summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2091: only use sAMAccountName and not userPrincipalName since the breaks ↵Gerald Carter1-0/+6
winbindd (lookup_name() only works with the sAMAccountName) -- *please* test this change. My tests all pass but there is probably something I missed (This used to be commit 2bf08aaa37f41681b3154514792bf29a3abfdbfd)
2007-10-10r1381: fixing behavior found by gd@sernet.de; we must use the ↵Gerald Carter1-4/+4
userPrincipalName value (host/hostname@REALM) and not the servicePrincipalName (host/fqdn@REALM) in the SASL binds (This used to be commit 959da6e176da9f6a687265e50489b7db3d6712c0)
2007-10-10r1330: Fix the build for systems without ldap headersVolker Lendecke1-1/+1
(This used to be commit b7267121af45d7173c310299bb52ae031ae1d501)
2007-10-10r1317: Patch from Joe Meadows "Joe Meadows" <jameadows@webopolis.com> toJeremy Allison1-1/+30
add a timeout to the ldap open calls. New parameter, ldap timeout added. Jeremy. (This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
2007-10-10r1222: Valgrind memory leak fixes. Still tracking down a strange one...Jeremy Allison1-6/+28
Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
2007-10-10r1215: Intermediate checkin of the new keytab code. I need to make sure IJeremy Allison1-60/+293
haven't broken krb5 ticket verification in the mainline code path, also need to check with valgrind. Everything now compiles (MIT, need to also check Heimdal) and the "net keytab" utility code will follow. Jeremy. (This used to be commit f0f2e28958cb9abfed216c71f291f19ea346d630)
2007-10-10r764: More memleak fixes in error code path from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-1/+6
Jeremy. (This used to be commit 9647394e7c79c81ac4cf276a2c4b9e16eb053ec2)
2007-10-10r562: Memory leak fix in error code path from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-1/+4
Jeremy. (This used to be commit ac501348f473045a7846ffd9bc6b9eb4682b8987)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-11/+7
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-02-08Bug found by gd - the new range-reterival code did still had 'member'Andrew Bartlett1-2/+3
hardcoded into it. This didn't matter, as we only use it for 'member' so far... Andrew Bartlett (This used to be commit 8621899112e720411715ea53558d5146ff04eeb0)
2004-01-05Try to keep vl happy - shorten some of these lines.Andrew Bartlett1-6/+12
(This used to be commit 3a4c56e4c60854bbd291adc7d321d3869e6dedab)
2004-01-05Fix for bug 707, getent group for huge ads groups (>1500 members)Andrew Bartlett1-8/+130
This introduces range retrieval of ADS attributes. VL rewrote most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. I rewrote that patch, to ensure that we can keep an eye on the USN (sequence number) of the entry - this allows us to ensure the read was atomic. In particular, the range retrieval is now generic, for strings. It could easily be made generic for any attribute type, if need be. Andrew Bartlett (This used to be commit 131bb928f19c7b1f582c4ad9ac42e5f3d9dfb622)
2004-01-01After talking with abartlet remove the fix for bug 707 again.Volker Lendecke1-92/+8
Volker (This used to be commit 0c8ee04c78543b1da3b675df4cf85ee5496c3fbf)
2004-01-01Fix for bug 707, getent group for huge ads groups (>1500 members)Volker Lendecke1-8/+92
This introduces range retrieval of ADS attributes. I've rewritten most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. Andrew, you told me that you would like to see a check whether the AD sequence number is the same before and after the retrieval to achieve atomicity. This would be trivial to add, but I'm not sure that we want this, as this adds two roundtrips to every membership query. We can not know before the first query whether we get additional range values, and at that point it's too late to ask for the USN. Tested with a group of 4000 members along with lots of small groups. Volker (This used to be commit 9d8235bf413f931e40bca0c27a25ed62b4f3d226)
2003-12-31auth/auth_util.c:Andrew Bartlett1-1/+1
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This doesn't seem to occour in reality, hence why we missed the typo. lib/charcnv.c: lib/smbldap.c: libads/ldap.c: libsmb/libsmbclient.c: printing/nt_printing.c: - all the callers to pull_utf8_allocate() pass a char ** as the first parammeter, so don't make them all cast it to a void ** nsswitch/winbind_util.c: - Allow for a more 'correct' view of when usernames should be qualified in winbindd. If we are a PDC, or have 'winbind trusted domains only', then for the authentication returns stip the domain portion. - Fix valgrind warning about use of free()ed name when looking up our local domain. lp_workgroup() is maniplated inside a procedure that uses it's former value. Instead, use the fact that our local domain is always the first in the list. Andrew Bartlett (This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)
2003-12-13Fix from ndb@theghet.to to allow an existing LDAP machine account to beJeremy Allison1-12/+29
re-used, rather than created from scratch. Jeremy. (This used to be commit 6d46e66ac2048352ca60f92fc384f60406024d4b)
2003-11-26Get rid of a const warningVolker Lendecke1-1/+1
Volker (This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-3/+3
