summaryrefslogtreecommitdiffstats
path: root/source3/libads
Commit message (Collapse)AuthorAgeFilesLines
...
* Update my copyrights according to my agreement with IBMJim McDonough2003-08-014-4/+4
| | | | (This used to be commit c9b209be2b17c2e4677cc30b46b1074f48878f43)
* working on transtive trusts issue:Gerald Carter2003-07-311-71/+0
| | | | | | | | | | | | | * use DsEnumerateDomainTrusts() instead of LDAP search. wbinfo -m now lists all trusted downlevel domains and all domains in the forest. Thnigs to do: o Look at Krb5 connection trusted domains o make sure to initial the trusted domain cache as soon as possible (This used to be commit 0ab00ccaedf204b39c86a9e1c2fcac5f15d0e033)
* Don't revert something until you've seen if volker has already fixed it :-).Jeremy Allison2003-07-301-4/+0
| | | | | Jeremy. (This used to be commit d57d9b99dfc2a83d91b952a11eb1ae4cf37e6467)
* Comment out mutex until I get dependencies sorted out...Jeremy Allison2003-07-301-0/+4
| | | | | Jeremy (This used to be commit 382d1732ca8e4d0909eb5a95f7327213913da37b)
* Put mutex around access of replay cache for krb5 tickets. krb5 replay cacheJeremy Allison2003-07-291-4/+13
| | | | | | is not multi-process safe. Jeremy. (This used to be commit 9e0534a1b69bbd4f21b4925337cbab127d060fc6)
* Typo on my part. I typed KRB5_KDB_BAD_ENCTYPE when I meant to type ↵Jeremy Allison2003-07-291-1/+1
| | | | | | | | KRB5_BAD_ENCTYPE. Heimdal has the latter, not the former. Jeremy. (This used to be commit e8425df77c2e917c819592d93833a164ee3b5338)
* Fix the build on Heimdal. KRB5_KDB_BAD_ENCTYPE doesn't exist on Heimdal, andJim McDonough2003-07-291-1/+1
| | | | | | | | it's a different rc than KRB5_BAD_ENCTYPE (which exists on both MIT and Heimdal). This will just make the debug show up at level 3 always. Jeremy, you may want to revisit this, but it's probably not worth the hassle. (This used to be commit 4ff322ccf9c8485bcfe67e658d48f190f03547b0)
* Improved debug messages whilst trying to track down kerb issues.Jeremy Allison2003-07-291-13/+20
| | | | | Jeremy. (This used to be commit 29dd71ddea480f6163ebbc9d8860a7930ae84066)
* W00t! Client smb signing is now working correctly with krb5 and w2k server.Jeremy Allison2003-07-252-2/+3
| | | | | | | | | | Server code *should* also work (I'll check shortly). May be the odd memory leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup code (b) we need to ask for a subkey... (c). The client and server need to ask for local and remote subkeys respectively. Thanks to Paul Nelson @ Thursby for some sage advice on this :-). Jeremy. (This used to be commit 3f9e3b60709df5ab755045a093e642510d4cde00)
* fix case where no realm or workgroup means to use our ownGerald Carter2003-07-251-2/+19
| | | | (This used to be commit 6edc7e0a744a5d8c6332758b800a2646ef16dd77)
* connect to the right realm or domain for trusted AD domainsGerald Carter2003-07-231-8/+4
| | | | (This used to be commit 83376671c511be4bb10d3fca8e49e5f6ef792b9c)
* Fixed memory leaks, added krb5 replay cache. Now I need to add code to checkJeremy Allison2003-07-121-17/+72
| | | | | | the incoming addresses.... Jeremy. (This used to be commit 4e9359a1f67a44b2981579383327ba774e1c31f9)
* Fix shadow parameter warning.Tim Potter2003-07-101-4/+4
| | | | (This used to be commit 8d8d85ecd62dba075d90e54ec75da9b1328784fb)
* Call the synchronous version of the ldap delete function otherwise we end upTim Potter2003-07-071-1/+1
| | | | | treating the returned message id as an error code. (This used to be commit 42fdcef324d7a04e69c0078482e1a6b8a67ade94)
* Removed strupper/strlower macros that automatically map to ↵Jeremy Allison2003-07-033-7/+7
| | | | | | | | strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
* Implemented 'net ads printer search' which searches the directory forTim Potter2003-07-031-1/+14
