summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2009-02-09s3-rpcclient: use srv_name_slash instead of formating servername again and ↵Günther Deschner1-4/+3
again. Guenther
2009-02-06s3-spoolss: use rpccli_spoolss_ClosePrinter.Günther Deschner1-1/+1
Guenther
2009-02-06s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner1-36/+6
Guenther
2009-02-05s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads".Karolin Seeger1-1/+1
Karolin
2009-02-03s3-kerberos: use KRB5_KT_KEY compat macro.Günther Deschner1-7/+1
Guenther
2009-02-03s3-kerberos: fix ads_dedicated_keytab_verify_ticket with heimdal.Günther Deschner1-3/+10
Guenther
2009-02-03Revert "fix for commit d96248a9b46 which broke Heimdal builds"Günther Deschner1-6/+0
This does not build. This reverts commit af736923a541df1a37afeb72b8a5652932c4c69c.
2009-02-02fix for commit d96248a9b46 which broke Heimdal buildsBjörn Jacke1-0/+6
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-17/+112
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-29s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵Michael Adam1-3/+5
requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael
2009-01-16ads_connect: Return immediately on a failed GC connection.Gerald (Jerry) Carter1-3/+14
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc().
2009-01-16s3:libads: use lock_path for creating paths to local krb5.conf filesMichael Adam1-2/+3
instead of manually doing an asprintf with lp_lockdir() Michael squash
2009-01-16s3:libads: give create_local_private_krb5_conf_for_domain() a common exit pointMichael Adam1-30/+20
Michael
2009-01-04Async wrapper for open_socket_out_send/recvVolker Lendecke1-12/+19
2009-01-03open_socket_out is always used with SOCK_STREAM, remove argument "type"Volker Lendecke1-1/+1
2008-12-31Replace a static variable and alarm() calls by using sys_select()Volker Lendecke1-23/+24
Günther, please check!
2008-12-31Fix some nonempty blank linesVolker Lendecke1-5/+5
2008-12-30Fix more "ignore return value" warnings from gcc 4.3.Jeremy Allison1-9/+22
Jeremy
2008-12-23Fix more asprintf warnings and some error path errors.Jeremy Allison1-2/+10
Jeremy.
2008-12-23More asprintf warning fixes.Jeremy Allison3-8/+28
Jeremy.
2008-12-23More asprintf warning fixes.Jeremy Allison1-9/+18
Jeremy.
2008-12-23Fix more asprintf errors and error code paths.Jeremy Allison2-9/+31
Jeremy.
2008-12-13s3:libads/ldap.c: store the dc name in the saf cache as in all other placesStefan Metzmacher1-3/+2
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
2008-12-13s3:libads/ldap.c: if the client belongs to no site at all any dc is the closestStefan Metzmacher1-0/+5
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
2008-12-13s3:libads/ldap.c: pass the real workgroup name to get_dc_name()Stefan Metzmacher1-1/+10
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
2008-12-13s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP caseStefan Metzmacher1-1/+25
We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
2008-12-13s3: correctly detect if the current dc is the closest oneStefan Metzmacher1-1/+0
ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
2008-12-03s3: Change sockaddr util function names for consistencyTim Prouty1-3/+3
Also eliminates name conflicts with OneFS system libraries
2008-12-02s3-net: allow to list a keytab generated using net rpc vampire.Günther Deschner1-2/+5
Guenther
2008-11-24s3:libads/ldap.c: return an error instead of crashing when no realm is givenStefan Metzmacher1-4/+4
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam <obnox@samba.org>
2008-11-18Fix extended DN parse error when AD object does not have a SID.Steven Danneman1-24/+38
Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
2008-11-18Whitespace and >80 column cleanups.Steven Danneman1-12/+12
2008-11-01Rename dos_errstr() to win_errstr() for consistency with Samba 4.Jelmer Vernooij1-3/+3
2008-10-23Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij1-4/+5
otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner2-96/+110
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner2-7/+7
Guenther
2008-10-20s3-build: no need to duplicate generated ndr_ prototypes.Günther Deschner1-0/+1
Guenther
2008-10-19Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij1-1/+1
Samba 4.
2008-10-15kerberos: fix some heimdal build warnings.Günther Deschner1-4/+4
Guenther
2008-10-14Use GUID_string rather than smb_uuid_string().Jelmer Vernooij2-6/+6
2008-10-13fix build warnings.Günther Deschner1-1/+1
Guenther
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-2/+2
2008-10-04Fix an unlikely memleak found by the IBM checkerVolker Lendecke1-0/+2
2008-10-04Fix an uninitialized variable found by the IBM CheckerVolker Lendecke1-0/+1
2008-10-02The IRIX compiler does not like embedded unnamed unionsVolker Lendecke1-1/+1
2008-09-24s3-nbt: use the new generated nbt.Günther Deschner2-99/+20
Guenther
2008-09-23s3: fix NETLOGON_NT_VERSION version flags.Günther Deschner1-10/+10
Guenther
2008-09-23s3: use samba4 prototype for ndr_push/pull_struct_blob.Günther Deschner2-8/+8
Guenther
2008-09-16* Allow an admin to define the "uid" attribute for a RFC2307Gerald (Jerry) Carter1-3/+12
user object in AD to be the username alias. For example: $ net ads search "(uid=coffeedude)" distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org sAMAccountName: gcarter memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org uid: coffeedude uidNumber: 10000 gidNumber: 10000 unixHomeDirectory: /home/gcarter loginShell: /bin/bash $ ssh coffeedude@192.168.56.91 Password: coffeedude@orville:~$ id uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers) $ getent passwd PINK\\gcarter coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent passwd coffeedude coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent group PINK\\Unixusers PINK\unixusers:x:10000:coffeedude