summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2003-06-25* fix typos in a few debug statementsGerald Carter1-3/+9
* check negative connection cache before ads_try_connect() in ads_find_dc() (This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
2003-06-25large change:Gerald Carter1-118/+47
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-23* s/get_dc_name/rpc_dc_name/g (revert a previous change)Gerald Carter1-0/+3
* move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
2003-06-16we need to call ads_first_entry() before using a ldap result,Andrew Tridgell1-5/+12
otherwise we can segv or return garbage (This used to be commit d1316656b03e2bc85263b65d24977923ee6f39b7)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-3/+5
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-15Change variable name to get this working on gcc 3.2 (Merge from HEAD)Jelmer Vernooij1-33/+33
(This used to be commit d49113caef6057905f0f5233ea3085ca5722e742)
2003-03-17merge from HEAD - dump tokenGroups as sids.Andrew Bartlett1-0/+1
(This used to be commit f0daa15521e6352e25aa998f7e682f448e0fe51a)
2003-02-24Make sure these values are never uninitialsised.Andrew Bartlett1-2/+2
(This used to be commit eacb8dde7afa16d86586c6c896ffb6692dc53bf6)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-18/+33
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-02-19Fix segv in net ads join...an extra & was the culpritJim McDonough1-1/+1
(This used to be commit 1a9050a6fe419e14fc82674d34cc4685a7532059)
2003-02-19Merge minor library fixes from HEAD to 3.0.Andrew Bartlett1-13/+36
- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-5/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
2003-02-12Merging from HEAD - add a note about a better method for finding netbios ↵Jeremy Allison1-0/+7
name of workgroup (not implemented yet) Jeremy. (This used to be commit c0eab99753032f5f49bc7adeb1ff95eceb6fe0fe)
2003-02-04Mem alloc checks.Jeremy Allison1-11/+28
Jeremy. (This used to be commit 46ea028169426fbcad92d3d5bf786e88be8f5112)
2003-02-01Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and someAndrew Bartlett1-7/+21
misc libads fixes. Andrew Bartlett (This used to be commit 9c3a1710efba9fa4160004a554687d4b85927bb1)
2003-01-21sanity checks from Ken CrossGerald Carter1-1/+5
(This used to be commit 9f35846b8e0d711c9101ade9e79394219045383c)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-2/+2
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-30Catching up with old patches. Add define for VERITAS quota support.Jeremy Allison1-0/+2
Check return in ldap. Jeremy. (This used to be commit 66eff26fc930e37035bba8672f5fd3aeae71078d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-7/+7
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-12-13More printer publishing code.Jim McDonough1-0/+26
- Add published attribute to info2, needed for win clients to work properly - Return proper info on getprinter 7 This means you can now look at the sharing tab of a printer and get correct info about whether it is published or not, and change it. (This used to be commit d57bddc9b22e809c79294c7eacbd5d0f115fe990)
2002-11-23[merge from APP_HEAD]Gerald Carter1-1/+2
90% fix for CR 1076. The password server parameter will no take things like password server = DC1 * which means to contact DC1 first and the go to auto lookup if it fails. jerry (This used to be commit 016ef8b36b30846311a5321803298f8e28719244)
2002-11-15Updates from HEAD:Andrew Bartlett1-1/+1
- const for PACKS() in lanman.c - change auth to 'account before password' - add help to net rpc {vampire,samsync} - configure updates for sun workshop cc - become_root() around pdb_ calls in auth_util for guest login. Andrew Bartlett (This used to be commit 43e90eb6e331d478013a9c038292f245edc51bd0)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-18/+20
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-06Merge of get_dc_list() api change from HEAD.Tim Potter1-12/+7
(This used to be commit 6ba7847ce2756fde94e530fd0bf2a055f3e27373)
2002-10-29Merge from HEAD:Jim McDonough1-5/+33
GUID formatting on ads dump Allow rc4-hmac when available .NET likes both forms of servicePrincipalName in machine account record (This used to be commit 89e3a3da5d5bc9e6aedeaea5a87553d72fcaac99)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-64/+138
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-22/+72
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-68/+321
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-302/+377
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-10A few more updates:Jim McDonough1-132/+348
- Add doxygen comments - remove server sort control (ms implementation was not reliable) - rename ads_do_search_all2() to ads_do_search_all_fn() (This used to be commit 7aa5fa617221019de0f4565d07842df72673e154)
2002-04-05Several updates to get server side sorting going:Jim McDonough1-26/+78
