summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2003-07-03Fix bug in doxygen comments for ads search functions.Tim Potter1-4/+4
(This used to be commit ae6c05ea726da13fc1a18398d1ffe56f34e1edb9)
2003-06-30Fix shadow variable warnings.Tim Potter1-8/+8
(This used to be commit 5ffb8e0920be2da19ac3f442b9bf56c159011822)
2003-06-25* fix typos in a few debug statementsGerald Carter1-3/+9
* check negative connection cache before ads_try_connect() in ads_find_dc() (This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
2003-06-25large change:Gerald Carter2-120/+48
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-23* s/get_dc_name/rpc_dc_name/g (revert a previous change)Gerald Carter1-0/+3
* move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
2003-06-16we need to call ads_first_entry() before using a ldap result,Andrew Tridgell1-5/+12
otherwise we can segv or return garbage (This used to be commit d1316656b03e2bc85263b65d24977923ee6f39b7)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-06-13Fix shadow variable warning.Tim Potter1-4/+4
(This used to be commit c22a4074bd2b998339826ba629fe48153639ec18)
2003-06-10added an auth flag that indicates if we should be allowed to fallbackAndrew Tridgell1-1/+4
to NTLMSSP for SASL if krb5 fails. This is important as otherwise the admin may think that a join has succeeeded when kerberos is actually broken. (This used to be commit 23a6ea385c4aea208adf36f039244bee14f56a33)
2003-06-06No matter how special this session key is, it's not worth a level 0.Andrew Bartlett1-2/+4
Hide it behind a level 10, with #ifdef DEBUG_PASSWORD instead. Andrew Bartlett (This used to be commit 9d4e327850fb00083241f3e68f866590c44e1823)
2003-05-30More on bug 137: rename more of krb5_xxx functions to not start with krb5_Jim McDonough1-1/+1
(This used to be commit 10f1da3f4a9680a039a2aa26301b97e31c06c38d)
2003-05-30More on bug 137: rename remainder of krb5_xxx functions to not start with krb5_Jim McDonough1-11/+11
(This used to be commit 4169de6d8fb1b13de3892ec787886cc1543736a1)
2003-05-30Fix bug #137: krb5_set_password is already defined in MIT 1.3 libs, soJim McDonough1-5/+6
we wouldn't build. (This used to be commit 0e9836c4e9e71494b10d71a5f3d5f7da2888c5ef)
2003-05-15Patch from Luke Howard <lukeh@PADL.COM> to recognise local groups.Jeremy Allison1-0/+2
Jeremy. (This used to be commit d7a23afe14b0d3ad8ecb7d994768705a32055d9a)
2003-05-04Patch from Ken Cross to allow an ADS domain join with a username of the formAndrew Bartlett1-1/+1
user@realm, where realm might not be the realm we are joining. Andrew Bartlett (This used to be commit 00e08efb5cd21bf42be9125d3188efbf9d13b8b7)
2003-04-24Revert patch - we need to try the NTLMSSP code below...Andrew Bartlett1-9/+4
Andrew Bartlett (This used to be commit 317158972ec944742ba47b213999def9abbf7452)
2003-04-24Use the kerberos error from ads_kinit_password() in the return value fromAndrew Bartlett1-4/+9
our SASL code - help in printing a useful error message. Andrew Bartlett (This used to be commit 984321bfab79a1ff20b504e115e94bd6270f0196)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett3-7/+11
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-21Add const, static and fix a double free() (merge from HEAD).Andrew Bartlett1-6/+5
(This used to be commit 9ba88c7314168b87b72a7e9dc3c7588dcce86893)
2003-04-16Move PAC decoding over from HEAD.Jim McDonough1-0/+6
(This used to be commit b0fd4e5555dd93c584cd86eaac080663b9e4031f)
2003-04-15Change variable name to get this working on gcc 3.2 (Merge from HEAD)Jelmer Vernooij2-38/+38
(This used to be commit d49113caef6057905f0f5233ea3085ca5722e742)
2003-04-13This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+614
used to be commit 381649916ecbaddefbb6ee0e6137b7cc73eb54b1)
2003-04-09Complete what I've seen (and then some)t of the PAC.Jim McDonough1-5/+124
I haven't seen the rid+attr arrays for group membership, nor sids or the same kind of arrays for resource domains, so I don't know how that will work. Also, the PAC info type 10 is now decoded, but I don't know what it's for. It has an NTTIME, a 16-bit name length, and a username. According to M$, it's not needed, because they didn't doc it... (This used to be commit 28ab8504cf6c181866106e5cc626a5896283d0a9)
2003-04-07Decode the PAC! This patch just decodes it and then frees it, so it's justJim McDonough2-0/+501
for doc purposes right now (you can see it in the debug logs). (This used to be commit 046c2087a11b9ce7a02aece34ffb129ce0d66b08)
2003-03-25- Support building all auth modules as .so'sJelmer Vernooij2-38/+38
