summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2009-04-22Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison1-0/+4
LDAP_SUCCESS but not returning a result. Jeremy
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett1-8/+8
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner1-8/+8
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-40/+29
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-02-05s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads".Karolin Seeger1-1/+1
Karolin
2009-01-29s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵Michael Adam1-3/+5
requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael
2009-01-16ads_connect: Return immediately on a failed GC connection.Gerald (Jerry) Carter1-3/+14
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc().
2008-12-23Fix more asprintf errors and error code paths.Jeremy Allison1-5/+9
Jeremy.
2008-12-13s3:libads/ldap.c: store the dc name in the saf cache as in all other placesStefan Metzmacher1-3/+2
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
2008-12-13s3:libads/ldap.c: if the client belongs to no site at all any dc is the closestStefan Metzmacher1-0/+5
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
2008-12-13s3:libads/ldap.c: pass the real workgroup name to get_dc_name()Stefan Metzmacher1-1/+10
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
2008-12-13s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP caseStefan Metzmacher1-1/+25
We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
2008-11-24s3:libads/ldap.c: return an error instead of crashing when no realm is givenStefan Metzmacher1-4/+4
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam <obnox@samba.org>
2008-11-18Fix extended DN parse error when AD object does not have a SID.Steven Danneman1-24/+38
Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
2008-11-18Whitespace and >80 column cleanups.Steven Danneman1-12/+12
2008-10-14Use GUID_string rather than smb_uuid_string().Jelmer Vernooij1-2/+2
2008-10-13fix build warnings.Günther Deschner1-1/+1
Guenther
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2
2008-10-04Fix an uninitialized variable found by the IBM CheckerVolker Lendecke1-0/+1
2008-09-24s3-nbt: use the new generated nbt.Günther Deschner1-1/+1
Guenther
2008-08-20libads: remove unused vars.Günther Deschner1-3/+0
Guenther (This used to be commit ea9fc3bea31b11e715d9524defc18b75e5943842)
2008-06-27libads: Add API call to connect to a global catalog server.Gerald W. Carter1-5/+140
Extends ads_connect() to a new call ads_connect_gc() which connects on port 3268 rather than port 389. Also makes ads_try_connect() static and only used internally to ldap.c (This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
2008-06-24libads: add ads_connect_user_creds() that won't overwrite given user creds.Günther Deschner1-0/+12
Guenther (This used to be commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d)
2008-06-17libads: add ads_get_machine_kvno() to make ads_get_kvno() a bit more generic.Günther Deschner1-7/+29
Guenther (This used to be commit cb7ace209c2051ae02647188715fa6ee324c2bf6)
2008-06-17libads: fix logic error in ads_get_kvno().Günther Deschner1-1/+1
Guenther (This used to be commit 132b038581a1a91b4e70c7c44f97f52866609812)
2008-06-17Revert "Fix a memleak in ads_find_dc() in case get_sorted_dc_list() fails"Volker Lendecke1-1/+0
This reverts commit df8d089bc63c2a52cbdf3504cded8df620a59902. (This used to be commit 342f8858200ed7c446516c270e1b4284d92010d8)
2008-06-05Fix a memleak in ads_find_dc() in case get_sorted_dc_list() failsVolker Lendecke1-0/+1
This is really not a proper place to fix this, but as get_gc_list() and friends are about to be replaced anyway, just work around the broken existing API (This used to be commit df8d089bc63c2a52cbdf3504cded8df620a59902)
2008-05-20Cleanup size_t return values in callers of convert_string_allocateTim Prouty1-20/+43
This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
2008-05-15libads/cldap: store client sitename also keyed by dns domain name.Günther Deschner1-0/+1
Guenther (This used to be commit 0388b2f0cc4d14b005c5b42f2c17ddcbc8bef12a)
