summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2009-01-29s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵Michael Adam1-3/+5
requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael
2009-01-16ads_connect: Return immediately on a failed GC connection.Gerald (Jerry) Carter1-3/+14
ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc().
2009-01-16s3:libads: use lock_path for creating paths to local krb5.conf filesMichael Adam1-2/+3
instead of manually doing an asprintf with lp_lockdir() Michael squash
2009-01-16s3:libads: give create_local_private_krb5_conf_for_domain() a common exit pointMichael Adam1-30/+20
Michael
2009-01-04Async wrapper for open_socket_out_send/recvVolker Lendecke1-12/+19
2009-01-03open_socket_out is always used with SOCK_STREAM, remove argument "type"Volker Lendecke1-1/+1
2008-12-31Replace a static variable and alarm() calls by using sys_select()Volker Lendecke1-23/+24
Günther, please check!
2008-12-31Fix some nonempty blank linesVolker Lendecke1-5/+5
2008-12-30Fix more "ignore return value" warnings from gcc 4.3.Jeremy Allison1-9/+22
Jeremy
2008-12-23Fix more asprintf warnings and some error path errors.Jeremy Allison1-2/+10
Jeremy.
2008-12-23More asprintf warning fixes.Jeremy Allison3-8/+28
Jeremy.
2008-12-23More asprintf warning fixes.Jeremy Allison1-9/+18
Jeremy.
2008-12-23Fix more asprintf errors and error code paths.Jeremy Allison2-9/+31
Jeremy.
2008-12-13s3:libads/ldap.c: store the dc name in the saf cache as in all other placesStefan Metzmacher1-3/+2
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
2008-12-13s3:libads/ldap.c: if the client belongs to no site at all any dc is the closestStefan Metzmacher1-0/+5
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
2008-12-13s3:libads/ldap.c: pass the real workgroup name to get_dc_name()Stefan Metzmacher1-1/+10
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
2008-12-13s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP caseStefan Metzmacher1-1/+25
We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
2008-12-13s3: correctly detect if the current dc is the closest oneStefan Metzmacher1-1/+0
ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
2008-12-03s3: Change sockaddr util function names for consistencyTim Prouty1-3/+3
Also eliminates name conflicts with OneFS system libraries
2008-12-02s3-net: allow to list a keytab generated using net rpc vampire.Günther Deschner1-2/+5
Guenther
2008-11-24s3:libads/ldap.c: return an error instead of crashing when no realm is givenStefan Metzmacher1-4/+4
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam <obnox@samba.org>
2008-11-18Fix extended DN parse error when AD object does not have a SID.Steven Danneman1-24/+38
Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
2008-11-18Whitespace and >80 column cleanups.Steven Danneman1-12/+12
2008-11-01Rename dos_errstr() to win_errstr() for consistency with Samba 4.Jelmer Vernooij1-3/+3
2008-10-23Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij1-4/+5
otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner2-96/+110
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner2-7/+7
Guenther
2008-10-20s3-build: no need to duplicate generated ndr_ prototypes.Günther Deschner1-0/+1
Guenther
2008-10-19Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij1-1/+1
Samba 4.
2008-10-15kerberos: fix some heimdal build warnings.Günther Deschner1-4/+4
Guenther
2008-10-14Use GUID_string rather than smb_uuid_string().Jelmer Vernooij2-6/+6
2008-10-13fix build warnings.Günther Deschner1-1/+1
Guenther
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-2/+2
2008-10-04Fix an unlikely memleak found by the IBM checkerVolker Lendecke1-0/+2
2008-10-04Fix an uninitialized variable found by the IBM CheckerVolker Lendecke1-0/+1
2008-10-02The IRIX compiler does not like embedded unnamed unionsVolker Lendecke1-1/+1
2008-09-24s3-nbt: use the new generated nbt.Günther Deschner2-99/+20
Guenther
2008-09-23s3: fix NETLOGON_NT_VERSION version flags.Günther Deschner1-10/+10
Guenther
2008-09-23s3: use samba4 prototype for ndr_push/pull_struct_blob.Günther Deschner2-8/+8
Guenther
2008-09-16* Allow an admin to define the "uid" attribute for a RFC2307Gerald (Jerry) Carter1-3/+12
user object in AD to be the username alias. For example: $ net ads search "(uid=coffeedude)" distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org sAMAccountName: gcarter memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org uid: coffeedude uidNumber: 10000 gidNumber: 10000 unixHomeDirectory: /home/gcarter loginShell: /bin/bash $ ssh coffeedude@192.168.56.91 Password: coffeedude@orville:~$ id uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers) $ getent passwd PINK\\gcarter coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent passwd coffeedude coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent group PINK\\Unixusers PINK\unixusers:x:10000:coffeedude
2008-09-04kerberos: fix indent of enc type lines in generated krb5.conf files.Günther Deschner1-3/+3
Guenther (This used to be commit 18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
2008-08-29kerberos: use KRB5_KT_KEY macro where appropriate.Günther Deschner1-9/+2
Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
2008-08-20libads: remove unused vars.Günther Deschner1-3/+0
Guenther (This used to be commit ea9fc3bea31b11e715d9524defc18b75e5943842)
2008-07-30Fix uninitialized variables.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 1db7e00a5400863fd5dbb81c1a4c6ea6092d0495)
2008-07-18kerberos: make smb_krb5_kt_add_entry() static.Günther Deschner1-6/+6
Guenther (This used to be commit 04b1847f87d166819dfe0f8c27c8cd9fc062544f)
2008-07-11Revert "Pass NULL to gencache_get when we are not interested in the timeout ↵Volker Lendecke1-1/+2
value" This reverts commit 16062dfc3dcc8f1ca0024a3ae21effb889c7ffc0. (This used to be commit 114ca8577568cdb5a81d8734f1d1d096f1b36c36)
2008-07-03Pass NULL to gencache_get when we are not interested in the timeout valueVolker Lendecke1-2/+1
(This used to be commit 16062dfc3dcc8f1ca0024a3ae21effb889c7ffc0)
2008-06-30kerberos: allow to keep entries with old kvno's while creating keytab.Günther Deschner1-2/+4
Guenther (This used to be commit 6194244bd9fcc1fb736f3d91433f107270cac1c9)
2008-06-30kerberos: rename smb_krb5_kt_add_entry to smb_krb5_kt_add_entry_ext.Günther Deschner1-25/+39
Guenther (This used to be commit 48600a0019d70d22574cf08e8fe19d44cc332a0f)