summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17943: The horror, the horror. Add KDC site support byJeremy Allison3-2/+59
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10r17942: Jerry is right - when no site support is enabledJeremy Allison1-6/+11
the client sitename is "Default-First-Site-Name". Treat this as a blank site (no site configured). Jeremy. (This used to be commit 5c46381bd7dd1b3f11f427d111ded0b76fc1bec8)
2007-10-10r17937: Move the saf_ cache into the tcp ad connection code.Jeremy Allison1-5/+5
Cause winbindd to set site support before doing the generic AD server lookup. Jeremy. (This used to be commit a9833941715472ece747bce69ef53ba8ad98d7a5)
2007-10-10r17929: Ok, I think I finally figured out where to putJeremy Allison1-1/+20
the code to redo the CLDAP query to restrict DC DNS lookups to the sitename. Jerry, please check to stop me going insane :-). Jeremy. (This used to be commit 8d22cc111579c57aec65be8884b41564b79b133a)
2007-10-10r17928: Implement the basic store for CLDAP sitenameJeremy Allison3-7/+99
support when looking up DC's. On every CLDAP call store the returned client sitename (if present, delete store if not) in gencache with infinate timeout. On AD DNS DC lookup, try looking for sitename DC's first, only try generic if sitename DNS lookup failed. I still haven't figured out yet how to ensure we fetch the sitename with a CLDAP query before doing the generic DC list lookup. This code is difficult to understand. I'll do some experiments and backtraces tomorrow to try and work out where to force a CLDAP site query first. Jeremy. (This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
2007-10-10r17910: remove incorrect comment (code has already been fixed)Gerald Carter1-3/+0
(This used to be commit 9810d74e171542408eea3ec22a0ebb57a9e1e87e)
2007-10-10r17901: Stanford checker fix. cookie here can't be null or we'dJeremy Allison1-1/+1
deref null. Make interface explicit. Jeremy. (This used to be commit 4e99606ec16b978a76219b5362a23a7b06ee5468)
2007-10-10r17899: Fix Stanford checker bug - possible null deref.Jeremy Allison1-2/+5
Jeremy. (This used to be commit e77949175144cbe4cfa58788d13acc704eebc251)
2007-10-10r17881: Another microstep towards better error reporting: Make ↵Volker Lendecke1-8/+12
get_sorted_dc_list return NTSTATUS. If we want to differentiate different name resolution problems we might want to introduce yet another error class for Samba-internal errors. Things like no route to host to the WINS server, a DNS server explicitly said host not found etc might be worth passing up. Because we can not stash everything into the existing NT_STATUS codes, what about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP? Volker (This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
2007-10-10r17854: Steal the LDAP in NTSTATUS trick from Samba4Volker Lendecke1-4/+1
Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 91878f9b6fbe5187fb7d0464008ea0abe7f11a73)
2007-10-10r17798: Beginnings of a standalone libaddns library released underGerald Carter1-3/+3
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>. Additional work by me. It's still got some warts, but non-secure updates do currently work. There are at least four things left to really clean up. 1. Change the memory management to use talloc() rather than malloc() and cleanup the leaks. 2. Fix the error code reporting (see initial changes to dnserr.h) 3. Fix the secure updates 4. Define a public interface in addns.h 5. Move the code in libads/dns.c into the libaddns/ directory (and under the LGPL). A few notes: * Enable the new code by compiling with --with-dnsupdate * Also adds the command 'net ads dns register' * Requires -luuid (included in the e2fsprogs-devel package). * Has only been tested on Linux platforms so there may be portability issues. (This used to be commit 36f04674aeefd93c5a0408b8967dcd48b86fdbc1)
