summaryrefslogtreecommitdiffstats
path: root/source3/libads
Commit message (Collapse)AuthorAgeFilesLines
* libads: Fix CID 1273305 Uninitialized scalar variableVolker Lendecke2015-03-041-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* libads: Fix CID 1273306 Uninitialized scalar variableVolker Lendecke2015-03-041-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3-libads: Fix a possible segfault in kerberos_fetch_pac().Andreas Schneider2015-01-071-13/+13
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11037 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* addns: Remove support for dns_host_file.Andreas Schneider2014-12-181-5/+5
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-libads: remove unused dn from ads_get_service_principal_names().Günther Deschner2014-11-281-7/+0
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Nov 28 16:46:20 CET 2014 on sn-devel-104
* s3:libads: avoid some compiler warnings in ldap.cStefan Metzmacher2014-11-251-15/+19
| | | | | | | | We use helper variables and explicit casts using discard_const_p() to avoid bogus const warnings. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba: pass down size_t instead of int to add_string_to_array().Günther Deschner2014-11-171-1/+1
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
* s3-keytab: fix keytab array NULL termination.Matt Rogers2014-11-121-2/+1
| | | | | | Signed-off-by: Matt Rogers <mrogers@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-libads: Add all machine account principals to the keytab.Andreas Schneider2014-09-261-22/+52
| | | | | | | | | | This adds all SPNs defined in the DC for the computer account to the keytab using 'net ads keytab create -P'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Add function to search for an element in an array.Andreas Schneider2014-09-262-0/+33
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Add a function to retrieve the SPNs of a computer account.Andreas Schneider2014-09-262-0/+66
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: Improve service principle guessing.Andreas Schneider2014-09-261-58/+66
| | | | | | | | | | | If the name passed to the net command with the -S options is the long hostname of the domaincontroller and not the 15 char NetBIOS name we should construct a FQDN with the realm to get a Kerberos ticket. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-kpasswd: Fix build warning.Günther Deschner2014-09-011-1/+1
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Sep 1 18:15:15 CEST 2014 on sn-devel-104
* s3-kpasswd: send a netbios krb5 address to avoid invalid net address errors fromGünther Deschner2014-09-011-0/+14
| | | | | | | | | heimdal. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* Remove custom password change code in libadsSimo Sorce2014-09-011-555/+59
| | | | | | | | | Use standard libkrb5 calls instead. Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* Remove duplicate definitionsSimo Sorce2014-09-011-9/+0
| | | | | | | | | Thee are already defined both in Heimdal and MIT public headers Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* s3-libads/krb5_setpw: free realm from smb_krb5_principal_get_realm().Günther Deschner2014-08-081-3/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba: use smb_krb5_create_key_from_string() in some places.Günther Deschner2014-08-081-1/+6
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org>
* s3-krb5: Limit search for old kvno to 8bitsChristof Schmitt2014-05-081-2/+5
| | | | | | | | | | | | Some keytab files store the kvno only in 8bits. Limit the compare to 8bits, so that we don't miss old keys and delete them. This fixes the problem that updates to the keytab file removed all previous keys. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Thu May 8 00:54:15 CEST 2014 on sn-devel-104
* s3-libads: allow ads_try_connect() to re-use a resolved ip address.Günther Deschner2014-04-171-18/+26
| | | | | | | | | | | | Pass down a struct sockaddr_storage to ads_try_connect. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
* Remove special socket_wrapper code.Andreas Schneider2014-04-171-32/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-libads: Use ldap_initialize() if available.Andreas Schneider2014-04-171-5/+20
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-kerberos: make ipv6 support for generated krb5 config files more robust.Günther Deschner2014-04-041-2/+27
| | | | | | | | | | | | | Older MIT Kerberos libraries will add any secondary ipv6 address as ipv4 address, defining the (default) krb5 port 88 circumvents that. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104
* kerberos: Map KRB5KDC_ERR_CLIENT_REVOKED to NT_STATUS_ACCOUNT_LOCKED_OUTAndrew Bartlett2014-04-021-1/+1
| | | | | | Change-Id: I333083e11a56d0f99ec36df25a96804d0ff2d110 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-272-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-libads: Use the IP instead of the name.Bjoern Baumbach2014-03-131-1/+1
