From 28d2683903677d396c77c437fabd7ea807ff0de6 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Tue, 16 Sep 2008 10:35:21 -0700 Subject: * Allow an admin to define the "uid" attribute for a RFC2307 user object in AD to be the username alias. For example: $ net ads search "(uid=coffeedude)" distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org sAMAccountName: gcarter memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org uid: coffeedude uidNumber: 10000 gidNumber: 10000 unixHomeDirectory: /home/gcarter loginShell: /bin/bash $ ssh coffeedude@192.168.56.91 Password: coffeedude@orville:~$ id uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers) $ getent passwd PINK\\gcarter coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent passwd coffeedude coffeedude:*:10000:10000::/home/gcarter:/bin/bash $ getent group PINK\\Unixusers PINK\unixusers:x:10000:coffeedude --- source3/libads/ldap_schema.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c index ff41ccc861..b5d2d35889 100644 --- a/source3/libads/ldap_schema.c +++ b/source3/libads/ldap_schema.c @@ -246,19 +246,22 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, ADS_ATTR_SFU_GIDNUMBER_OID, ADS_ATTR_SFU_HOMEDIR_OID, ADS_ATTR_SFU_SHELL_OID, - ADS_ATTR_SFU_GECOS_OID}; + ADS_ATTR_SFU_GECOS_OID, + ADS_ATTR_SFU_UID_OID }; const char *oids_sfu20[] = { ADS_ATTR_SFU20_UIDNUMBER_OID, ADS_ATTR_SFU20_GIDNUMBER_OID, ADS_ATTR_SFU20_HOMEDIR_OID, ADS_ATTR_SFU20_SHELL_OID, - ADS_ATTR_SFU20_GECOS_OID}; + ADS_ATTR_SFU20_GECOS_OID, + ADS_ATTR_SFU20_UID_OID }; const char *oids_rfc2307[] = { ADS_ATTR_RFC2307_UIDNUMBER_OID, ADS_ATTR_RFC2307_GIDNUMBER_OID, ADS_ATTR_RFC2307_HOMEDIR_OID, ADS_ATTR_RFC2307_SHELL_OID, - ADS_ATTR_RFC2307_GECOS_OID }; + ADS_ATTR_RFC2307_GECOS_OID, + ADS_ATTR_RFC2307_UID_OID }; DEBUG(10,("ads_check_posix_schema_mapping for schema mode: %d\n", map_type)); @@ -359,6 +362,12 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, strequal(ADS_ATTR_SFU20_GECOS_OID, oids_out[i])) { schema->posix_gecos_attr = talloc_strdup(schema, names_out[i]); } + + if (strequal(ADS_ATTR_RFC2307_UID_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU_UID_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU20_UID_OID, oids_out[i])) { + schema->posix_uid_attr = talloc_strdup(schema, names_out[i]); + } } if (!schema->posix_uidnumber_attr || -- cgit From c48186f507219e8732f02bdc2f835a7d8d02541c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 23 Sep 2008 08:09:37 +0200 Subject: s3: use samba4 prototype for ndr_push/pull_struct_blob. Guenther --- source3/libads/authdata.c | 14 +++++++------- source3/libads/cldap.c | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 0bde3e6984..40f051c851 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -108,7 +108,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } ndr_err = ndr_pull_struct_blob(pac_data_blob, pac_data, - pac_data, + NULL, pac_data, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -124,7 +124,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } ndr_err = ndr_pull_struct_blob(pac_data_blob, pac_data_raw, - pac_data_raw, + NULL, pac_data_raw, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA_RAW); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -205,7 +205,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* We find the data blobs above, now we parse them to get at the exact portion we should zero */ ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe, - kdc_sig_wipe, + NULL, kdc_sig_wipe, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -215,7 +215,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe, - srv_sig_wipe, + NULL, srv_sig_wipe, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -230,7 +230,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* and reencode, back into the same place it came from */ ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw, - kdc_sig_wipe, + NULL, kdc_sig_wipe, (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -239,7 +239,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, return status; } ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw, - srv_sig_wipe, + NULL, srv_sig_wipe, (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -250,7 +250,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* push out the whole structure, but now with zero'ed signatures */ ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw, - pac_data_raw, + NULL, pac_data_raw, (ndr_push_flags_fn_t)ndr_push_PAC_DATA_RAW); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 11565065af..73b28b523a 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -294,7 +294,7 @@ bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, uint32_t nt_version_query = ((*nt_version) & 0x0000001f); uint16_t command = 0; - ndr_err = ndr_pull_struct_blob(blob, mem_ctx, &command, + ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &command, (ndr_pull_flags_fn_t)ndr_pull_uint16); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return false; -- cgit From de54bac54c8276427d88f616e430d2cd486a0ca6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 23 Sep 2008 21:08:25 +0200 Subject: s3: fix NETLOGON_NT_VERSION version flags. Guenther --- source3/libads/cldap.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 73b28b523a..b89d285e8c 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -264,7 +264,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, const char *realm, struct nbt_cldap_netlogon_5 *reply5) { - uint32_t nt_version = NETLOGON_VERSION_5 | NETLOGON_VERSION_5EX; + uint32_t nt_version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; union nbt_cldap_netlogon *reply = NULL; bool ret; @@ -273,7 +273,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, return false; } - if (nt_version != (NETLOGON_VERSION_5 | NETLOGON_VERSION_5EX)) { + if (nt_version != (NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX)) { return false; } @@ -322,32 +322,32 @@ bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, * was able to reply to, we are fine and all done. otherwise we need to * assume downgraded replies which are painfully parsed here - gd */ - if (nt_version_query & NETLOGON_VERSION_WITH_CLOSEST_SITE) { - nt_version_query &= ~NETLOGON_VERSION_WITH_CLOSEST_SITE; + if (nt_version_query & NETLOGON_NT_VERSION_WITH_CLOSEST_SITE) { + nt_version_query &= ~NETLOGON_NT_VERSION_WITH_CLOSEST_SITE; } ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { goto done; } - if (nt_version_query & NETLOGON_VERSION_5EX_WITH_IP) { - nt_version_query &= ~NETLOGON_VERSION_5EX_WITH_IP; + if (nt_version_query & NETLOGON_NT_VERSION_5EX_WITH_IP) { + nt_version_query &= ~NETLOGON_NT_VERSION_5EX_WITH_IP; } ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { goto done; } - if (nt_version_query & NETLOGON_VERSION_5EX) { - nt_version_query &= ~NETLOGON_VERSION_5EX; + if (nt_version_query & NETLOGON_NT_VERSION_5EX) { + nt_version_query &= ~NETLOGON_NT_VERSION_5EX; } ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { goto done; } - if (nt_version_query & NETLOGON_VERSION_5) { - nt_version_query &= ~NETLOGON_VERSION_5; + if (nt_version_query & NETLOGON_NT_VERSION_5) { + nt_version_query &= ~NETLOGON_NT_VERSION_5; } ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); -- cgit From f07431f5ba59f01975bcb8a012c94a70a0d1408b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 23 Sep 2008 22:21:52 +0200 Subject: s3-nbt: use the new generated nbt. Guenther --- source3/libads/cldap.c | 117 ++++++++----------------------------------------- source3/libads/ldap.c | 2 +- 2 files changed, 20 insertions(+), 99 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index b89d285e8c..edabbed0e9 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -119,8 +119,8 @@ static void gotalarm_sig(void) */ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, int sock, - uint32_t *nt_version, - union nbt_cldap_netlogon **reply) + uint32_t nt_version, + struct netlogon_samlogon_response **reply) { int ret; ASN1_DATA data; @@ -131,7 +131,8 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, int i1; /* half the time of a regular ldap timeout, not less than 3 seconds. */ unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); - union nbt_cldap_netlogon *r = NULL; + struct netlogon_samlogon_response *r = NULL; + NTSTATUS status; blob = data_blob(NULL, 8192); if (blob.data == NULL) { @@ -185,7 +186,7 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, return -1; } - r = TALLOC_ZERO_P(mem_ctx, union nbt_cldap_netlogon); + r = TALLOC_ZERO_P(mem_ctx, struct netlogon_samlogon_response); if (!r) { errno = ENOMEM; data_blob_free(&os1); @@ -195,7 +196,8 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, return -1; } - if (!pull_mailslot_cldap_reply(mem_ctx, &os3, r, nt_version)) { + status = pull_netlogon_samlogon_response(&os3, mem_ctx, NULL, r); + if (!NT_STATUS_IS_OK(status)) { data_blob_free(&os1); data_blob_free(&os2); data_blob_free(&os3); @@ -204,6 +206,8 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, return -1; } + map_netlogon_samlogon_response(r); + data_blob_free(&os1); data_blob_free(&os2); data_blob_free(&os3); @@ -227,8 +231,8 @@ static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *server, const char *realm, - uint32_t *nt_version, - union nbt_cldap_netlogon **reply) + uint32_t nt_version, + struct netlogon_samlogon_response **reply) { int sock; int ret; @@ -240,7 +244,7 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, return False; } - ret = send_cldap_netlogon(sock, realm, global_myname(), *nt_version); + ret = send_cldap_netlogon(sock, realm, global_myname(), nt_version); if (ret != 0) { close(sock); return False; @@ -262,107 +266,24 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, const char *server, const char *realm, - struct nbt_cldap_netlogon_5 *reply5) + struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5) { uint32_t nt_version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; - union nbt_cldap_netlogon *reply = NULL; + struct netlogon_samlogon_response *reply = NULL; bool ret; - ret = ads_cldap_netlogon(mem_ctx, server, realm, &nt_version, &reply); + ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply); if (!ret) { return false; } - if (nt_version != (NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX)) { + if (reply->ntver != NETLOGON_NT_VERSION_5EX) { + DEBUG(0,("ads_cldap_netlogon_5: nt_version mismatch: 0x%08x\n", + reply->ntver)); return false; } - *reply5 = reply->logon5; - - return true; -} - -/**************************************************************** -****************************************************************/ - -bool pull_mailslot_cldap_reply(TALLOC_CTX *mem_ctx, - const DATA_BLOB *blob, - union nbt_cldap_netlogon *r, - uint32_t *nt_version) -{ - enum ndr_err_code ndr_err; - uint32_t nt_version_query = ((*nt_version) & 0x0000001f); - uint16_t command = 0; - - ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &command, - (ndr_pull_flags_fn_t)ndr_pull_uint16); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return false; - } - - switch (command) { - case 0x13: /* 19 */ - case 0x15: /* 21 */ - case 0x17: /* 23 */ - case 0x19: /* 25 */ - break; - default: - DEBUG(1,("got unexpected command: %d (0x%08x)\n", - command, command)); - return false; - } - - ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - goto done; - } - - /* when the caller requested just those nt_version bits that the server - * was able to reply to, we are fine and all done. otherwise we need to - * assume downgraded replies which are painfully parsed here - gd */ - - if (nt_version_query & NETLOGON_NT_VERSION_WITH_CLOSEST_SITE) { - nt_version_query &= ~NETLOGON_NT_VERSION_WITH_CLOSEST_SITE; - } - ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - goto done; - } - if (nt_version_query & NETLOGON_NT_VERSION_5EX_WITH_IP) { - nt_version_query &= ~NETLOGON_NT_VERSION_5EX_WITH_IP; - } - ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - goto done; - } - if (nt_version_query & NETLOGON_NT_VERSION_5EX) { - nt_version_query &= ~NETLOGON_NT_VERSION_5EX; - } - ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - goto done; - } - if (nt_version_query & NETLOGON_NT_VERSION_5) { - nt_version_query &= ~NETLOGON_NT_VERSION_5; - } - ndr_err = ndr_pull_union_blob_all(blob, mem_ctx, r, nt_version_query, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - goto done; - } - - return false; - - done: - if (DEBUGLEVEL >= 10) { - NDR_PRINT_UNION_DEBUG(nbt_cldap_netlogon, nt_version_query, r); - } - - *nt_version = nt_version_query; + *reply5 = reply->nt5_ex; return true; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index eb45e3a0dd..bfcfcf30b9 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -176,7 +176,7 @@ bool ads_closest_dc(ADS_STRUCT *ads) static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) { char *srv; - struct nbt_cldap_netlogon_5 cldap_reply; + struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; TALLOC_CTX *mem_ctx = NULL; bool ret = false; -- cgit From af1c802791e3c9f54220d8c80c3de79ef422d726 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Oct 