- Change 2 variable names to avoid conflicts (patch by Stephan Kulow <coolo@kde.org>) (This used to be commit 71b05cd14ae6df8340730e7bad1c783dc278c5d3)
2003-03-17Merge from HEAD:Andrew Bartlett1-37/+29
net ads password Heimdal compile fixes. Andrew Bartlett (This used to be commit 3aa4f923e99f453310bb4a8d43ce43757591909d)
2003-03-17The kerberos_verify compoenent of the SessionSetup sync with HEAD.Andrew Bartlett1-6/+26
Andrew Bartlett (This used to be commit 64796ed27a3842be1dde52dd4f46698e95961767)
2003-03-17merge from HEAD - dump tokenGroups as sids.Andrew Bartlett1-0/+1
(This used to be commit f0daa15521e6352e25aa998f7e682f448e0fe51a)
2003-03-16Changes to help the kerberos change password code work on systems thatAndrew Bartlett1-37/+29
have some of the labels 'duplicated' (ie, the defines double-up). Also, to an ads_connect() to try and find our KDC. (So we don't segfualt *every* time) Andrew Bartlett (This used to be commit 56dce7ddad118051c93c62507234efca3920bc9b)
2003-03-12 - Fix a double-free (I can't say I understand the code, but it matches the ↵Andrew Bartlett1-6/+5
other cases and keeps valgrind quiet). - Add static Andrew Bartlett (This used to be commit e9da9c500b96a828d744e7a1c64427fc01153310)
2003-03-05More const fixes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 7b945e10a6c636c0b0aabc841803bf44405cb2ae)
2003-03-05More const fixes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit fa93763248f2043395e4cfc70b8afd81e28b2b75)
2003-02-25tokenGroups are SIDs, so dump them as such.Andrew Bartlett1-0/+1
(This used to be commit 43f07e9de70ad9993265e28a54239caba0121ab6)
2003-02-24Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett1-6/+26
keys for kerberos authentication. Andrew Bartlett (This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
2003-02-24Always initialiseAndrew Bartlett1-2/+2
(This used to be commit ff2b5b2f85f2d9dade67077cea1b68719cf65352)
2003-02-24Make sure these values are never uninitialsised.Andrew Bartlett1-2/+2
(This used to be commit eacb8dde7afa16d86586c6c896ffb6692dc53bf6)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett4-146/+351
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-02-22Fix a DEBUG() formatting, add some more debug to our SID pulling code andAndrew Bartlett1-18/+33
inline the call to prs_copy_all_data_out() so that we can know we are not overrunning our buffer. Also check more return values. Andrew Bartlett (This used to be commit e3b73d5d658584428c81c9ef3ccf024687a56e2f)
2003-02-19libads/krb5_setpw.cJim McDonough1-1/+2
(This used to be commit 4c52d7bd933f61bdba3d4159a204fe16db3d4f0f)
2003-02-19Sync with HEAD for verifying kerberos tickets.Jim McDonough1-14/+31
(This used to be commit 77e1178a888f0d380a5ef94911a8f07bf04a7ba3)
2003-02-19Fix segv in net ads join...an extra & was the culpritJim McDonough1-1/+1
(This used to be commit 1a9050a6fe419e14fc82674d34cc4685a7532059)
2003-02-19Fix segv in net ads join...an extra & was the culpritJim McDonough1-1/+1
(This used to be commit 9874b233d55a0b1aea7eb033848f4b63a531833b)
2003-02-19Merge minor library fixes from HEAD to 3.0.Andrew Bartlett3-19/+50
- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2003-02-19Check return values of various join-related functions, and ensure we alwaysAndrew Bartlett1-9/+16
compare push_* returns with (size_t)-1, not < 0. Andrew Bartlett (This used to be commit 63f5e92536c6bcac54b796d6e91b755e7d328f66)
2003-02-19Try to get heimdal working with HEAD.Jim McDonough1-20/+7
- Provide generic functions for - get valid encryption types - free encryption types - Add encryption type parm to generic function create_kerberos_key_from_string() - Try to merge the two versions (between HEAD and SAMBA_3_0) of kerberos_verify.c I think this should work for both MIT and heimdal, in HEAD. If all goes smooth, I'll move it over to 3.0 soon... (This used to be commit 45e409fc8da9f26cf888e13d004392660d7c55d4)
2003-02-18Fix of two warnings.Rafal Szczesniak1-5/+3
pull_ucs2_talloc function takes char** pointer, not (here explicitly casted) void** one. Rafal (This used to be commit e77c44efd95d42a8194f5c3d36c043f8e84dfd1d)
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett4-132/+337
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-5/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-5/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
2003-02-12Merging from HEAD - add a note about a better method for finding netbios ↵Jeremy Allison1-0/+7
name of workgroup (not implemented yet) Jeremy. (This used to be commit c0eab99753032f5f49bc7adeb1ff95eceb6fe0fe)