Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
|
|
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.
For CLDAP we need to use get_sorted_dc_list() to avoid recursion.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
|
|
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex
and "disable netbios = yes".
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Some AD objects, like Exchange Public Folders, can be members of Security
Groups but do not have a SID attribute. This patch adds more granular return
errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse
error occured because of bad input, or the DN was valid but contained no SID.
I updated all callers to ignore SIDless objects when appropriate.
Also did some cleanup to the out paths of lookup_usergroups_memberof()
|
|
|
|
|
|
Guenther
|
|
|
|
|
|
Guenther
|
|
Guenther
(This used to be commit ea9fc3bea31b11e715d9524defc18b75e5943842)
|
|
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389. Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
|
|
Guenther
(This used to be commit 026018c9f1ed0680b3ca5b26dd6b8dc466e27e0d)
|
|
Guenther
(This used to be commit cb7ace209c2051ae02647188715fa6ee324c2bf6)
|
|
Guenther
(This used to be commit 132b038581a1a91b4e70c7c44f97f52866609812)
|
|
This reverts commit df8d089bc63c2a52cbdf3504cded8df620a59902.
(This used to be commit 342f8858200ed7c446516c270e1b4284d92010d8)
|
|
This is really not a proper place to fix this, but as get_gc_list() and friends
are about to be replaced anyway, just work around the broken existing API
(This used to be commit df8d089bc63c2a52cbdf3504cded8df620a59902)
|
|
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
|
|
Guenther
(This used to be commit 0388b2f0cc4d14b005c5b42f2c17ddcbc8bef12a)
|
|
Guenther
(This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477)
|
|
Guenther
(This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
|
|
of entries
The ads_do_search_all_args() function attempts to string together several
LDAPMessage structures, returned across several paged ldap requests, into a
single LDAPMessage structure. It does this by pulling entries off the second
LDAPMessage structure and appending them to the first via the OpenLDAP specific
ldap_add_result_entry() call.
The problem with this approach is it skips non-entry messages such as the
result, and controls. These messages are leaked.
The short term solution as suggested by Volker is to replace the ads_*_entry()
calls with ads_*_message() calls so we don't leak any messages.
This fixes the leak but doesn't remove the dependence on the OpenLDAP specific
implementation of ldap_add_result_entry().
(This used to be commit f1a5405409c396df394611e2a234522572d2860a)
|
|
Guenther
(This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
|
|
Guenther
(This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
|
|
Guenther
(This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
|
|
Guenther
(This used to be commit 380e9d26db5341d10807ccbfb413d0f53d3ffc71)
|
|
(This used to be commit 22cee9c1afbc33b4920b72bc81569d79642172af)
|
|
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
|
|
(This used to be commit feddc1447d585fd108d22a36bccc576fa81197ef)
|
|
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
|
|
Guenther
(This used to be commit 2dd7c64fa8845fe502789068b877f5eaf060afc7)
|
|
Guenther
(This used to be commit ddc1307844379f99b3dde48fc351d0326d22a7ce)
|
|
This reverts commit #cafda34783f0961c9b463803c19cfcb69f836e3f .
I just learned (the hard way) that these indeted functions
are not indented by accident but that the intention of this
is to not include the prototype into proto.h.
Michael
(This used to be commit 2e5d01b2146bb9e057b2779d9fe7691ed46d9f45)
|
|
Michael
(This used to be commit 7d9d2de39072b3291b95ac3965df0d19f83792b9)
|
|
Michael
(This used to be commit 465a3b356cffb855e26569d3752f15cac07208c0)
|
|
Michael
(This used to be commit 9e70d1f24dd304c363a1bde97b5af618b46edc49)
|
|
Michael
(This used to be commit cafda34783f0961c9b463803c19cfcb69f836e3f)
|
|
At this stage, the (tcp) connection to the LDAP server has not
been established, this is what is about to be attempted. What
has been succesfully done, is a CLDAP netlogon query.
Michael
(This used to be commit 71c3c8ad4c92c5f6267b84ee1d207e5e49e9a4ec)
|
|
Guenther
(This used to be commit 5bbceac88159ef6ff83d9cc62c77c7af2116967d)
|
|
(This used to be commit 54576733d6c0511dc7379f964b1cb035913b7c8d)
|
|
(This used to be commit ced0c42f055a672f6b4ab6ba809b0f63c83b431e)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
Sorry - could not resist. Michael
(This used to be commit 1000c98eae0886dbdf60beb1fe64d66ec009746b)
|
|
Jeremy.
(This used to be commit f9c8d62389f8cb47837e5360209936176537df13)
|
|
(This used to be commit 1fab16ffb888cd4ec18e52d9da33976a67a5d104)
|
|
Jeremy.
(This used to be commit 809f5ab4c595740b28425e1667e395a6058b76a8)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|