summaryrefslogtreecommitdiff
path: root/source3/libads/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2011-05-05More simple const fixups.Jeremy Allison1-6/+6
2011-04-29s3-libads Move variables into if (socket_wrapper_dir()) where they are used.Andrew Bartlett1-4/+4
2011-04-28s3-libads: Use ldap_init_fd() to connect to AD server in socket_wrapperAndrew Bartlett1-1/+35
This means that we control the connection setup, don't rely on signals for timeouts and the connection uses socket_wrapper where that is required in our test environment. According to bug reports, this method is also used by curl and other tools, so we are not the first to (ab)use the OpenLDAP libs in this way. It is ONLY enabled for socket_wrapper at this time, as this is the best way to get 'make test' working for S3 winbind tests in an S4 domain. Andrew Bartlett
2011-04-28s3-libads Pass a struct sockaddr_storage to cldap routinesAndrew Bartlett1-30/+11
This avoids these routines doing a DNS lookup that has already been done, and ensures that the emulated DNS lookup isn't thrown away. Andrew Bartlett
2011-04-27s3-libads Don't start a DEBUG with 'time'Andrew Bartlett1-1/+1
This strange requirement comes from our subunit test harness. Andrew Bartlett
2011-04-26s3-libads Remove KRB5_DNS_HACKAndrew Bartlett1-12/+0
We have winbindd write a custom krb5.conf or use a kdc locator plugin to do this properly now. Andrew Bartlett
2011-04-22s3: Fix Coverity ID 2336, NULL_RETURNSVolker Lendecke1-0/+4
2011-03-10Quite some callers of sid_split_rid do not care about the ridVolker Lendecke1-2/+1
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3-libads call common GUID_from_ndr_blob()Andrew Bartlett1-19/+17
This does a length-limited check, and so avoids reading beyond the allocated memory if the server sends less than 16 bytes. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20s3-build: only include smbldap.h where needed.Günther Deschner1-0/+1
Guenther
2010-09-15Fix all sid_parse returns to be checked. Tidy up some checks and errorJeremy Allison1-1/+3
messages. Jeremy.
2010-09-07s3/libads: use monotonic clock for ldap connection timeoutsBjörn Jacke1-1/+1
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: move ads_dns out of main includes.Günther Deschner1-0/+1
Guenther
2010-07-01s3-libads: use shared well known guids.Günther Deschner1-1/+1
Guenther
2010-05-31s3: only use netlogon/nbt header when needed.Günther Deschner1-0/+1
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-22/+22
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-3/+4
Guenther
2010-05-06Remove the copy of ldb from Samba 3.Jelmer Vernooij1-1/+0
There were two utility functions that other parts of Samba 3 still relied on; they have been moved to lib/ldb_compat.[ch].
2010-04-27s3:libads/ldap.c - fix a build breakageMatthias Dieter Wallnöfer1-2/+2
2010-03-02s3:ads fix dn parsing name was always nullSimo Sorce1-19/+16
While there also use ldap_exploded_dn instead of ldb_dn_validate() so we can remove a huge dependency that is hanging there only for one very minor marginal use. Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-0/+1
2010-02-23s3-libads: Remove obsolete signal type cast.Andreas Schneider1-5/+5
2009-12-04s3: bug #6967: Prevent glibc error on net ads join:Jim McDonough1-1/+1
talloc()ed memory should not be SAFE_FREE()ed. Signed-off-by: Jim McDonough <jmcd@samba.org>
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-12/+25
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-05-31Fix some nonempty blank linesVolker Lendecke1-60/+59
2009-05-28Add smbldap_pull_sidVolker Lendecke1-13/+1
2009-04-23samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB:Jelmer Vernooij1-10/+9
* ldb_dn_new() now takes an initial DN string * ldb_dn_string_compose() -> ldb_dn_new_fmt() * dummy ldb_dn_validate(), since LDB DNs in the current implementation are always valid if they could be created.
2009-04-23ldb/samba3: Support event context argument to ldb_init().Jelmer Vernooij1-0/+3
This argument is ignored (Samba3's LDB is synchronous) but having it there is useful for API compatibility with the LDB used by Samba 4 and available on some systems.
2009-04-22Add comment explaining the previous fix.Jeremy Allison1-0/+6
Jeremy.
2009-04-22Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison1-0/+4
LDAP_SUCCESS but not returning a result. Jeremy
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett1-8/+8
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner1-8/+8
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-40/+29
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-02-05s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads".Karolin Seeger1-1/+1
Karolin
2009-01-29s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵Michael Adam1-3/+5
requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael
2009-01-16ads_connect: Return immediately on a failed GC connection.Gerald (Jerry) Carter1-3/+14
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc().
2008-12-23Fix more asprintf errors and error code paths.Jeremy Allison1-5/+9
Jeremy.
2008-12-13s3:libads/ldap.c: store the dc name in the saf cache as in all other placesStefan Metzmacher1-3/+2
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
2008-12-13s3:libads/ldap.c: if the client belongs to no site at all any dc is the closestStefan Metzmacher1-0/+5
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
2008-12-13s3:libads/ldap.c: pass the real workgroup name to get_dc_name()Stefan Metzmacher1-1/+10
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
2008-12-13s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP caseStefan Metzmacher1-1/+25
We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
2008-11-24s3:libads/ldap.c: return an error instead of crashing when no realm is givenStefan Metzmacher1-4/+4
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam <obnox@samba.org>
2008-11-18Fix extended DN parse error when AD object does not have a SID.Steven Danneman1-24/+38
Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
2008-11-18Whitespace and >80 column cleanups.Steven Danneman1-12/+12
2008-10-14Use GUID_string rather than smb_uuid_string().Jelmer Vernooij1-2/+2
2008-10-13fix build warnings.Günther Deschner1-1/+1
Guenther
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2