Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-30 | s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIRED | Stefan Metzmacher | 1 | -0/+10 | |
If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED, if "client ldap sasl wrapping = plain", instead of failing we now autoupgrade to "client ldap sasl wrapping = sign" for the given connection. metze | |||||
2010-03-24 | s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them | Stefan Metzmacher | 1 | -1/+6 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-05 | s3-libads: fix get_remote_printer_publishing_data after ↵ | Günther Deschner | 1 | -26/+14 | |
spoolss_EnumPrinterDataEx IDL change. Guenther | |||||
2010-03-02 | s3:ads fix dn parsing name was always null | Simo Sorce | 1 | -19/+16 | |
While there also use ldap_exploded_dn instead of ldb_dn_validate() so we can remove a huge dependency that is hanging there only for one very minor marginal use. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-02-23 | s3 move the sitename cache in its own file | Simo Sorce | 4 | -113/+165 | |
2010-02-23 | s3-libads: Remove obsolete signal type cast. | Andreas Schneider | 1 | -5/+5 | |
2010-02-14 | s3-lib: use TYPESAFE_QSORT() in remaining s3 library code | Andrew Tridgell | 1 | -1/+1 | |
the sort_query_replies() in nmblib.c is a TODO. It uses a hack that treats a char* as a structure. I've left that one alone for now. | |||||
2010-01-30 | Fix bug #7079 - cliconnect gets realm wrong with trusted domains. | Jeremy Allison | 1 | -0/+52 | |
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy. | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-12-04 | s3: bug #6967: Prevent glibc error on net ads join: | Jim McDonough | 1 | -1/+1 | |
talloc()ed memory should not be SAFE_FREE()ed. Signed-off-by: Jim McDonough <jmcd@samba.org> | |||||
2009-11-27 | s3-kerberos: do not include authdata headers before including krb5 headers. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-11-27 | s3-kerberos: only use krb5 headers where required. | Günther Deschner | 7 | -0/+7 | |
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther | |||||
2009-11-26 | s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵ | Günther Deschner | 1 | -0/+1 | |
samba. Guenther | |||||
2009-11-12 | Remove unused variable warning. | Jeremy Allison | 1 | -1/+0 | |
Jeremy. | |||||
2009-11-12 | s3-kerberos: remove smb_krb5_get_tkt_from_creds(). | Günther Deschner | 1 | -60/+4 | |
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther | |||||
2009-11-06 | s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-11-06 | s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket(). | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-11-06 | s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls. | Günther Deschner | 1 | -1/+25 | |
Guenther | |||||
2009-11-06 | s3-kerberos: add smb_krb5_get_tkt_from_creds(). | Günther Deschner | 1 | -0/+40 | |
Guenther | |||||
2009-11-06 | s3-kerberos: fix some build warnings when building against heimdal. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-10-13 | s3: use enum netr_SchannelType all over the place. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-10-01 | s3: update comment about (deprecated) a6 records | Björn Jacke | 1 | -1/+2 | |
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-08-26 | Add a parameter to disable the automatic creation of krb5.conf files | Volker Lendecke | 1 | -1/+6 | |
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-) | |||||
2009-08-25 | Do an early TALLOC_FREE | Volker Lendecke | 1 | -1/+2 | |
2009-07-28 | (Hopefully) fix the problem Kai reported with | Jeremy Allison | 1 | -1/+1 | |
net ads leave and IPv6. Ensure all DC lookups prefer IPv4. Jeremy. | |||||
2009-07-28 | Added prefer_ipv4 bool parameter to resolve_name(). | Jeremy Allison | 1 | -12/+25 | |
