summaryrefslogtreecommitdiffstats
path: root/source3/libads
Commit message (Collapse)AuthorAgeFilesLines
* Fix coverity #901 - uninitialized data.Jeremy Allison2009-04-281-1/+1
| | | | | Jeremy. (cherry picked from commit aa09344a77a686466371725e6f1c3f2ebaca684a)
* Add comment explaining the previous fix.Jeremy Allison2009-04-281-0/+6
| | | | | Jeremy. (cherry picked from commit 0b0bb2c7eb44b403e6fd50cf480ed8b2fb24a7d5)
* Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison2009-04-281-0/+4
| | | | | | | LDAP_SUCCESS but not returning a result. Jeremy (cherry picked from commit 9ebc15bed8c05d0729066d97d3bfaade9fcbacb7)
* s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett2009-04-154-21/+22
| | | | | | Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 574a6a8c350a4bab3f42f3f9cfb382db721d69b5) (cherry picked from commit 7e6d6eeff3e082d7223264c17cb27c2ab89df9aa)
* s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner2009-04-151-8/+8
| | | | | | Guenther (cherry picked from commit d71dec9259366e99beca69fcd9397bd38ed82c71) (cherry picked from commit 4e32c424a00bc29e63176af9773f9ffa7aa09bc2)
* s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett2009-04-151-40/+29
| | | | | | | | | | | | | | Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 20501876735fc4656083747ba8aa0de9da8fb820) (cherry picked from commit 6673ad24d48ad44fa76497f0327b13e82721d0a1)
* s3-krb5: Fix Coverity #762 (REVERSE_INULL).Günther Deschner2009-04-151-6/+6
| | | | | | Guenther (cherry picked from commit 97190ae184dff6450b1390c854f7426e2ee3f980) (cherry picked from commit 1a591aadb66d589171d236fc2f8bf2eb6d9ce499)
* fix build on old Heimdal based systemsBjörn Jacke2009-04-151-5/+3
| | | | | | Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 011ad7245d53a716c4c766f5ef8d317bb3a53d0f) (cherry picked from commit 3b74ba990e5b96e17ef76845551ab03fdddc59f8)
* s3: remove POLICY_HND.Günther Deschner2009-04-151-1/+1
| | | | | | Guenther (cherry picked from commit 531af136f9dd5c6050f78948837294aed02de440) (cherry picked from commit 91216ffa95b4ed53e54b11665e96b911cb4e4ab5)
* s3-spoolss: use rpccli_spoolss_enumprinterdataex in ldap_printer.c.Günther Deschner2009-04-151-26/+43
| | | | | | Guenther (cherry picked from commit cd7f62ab70337ccee7ba652e7d9ed8d299938bff) (cherry picked from commit 38a225667ee7e59d4fcf090255a077c0660130ea)
* Eliminate two duplicate SEC_ACE_TYPE constants already provided byJelmer Vernooij2009-03-011-4/+4
| | | | security.idl.
* s3-rpcclient: use rpccli_spoolss_openprinter_ex helper.Günther Deschner2009-02-101-5/+5
| | | | Guenther
* s3-spoolss: fix memleak in get_remote_printer_publishing_data().Günther Deschner2009-02-101-2/+8
| | | | Guenther
* s3-rpcclient: use srv_name_slash instead of formating servername again and ↵Günther Deschner2009-02-091-4/+3
| | | | | | again. Guenther
* s3-spoolss: use rpccli_spoolss_ClosePrinter.Günther Deschner2009-02-061-1/+1
| | | | Guenther
* s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner2009-02-061-36/+6
| | | | Guenther
* s3/libads: Change "ldap ssl:ads" parameter to "ldap ssl ads".Karolin Seeger2009-02-051-1/+1
| | | | Karolin
* s3-kerberos: use KRB5_KT_KEY compat macro.Günther Deschner2009-02-031-7/+1
| | | | Guenther
* s3-kerberos: fix ads_dedicated_keytab_verify_ticket with heimdal.Günther Deschner2009-02-031-3/+10
| | | | Guenther
* Revert "fix for commit d96248a9b46 which broke Heimdal builds"Günther Deschner2009-02-031-6/+0
| | | | | | This does not build. This reverts commit af736923a541df1a37afeb72b8a5652932c4c69c.