2007-10-10r17795: Finally track down the "ads_connect: Interrupted system call"Gerald Carter1-2/+33
error. Fix our DNS SRV lookup code to deal with multi-homed hosts. We were noly remembering one IP address per host from the Additional records section in the SRV response which could have been an unreachable address. (This used to be commit 899179d2b9fba13cc6f4dab6efc3c22e44e062bc)
2007-10-10r17677: There is no need for a 2nd krb5_to_nt_status function, is there?Günther Deschner2-1/+2
Michael Adam/Volker, please check. Guenther (This used to be commit d0feb85781f69325ee70aff98370cfac037c4cc2)
2007-10-10r17626: Some C++ WarningsVolker Lendecke2-2/+4
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
2007-10-10r17606: Introduce krb5_to_ntstatus.Volker Lendecke1-18/+17
Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 6e641c90b8f52a822a83701cdf305c60416d7f0c)
2007-10-10r17589: Check in the really uncontroversial patch from MichaelVolker Lendecke1-0/+5
(This used to be commit de76217cfb9d20431189e838999a634e4de067a9)
2007-10-10r17551: Move some DEBUG to d_printf in interactive functions and returnVolker Lendecke1-1/+1
NO_LOGON_SERVERS if no domain controller was found. Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit d44599de3a61707a32851f37ddfb2425949622f8)
2007-10-10r17536: Add a debug message citing the reason why an LDAP connection failed, ↵Volker Lendecke1-0/+5
inspired by Christian M Ambach <CAMBACH1@de.ibm.com>. Volker (This used to be commit cf7c83d462dc766fa6f48728d0a4e8d534cc2bd4)
2007-10-10r17535: Reformatting, this had many tabs instead of ^$Volker Lendecke1-6/+6
(This used to be commit 0f483cf66c203d8590998b83cbeeb236ba06ab63)
2007-10-10r17345: Some C++ warningsVolker Lendecke1-1/+2
(This used to be commit 21c8fa2fc8bfd35d203b089ff61efc7c292b4dc0)
2007-10-10r17242: BUG 3957: make sure to zero memory in the SRV hostlist in case there ↵Gerald Carter1-1/+1
is not an A record for each SRV name (This used to be commit 42608b8bb974e1bd88cf2105bf1774622c045458)
2007-10-10r17239: BUG 3959: patch from William Charles <william@charles.name> to fix a ↵Gerald Carter1-7/+1
segv in the DNS SRV lookups dur to calling rand() (This used to be commit be12519fd8a7ccd8400fd298e05921eda56b4e16)
2007-10-10r17146: Starting to cleanout my local tree someGerald Carter1-16/+199
* add code to lookup NS records (in prep for later coe that does DNS updates as part of the net ads join) (This used to be commit 36d4970646638a2719ebb05a091c951183535987)
2007-10-10r17089: Fix a possible null dereference and some memleaks.Volker Lendecke2-0/+8
Jerry, please check. Thanks, Volker (This used to be commit b87c4952216b6302b0e1f22689b5a36b6aa65349)
2007-10-10r17003: Fix coverity #303 - possible null deref. Jerry pleaseJeremy Allison1-0/+1
check this is your new code. Jeremy. (This used to be commit 144067783d1c56b574911532f074bdaa7cea9c6e)
2007-10-10r16957: fix cut-n-paste error. The check for 'if (\!salt)' make no sense ↵Gerald Carter1-5/+0
when fetching the DES salting principal (This used to be commit baf554c7934cbd591635196453c19d402358e073)
2007-10-10r16955: Fix an uninitialized var -- Jerry, please check.Volker Lendecke1-2/+2
(This used to be commit bf701f51294dacd0d4077b5304772c40119460eb)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter5-734/+510
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison3-6/+9
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16862: Reverting accidential changes in ads_try_connect() from previous commit.Günther Deschner1-2/+2
Guenther (This used to be commit 6257f9af93f2391940b2c60fe39c0bf106de15dd)
