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r5956: more compile warngin fixes from the Mr. MaderGerald Carter1-3/+3
(This used to be commit f3f315b14d261fa56ab040db036a6f858ac06e65)
2007-10-10r5948: more compile cleanups from Jason MaderGerald Carter1-6/+1
(This used to be commit cc6c769c3c26164919dd13777d671abe02c084d9)
2007-10-10r5336: BUG 2329: fix to re-enable winbindd to locate DC's when 'disable ↵Gerald Carter1-1/+1
netbios = yes' (This used to be commit 75a223f1188ae0041c9e3c748af107d642f73810)
2007-10-10r5207: patches from Jay Fenlason @ RedHat (scooped from their Fedora packages)Gerald Carter1-1/+1
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
2007-10-10r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.Jeremy Allison1-10/+10
Make all LDAP timeouts consistent. Jeremy. (This used to be commit 0f0281c2348b10ffdea744ecade6b2be0814c872)
2007-10-10r4346: Fix cut-and-paste error - bugid #2189. Fixed by Buck Huppmann ↵Jeremy Allison1-1/+1
<buckh@pobox.com> Jeremy. (This used to be commit 5c22cb082c86088add0db21541a8079c516c9fd9)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-30/+30
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3841: Time out in ads search queries. Even AD servers can hang.Volker Lendecke1-7/+44
Volker (This used to be commit fc454c8ef6321fba9efa42a704c8e8c707361af3)
2007-10-10r3764: Ensure on failure that *res is always NULL.Jeremy Allison1-3/+8
Check for malloc fail. Fixes for bug #2036. Jeremy. (This used to be commit b815247747214ba413c054746e9732d5f2b10535)
2007-10-10r3569: Fix for bug #1651, added extra servicePrincipalNames for kerberos ↵Jeremy Allison1-6/+44
interop. Modified the redhat patch some... Jeremy. (This used to be commit 2ae717cd2c876649464f91093e55bed64ac5588d)
2007-10-10r3273: Ensure we're consistent in the use of strchr_m for '@'.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 0f3f7b035b37bfc51d3a59d0472003c3d4ac1511)
2007-10-10r2832: Readd WKGUID-binding to match the correct default-locations of newGünther Deschner1-4/+73
User-, Group- and Machine-Accounts in Active Directory (this got lost during the last trunk-merge). This way we match e.g. default containers moved by redircmp.exe and redirusr.exe in Windows 2003 and don't blindly default to cn=Users or cn=Computers. Further wkguids can be examied via "net ads search wellknownobjects=*". This should still keep a samba3-client joining a samba4 dc. Fixes Bugzilla #1343. Guenther (This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
2007-10-10r2091: only use sAMAccountName and not userPrincipalName since the breaks ↵Gerald Carter1-0/+6
winbindd (lookup_name() only works with the sAMAccountName) -- *please* test this change. My tests all pass but there is probably something I missed (This used to be commit 2bf08aaa37f41681b3154514792bf29a3abfdbfd)
2007-10-10r1381: fixing behavior found by gd@sernet.de; we must use the ↵Gerald Carter1-4/+4
userPrincipalName value (host/hostname@REALM) and not the servicePrincipalName (host/fqdn@REALM) in the SASL binds (This used to be commit 959da6e176da9f6a687265e50489b7db3d6712c0)
2007-10-10r1330: Fix the build for systems without ldap headersVolker Lendecke1-1/+1
(This used to be commit b7267121af45d7173c310299bb52ae031ae1d501)
2007-10-10r1317: Patch from Joe Meadows "Joe Meadows" <jameadows@webopolis.com> toJeremy Allison1-1/+30
add a timeout to the ldap open calls. New parameter, ldap timeout added. Jeremy. (This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
2007-10-10r1222: Valgrind memory leak fixes. Still tracking down a strange one...Jeremy Allison1-6/+28
Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
2007-10-10r1215: Intermediate checkin of the new keytab code. I need to make sure IJeremy Allison1-60/+293
haven't broken krb5 ticket verification in the mainline code path, also need to check with valgrind. Everything now compiles (MIT, need to also check Heimdal) and the "net keytab" utility code will follow. Jeremy. (This used to be commit f0f2e28958cb9abfed216c71f291f19ea346d630)
2007-10-10r764: More memleak fixes in error code path from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-1/+6
Jeremy. (This used to be commit 9647394e7c79c81ac4cf276a2c4b9e16eb053ec2)
2007-10-10r562: Memory leak fix in error code path from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-1/+4
Jeremy. (This used to be commit ac501348f473045a7846ffd9bc6b9eb4682b8987)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-11/+7
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-02-08Bug found by gd - the new range-reterival code did still had 'member'Andrew Bartlett1-2/+3
hardcoded into it. This didn't matter, as we only use it for 'member' so far... Andrew Bartlett (This used to be commit 8621899112e720411715ea53558d5146ff04eeb0)
2004-01-05Try to keep vl happy - shorten some of these lines.Andrew Bartlett1-6/+12