- Added sort control to ads_do_paged_search. It allows a char * to be passed as the sort key. If NULL, no sort is done. - fixed a bug in the processing of controls (loop wasn't incremented properly) - Added ads_do_search_all2, which funs a function that is passed in against each entry. No ldapmessage structures are returned. Allows results to be processed as the come in on each page. I'd like ads_do_search_all2 to replace ads_do_search_all, but there's some work to be done in winbindd_ads.c first. Also, perhaps now we can do async ldap searches? Allow us to process a page while the server retrieves the next one? (This used to be commit 95bec4c8bae0e29f816ec0751bf66404e1f2098e)
2002-04-04Try harder next time to not duplicate function...take ads_err2string backJim McDonough1-15/+0
out since it's already in ads_errstr() in ads_status.c (This used to be commit 0475126ffb69f0485fd31511cb13d98df74a8d5b)
2002-04-04Add ads_err2string() function for generating error strings from an ADS_STATUS.Jim McDonough1-0/+15
I've got the cases besides gssapi...anyone know how to get those? (This used to be commit c937e1352207ad90e8257ad6c9f8b7c9cf92030d)
2002-03-29Added ads_process_results(), which takes a function that is called for eachJim McDonough1-20/+73
entry returned from a search, and applies it to the results. Re-structured ads_dump to use this, plus changed the ber_free in ads_dump from (b,1) to (b,0), in accordance with openldap manpages. Also allows proper free of result using ldap_msgfree afterwards, so you can do something with the results after an ads_dump. (This used to be commit f01f02fc569b4f5101a37d3b493f2fe2d2b2677a)
2002-03-27Whoops, left the paged control not critical in the paged search...kind ofJim McDonough1-1/+1
defeats the purpose. (This used to be commit 71806c49b366faf2466eee7352c71fcdfefd8cc1)
2002-03-27Add server control to prevent referrals in paged searches. This keepsJim McDonough1-6/+18
the scope limited to the domain at hand, and also keeps the openldap libs happy, since they don't currently chase referrals and return server controls properly at the same time. (This used to be commit 2bebc8a391bd80bd0e5adbedb3757fb4279ec414)
2002-03-19added a ads_do_search_all() call, which is a more convenient interfaceAndrew Tridgell1-0/+42
to paged searches. This makes updating winbindd to used paged searches trivial. (This used to be commit 514c11b4e3fcc765a8087405333bd351c05c9e36)
2002-03-19fixed paged controls on my box. The problem seems to be incorrectAndrew Tridgell1-4/+21
referrals parsing in the openldap libs. By disabling referrals we get valid controls back and the cookies work. (This used to be commit 8bf487ddff240150d7a92aaa0f978dd30062c331)
2002-03-14This adds the Paged Result Control to ads searching. The new function, ↵Jim McDonough1-0/+79
ads_do_paged_search, is the same as ads_do_search, but it also contains a count of records returned in this page, and a cookie for resuming, to be passed back. The cookie must start off NULL, and when it returns as NULL, the search is done. (This used to be commit 9afba67f9a56699e34735e1e425f97b2464f2402)
2002-03-13detect SIZELIMIT_EXCEEDED in ldap queries and truncateAndrew Tridgell1-0/+4
the problem is, how the heck do we properly handle these? Jerry? It seems that the Win2000 ADS server only returns a max of 1000 records! (This used to be commit 93389647203395da0e894c2e57348081e755884a)
2002-03-11put in the ADS DNS hack, but commented outAndrew Tridgell1-0/+11
(This used to be commit 3396a671c59e6afe70a22ce64e4a9381b1d6fef8)
2002-03-10yipee! Finally put in the patch from Alexey KotovichAndrew Tridgell1-8/+121
<a.kotovich@sam-solutions.net> that adds the security decsriptor code for ADS workstation accounts thanks for your patience Cat, and thanks to Andrew Bartlett for extensive reviews and suggestions about this code. (This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
2002-03-04fix for IRIX compile errorHerb Lewis1-3/+4
(This used to be commit 2d620909f9def17dacf2af997a32d596f4dbd827)
2002-02-13Fix LDAP modification operation. Cut and paste error: was LDAP_MOD_ADD, ↵Jim McDonough1-1/+1
should be LDAP_MOD_REPLACE. Caught by Alexey Kotovich. (This used to be commit be48a05ed95f0f4ed02ffb996cb1ecc10811d9a0)
2002-02-12talloc'ify ads modify functions. Also add more complete berval support.Jim McDonough1-122/+119
(This used to be commit 1f186c60ad957c0e8157a6fd903857121c65a2e0)
2002-02-11Add ability to extend ads modification list on the fly. Also add some ↵Jim McDonough1-23/+39
malloc checks and return ADS_ERROR(LDAP_NO_MEMORY) if they fail. (This used to be commit 81d76f05d8b886a86eb421d1bd8737ec7d05cbde)
2002-02-07when a trusted domain is down an ADS server will return a success on aAndrew Tridgell1-2/+3
get trusted domains query but leave the domain SID blank - we need to fail the add of the trusted domain in winbindd in that case (This used to be commit 24c7e7a3849df3a3378f7e7f20099de048f0b7bd)
2002-02-06Fix ldapmod list overrun check. Also better document and format ldap ↵Jim McDonough1-16/+13
control for permissive modify. (This used to be commit 01e7f7c3d9006883b71e43d917d32e325cff7a15)
2002-02-02merge in some changes from Alexey Kotovich. Return ADS_STATUS instead of ↵Jim McDonough1-33/+88
BOOLs. Add support for bervals in mod lists. Also put undocumented AD ldap control in to allow modifications when an attribute does not yet exist. (This used to be commit 1a2d27b21e61be5a314f7d6c4ea0dff06a5307be)