summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison1-1/+2
Coverity finds them :-) Jeremy. (This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
2007-10-10r21606: Implement escaping function for ldap RDN valuesSimo Sorce2-4/+18
Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
2007-10-10r21561: It makes absolutely no sense to call krb5_kt_resolve() two timesGünther Deschner1-6/+1
directly after another. Guenther (This used to be commit 76ba11d7770bac7c6db2eb1640139bbe270d82c3)
2007-10-10r21558: Safe more indent, again no code changes.Günther Deschner1-37/+37
Guenther (This used to be commit 7b18a4730d61c04867fc11df8980943d422589d8)
2007-10-10r21557: indent only fix. No code change.Günther Deschner1-49/+49
Guenther (This used to be commit 8ff0903a17cfd8c09b73ef637484a72719e82071)
2007-10-10r21556: Remove superfluos return check in ads_keytab_verify_ticket().Günther Deschner1-2/+0
Guenther (This used to be commit 020601ea0abeb15f2aef9da354fcf6d7d5459710)
2007-10-10r21352: Let ads_upn_suffixes() return a pointer to an array of suffixes.Günther Deschner1-4/+4
Guenther (This used to be commit 7ad7847e5bbdd90fa6ae9ce91e5962f524ac2890)
2007-10-10r21349: Fix memleak in ads_upn_suffixes().Günther Deschner1-0/+3
Guenther (This used to be commit 8462f323cf86f90b1bdf14a3953c5a4bda1b9533)
2007-10-10r21273: * Protect the sasl bind against a NULL principal stringGerald Carter1-1/+29
in the SPNEGO negTokenInit (This used to be commit fe70c224964bf15d626bfd4e0cc6d060e45bba87)
2007-10-10r21240: Fix longstanding Bug #4009.Günther Deschner3-5/+13
For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther (This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
2007-10-10r21238: Fix tab indent in self-written krb5.confs.Günther Deschner1-1/+1
Guenther (This used to be commit 4df582fa1049afe96bbee7e8cab93cfa82208ba3)
2007-10-10r21110: Fix kinit with Heimdal (Bug #4226).Günther Deschner1-13/+26
Guenther (This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
2007-10-10r21046: Backing out svn r20403 (Andrew's krb5 ticket cleanupGerald Carter1-0/+11
as this is causing the WRONG_PASSWORD error in the SetUserInfo() call during net ads join). We are now back to always list RC4-HMAC first if supported by the krb5 libraries. (This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
2007-10-10r21021: Fix memleak.Günther Deschner1-0/+1
Guenther (This used to be commit 4e622572eb7939c6aa8e99fd9595bf28836bd5a3)
2007-10-10r21003: Display LDAP base in debug statement.Günther Deschner1-2/+2
Guenther (This used to be commit fb5830f87a16dbec16893348080bcdfc61e27ab0)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter2-51/+32
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20880: Fix memory leak in new sitename code. You got *really*Jeremy Allison1-1/+1
close Guenther, then you forgot to use "key" :-) :-). Jeremy. (This used to be commit 56842b59d00d531b0c9c22639603dc721eab50b4)
2007-10-10r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner2-18/+63
the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
2007-10-10r20862: When in disconnected mode there is no need to try a fallback to a siteGünther Deschner1-0/+18
less DNS query. This speeds up offline detection slightly. Guenther (This used to be commit eda76ecf07a4d2f9bb5544e2c031cfad14d93e85)
2007-10-10r20860: Adding some small tweaks. When we have no sitename, there is no need toGünther Deschner1-11/+14
ask for the list of DCs twice. Guenther (This used to be commit a9baf27e1348dd6dadd7a2fafdf9c269087b80ac)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison3-22/+72
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20536: In the offline PAM session close case the attempt to delete aGünther Deschner1-0/+2
non-existing krb5 credential cache should not generate an error. Guenther (This used to be commit 11c6f573af5c1d3387e60f3fc44b00e28cd87813)
2007-10-10r20487: Remove the unused dn2ad_canonical() callGerald Carter1-18/+0
(This used to be commit 86e6ae6a9fe2a6fdaeeb503653a312662c7f50e9)
2007-10-10r20486: Always upper case the "host/<sAMAccoutnName>" entry in the keytab fileGerald Carter1-1/+6
so apps will know which one to look for, (This used to be commit d4a5dc3ad5f56a5f741424ecc4fffa0ef39bdc67)
2007-10-10r20403: Cleaning out my Samba 3.0 tree:Andrew Bartlett1-11/+0
As discussed with jerry at the CIFS conf: overriding the administrator's wishes from the krb5.conf has only every given me segfaults. We suggest leaving this up to the defaults from the libraries anyway. Andrew Bartlett (This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