| | | | | | | | | | | Thix fixes 'net rpc join' against ADS. Signed-off-by: Bjoern Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 13 17:06:00 CET 2014 on sn-devel-104
* s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner2014-03-122-9/+27
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: return a full PAC in kerberos_return_pac().Günther Deschner2014-03-122-13/+19
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: pass down local_service to kerberos_return_pac().Günther Deschner2014-03-122-5/+2
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: remove unused kdc_name from ↵Günther Deschner2014-03-072-8/+5
| | | | | | | | | | | | create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
* s3-kerberos: remove print_kdc_line() completely.Günther Deschner2014-03-071-68/+5
| | | | | | | | | | | | | | | | Just calling print_canonical_sockaddr() is sufficient, as it already deals with ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is removed as well. It was pointless because it always derived the port number from the provided address which was either a SMB (usually port 445) or LDAP connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC. Finally, the kerberos libraries that we support and build with, can deal with ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of resolving the DC name on the kerberos library anymore. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search.Daniel Liberman2014-01-231-4/+7
| | | | | | | | | | | | | | | | | | | | | | "Inside ads_do_search_all_args(), if the first call to ads_do_paged_search_args() fails, the proper error status is returned. But, if the execution is already inside the loop to get all the accounts doing several calls to ads_do_paged_search_args(), and one of these calls times out, the status returned is from the *first* call, so success. This causes net_ads_search() to interpret the return from ads_do_search_retry() as success and print all the accounts returned, but it’s only a subset." Also ensure we free previously returned results on error in subsequent fetches. https://bugzilla.samba.org/show_bug.cgi?id=10387 Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 23 01:40:54 CET 2014 on sn-devel-104
* s3-libads: Fix memory leaks in ads_build_path().Andreas Schneider2014-01-091-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* Add a talloc context to sitename_fetch().Jeremy Allison2013-09-053-14/+11
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke2013-09-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher2013-08-101-5/+6
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: introduce gensec_internal.hStefan Metzmacher2013-08-101-0/+1
| | | | | | | | | | We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-libads: Print a message if no realm has been specified.Andreas Schneider2013-08-051-1/+7
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
* s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters ↵Günther Deschner2013-08-051-0/+4
| | | | | | | | | | missing. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: Print the debug string of a failed call with LDAP_OTHER.Andreas Schneider2013-06-121-0/+18
| | | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 12 13:46:57 CEST 2013 on sn-devel-104
* BUG 9699: Fix adding case sensitive spn.Andreas Schneider2013-04-031-12/+2
| | | | | | | | | | | | We should be able to define the case of the spn cause it is important for some services like nfs. 'net ads keytab add "nfs"' should not result in an uppercase spn. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 3 23:57:32 CEST 2013 on sn-devel-104
* Make sure to set umask() before calling mkstemp().Andreas Schneider2013-03-061-0/+3
| | | | | | | Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
* s3:libads: make use of samba_tevent_context_init()Stefan Metzmacher2013-02-191-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3: use generate_random_password() instead of generate_random_str()Stefan Metzmacher2013-02-041-2/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-libads: Fix copy&paste error in ads_keytab_add_entry().Andreas Schneider2012-12-211-1/+1
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libads: Always free the talloc_stackframe() on error pathAndrew Bartlett2012-11-051-0/+1
| | | | | | | Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104
* s3-kerberos: add aes enctypes to generated krb5.conf.Günther Deschner2012-10-021-5/+24
| | | | Guenther
* s3-krb5: use and request AES keys in kerberos operations.Günther Deschner2012-10-022-1/+8
| | | | Guenther
* Avoid overriding default ccache for ads operations.Simo Sorce2012-09-123-7/+94
| | | | | | | | | | | | | | | | | | | | | | | | Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
* s3-smbldap: use smbldap_ prefixed functionsAlexander Bokovoy2012-09-071-1/+1
|
generated by cgit (git 2.34.1) at 2025-06-15 02:44:09 +0000