Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-07-28 | (Hopefully) fix the problem Kai reported with | Jeremy Allison | 1 | -1/+1 | |
net ads leave and IPv6. Ensure all DC lookups prefer IPv4. Jeremy. | |||||
2009-07-28 | Added prefer_ipv4 bool parameter to resolve_name(). | Jeremy Allison | 1 | -12/+25 | |
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy. | |||||
2009-07-15 | Remove gencache_init/shutdown | Volker Lendecke | 1 | -8/+0 | |
gencache_get/set/del/iterate call gencache_init() internally anyway. And we've been very lazy calling gencache_shutdown, so this seems not really required. | |||||
2009-07-09 | Make escape_ldap_string take a talloc context | Volker Lendecke | 1 | -3/+3 | |
2009-06-08 | Replace the "ipv4" specific strings in libcli/cldap/cldap.c with "ip". CLDAP can | Jeremy Allison | 1 | -15/+6 | |
run over IPv4/IPv6, even though some of the netlogon messages are IPv4 specific. Fix the new ads_cldap_netlogon() to be IPv6/IPv4 agnostic. This compiles but I don't have a good test env. for this (although as the previous code was *completely* broken over IPv6 this will expose previously hidden bugs if it's broken :-). Jeremy. | |||||
2009-05-31 | Fix some nonempty blank lines | Volker Lendecke | 1 | -60/+59 | |
2009-05-30 | Move ads flags mapping to lib/ | Volker Lendecke | 1 | -133/+5 | |
2009-05-28 | Make sid_binstring & friends take a talloc context | Volker Lendecke | 1 | -2/+2 | |
2009-05-28 | Add smbldap_pull_sid | Volker Lendecke | 1 | -13/+1 | |
2009-04-28 | s3-cldap: check for zero ip address in ads_cldap_netlogon(). | Günther Deschner | 1 | -0/+7 | |
Guenther | |||||
2009-04-27 | s3:registry: replace typedef REGISTRY_VALUE by struct regval_blob | Michael Adam | 1 | -8/+8 | |
Michael | |||||
2009-04-27 | s3:registry: replace typedef REGVAL_CTR by struct regval_ctr. | Michael Adam | 1 | -1/+1 | |
This paves the way for hiding the typedef and the implementation from the surface. Michael | |||||
2009-04-23 | samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB: | Jelmer Vernooij | 1 | -10/+9 | |
* ldb_dn_new() now takes an initial DN string * ldb_dn_string_compose() -> ldb_dn_new_fmt() * dummy ldb_dn_validate(), since LDB DNs in the current implementation are always valid if they could be created. | |||||
2009-04-23 | ldb/samba3: Support event context argument to ldb_init(). | Jelmer Vernooij | 1 | -0/+3 | |
This argument is ignored (Samba3's LDB is synchronous) but having it there is useful for API compatibility with the LDB used by Samba 4 and available on some systems. | |||||
2009-04-23 | Fix coverity #901 - uninitialized data. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2009-04-22 | Add comment explaining the previous fix. | Jeremy Allison | 1 | -0/+6 | |
Jeremy. | |||||
2009-04-22 | Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵ | Jeremy Allison | 1 | -0/+4 | |
LDAP_SUCCESS but not returning a result. Jeremy | |||||
2009-04-20 | Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() if | Jelmer Vernooij | 1 | -1/+1 | |
the system one is broken. | |||||
2009-04-20 | Make gpo_ldap.c compatible with samba 4. Add ads_get_ldap_server_name() ↵ | Wilco Baan Hofman | 1 | -0/+5 | |
function to samba 3. Move prototypes to root libgpo where appropriate. gpo_ldap.c now compiles for both samba 3 and 4. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-04-14 | Convert Samba3 to use the common lib/util/charset API | Andrew Bartlett | 1 | -8/+8 | |
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett | |||||
2009-04-07 | s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context | Andrew Bartlett | 4 | -21/+22 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-04-07 | s3-libads: avoid NULL talloc context with ads_get_dn(). | Günther Deschner | 1 | -8/+8 | |
