Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
This does a length-limited check, and so avoids reading beyond the
allocated memory if the server sends less than 16 bytes.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
messages.
Jeremy.
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
There were two utility functions that other parts of Samba 3
still relied on; they have been moved to lib/ldb_compat.[ch].
|
|
|
|
While there also use ldap_exploded_dn instead of ldb_dn_validate()
so we can remove a huge dependency that is hanging there only for one very
minor marginal use.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
talloc()ed memory should not be SAFE_FREE()ed.
Signed-off-by: Jim McDonough <jmcd@samba.org>
|
|
W2K3 DC's can have IPv6 addresses but won't serve
krb5/ldap or cldap on those addresses. Make sure when
we're asking for DC's we prefer IPv4.
If you have an IPv6-only network this prioritizing code
will be a no-op. And if you have a mixed network then you
need to prioritize IPv4 due to W2K3 DC's.
Jeremy.
|
|
|
|
|
|
* ldb_dn_new() now takes an initial DN string
* ldb_dn_string_compose() -> ldb_dn_new_fmt()
* dummy ldb_dn_validate(), since LDB DNs in the current implementation
are always valid if they could be created.
|
|
This argument is ignored (Samba3's LDB is synchronous) but having it
there is useful for API compatibility with the LDB used by Samba 4 and
available on some systems.
|
|
Jeremy.
|
|
LDAP_SUCCESS but not returning a result.
Jeremy
|
|
This removes calls to push_*_allocate() and pull_*_allocate(), as well
as convert_string_allocate, as they are not in the common API
To allow transition to a common charcnv in future, provide Samba4-like
strupper functions in source3/lib/charcnv.c
(the actual implementation remains distinct, but the API is now shared)
Andrew Bartlett
|
|
Guenther
|
|
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Karolin
|
|
requested
This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with ads.
Michael
|
|
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the
resulting connection fails, the latter function was attempting to find a DC
on its own and continuing the connection. This resulting in GC searches being
sent over a connection using port 389 which would fail when using the base
search suffix outside of the domain naming context.
The fix is to fail immediately in ads_connect() since the GC lookup ordering
is handled already in ads_connect_gc().
|
|
Jeremy.
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
|
|
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
|
|
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex
and "disable netbios = yes".
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Some AD objects, like Exchange Public Folders, can be members of Security
Groups but do not have a SID attribute. This patch adds more granular return
errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse
error occured because of bad input, or the DN was valid but contained no SID.
I updated all callers to ignore SIDless objects when appropriate.
Also did some cleanup to the out paths of lookup_usergroups_memberof()
|
|
|
|
|
|
Guenther
|
|
|
|
|
|
Guenther
|
|
Guenther
(This used to be commit ea9fc3bea31b11e715d9524defc18b75e5943842)
|
|
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389. Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
|
|
Guenther
(This used to be commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d)
|
|
Guenther
(This used to be commit cb7ace209c2051ae02647188715fa6ee324c2bf6)
|
|
Guenther
(This used to be commit 132b038581a1a91b4e70c7c44f97f52866609812)
|