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-03don't call ads_destroy() twice; fixes segfault in winbindd when DC goes ↵Gerald Carter1-1/+2
down; bug 437 (This used to be commit 1cfbd92404270e0c67a3b295fc9cf461b29d3503)
2003-09-10Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not convertingJeremy Allison1-1/+10
to/from utf8 for some calls. The libads code gets this right. Wonder why the passdb code doesn't use it ? Jeremy. (This used to be commit 910d21d3164c2c64773031fddaad35ea88e72a04)
2003-09-06revert retry loops in winbindd_ads as abartket points out, weGerald Carter1-2/+2
already have ads_search_retry() for this. However, neither domain_sid() nor sequence_nunber() used this function. So modify them to us ads_do_search_retry() so we can specify the base search DN and scope. (This used to be commit 89f6adf830187d020bf4b35d1a4b2b48c7a075d0)
2003-08-20metze's autogenerate patch for version.hGerald Carter1-1/+1
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit c9b209be2b17c2e4677cc30b46b1074f48878f43)
2003-07-31working on transtive trusts issue:Gerald Carter1-71/+0
* use DsEnumerateDomainTrusts() instead of LDAP search. wbinfo -m now lists all trusted downlevel domains and all domains in the forest. Thnigs to do: o Look at Krb5 connection trusted domains o make sure to initial the trusted domain cache as soon as possible (This used to be commit 0ab00ccaedf204b39c86a9e1c2fcac5f15d0e033)
2003-07-25fix case where no realm or workgroup means to use our ownGerald Carter1-2/+19
(This used to be commit 6edc7e0a744a5d8c6332758b800a2646ef16dd77)
2003-07-23connect to the right realm or domain for trusted AD domainsGerald Carter1-8/+4
(This used to be commit 83376671c511be4bb10d3fca8e49e5f6ef792b9c)
2003-07-07Call the synchronous version of the ldap delete function otherwise we end upTim Potter1-1/+1
treating the returned message id as an error code. (This used to be commit 42fdcef324d7a04e69c0078482e1a6b8a67ade94)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-5/+5
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03Fix bug in doxygen comments for ads search functions.Tim Potter1-4/+4
(This used to be commit ae6c05ea726da13fc1a18398d1ffe56f34e1edb9)
2003-06-25* fix typos in a few debug statementsGerald Carter1-3/+9
* check negative connection cache before ads_try_connect() in ads_find_dc() (This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
2003-06-25large change:Gerald Carter1-118/+47
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-23* s/get_dc_name/rpc_dc_name/g (revert a previous change)Gerald Carter1-0/+3
* move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
2003-06-16we need to call ads_first_entry() before using a ldap result,Andrew Tridgell1-5/+12
otherwise we can segv or return garbage (This used to be commit d1316656b03e2bc85263b65d24977923ee6f39b7)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-3/+5
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-15Change variable name to get this working on gcc 3.2 (Merge from HEAD)Jelmer Vernooij1-33/+33
(This used to be commit d49113caef6057905f0f5233ea3085ca5722e742)
2003-03-17merge from HEAD - dump tokenGroups as sids.Andrew Bartlett1-0/+1
(This used to be commit f0daa15521e6352e25aa998f7e682f448e0fe51a)
2003-02-24Make sure these values are never uninitialsised.Andrew Bartlett1-2/+2
(This used to be commit eacb8dde7afa16d86586c6c896ffb6692dc53bf6)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-18/+33
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-02-19Fix segv in net ads join...an extra & was the culpritJim McDonough1-1/+1
(This used to be commit 1a9050a6fe419e14fc82674d34cc4685a7532059)
2003-02-19Merge minor library fixes from HEAD to 3.0.Andrew Bartlett1-13/+36
- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-5/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
2003-02-12Merging from HEAD - add a note about a better method for finding netbios ↵Jeremy Allison1-0/+7
name of workgroup (not implemented yet) Jeremy. (This used to be commit c0eab99753032f5f49bc7adeb1ff95eceb6fe0fe)
2003-02-04Mem alloc checks.Jeremy Allison1-11/+28
Jeremy. (This used to be commit 46ea028169426fbcad92d3d5bf786e88be8f5112)
2003-02-01Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and someAndrew Bartlett1-7/+21
misc libads fixes. Andrew Bartlett (This used to be commit 9c3a1710efba9fa4160004a554687d4b85927bb1)
2003-01-21sanity checks from Ken CrossGerald Carter1-1/+5
(This used to be commit 9f35846b8e0d711c9101ade9e79394219045383c)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-2/+2
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-30Catching up with old patches. Add define for VERITAS quota support.Jeremy Allison1-0/+2
Check return in ldap. Jeremy. (This used to be commit 66eff26fc930e37035bba8672f5fd3aeae71078d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-7/+7
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-12-13More printer publishing code.Jim McDonough1-0/+26
- Add published attribute to info2, needed for win clients to work properly - Return proper info on getprinter 7 This means you can now look at the sharing tab of a printer and get correct info about whether it is published or not, and change it. (This used to be commit d57bddc9b22e809c79294c7eacbd5d0f115fe990)