2008 08:09:25 +0200 Subject: The IRIX compiler does not like embedded unnamed unions --- source3/libads/cldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads') diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index edabbed0e9..c37220c903 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -283,7 +283,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, return false; } - *reply5 = reply->nt5_ex; + *reply5 = reply->data.nt5_ex; return true; } -- cgit From 9eea6929e3420a0035ec3c0e3f1b4dd24847bbfa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Oct 2008 22:15:03 +0200 Subject: Fix an uninitialized variable found by the IBM Checker --- source3/libads/ldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index bfcfcf30b9..40f052281d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2828,6 +2828,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val) if ( (ads_s = ads_init( ads->server.realm, ads->server.workgroup, ads->server.ldap_server )) == NULL ) { + status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); goto done; } ads_s->auth.flags = ADS_AUTH_ANON_BIND; -- cgit From 80665a0b5abbdd8df735e1ccdab3206399beba0b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Oct 2008 22:17:30 +0200 Subject: Fix an unlikely memleak found by the IBM checker --- source3/libads/util.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libads') diff --git a/source3/libads/util.c b/source3/libads/util.c index 72f5dee80c..d23c36f326 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -86,6 +86,8 @@ ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, server_realm = SMB_STRDUP(ads->config.realm); if (!server || !server_realm) { + SAFE_FREE(server); + SAFE_FREE(server_realm); return ADS_ERROR(LDAP_NO_MEMORY); } -- cgit From cb78d4593b5ac4eaa0cbead6f86027d040a9e88a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 11 Oct 2008 23:57:44 +0200 Subject: Cope with changed signature of http_timestring(). --- source3/libads/authdata.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 40f051c851..5a7bd24507 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -403,12 +403,12 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, DEBUG(10,("got TGT for %s in %s\n", auth_princ, cc)); if (expire_time) { DEBUGADD(10,("\tvalid until: %s (%d)\n", - http_timestring(*expire_time), + http_timestring(talloc_tos(), *expire_time), (int)*expire_time)); } if (renew_till_time) { DEBUGADD(10,("\trenewable till: %s (%d)\n", - http_timestring(*renew_till_time), + http_timestring(talloc_tos(), *renew_till_time), (int)*renew_till_time)); } -- cgit From 218f482fbfe96b2cddec8c05f6b8f174481d2e27 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 12 Oct 2008 00:56:56 +0200 Subject: Use common strlist implementation in Samba 3 and Samba 4. --- source3/libads/ldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 40f052281d..e78465f7da 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -832,7 +832,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, else { /* This would be the utf8-encoded version...*/ /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */ - if (!(str_list_copy(talloc_tos(), &search_attrs, attrs))) { + if (!(search_attrs = str_list_copy(talloc_tos(), attrs))) { rc = LDAP_NO_MEMORY; goto done; } @@ -1144,7 +1144,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, else { /* This would be the utf8-encoded version...*/ /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */ - if (!(str_list_copy(talloc_tos(), &search_attrs, attrs))) + if (!(search_attrs = str_list_copy(talloc_tos(), attrs))) { DEBUG(1,("ads_do_search: str_list_copy() failed!")); rc = LDAP_NO_MEMORY; -- cgit From d5a11f9679be9d053838074f1dad5a0ca880750f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 13 Oct 2008 00:40:57 +0200 Subject: fix build warnings. Guenther --- source3/libads/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index e78465f7da..fbbe1a546b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -801,7 +801,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, int *count, struct berval **cookie) { int rc, i, version; - char *utf8_expr, *utf8_path, **search_attrs; + char *utf8_expr, *utf8_path, **search_attrs = NULL; size_t converted_size; LDAPControl PagedResults, NoReferrals, ExternalCtrl, *controls[4], **rcontrols; BerElement *cookie_be = NULL; -- cgit From 1f3e4f39c5219b8ca3564e0c2eb685d9e7fdb13e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 14 Oct 2008 02:26:18 +0200 Subject: Use GUID_string rather than smb_uuid_string(). --- source3/libads/disp_sec.c | 8 ++++---- source3/libads/ldap.