2007-10-10r16861: Fixing crash bug when passing no domain/realm name to the CLDAP request.Günther Deschner2-7/+10
Guenther (This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742)
2007-10-10r16836: When receiving a CLDAP reply make sure that we always store the correctGünther Deschner1-1/+3
netbios domain name in server affinity cache. Guenther (This used to be commit 08958411eeff430fb523d9b73e0259d060bac17b)
2007-10-10r16685: Fix bug #3901 reported by jason@ncac.gwu.edu.Jeremy Allison1-7/+1
Jeremy. (This used to be commit d48655d9c0b31d15327655140c021de29873d2c5)
2007-10-10r16589: Fix Klocwork #1999. Although it should be impossible toJeremy Allison1-0/+5
get duplicate OID's returned in the oids_out list it is still good programming practice to clear out a malloc'ed string before re-writing it (especially in a loop). Jeremy (This used to be commit ae02c05bfca46eb6a8ba25b124c18a358a759cb5)
2007-10-10r16452: Fix memleak in the CLDAP processing (found by valgrind).Günther Deschner1-0/+3
Guenther (This used to be commit 479dec68459df606ff566ac86eb3b4bbbd2ca77a)
2007-10-10r16339: Fix Klocwork IDVolker Lendecke1-1/+7
277 278 (cmd_*) 485 487 488 (ldap.c) Volker (This used to be commit 5b1eba76b3ec5cb9b896a9a5641b4d83bdbdd4cf)
2007-10-10r16326: Klocwork #509. Always check return allocs.Jeremy Allison1-0/+9
Jeremy. (This used to be commit 7e397b534a5ca5809facf5aa84acbfb0b8c9a5b4)
2007-10-10r16324: Klocwork #499. Allways check results from alloc.Jeremy Allison1-1/+19
Jeremy. (This used to be commit 2b69d436da7b2902ea419f3bcc45c7b5a5c571fb)
2007-10-10r16322: Klocwork #481., Don't deref null on malloc fail.Jeremy Allison1-2/+4
Jeremy. (This used to be commit dd31f3fc0e044fdae139aefcb21773249c30eb74)
2007-10-10r16272: Fix memleak.Günther Deschner1-1/+2
Guenther (This used to be commit afdb1189029e01a132f16fea48624126ec65cd77)
2007-10-10r16268: Add TCP fallback for our implementation of the CHANGEPW kpasswd calls.Günther Deschner1-104/+166
This patch is mainly based on the work of Todd Stecher <tstecher@isilon.com> and has been reviewed by Jeremy. I sucessfully tested and valgrinded it with MIT 1.4.3, 1.3.5, Heimdal 0.7.2 and 0.6.1rc3. Guenther (This used to be commit 535d03cbe8b021e9aa6d74b62d81b867c494c957)
2007-10-10r16201: Fix Klocwork 439Volker Lendecke1-1/+3
(This used to be commit b369d0891afe8b777b837eaac317131232568ca7)
2007-10-10r16199: Fix Klocwork #1 - ensure we test the firstJeremy Allison1-10/+12
strtok for NULL. Jeremy. (This used to be commit 98751e8190317416de56b4a19a489c5f4b7d6bc9)
2007-10-10r16190: Fix more memleaks.Günther Deschner1-1/+6
Guenther (This used to be commit dfebcc8e19bee06b7c03f88845314e9cfd6f398a)
2007-10-10r16117: Make winbindd work again in security=ads.Günther Deschner1-2/+6
We still used the old HOST/* UPN to get e.g. users, now we need samaccountname$@REA.LM. Guenther (This used to be commit f6516a799aec2db819f79b9a1e641637422a9b4c)
2007-10-10r16115: Make "net ads changetrustpw" work again.Günther Deschner1-7/+3
(adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
2007-10-10r15980: Correctly destroy talloc_ctx when the LDAP posix attribute query hasGünther Deschner1-7/+8
failed. Noticed by Bob Gautier. Guenther (This used to be commit 7327f94546a90df25c688dcafd42e0993133057a)
2007-10-10r15822: Add suggestion made by Ralf Haferkamp.Lars Müller1-1/+1
(This used to be commit 7c375fd540fa54ac8ae71c42ed07e01c593044b3)
2007-10-10r15704: Prefer LDAP error codes in ads_search_retry_sid().Günther Deschner1-2/+2
Guenther (This used to be commit 6cfc65ea20793a72ff1666759bd4e8e446247071)
2007-10-10r15701: change 'net ads leave' to disable the machine account in the domain ↵Gerald Carter1-184/+0
(since removal implies greater permissions that Windows clients require) (This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)