2008-05-14Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3).Günther Deschner1-5/+5
Guenther (This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477)
2008-05-09cldap: let ads_cldap_netlogon() return all possible cldap replies.Günther Deschner1-1/+1
Guenther (This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
2008-04-26Fix bug 5419: memory leak in ads_do_search_all_args() when enumerating 1000s ↵Steven Danneman1-2/+24
of entries The ads_do_search_all_args() function attempts to string together several LDAPMessage structures, returned across several paged ldap requests, into a single LDAPMessage structure. It does this by pulling entries off the second LDAPMessage structure and appending them to the first via the OpenLDAP specific ldap_add_result_entry() call. The problem with this approach is it skips non-entry messages such as the result, and controls. These messages are leaked. The short term solution as suggested by Volker is to replace the ads_*_entry() calls with ads_*_message() calls so we don't leak any messages. This fixes the leak but doesn't remove the dependence on the OpenLDAP specific implementation of ldap_add_result_entry(). (This used to be commit f1a5405409c396df394611e2a234522572d2860a)
2008-04-21cldap: avoid duplicate definitions so remove ads_cldap.h.Günther Deschner1-4/+4
Guenther (This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
2008-04-21cldap: add talloc context to ads_cldap_netlogon().Günther Deschner1-10/+21
Guenther (This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
2008-04-21libads: Use libnbt for CLDAP reply parsing.Günther Deschner1-12/+12
Guenther (This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
2008-03-28Add ads_check_ou_dn().Günther Deschner1-0/+47
Guenther (This used to be commit 380e9d26db5341d10807ccbfb413d0f53d3ffc71)
2008-03-23Fix Coverity ID 487Volker Lendecke1-0/+1
(This used to be commit 22cee9c1afbc33b4920b72bc81569d79642172af)
2008-03-17Coverity fixesMarc VanHeyningen1-1/+4
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
2008-02-04str_list_free is not needed anymoreVolker Lendecke1-2/+2
(This used to be commit feddc1447d585fd108d22a36bccc576fa81197ef)
2008-02-04Always pass a TALLOC_CTX to str_list_make and str_list_copyVolker Lendecke1-2/+2
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
2008-01-31When running with debug level > 10, dump ads_struct in ads_connect().Günther Deschner1-9/+33
Guenther (This used to be commit 2dd7c64fa8845fe502789068b877f5eaf060afc7)
2008-01-08Do not ignore provided machine_name in ads_get_upn().Günther Deschner1-5/+5
Guenther (This used to be commit ddc1307844379f99b3dde48fc351d0326d22a7ce)
2008-01-04Re-Indent function ldap_open_with_timeout().Michael Adam1-1/+1
This reverts commit #cafda34783f0961c9b463803c19cfcb69f836e3f . I just learned (the hard way) that these indeted functions are not indented by accident but that the intention of this is to not include the prototype into proto.h. Michael (This used to be commit 2e5d01b2146bb9e057b2779d9fe7691ed46d9f45)
2008-01-04Add a debug message (when the LDAP server has really been connected).Michael Adam1-0/+1
Michael (This used to be commit 7d9d2de39072b3291b95ac3965df0d19f83792b9)
2008-01-04Untangle assignment and result check.Michael Adam1-3/+3
Michael (This used to be commit 465a3b356cffb855e26569d3752f15cac07208c0)
2008-01-04Enhance DEBUG-verbosity of ldap_open_with_timeout().Michael Adam1-1/+7
Michael (This used to be commit 9e70d1f24dd304c363a1bde97b5af618b46edc49)
2008-01-04Unindent function header.Michael Adam1-1/+1
Michael (This used to be commit cafda34783f0961c9b463803c19cfcb69f836e3f)
2008-01-04Fix a misleading DEBUG message.Michael Adam1-1/+1
At this stage, the (tcp) connection to the LDAP server has not been established, this is what is about to be attempted. What has been succesfully done, is a CLDAP netlogon query. Michael (This used to be commit 71c3c8ad4c92c5f6267b84ee1d207e5e49e9a4ec)
2008-01-03Add ads_get_joinable_ous().Günther Deschner1-0/+60
Guenther (This used to be commit 5bbceac88159ef6ff83d9cc62c77c7af2116967d)
2007-12-29Make use of [un]marshall_sec_descVolker Lendecke1-9/+11
(This used to be commit 54576733d6c0511dc7379f964b1cb035913b7c8d)