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy. | |||||
2009-07-15 | Remove gencache_init/shutdown | Volker Lendecke | 1 | -8/+0 | |
gencache_get/set/del/iterate call gencache_init() internally anyway. And we've been very lazy calling gencache_shutdown, so this seems not really required. | |||||
2009-07-09 | Make escape_ldap_string take a talloc context | Volker Lendecke | 1 | -3/+3 | |
2009-06-08 | Replace the "ipv4" specific strings in libcli/cldap/cldap.c with "ip". CLDAP can | Jeremy Allison | 1 | -15/+6 | |
run over IPv4/IPv6, even though some of the netlogon messages are IPv4 specific. Fix the new ads_cldap_netlogon() to be IPv6/IPv4 agnostic. This compiles but I don't have a good test env. for this (although as the previous code was *completely* broken over IPv6 this will expose previously hidden bugs if it's broken :-). Jeremy. | |||||
2009-05-31 | Fix some nonempty blank lines | Volker Lendecke | 1 | -60/+59 | |
2009-05-30 | Move ads flags mapping to lib/ | Volker Lendecke | 1 | -133/+5 | |
2009-05-28 | Make sid_binstring & friends take a talloc context | Volker Lendecke | 1 | -2/+2 | |
2009-05-28 | Add smbldap_pull_sid | Volker Lendecke | 1 | -13/+1 | |
2009-04-28 | s3-cldap: check for zero ip address in ads_cldap_netlogon(). | Günther Deschner | 1 | -0/+7 | |
Guenther | |||||
2009-04-27 | s3:registry: replace typedef REGISTRY_VALUE by struct regval_blob | Michael Adam | 1 | -8/+8 | |
Michael | |||||
2009-04-27 | s3:registry: replace typedef REGVAL_CTR by struct regval_ctr. | Michael Adam | 1 | -1/+1 | |
This paves the way for hiding the typedef and the implementation from the surface. Michael | |||||
2009-04-23 | samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB: | Jelmer Vernooij | 1 | -10/+9 | |
* ldb_dn_new() now takes an initial DN string * ldb_dn_string_compose() -> ldb_dn_new_fmt() * dummy ldb_dn_validate(), since LDB DNs in the current implementation are always valid if they could be created. | |||||
2009-04-23 | ldb/samba3: Support event context argument to ldb_init(). | Jelmer Vernooij | 1 | -0/+3 | |
This argument is ignored (Samba3's LDB is synchronous) but having it there is useful for API compatibility with the LDB used by Samba 4 and available on some systems. | |||||
2009-04-23 | Fix coverity #901 - uninitialized data. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2009-04-22 | Add comment explaining the previous fix. | Jeremy Allison | 1 | -0/+6 | |
Jeremy. | |||||
2009-04-22 | Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵ | Jeremy Allison | 1 | -0/+4 | |
LDAP_SUCCESS but not returning a result. Jeremy | |||||
2009-04-20 | Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() if | Jelmer Vernooij | 1 | -1/+1 | |
the system one is broken. | |||||
2009-04-20 | Make gpo_ldap.c compatible with samba 4. Add ads_get_ldap_server_name() ↵ | Wilco Baan Hofman | 1 | -0/+5 | |
function to samba 3. Move prototypes to root libgpo where appropriate. gpo_ldap.c now compiles for both samba 3 and 4. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-04-14 | Convert Samba3 to use the common lib/util/charset API | Andrew Bartlett | 1 | -8/+8 | |
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett | |||||
2009-04-07 | s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context | Andrew Bartlett | 4 | -21/+22 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-04-07 | s3-libads: avoid NULL talloc context with ads_get_dn(). | Günther Deschner | 1 | -8/+8 | |
Guenther | |||||
2009-04-06 | s3:libads Make ads_get_dn() take a talloc context | Andrew Bartlett | 1 | -40/+29 | |
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-03-20 | s3-krb5: Fix Coverity #762 (REVERSE_INULL). | Günther Deschner | 1 | -6/+6 | |
Guenther | |||||
2009-03-19 | s3:libads: use libcli/cldap code | Stefan Metzmacher | 1 | -229/+67 | |
metze |