| | | | | | | | | | published printers. At the moment we don't search using any parameters but this can be fixed by changing the LDAP search string. Also we should contact the global catalog at SRV _gc._tcp instead of the ldap server we get back from ads_startup(). (This used to be commit 814519c5de7f962623163b732c8589abd355d845)
* Fix bug in doxygen comments for ads search functions.Tim Potter2003-07-031-4/+4
| | | | (This used to be commit ae6c05ea726da13fc1a18398d1ffe56f34e1edb9)
* Fix shadow variable warnings.Tim Potter2003-06-301-8/+8
| | | | (This used to be commit 5ffb8e0920be2da19ac3f442b9bf56c159011822)
* * fix typos in a few debug statementsGerald Carter2003-06-251-3/+9
| | | | | | * check negative connection cache before ads_try_connect() in ads_find_dc() (This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
* large change:Gerald Carter2003-06-252-120/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | *) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
* * s/get_dc_name/rpc_dc_name/g (revert a previous change)Gerald Carter2003-06-231-0/+3
| | | | | | | | | | | | | | | | | * move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
* we need to call ads_first_entry() before using a ldap result,Andrew Tridgell2003-06-161-5/+12
| | | | | otherwise we can segv or return garbage (This used to be commit d1316656b03e2bc85263b65d24977923ee6f39b7)
* Rename some uuid functions so as not to conflict with systemTim Potter2003-06-131-1/+1
| | | | | versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
* Fix shadow variable warning.Tim Potter2003-06-131-4/+4
| | | | (This used to be commit c22a4074bd2b998339826ba629fe48153639ec18)
* added an auth flag that indicates if we should be allowed to fallbackAndrew Tridgell2003-06-101-1/+4
| | | | | | | to NTLMSSP for SASL if krb5 fails. This is important as otherwise the admin may think that a join has succeeeded when kerberos is actually broken. (This used to be commit 23a6ea385c4aea208adf36f039244bee14f56a33)
* No matter how special this session key is, it's not worth a level 0.Andrew Bartlett2003-06-061-2/+4
| | | | | | | Hide it behind a level 10, with #ifdef DEBUG_PASSWORD instead. Andrew Bartlett (This used to be commit 9d4e327850fb00083241f3e68f866590c44e1823)
* More on bug 137: rename more of krb5_xxx functions to not start with krb5_Jim McDonough2003-05-301-1/+1
| | | | (This used to be commit 10f1da3f4a9680a039a2aa26301b97e31c06c38d)
* More on bug 137: rename remainder of krb5_xxx functions to not start with krb5_Jim McDonough2003-05-301-11/+11
| | | | (This used to be commit 4169de6d8fb1b13de3892ec787886cc1543736a1)
* Fix bug #137: krb5_set_password is already defined in MIT 1.3 libs, soJim McDonough2003-05-301-5/+6
| | | | | we wouldn't build. (This used to be commit 0e9836c4e9e71494b10d71a5f3d5f7da2888c5ef)
* Patch from Luke Howard <lukeh@PADL.COM> to recognise local groups.Jeremy Allison2003-05-151-0/+2
| | | | | Jeremy. (This used to be commit d7a23afe14b0d3ad8ecb7d994768705a32055d9a)
* Patch from Ken Cross to allow an ADS domain join with a username of the formAndrew Bartlett2003-05-041-1/+1
| | | | | | | user@realm, where realm might not be the realm we are joining. Andrew Bartlett (This used to be commit 00e08efb5cd21bf42be9125d3188efbf9d13b8b7)
* Revert patch - we need to try the NTLMSSP code below...Andrew Bartlett2003-04-241-9/+4
| | | | | Andrew Bartlett (This used to be commit 317158972ec944742ba47b213999def9abbf7452)
* Use the kerberos error from ads_kinit_password() in the return value fromAndrew Bartlett2003-04-241-4/+9
| | | | | | | our SASL code - help in printing a useful error message. Andrew Bartlett (This used to be commit 984321bfab79a1ff20b504e115e94bd6270f0196)
* Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett2003-04-213-7/+11