* fix for commit d96248a9b46 which broke Heimdal buildsBjörn Jacke2009-02-021-0/+6
|
* Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz2009-02-011-17/+112
| | | | | | | | | | | | | | | | | | | | | | | lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
* s3: fix bug #6073: prevent ads_connect() from using SSL unless explicitly ↵Michael Adam2009-01-291-3/+5
| | | | | | | | | | | requested This fixes "net ads join". It copes with the changed default "ldap ssl = start tls". A new boolean option "ldap ssl : ads" is added to allow for explicitly requesting ssl with ads. Michael
* ads_connect: Return immediately on a failed GC connection.Gerald (Jerry) Carter2009-01-161-3/+14
| | | | | | | | | | | ads_connect_gc() feeds an explicit server to ads_connect(). However, if the resulting connection fails, the latter function was attempting to find a DC on its own and continuing the connection. This resulting in GC searches being sent over a connection using port 389 which would fail when using the base search suffix outside of the domain naming context. The fix is to fail immediately in ads_connect() since the GC lookup ordering is handled already in ads_connect_gc().
* s3:libads: use lock_path for creating paths to local krb5.conf filesMichael Adam2009-01-161-2/+3
| | | | | | | | instead of manually doing an asprintf with lp_lockdir() Michael squash
* s3:libads: give create_local_private_krb5_conf_for_domain() a common exit pointMichael Adam2009-01-161-30/+20
| | | | Michael
* Async wrapper for open_socket_out_send/recvVolker Lendecke2009-01-041-12/+19
|
* open_socket_out is always used with SOCK_STREAM, remove argument "type"Volker Lendecke2009-01-031-1/+1
|
* Replace a static variable and alarm() calls by using sys_select()Volker Lendecke2008-12-311-23/+24
| | | | Günther, please check!
* Fix some nonempty blank linesVolker Lendecke2008-12-311-5/+5
|
* Fix more "ignore return value" warnings from gcc 4.3.Jeremy Allison2008-12-301-9/+22
| | | | Jeremy
* Fix more asprintf warnings and some error path errors.Jeremy Allison2008-12-231-2/+10
| | | | Jeremy.
* More asprintf warning fixes.Jeremy Allison2008-12-233-8/+28
| | | | Jeremy.
* More asprintf warning fixes.Jeremy Allison2008-12-231-9/+18
| | | | Jeremy.
* Fix more asprintf errors and error code paths.Jeremy Allison2008-12-232-9/+31
| | | | Jeremy.
* s3:libads/ldap.c: store the dc name in the saf cache as in all other placesStefan Metzmacher2008-12-131-3/+2
| | | | | | | | metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 543fa85a711337e979c7b631bda5db95d109ef59)
* s3:libads/ldap.c: if the client belongs to no site at all any dc is the closestStefan Metzmacher2008-12-131-0/+5
| | | | | | | | metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit f86ef9b53a903485deba94febf90dd4e657cc02b)
* s3:libads/ldap.c: pass the real workgroup name to get_dc_name()Stefan Metzmacher2008-12-131-1/+10
| | | | | | | | metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c2d4a84abe1b6cbf68d6e9f1bb1f8974d0b628fc)
* s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP caseStefan Metzmacher2008-12-131-1/+25
| | | | | | | | | | | | | We use get_dc_name() for LDAP because it generates the selfwritten krb5.conf with the correct kdc addresses and sets KRB5_CONFIG. For CLDAP we need to use get_sorted_dc_list() to avoid recursion. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit d2f7f81f4d61bae9c4be65cbc1bf962b6c24a31f)
* s3: correctly detect if the current dc is the closest oneStefan Metzmacher2008-12-131-1/+0
| | | | | | | | | | ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
* s3: Change sockaddr util function names for consistencyTim Prouty2008-12-031-3/+3
| | | | Also eliminates name conflicts with OneFS system libraries
* s3-net: allow to list a keytab generated using net rpc vampire.Günther Deschner2008-12-021-2/+5
| | | | Guenther
* s3:libads/ldap.c: return an error instead of crashing when no realm is givenStefan Metzmacher2008-11-241-4/+4
| | | | | | | | | The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam <obnox@samba.org>
* Fix extended DN parse error when AD object does not have a SID.Steven Danneman2008-11-181-24/+38
| | | | | | | | | | | Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
* Whitespace and >80 column cleanups.Steven Danneman2008-11-181-12/+12
|
* Rename dos_errstr() to win_errstr() for consistency with Samba 4.Jelmer Vernooij2008-11-011-3/+3
|
* Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij2008-10-231-4/+5
| | | | | otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
* s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner2008-10-222-96/+110
| | | | Guenther
* s3: use shared asn1 code.Günther Deschner2008-10-222-7/+7
| | | | Guenther
* s3-build: no need to duplicate generated ndr_ prototypes.Günther Deschner2008-10-201-0/+1
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-08-28 18:23:06 +0000