2007-10-10r20273: Map KRB5_KDCREP_SKEW to NT_STATUS_TIME_DIFFERENCE_AT_DC.Günther Deschner1-0/+1
This gives much nicer error messages when failing to join due to clock skew. Guenther (This used to be commit 5c5a7611029ff1b630c53d4660578e188acf97f5)
2007-10-10r20173: DNS update fixes:Gerald Carter1-0/+22
* Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() (This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7)
2007-10-10r20132: get rid of defined but not used warning - static function only usedHerb Lewis1-0/+2
inside the #ifdef HAVE_KRB5 (This used to be commit c6cdf76c5809b4a4b145acb7dd4a695aaf7fcd28)
2007-10-10r19687: Fix uninitialized variables found by Coverity (and gcc -O1... ;-))Volker Lendecke1-1/+2
Volker (This used to be commit b7dc9b81696aa5434419c5378a47b41c6dee3dfa)
2007-10-10r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner1-1/+25
Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
2007-10-10r19646: Fix memleak in the default_ou_string handling. Thanks to David HuGünther Deschner1-11/+37
<david.hu@hp.com>. Fixes #4212. Guenther (This used to be commit 4ec896cdbe441b17d91895a50ac9be61efe2f9c1)
2007-10-10r19528: Fix container handling for "net ads user" and "net ads group" functionsGünther Deschner1-1/+3
along with some memleaks. Guenther (This used to be commit 4bad52c5b3a983418d4216a2c3f5e04926e37e94)
2007-10-10r19526: Fix minor memleak.Günther Deschner1-0/+1
Guenther (This used to be commit 61ebedc82ee7d7a98e2a52b0677d723a801ab30f)
2007-10-10r19263: Be more accurate in telling what the sitename problem is in this DEBUGGünther Deschner1-1/+1
statement. Guenther (This used to be commit 62928734b820f512f940c1ed79048e14b322d060)
2007-10-10r19039: Do not segfault in "net ads printer info" when a requested printserverGünther Deschner1-0/+10
does not exist. Guenther (This used to be commit 359315021df3a4dbfe5142e529e3efdbc49e405c)
2007-10-10r18982: Move the gpo related functions to "libgpo".Günther Deschner2-1205/+0
Guenther (This used to be commit 1308a842716bc3bd1a9853b9b206dc7308a8c1dd)
2007-10-10r18941: Minor cleanup in ads_parse_gpo().Günther Deschner1-2/+2
Guenther (This used to be commit 7579a91f81a43f570987fecca03c19f559887685)
2007-10-10r18923: Fix more memleaks.Günther Deschner3-7/+23
Guenther (This used to be commit ecb632a1534d5178602b9143bb17712559fe2e4f)
2007-10-10r18902: Also dump mS-DS-CreatorSID.Günther Deschner1-0/+1
Guenther (This used to be commit e7cae9bbae2848ca1088a822883563062dd3f612)
2007-10-10r18879: Fix crash for "net ads gpo list".Günther Deschner1-9/+3
Guenther (This used to be commit 7df5808d8b1d9458dbd47b92750c0b128325335c)
2007-10-10r18869: two build fixes for systems without ldapAndrew Tridgell1-5/+5
the first is to not enable the ldap ldb backend just yet. This will need configure tests to conditionally include. We should be able to use the m4 files from lib/ldb/ The 2nd is to fix libads/gpo.o not to publicly prototype a function that needs ldap.h (This used to be commit 1cf17edc14ebd379b982b589a66e86316ef7087b)
2007-10-10r18853: Fix remaining warnings. Volker, should be fine now.Günther Deschner1-1/+1
Guenther (This used to be commit 40a6169aceb51dc7f73ae72ebac2e55c6b1edc3f)
2007-10-10r18820: Comment out some unused functions.Günther Deschner1-2/+17
Guenther (This used to be commit cdc81927dbbc542500211ad8e6815815d7764731)
2007-10-10r18819: Fix build without LDAP.Günther Deschner2-0/+8
Guenther (This used to be commit a0aedee1c90af163210dd459603dd5dffb73e132)
2007-10-10r18817: Enable the build of the gpo tool but do not make it available yet.Günther Deschner1-1/+1
Guenther (This used to be commit 927cda5d31e9cb02105df3cfc06f5cb273233747)
2007-10-10r18816: Fix some build warnings.Günther Deschner1-4/+4
Guenther (This used to be commit b70ed9e48394ddeaf0102e017cf706ff083e065b)
2007-10-10r18745: Use the Samba4 data structures for security descriptors and security ↵Jelmer Vernooij1-7/+7
descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2007-10-10r18670: Fix memleaks.Günther Deschner1-0/+2
Guenther (This used to be commit 2fc63fb8f7927ea61c565801b4c6308d3a4afcd1)
2007-10-10r18663: Fix one more uuid -> GUID.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e568271af2b5c20cff70b72b8ab4b1b704122b40)
2007-10-10r18620: Fallback to non-paging LDAP searches in ads_do_search_retry_internal()Günther Deschner1-2/+19
for anonymous bound connections. When doing anonymous bind you can never use paged LDAP control for RootDSE searches on AD. Guenther (This used to be commit dc1d92faabd4b291f607eb481349ba37e52ef11e)