Guenther | |||||
2009-04-06 | s3:libads Make ads_get_dn() take a talloc context | Andrew Bartlett | 1 | -40/+29 | |
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-03-20 | s3-krb5: Fix Coverity #762 (REVERSE_INULL). | Günther Deschner | 1 | -6/+6 | |
Guenther | |||||
2009-03-19 | s3:libads: use libcli/cldap code | Stefan Metzmacher | 1 | -229/+67 | |
metze | |||||
2009-03-19 | fix build on old Heimdal based systems | Björn Jacke | 1 | -5/+3 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-03-18 | s3: remove POLICY_HND. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-03-18 | s3-spoolss: use rpccli_spoolss_enumprinterdataex in ldap_printer.c. | Günther Deschner | 1 | -26/+43 | |
Guenther | |||||
2009-03-01 | Eliminate two duplicate SEC_ACE_TYPE constants already provided by | Jelmer Vernooij | 1 | -4/+4 | |
security.idl. | |||||
2009-02-10 | s3-rpcclient: use rpccli_spoolss_openprinter_ex helper. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2009-02-10 | s3-spoolss: fix memleak in get_remote_printer_publishing_data(). | Günther Deschner | 1 | -2/+8 | |
Guenther | |||||
2009-02-09 | s3-rpcclient: use srv_name_slash instead of formating servername again and ↵ | Günther Deschner | 1 | -4/+3 | |
again. Guenther | |||||
2009-02-06 | s3-spoolss: use rpccli_spoolss_ClosePrinter. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-02-06 | s3: use pidl to pull a KRB5_EDATA_NTSTATUS. | Günther Deschner | 1 | -36/+6 | |
Guenther | |||||
2009-02-05 | s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads". | Karolin Seeger | 1 | -1/+1 | |
Karolin | |||||
2009-02-03 | s3-kerberos: use KRB5_KT_KEY compat macro. | Günther Deschner | 1 | -7/+1 | |
Guenther | |||||
2009-02-03 | s3-kerberos: fix ads_dedicated_keytab_verify_ticket with heimdal. | Günther Deschner | 1 | -3/+10 | |
Guenther | |||||
2009-02-03 | Revert "fix for commit d96248a9b46 which broke Heimdal builds" | Günther Deschner | 1 | -6/+0 | |
This does not build. This reverts commit af736923a541df1a37afeb72b8a5652932c4c69c. | |||||
2009-02-02 | fix for commit d96248a9b46 which broke Heimdal builds | Björn Jacke | 1 | -0/+6 | |
2009-02-01 | Add two new parameters to control how we verify kerberos tickets. Removes ↵ | Dan Sledz | 1 | -17/+112 | |
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket. | |||||
2009-01-29 | s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵ | Michael Adam | 1 | -3/+5 | |
requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael | |||||
2009-01-16 | ads_connect: Return immediately on a failed GC connection. | Gerald (Jerry) Carter | 1 | -3/+14 | |
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc(). | |||||
2009-01-16 | s3:libads: use lock_path for creating paths to local krb5.conf files | Michael Adam | 1 | -2/+3 | |
instead of manually doing an asprintf with lp_lockdir() Michael squash | |||||
2009-01-16 | s3:libads: give create_local_private_krb5_conf_for_domain() a common exit point | Michael Adam | 1 | -30/+20 | |
Michael | |||||
2009-01-04 | Async wrapper for open_socket_out_send/recv | Volker Lendecke | 1 | -12/+19 | |
2009-01-03 | open_socket_out is always used with SOCK_STREAM, remove argument "type" | Volker Lendecke | 1 | -1/+1 | |
2008-12-31 | Replace a static variable and alarm() calls by using sys_select() | Volker Lendecke | 1 | -23/+24 | |
Günther, please check! | |||||
2008-12-31 | Fix some nonempty blank lines | Volker Lendecke | 1 | -5/+5 | |
2008-12-30 | Fix more "ignore return value" warnings from gcc 4.3. | Jeremy Allison | 1 | -9/+22 | |
Jeremy | |||||
2008-12-23 | Fix more asprintf warnings and some error path errors. | Jeremy Allison | 1 | -2/+10 | |
Jeremy. |