summaryrefslogtreecommitdiffstats
path: root/source/libads
Commit message (Collapse)AuthorAgeFilesLines
* r21922: Fixed the build by rather horrid means. I really needJeremy Allison2007-10-101-2/+4
| | | | | | | to restructure libsmb/smb_signing.c so it isn't in the base libs path but lives in libsmb instead (like smb_seal.c does). Jeremy.
* r21863: Fix debug messages with incorrect function name.Jeremy Allison2007-10-101-15/+15
| | | | Jeremy.
* r21855: Fix a memleak in the krb5 locator and comment out gfree_all() which ↵Günther Deschner2007-10-101-2/+4
| | | | | | | | doesn't make sense as long as it doesn't work as an lp_unload(). Guenther
* r21850: After Jerry explained to me the HORRIBLE way in whichJeremy Allison2007-10-101-5/+15
| | | | | | | | the MIT gss libraries *SUCK*, move the frees to the end of the function so MIT doesn't segfault..... Add a comment so that another engineer knows why I did this. Jeremy.
* r21847: Fix memory leaks in error paths (and in main code path in one case...)Jeremy Allison2007-10-101-5/+13
| | | | | in sasl bind. Wonder why coverity didn't find these ? Jeremy.
* r21845: Refactor the sessionsetupX code a little to allow usJeremy Allison2007-10-102-31/+74
| | | | | | | | | | | to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to a client when there's clock skew. Will help people debug this. Prepare us for being able to return the correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED" error with associated krb5 clock skew error to allow clients to re-sync time with us when we're eventually able to be a KDC. Jeremy.
* r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke2007-10-101-3/+1
| | | | Volker
* r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke2007-10-101-1/+3
| | | | | | | | | Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker
* r21822: Adding experimental krb5 lib locator plugin.Günther Deschner2007-10-101-0/+384
| | | | | | | | | | | | | | | | This is a starting point and may get changed. Basically we need follow the exact same path to detect (K)DCs like other Samba tools/winbind do. In particular with regard to the server affinity cache and the site-awarness for DNS SRV lookups. To compile just call "make bin/smb_krb5_locator.so", copy to /usr/lib/plugin/krb5/ (Heimdal HEAD) or /usr/lib/krb5/plugins/libkrb5/ (MIT) and you should immediately be able to kinit to your AD domain without having your REALM with kdc or kpasswd directives defined in /etc/krb5.conf at all. Tested with todays Heimdal HEAD and MIT krb5 1.5. Guenther
* r21779: I missd a call to krb5_get_init_creds_opt_alloc in r21778.James Peach2007-10-101-1/+1
|
* r21778: Wrap calls to krb5_get_init_creds_opt_free to handle the differentJames Peach2007-10-101-2/+2
| | | | | calling convention in the latest MIT changes. Apparantly Heimdal is also changing to this calling convention.
* r21755: Memory leak fixes from Zack Kirsch <zack.kirsch@isilon.com>.Jeremy Allison2007-10-101-2/+7
| | | | Jeremy.
* r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison2007-10-101-1/+2
| | | | | Coverity finds them :-) Jeremy.
* r21606: Implement escaping function for ldap RDN valuesSimo Sorce2007-10-102-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo.
* r21561: It makes absolutely no sense to call krb5_kt_resolve() two timesGünther Deschner2007-10-101-6/+1
| | | | | | directly after another. Guenther
* r21558: Safe more indent, again no code changes.Günther Deschner2007-10-101-37/+37
| | | | Guenther
* r21557: indent only fix. No code change.Günther Deschner2007-10-101-49/+49
| | | | Guenther
* r21556: Remove superfluos return check in ads_keytab_verify_ticket().Günther Deschner2007-10-101-2/+0
| | | | Guenther
* r21352: Let ads_upn_suffixes() return a pointer to an array of suffixes.Günther Deschner2007-10-101-4/+4
| | | | Guenther
* r21349: Fix memleak in ads_upn_suffixes().Günther Deschner2007-10-101-0/+3
| | | | Guenther
* r21273: * Protect the sasl bind against a NULL principal stringGerald Carter2007-10-101-1/+29
| | | | in the SPNEGO negTokenInit
* r21240: Fix longstanding Bug #4009.Günther Deschner2007-10-103-5/+13
| | | | | | | | | | | | | | | | | For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther
* r21238: Fix tab indent in self-written krb5.confs.Günther Deschner2007-10-101-1/+1
| | | | Guenther
* r21110: Fix kinit with Heimdal (Bug #4226).Günther Deschner2007-10-101-13/+26
| | | | Guenther
* r21046: Backing out svn r20403 (Andrew's krb5 ticket cleanupGerald Carter2007-10-101-0/+11
| | | | | | | | as this is causing the WRONG_PASSWORD error in the SetUserInfo() call during net ads join). We are now back to always list RC4-HMAC first if supported by the krb5 libraries.