(This used to be commit 3a4c56e4c60854bbd291adc7d321d3869e6dedab)
2004-01-05Fix for bug 707, getent group for huge ads groups (>1500 members)Andrew Bartlett1-8/+130
This introduces range retrieval of ADS attributes. VL rewrote most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. I rewrote that patch, to ensure that we can keep an eye on the USN (sequence number) of the entry - this allows us to ensure the read was atomic. In particular, the range retrieval is now generic, for strings. It could easily be made generic for any attribute type, if need be. Andrew Bartlett (This used to be commit 131bb928f19c7b1f582c4ad9ac42e5f3d9dfb622)
2004-01-01After talking with abartlet remove the fix for bug 707 again.Volker Lendecke1-92/+8
Volker (This used to be commit 0c8ee04c78543b1da3b675df4cf85ee5496c3fbf)
2004-01-01Fix for bug 707, getent group for huge ads groups (>1500 members)Volker Lendecke1-8/+92
This introduces range retrieval of ADS attributes. I've rewritten most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. Andrew, you told me that you would like to see a check whether the AD sequence number is the same before and after the retrieval to achieve atomicity. This would be trivial to add, but I'm not sure that we want this, as this adds two roundtrips to every membership query. We can not know before the first query whether we get additional range values, and at that point it's too late to ask for the USN. Tested with a group of 4000 members along with lots of small groups. Volker (This used to be commit 9d8235bf413f931e40bca0c27a25ed62b4f3d226)
2003-12-31auth/auth_util.c:Andrew Bartlett1-1/+1
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This doesn't seem to occour in reality, hence why we missed the typo. lib/charcnv.c: lib/smbldap.c: libads/ldap.c: libsmb/libsmbclient.c: printing/nt_printing.c: - all the callers to pull_utf8_allocate() pass a char ** as the first parammeter, so don't make them all cast it to a void ** nsswitch/winbind_util.c: - Allow for a more 'correct' view of when usernames should be qualified in winbindd. If we are a PDC, or have 'winbind trusted domains only', then for the authentication returns stip the domain portion. - Fix valgrind warning about use of free()ed name when looking up our local domain. lp_workgroup() is maniplated inside a procedure that uses it's former value. Instead, use the fact that our local domain is always the first in the list. Andrew Bartlett (This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)
2003-12-13Fix from ndb@theghet.to to allow an existing LDAP machine account to beJeremy Allison1-12/+29
re-used, rather than created from scratch. Jeremy. (This used to be commit 6d46e66ac2048352ca60f92fc384f60406024d4b)
2003-11-26Get rid of a const warningVolker Lendecke1-1/+1
Volker (This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-3/+3
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-03don't call ads_destroy() twice; fixes segfault in winbindd when DC goes ↵Gerald Carter1-1/+2
down; bug 437 (This used to be commit 1cfbd92404270e0c67a3b295fc9cf461b29d3503)
2003-09-10Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not convertingJeremy Allison1-1/+10
to/from utf8 for some calls. The libads code gets this right. Wonder why the passdb code doesn't use it ? Jeremy. (This used to be commit 910d21d3164c2c64773031fddaad35ea88e72a04)
2003-09-06revert retry loops in winbindd_ads as abartket points out, weGerald Carter1-2/+2
already have ads_search_retry() for this. However, neither domain_sid() nor sequence_nunber() used this function. So modify them to us ads_do_search_retry() so we can specify the base search DN and scope. (This used to be commit 89f6adf830187d020bf4b35d1a4b2b48c7a075d0)
2003-08-20metze's autogenerate patch for version.hGerald Carter1-1/+1
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit c9b209be2b17c2e4677cc30b46b1074f48878f43)
2003-07-31working on transtive trusts issue:Gerald Carter1-71/+0
* use DsEnumerateDomainTrusts() instead of LDAP search. wbinfo -m now lists all trusted downlevel domains and all domains in the forest. Thnigs to do: o Look at Krb5 connection trusted domains o make sure to initial the trusted domain cache as soon as possible (This used to be commit 0ab00ccaedf204b39c86a9e1c2fcac5f15d0e033)
2003-07-25fix case where no realm or workgroup means to use our ownGerald Carter1-2/+19
(This used to be commit 6edc7e0a744a5d8c6332758b800a2646ef16dd77)
2003-07-23connect to the right realm or domain for trusted AD domainsGerald Carter1-8/+4
(This used to be commit 83376671c511be4bb10d3fca8e49e5f6ef792b9c)
2003-07-07Call the synchronous version of the ldap delete function otherwise we end upTim Potter1-1/+1
treating the returned message id as an error code. (This used to be commit 42fdcef324d7a04e69c0078482e1a6b8a67ade94)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-5/+5
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)