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index f4c68638df..a5e04a4a6c 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -114,15 +114,15 @@ static void ads_disp_sec_ace_object(ADS_STRUCT *ads, { if (object->flags & SEC_ACE_OBJECT_PRESENT) { printf("Object type: SEC_ACE_OBJECT_PRESENT\n"); - printf("Object GUID: %s (%s)\n", smb_uuid_string(mem_ctx, - object->type.type), + printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx, + &object->type.type), ads_interprete_guid_from_object(ads, mem_ctx, &object->type.type)); } if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n"); - printf("Object GUID: %s (%s)\n", smb_uuid_string(mem_ctx, - object->inherited_type.inherited_type), + printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx, + &object->inherited_type.inherited_type), ads_interprete_guid_from_object(ads, mem_ctx, &object->inherited_type.inherited_type)); } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index fbbe1a546b..2dcd1fd6ae 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2062,7 +2062,7 @@ static void dump_guid(ADS_STRUCT *ads, const char *field, struct berval **values memcpy(guid.info, values[i]->bv_val, sizeof(guid.info)); smb_uuid_unpack(guid, &tmp); - printf("%s: %s\n", field, smb_uuid_string(talloc_tos(), tmp)); + printf("%s: %s\n", field, GUID_string(talloc_tos(), &tmp)); } } @@ -3748,7 +3748,7 @@ const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads, } expr = talloc_asprintf(mem_ctx, "(rightsGuid=%s)", - smb_uuid_string(mem_ctx, *rights_guid)); + GUID_string(mem_ctx, rights_guid)); if (!expr) { goto done; } -- cgit From e9e12460217e421e44715b603ddbf57e5a889def Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 9 Oct 2008 11:05:42 +0200 Subject: kerberos: fix some heimdal build warnings. Guenther --- source3/libads/krb5_setpw.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libads') diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 719f3bd3ec..0ff9f2ba32 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -285,7 +285,7 @@ static krb5_error_code parse_setpw_reply(krb5_context context, return KRB5KRB_AP_ERR_MODIFIED; } - p = packet->data; + p = (char *)packet->data; /* ** see if it is an error */ @@ -368,7 +368,7 @@ static krb5_error_code parse_setpw_reply(krb5_context context, return KRB5KRB_AP_ERR_MODIFIED; } - p = clearresult.data; + p = (char *)clearresult.data; res_code = RSVAL(p, 0); @@ -687,10 +687,10 @@ kerb_prompter(krb5_context ctx, void *data, memset(prompts[0].reply->data, 0, prompts[0].reply->length); if (prompts[0].reply->length > 0) { if (data) { - strncpy(prompts[0].reply->data, + strncpy((char *)prompts[0].reply->data, (const char *)data, prompts[0].reply->length-1); - prompts[0].reply->length = strlen(prompts[0].reply->data); + prompts[0].reply->length = strlen((const char *)prompts[0].reply->data); } else { prompts[0].reply->length = 0; } -- cgit From 7275952568bbf003299d895b71b246f75851db93 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 19 Oct 2008 10:05:48 +0200 Subject: Add TALLOC_CTX pointer to generate_random_str(), for consistency with Samba 4. --- source3/libads/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads') diff --git a/source3/libads/util.c b/source3/libads/util.c index d23c36f326..9866a15285 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -33,7 +33,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip return ADS_ERROR_SYSTEM(ENOENT); } - new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); + new_password = generate_random_str(talloc_tos(), DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset); -- cgit From 4b59ecb90319e6e574ff7444015078bac7da631a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 20 Oct 2008 19:21:10 +0200 Subject: s3-build: no need to duplicate generated ndr_ prototypes. Guenther --- source3/libads/authdata.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads') diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 5a7bd24507..9f0f68ed7b 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -23,6 +23,7 @@ */ #include "includes.h" +#include "librpc/gen_ndr/ndr_krb5pac.h" #ifdef HAVE_KRB5 -- cgit