| | | | | | | | | | | | This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
* Add const, static and fix a double free() (merge from HEAD).Andrew Bartlett2003-04-211-6/+5
| | | | (This used to be commit 9ba88c7314168b87b72a7e9dc3c7588dcce86893)
* Move PAC decoding over from HEAD.Jim McDonough2003-04-161-0/+6
| | | | (This used to be commit b0fd4e5555dd93c584cd86eaac080663b9e4031f)
* Change variable name to get this working on gcc 3.2 (Merge from HEAD)Jelmer Vernooij2003-04-152-38/+38
| | | | (This used to be commit d49113caef6057905f0f5233ea3085ca5722e742)
* This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User2003-04-131-0/+614
|\ | | | | | | used to be commit 381649916ecbaddefbb6ee0e6137b7cc73eb54b1)
| * Complete what I've seen (and then some)t of the PAC.Jim McDonough2003-04-091-5/+124
| | | | | | | | | | | | | | | | | | | | I haven't seen the rid+attr arrays for group membership, nor sids or the same kind of arrays for resource domains, so I don't know how that will work. Also, the PAC info type 10 is now decoded, but I don't know what it's for. It has an NTTIME, a 16-bit name length, and a username. According to M$, it's not needed, because they didn't doc it... (This used to be commit 28ab8504cf6c181866106e5cc626a5896283d0a9)
| * Decode the PAC! This patch just decodes it and then frees it, so it's justJim McDonough2003-04-072-0/+501
| | | | | | | | | | for doc purposes right now (you can see it in the debug logs). (This used to be commit 046c2087a11b9ce7a02aece34ffb129ce0d66b08)
| * - Support building all auth modules as .so'sJelmer Vernooij2003-03-252-38/+38
| | | | | | | | | | - Change 2 variable names to avoid conflicts (patch by Stephan Kulow <coolo@kde.org>) (This used to be commit 71b05cd14ae6df8340730e7bad1c783dc278c5d3)
| * Changes to help the kerberos change password code work on systems thatAndrew Bartlett2003-03-161-37/+29
| | | | | | | | | | | | | | | | | | | | have some of the labels 'duplicated' (ie, the defines double-up). Also, to an ads_connect() to try and find our KDC. (So we don't segfualt *every* time) Andrew Bartlett (This used to be commit 56dce7ddad118051c93c62507234efca3920bc9b)
| * - Fix a double-free (I can't say I understand the code, but it matches the ↵Andrew Bartlett2003-03-121-6/+5
| | | | | | | | | | | | | | | | | | | | | | other cases and keeps valgrind quiet). - Add static Andrew Bartlett (This used to be commit e9da9c500b96a828d744e7a1c64427fc01153310)
| * More const fixes.Jeremy Allison2003-03-051-2/+2
| | | | | | | | | | Jeremy. (This used to be commit 7b945e10a6c636c0b0aabc841803bf44405cb2ae)
| * tokenGroups are SIDs, so dump them as such.Andrew Bartlett2003-02-251-0/+1
| | | | | | | | (This used to be commit 43f07e9de70ad9993265e28a54239caba0121ab6)
| * Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett2003-02-241-6/+26
| | | | | | | | | | | | | | keys for kerberos authentication. Andrew Bartlett (This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
| * Always initialiseAndrew Bartlett2003-02-241-2/+2
| | | | | | | | (This used to be commit ff2b5b2f85f2d9dade67077cea1b68719cf65352)
| * Fix a DEBUG() formatting, add some more debug to our SID pulling code andAndrew Bartlett2003-02-221-18/+33
| | | | | | | | | | | | | | | | | | | | inline the call to prs_copy_all_data_out() so that we can know we are not overrunning our buffer. Also check more return values. Andrew Bartlett (This used to be commit e3b73d5d658584428c81c9ef3ccf024687a56e2f)
| * libads/krb5_setpw.cJim McDonough2003-02-191-1/+2
| | | | | | | | (This used to be commit 4c52d7bd933f61bdba3d4159a204fe16db3d4f0f)
| * Fix segv in net ads join...an extra & was the culpritJim McDonough2003-02-191-1/+1
| | | | | | | | (This used to be commit 9874b233d55a0b1aea7eb033848f4b63a531833b)
generated by cgit (git 2.34.1) at 2025-10-02 04:25:39 +0000