summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2010-03-30s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIREDStefan Metzmacher1-0/+10
If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED, if "client ldap sasl wrapping = plain", instead of failing we now autoupgrade to "client ldap sasl wrapping = sign" for the given connection. metze
2010-03-24s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher1-1/+6
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-05s3-libads: fix get_remote_printer_publishing_data after ↵Günther Deschner1-26/+14
spoolss_EnumPrinterDataEx IDL change. Guenther
2010-03-02s3:ads fix dn parsing name was always nullSimo Sorce1-19/+16
While there also use ldap_exploded_dn instead of ldb_dn_validate() so we can remove a huge dependency that is hanging there only for one very minor marginal use. Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-23s3 move the sitename cache in its own fileSimo Sorce4-113/+165
2010-02-23s3-libads: Remove obsolete signal type cast.Andreas Schneider1-5/+5
2010-02-14s3-lib: use TYPESAFE_QSORT() in remaining s3 library codeAndrew Tridgell1-1/+1
the sort_query_replies() in nmblib.c is a TODO. It uses a hack that treats a char* as a structure. I've left that one alone for now.
2010-01-30Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison1-0/+52
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett
2009-12-04s3: bug #6967: Prevent glibc error on net ads join:Jim McDonough1-1/+1
talloc()ed memory should not be SAFE_FREE()ed. Signed-off-by: Jim McDonough <jmcd@samba.org>
2009-11-27s3-kerberos: do not include authdata headers before including krb5 headers.Günther Deschner1-0/+1
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner7-0/+7
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner1-0/+1
samba. Guenther
2009-11-12Remove unused variable warning.Jeremy Allison1-1/+0
Jeremy.
2009-11-12s3-kerberos: remove smb_krb5_get_tkt_from_creds().Günther Deschner1-60/+4
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther
2009-11-06s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.Günther Deschner1-1/+1
Guenther
2009-11-06s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().Günther Deschner1-1/+2
Guenther
2009-11-06s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.Günther Deschner1-1/+25
Guenther
2009-11-06s3-kerberos: add smb_krb5_get_tkt_from_creds().Günther Deschner1-0/+40
Guenther
2009-11-06s3-kerberos: fix some build warnings when building against heimdal.Günther Deschner1-2/+2
Guenther
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-1/+1
Guenther
2009-10-01s3: update comment about (deprecated) a6 recordsBjörn Jacke1-1/+2
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+1
Guenther
2009-08-26Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke1-1/+6
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
2009-08-25Do an early TALLOC_FREEVolker Lendecke1-1/+2
2009-07-28(Hopefully) fix the problem Kai reported withJeremy Allison1-1/+1
net ads leave and IPv6. Ensure all DC lookups prefer IPv4. Jeremy.
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-12/+25
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-07-15Remove gencache_init/shutdownVolker Lendecke1-8/+0
gencache_get/set/del/iterate call gencache_init() internally anyway. And we've been very lazy calling gencache_shutdown, so this seems not really required.
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-3/+3
2009-06-08Replace the "ipv4" specific strings in libcli/cldap/cldap.c with "ip". CLDAP canJeremy Allison1-15/+6
run over IPv4/IPv6, even though some of the netlogon messages are IPv4 specific. Fix the new ads_cldap_netlogon() to be IPv6/IPv4 agnostic. This compiles but I don't have a good test env. for this (although as the previous code was *completely* broken over IPv6 this will expose previously hidden bugs if it's broken :-). Jeremy.
2009-05-31Fix some nonempty blank linesVolker Lendecke1-60/+59
2009-05-30Move ads flags mapping to lib/Volker Lendecke1-133/+5
2009-05-28Make sid_binstring & friends take a talloc contextVolker Lendecke1-2/+2
2009-05-28Add smbldap_pull_sidVolker Lendecke1-13/+1
2009-04-28s3-cldap: check for zero ip address in ads_cldap_netlogon().Günther Deschner1-0/+7
Guenther
2009-04-27s3:registry: replace typedef REGISTRY_VALUE by struct regval_blobMichael Adam1-8/+8
Michael
2009-04-27s3:registry: replace typedef REGVAL_CTR by struct regval_ctr.Michael Adam1-1/+1
This paves the way for hiding the typedef and the implementation from the surface. Michael
2009-04-23samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB:Jelmer Vernooij1-10/+9
* ldb_dn_new() now takes an initial DN string * ldb_dn_string_compose() -> ldb_dn_new_fmt() * dummy ldb_dn_validate(), since LDB DNs in the current implementation are always valid if they could be created.
2009-04-23ldb/samba3: Support event context argument to ldb_init().Jelmer Vernooij1-0/+3
This argument is ignored (Samba3's LDB is synchronous) but having it there is useful for API compatibility with the LDB used by Samba 4 and available on some systems.
2009-04-23Fix coverity #901 - uninitialized data.Jeremy Allison1-1/+1
Jeremy.
2009-04-22Add comment explaining the previous fix.Jeremy Allison1-0/+6
Jeremy.
2009-04-22Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison1-0/+4
LDAP_SUCCESS but not returning a result. Jeremy
2009-04-20Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() ifJelmer Vernooij1-1/+1
the system one is broken.
2009-04-20Make gpo_ldap.c compatible with samba 4. Add ads_get_ldap_server_name() ↵Wilco Baan Hofman1-0/+5
function to samba 3. Move prototypes to root libgpo where appropriate. gpo_ldap.c now compiles for both samba 3 and 4. Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett1-8/+8
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett4-21/+22
Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner1-8/+8
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-40/+29
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-20s3-krb5: Fix Coverity #762 (REVERSE_INULL).Günther Deschner1-6/+6
Guenther
2009-03-19s3:libads: use libcli/cldap codeStefan Metzmacher1-229/+67
metze