summaryrefslogtreecommitdiffstats
path: root/source3/libads
Commit message (Collapse)AuthorAgeFilesLines
* s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett2010-05-112-121/+26
| | | | | | | | | | | | | | | All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* Remove the copy of ldb from Samba 3.Jelmer Vernooij2010-05-061-1/+0
| | | | | There were two utility functions that other parts of Samba 3 still relied on; they have been moved to lib/ldb_compat.[ch].
* s3: only include gen_ndr headers where needed.Günther Deschner2010-05-061-0/+1
| | | | | | | | | | | | | | | | | This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
* s3: Fix a memleak in check_pac_checksumVolker Lendecke2010-05-041-2/+8
|
* s3:libads/ldap.c - fix a build breakageMatthias Dieter Wallnöfer2010-04-271-2/+2
|
* s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIREDStefan Metzmacher2010-03-301-0/+10
| | | | | | | | If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED, if "client ldap sasl wrapping = plain", instead of failing we now autoupgrade to "client ldap sasl wrapping = sign" for the given connection. metze
* s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher2010-03-241-1/+6
| | | | | | | | Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
* s3-libads: fix get_remote_printer_publishing_data after ↵Günther Deschner2010-03-051-26/+14
| | | | | | spoolss_EnumPrinterDataEx IDL change. Guenther
* s3:ads fix dn parsing name was always nullSimo Sorce2010-03-021-19/+16
| | | | | | | | While there also use ldap_exploded_dn instead of ldb_dn_validate() so we can remove a huge dependency that is hanging there only for one very minor marginal use. Signed-off-by: Günther Deschner <gd@samba.org>
* s3 move the sitename cache in its own fileSimo Sorce2010-02-234-113/+165
|
* s3-libads: Remove obsolete signal type cast.Andreas Schneider2010-02-231-5/+5
|
* s3-lib: use TYPESAFE_QSORT() in remaining s3 library codeAndrew Tridgell2010-02-141-1/+1
| | | | | the sort_query_replies() in nmblib.c is a TODO. It uses a hack that treats a char* as a structure. I've left that one alone for now.
* Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison2010-01-301-0/+52
| | | | | | | | | | | Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
* s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett2009-12-221-0/+1
| | | | Andrew Bartlett
* s3: bug #6967: Prevent glibc error on net ads join:Jim McDonough2009-12-041-1/+1
| | | | | | talloc()ed memory should not be SAFE_FREE()ed. Signed-off-by: Jim McDonough <jmcd@samba.org>
* s3-kerberos: do not include authdata headers before including krb5 headers.Günther Deschner2009-11-271-0/+1
| | | | Guenther
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-11-277-0/+7
| | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
* s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner2009-11-261-0/+1
| | | | | | samba. Guenther
* Remove unused variable warning.Jeremy Allison2009-11-121-1/+0
| | | | Jeremy.
* s3-kerberos: remove smb_krb5_get_tkt_from_creds().Günther Deschner2009-11-121-60/+4
| | | | | | | Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther
* s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.Günther Deschner2009-11-061-1/+1
| | | | Guenther
* s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().Günther Deschner2009-11-061-1/+2
| | | | Guenther
* s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.Günther Deschner2009-11-061-1/+25
| | | | Guenther
* s3-kerberos: add smb_krb5_get_tkt_from_creds().Günther Deschner2009-11-061-0/+40
| | | | Guenther
* s3-kerberos: fix some build warnings when building against heimdal.Günther Deschner2009-11-061-2/+2
| | | | Guenther
* s3: use enum netr_SchannelType all over the place.Günther Deschner2009-10-131-1/+1
| | | | Guenther
* s3: update comment about (deprecated) a6 recordsBjörn Jacke2009-10-011-1/+2
|
* spnego: share spnego_parse.Günther Deschner2009-09-171-0/+1
| | | | Guenther
* Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke2009-08-261-1/+6
| | | | | | | | | | | | | | This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
* Do an early TALLOC_FREEVolker Lendecke2009-08-251-1/+2
|
* (Hopefully) fix the problem Kai reported withJeremy Allison2009-07-281-1/+1
| | | | | | net ads leave and IPv6. Ensure all DC lookups prefer IPv4. Jeremy.
* Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison2009-07-281-12/+25
| | | | | | | | | | W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
* Remove gencache_init/shutdownVolker Lendecke2009-07-151-8/+0
| | | | | gencache_get/set/del/iterate call gencache_init() internally anyway. And we've been very lazy calling gencache_shutdown, so this seems not really required.
* Make escape_ldap_string take a talloc contextVolker Lendecke2009-07-091-3/+3
|
* Replace the "ipv4" specific strings in libcli/cldap/cldap.c with "ip". CLDAP canJeremy Allison2009-06-081-15/+6
| | | | | | | | run over IPv4/IPv6, even though some of the netlogon messages are IPv4 specific. Fix the new ads_cldap_netlogon() to be IPv6/IPv4 agnostic. This compiles but I don't have a good test env. for this (although as the previous code was *completely* broken over IPv6 this will expose previously hidden bugs if it's broken :-). Jeremy.
* Fix some nonempty blank linesVolker Lendecke2009-05-311-60/+59
|
* Move ads flags mapping to lib/Volker Lendecke2009-05-301-133/+5
|
* Make sid_binstring & friends take a talloc contextVolker Lendecke2009-05-281-2/+2
|
* Add smbldap_pull_sidVolker Lendecke2009-05-281-13/+1
|
* s3-cldap: check for zero ip address in ads_cldap_netlogon().Günther Deschner2009-04-281-0/+7
| | | | Guenther
* s3:registry: replace typedef REGISTRY_VALUE by struct regval_blobMichael Adam2009-04-271-8/+8
| | | | Michael
* s3:registry: replace typedef REGVAL_CTR by struct regval_ctr.Michael Adam2009-04-271-1/+1
| | | | | | | This paves the way for hiding the typedef and the implementation from the surface. Michael
* samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB:Jelmer Vernooij2009-04-231-10/+9
| | | | | | | * ldb_dn_new() now takes an initial DN string * ldb_dn_string_compose() -> ldb_dn_new_fmt() * dummy ldb_dn_validate(), since LDB DNs in the current implementation are always valid if they could be created.
* ldb/samba3: Support event context argument to ldb_init().Jelmer Vernooij2009-04-231-0/+3
| | | | | | This argument is ignored (Samba3's LDB is synchronous) but having it there is useful for API compatibility with the LDB used by Samba 4 and available on some systems.
* Fix coverity #901 - uninitialized data.Jeremy Allison2009-04-231-1/+1
| | | | Jeremy.
* Add comment explaining the previous fix.Jeremy Allison2009-04-221-0/+6
| | | | Jeremy.
* Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison2009-04-221-0/+4
| | | | | | LDAP_SUCCESS but not returning a result. Jeremy
* Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() ifJelmer Vernooij2009-04-201-1/+1
| | | | the system one is broken.
* Make gpo_ldap.c compatible with samba 4. Add ads_get_ldap_server_name() ↵Wilco Baan Hofman2009-04-201-0/+5
| | | | | | | | function to samba 3. Move prototypes to root libgpo where appropriate. gpo_ldap.c now compiles for both samba 3 and 4. Signed-off-by: Günther Deschner <gd@samba.org>
* Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett2009-04-141-8/+8
| | | | | | | | | | | | This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-25 12:35:50 +0000