* r21021: Fix memleak.Günther Deschner2007-10-101-0/+1
| | | | Guenther
* r21003: Display LDAP base in debug statement.Günther Deschner2007-10-101-2/+2
| | | | Guenther
* r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter2007-10-102-51/+32
| | | | | | | | | | | This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving.
* r20880: Fix memory leak in new sitename code. You got *really*Jeremy Allison2007-10-101-1/+1
| | | | | close Guenther, then you forgot to use "key" :-) :-). Jeremy.
* r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner2007-10-102-18/+63
| | | | | | | the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther
* r20862: When in disconnected mode there is no need to try a fallback to a siteGünther Deschner2007-10-101-0/+18
| | | | | | less DNS query. This speeds up offline detection slightly. Guenther
* r20860: Adding some small tweaks. When we have no sitename, there is no need toGünther Deschner2007-10-101-11/+14
| | | | | | ask for the list of DCs twice. Guenther
* r20857: Silence gives assent :-). Checking in the fix forJeremy Allison2007-10-103-22/+72
| | | | | | | | | site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy.
* r20536: In the offline PAM session close case the attempt to delete aGünther Deschner2007-10-101-0/+2
| | | | | | non-existing krb5 credential cache should not generate an error. Guenther
* r20487: Remove the unused dn2ad_canonical() callGerald Carter2007-10-101-18/+0
|
* r20486: Always upper case the "host/<sAMAccoutnName>" entry in the keytab fileGerald Carter2007-10-101-1/+6
| | | | so apps will know which one to look for,
* r20403: Cleaning out my Samba 3.0 tree:Andrew Bartlett2007-10-101-11/+0
| | | | | | | | | As discussed with jerry at the CIFS conf: overriding the administrator's wishes from the krb5.conf has only every given me segfaults. We suggest leaving this up to the defaults from the libraries anyway. Andrew Bartlett
* r20273: Map KRB5_KDCREP_SKEW to NT_STATUS_TIME_DIFFERENCE_AT_DC.Günther Deschner2007-10-101-0/+1
| | | | | | | This gives much nicer error messages when failing to join due to clock skew. Guenther
* r20173: DNS update fixes:Gerald Carter2007-10-101-0/+22
| | | | | | | | | * Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate()
* r20132: get rid of defined but not used warning - static function only usedHerb Lewis2007-10-101-0/+2
| | | | inside the #ifdef HAVE_KRB5
* r19687: Fix uninitialized variables found by Coverity (and gcc -O1... ;-))Volker Lendecke2007-10-101-1/+2
| | | | Volker
* r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner2007-10-101-1/+25
| | | | | | | | | | | Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther
* r19646: Fix memleak in the default_ou_string handling. Thanks to David HuGünther Deschner2007-10-101-11/+37
| | | | | | <david.hu@hp.com>. Fixes #4212. Guenther
* r19528: Fix container handling for "net ads user" and "net ads group" functionsGünther Deschner2007-10-101-1/+3
| | | | | | along with some memleaks. Guenther
* r19526: Fix minor memleak.Günther Deschner2007-10-101-0/+1
| | | | Guenther
* r19263: Be more accurate in telling what the sitename problem is in this DEBUGGünther Deschner2007-10-101-1/+1
| | | | | | statement. Guenther
* r19039: Do not segfault in "net ads printer info" when a requested printserverGünther Deschner2007-10-101-0/+10
| | | | | | does not exist. Guenther
* r18982: Move the gpo related functions to "libgpo".Günther Deschner2007-10-102-1205/+0
| | | | Guenther
* r18941: Minor cleanup in ads_parse_gpo().Günther Deschner2007-10-101-2/+2
| | | | Guenther
* r18923: Fix more memleaks.Günther Deschner2007-10-103-7/+23
| | | | Guenther
generated by cgit (git 2.34.1) at 2024-09-24 00:26:35 +0000