summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-02s3:ads fix dn parsing name was always nullSimo Sorce1-19/+16
While there also use ldap_exploded_dn instead of ldb_dn_validate() so we can remove a huge dependency that is hanging there only for one very minor marginal use. Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-0/+1
2010-02-23s3-libads: Remove obsolete signal type cast.Andreas Schneider1-5/+5
2009-12-04s3: bug #6967: Prevent glibc error on net ads join:Jim McDonough1-1/+1
talloc()ed memory should not be SAFE_FREE()ed. Signed-off-by: Jim McDonough <jmcd@samba.org>
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-12/+25
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-05-31Fix some nonempty blank linesVolker Lendecke1-60/+59
2009-05-28Add smbldap_pull_sidVolker Lendecke1-13/+1
2009-04-23samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB:Jelmer Vernooij1-10/+9
* ldb_dn_new() now takes an initial DN string * ldb_dn_string_compose() -> ldb_dn_new_fmt() * dummy ldb_dn_validate(), since LDB DNs in the current implementation are always valid if they could be created.
2009-04-23ldb/samba3: Support event context argument to ldb_init().Jelmer Vernooij1-0/+3
This argument is ignored (Samba3's LDB is synchronous) but having it there is useful for API compatibility with the LDB used by Samba 4 and available on some systems.
2009-04-22Add comment explaining the previous fix.Jeremy Allison1-0/+6
Jeremy.
2009-04-22Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison1-0/+4
LDAP_SUCCESS but not returning a result. Jeremy
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett1-8/+8
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner1-8/+8
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-40/+29
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-02-05s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads".Karolin Seeger1-1/+1
Karolin
2009-01-29s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵Michael Adam1-3/+5
requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael
2009-01-16ads_connect: Return immediately on a failed GC connection.Gerald (Jerry) Carter1-3/+14
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc().
2008-12-23Fix more asprintf errors and error code paths.Jeremy Allison1-5/+9
Jeremy.
2008-12-13s3:libads/ldap.c: store the dc name in the saf cache as in all other placesStefan Metzmacher1-3/+2
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
2008-12-13s3:libads/ldap.c: if the client belongs to no site at all any dc is the closestStefan Metzmacher1-0/+5
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
2008-12-13s3:libads/ldap.c: pass the real workgroup name to get_dc_name()Stefan Metzmacher1-1/+10
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
2008-12-13s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP caseStefan Metzmacher1-1/+25
We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
2008-11-24s3:libads/ldap.c: return an error instead of crashing when no realm is givenStefan Metzmacher1-4/+4
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam <obnox@samba.org>
2008-11-18Fix extended DN parse error when AD object does not have a SID.Steven Danneman1-24/+38
Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
2008-11-18Whitespace and >80 column cleanups.Steven Danneman1-12/+12
2008-10-14Use GUID_string rather than smb_uuid_string().Jelmer Vernooij1-2/+2
2008-10-13fix build warnings.Günther Deschner1-1/+1
Guenther
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2
2008-10-04Fix an uninitialized variable found by the IBM CheckerVolker Lendecke1-0/+1
2008-09-24s3-nbt: use the new generated nbt.Günther Deschner1-1/+1
Guenther
2008-08-20libads: remove unused vars.Günther Deschner1-3/+0
Guenther (This used to be commit ea9fc3bea31b11e715d9524defc18b75e5943842)
2008-06-27libads: Add API call to connect to a global catalog server.Gerald W. Carter1-5/+140
Extends ads_connect() to a new call ads_connect_gc() which connects on port 3268 rather than port 389. Also makes ads_try_connect() static and only used internally to ldap.c (This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
2008-06-24libads: add ads_connect_user_creds() that won't overwrite given user creds.Günther Deschner1-0/+12
Guenther (This used to be commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d)
2008-06-17libads: add ads_get_machine_kvno() to make ads_get_kvno() a bit more generic.Günther Deschner1-7/+29
Guenther (This used to be commit cb7ace209c2051ae02647188715fa6ee324c2bf6)
2008-06-17libads: fix logic error in ads_get_kvno().Günther Deschner1-1/+1
Guenther (This used to be commit 132b038581a1a91b4e70c7c44f97f52866609812)
2008-06-17Revert "Fix a memleak in ads_find_dc() in case get_sorted_dc_list() fails"Volker Lendecke1-1/+0
This reverts commit df8d089bc63c2a52cbdf3504cded8df620a59902. (This used to be commit 342f8858200ed7c446516c270e1b4284d92010d8)
2008-06-05Fix a memleak in ads_find_dc() in case get_sorted_dc_list() failsVolker Lendecke1-0/+1
This is really not a proper place to fix this, but as get_gc_list() and friends are about to be replaced anyway, just work around the broken existing API (This used to be commit df8d089bc63c2a52cbdf3504cded8df620a59902)
2008-05-20Cleanup size_t return values in callers of convert_string_allocateTim Prouty1-20/+43
This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
2008-05-15libads/cldap: store client sitename also keyed by dns domain name.Günther Deschner1-0/+1
Guenther (This used to be commit 0388b2f0cc4d14b005c5b42f2c17ddcbc8bef12a)
2008-05-14Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3).Günther Deschner1-5/+5
Guenther (This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477)
2008-05-09cldap: let ads_cldap_netlogon() return all possible cldap replies.Günther Deschner1-1/+1
Guenther (This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
2008-04-26Fix bug 5419: memory leak in ads_do_search_all_args() when enumerating 1000s ↵Steven Danneman1-2/+24
of entries The ads_do_search_all_args() function attempts to string together several LDAPMessage structures, returned across several paged ldap requests, into a single LDAPMessage structure. It does this by pulling entries off the second LDAPMessage structure and appending them to the first via the OpenLDAP specific ldap_add_result_entry() call. The problem with this approach is it skips non-entry messages such as the result, and controls. These messages are leaked. The short term solution as suggested by Volker is to replace the ads_*_entry() calls with ads_*_message() calls so we don't leak any messages. This fixes the leak but doesn't remove the dependence on the OpenLDAP specific implementation of ldap_add_result_entry(). (This used to be commit f1a5405409c396df394611e2a234522572d2860a)
2008-04-21cldap: avoid duplicate definitions so remove ads_cldap.h.Günther Deschner1-4/+4
Guenther (This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
2008-04-21cldap: add talloc context to ads_cldap_netlogon().Günther Deschner1-10/+21
Guenther (This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
2008-04-21libads: Use libnbt for CLDAP reply parsing.Günther Deschner1-12/+12
Guenther (This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
2008-03-28Add ads_check_ou_dn().Günther Deschner1-0/+47
Guenther (This used to be commit 380e9d26db5341d10807ccbfb413d0f53d3ffc71)
2008-03-23Fix Coverity ID 487Volker Lendecke1-0/+1
(This used to be commit 22cee9c1afbc33b4920b72bc81569d79642172af)
2008-03-17Coverity fixesMarc VanHeyningen1-1/+4
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
2008-02-04str_list_free is not needed anymoreVolker Lendecke1-2/+2
(This used to be commit feddc1447d585fd108d22a36bccc576fa81197ef)
2008-02-04Always pass a TALLOC_CTX to str_list_make and str_list_copyVolker Lendecke1-2/+2
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)