Age | Commit message (Collapse) | Author | Files | Lines |
|
talloc()ed memory should not be SAFE_FREE()ed.
Signed-off-by: Jim McDonough <jmcd@samba.org>
|
|
W2K3 DC's can have IPv6 addresses but won't serve
krb5/ldap or cldap on those addresses. Make sure when
we're asking for DC's we prefer IPv4.
If you have an IPv6-only network this prioritizing code
will be a no-op. And if you have a mixed network then you
need to prioritize IPv4 due to W2K3 DC's.
Jeremy.
|
|
|
|
|
|
* ldb_dn_new() now takes an initial DN string
* ldb_dn_string_compose() -> ldb_dn_new_fmt()
* dummy ldb_dn_validate(), since LDB DNs in the current implementation
are always valid if they could be created.
|
|
This argument is ignored (Samba3's LDB is synchronous) but having it
there is useful for API compatibility with the LDB used by Samba 4 and
available on some systems.
|
|
Jeremy.
|
|
LDAP_SUCCESS but not returning a result.
Jeremy
|
|
This removes calls to push_*_allocate() and pull_*_allocate(), as well
as convert_string_allocate, as they are not in the common API
To allow transition to a common charcnv in future, provide Samba4-like
strupper functions in source3/lib/charcnv.c
(the actual implementation remains distinct, but the API is now shared)
Andrew Bartlett
|
|
Guenther
|
|
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Karolin
|
|
requested
This fixes "net ads join".
It copes with the changed default "ldap ssl = start tls".
A new boolean option "ldap ssl : ads" is added to allow for
explicitly requesting ssl with ads.
Michael
|
|
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the
resulting connection fails, the latter function was attempting to find a DC
on its own and continuing the connection. This resulting in GC searches being
sent over a connection using port 389 which would fail when using the base
search suffix outside of the domain naming context.
The fix is to fail immediately in ads_connect() since the GC lookup ordering
is handled already in ads_connect_gc().
|
|
Jeremy.
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
|
|
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
|
|
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex
and "disable netbios = yes".
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Some AD objects, like Exchange Public Folders, can be members of Security
Groups but do not have a SID attribute. This patch adds more granular return
errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse
error occured because of bad input, or the DN was valid but contained no SID.
I updated all callers to ignore SIDless objects when appropriate.
Also did some cleanup to the out paths of lookup_usergroups_memberof()
|
|
|
|
|
|
Guenther
|
|
|
|
|
|
Guenther
|
|
Guenther
(This used to be commit ea9fc3bea31b11e715d9524defc18b75e5943842)
|
|
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389. Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
|
|
Guenther
(This used to be commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d)
|
|
Guenther
(This used to be commit cb7ace209c2051ae02647188715fa6ee324c2bf6)
|
|
Guenther
(This used to be commit 132b038581a1a91b4e70c7c44f97f52866609812)
|
|
This reverts commit df8d089bc63c2a52cbdf3504cded8df620a59902.
(This used to be commit 342f8858200ed7c446516c270e1b4284d92010d8)
|
|
This is really not a proper place to fix this, but as get_gc_list() and friends
are about to be replaced anyway, just work around the broken existing API
(This used to be commit df8d089bc63c2a52cbdf3504cded8df620a59902)
|
|
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
|
|
Guenther
(This used to be commit 0388b2f0cc4d14b005c5b42f2c17ddcbc8bef12a)
|
|
Guenther
(This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477)
|
|
Guenther
(This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
|
|
of entries
The ads_do_search_all_args() function attempts to string together several
LDAPMessage structures, returned across several paged ldap requests, into a
single LDAPMessage structure. It does this by pulling entries off the second
LDAPMessage structure and appending them to the first via the OpenLDAP specific
ldap_add_result_entry() call.
The problem with this approach is it skips non-entry messages such as the
result, and controls. These messages are leaked.
The short term solution as suggested by Volker is to replace the ads_*_entry()
calls with ads_*_message() calls so we don't leak any messages.
This fixes the leak but doesn't remove the dependence on the OpenLDAP specific
implementation of ldap_add_result_entry().
(This used to be commit f1a5405409c396df394611e2a234522572d2860a)
|
|
Guenther
(This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
|
|
Guenther
(This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
|
|
Guenther
(This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
|
|
Guenther
(This used to be commit 380e9d26db5341d10807ccbfb413d0f53d3ffc71)
|
|
(This used to be commit 22cee9c1afbc33b4920b72bc81569d79642172af)
|
|
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
|
|
(This used to be commit feddc1447d585fd108d22a36bccc576fa81197ef)
|
|
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
|
|
Guenther
(This used to be commit 2dd7c64fa8845fe502789068b877f5eaf060afc7)
|
|
Guenther
(This used to be commit ddc1307844379f99b3dde48fc351d0326d22a7ce)
|
|
This reverts commit #cafda34783f0961c9b463803c19cfcb69f836e3f .
I just learned (the hard way) that these indeted functions
are not indented by accident but that the intention of this
is to not include the prototype into proto.h.
Michael
(This used to be commit 2e5d01b2146bb9e057b2779d9fe7691ed46d9f45)
|