summaryrefslogtreecommitdiff
path: root/source3/libads/ads_struct.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:libnet: Require sealed LDAP SASL connections for joiningAndreas Schneider2019-10-091-1/+13
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Use #ifdef instead of #if for config.h definitionsAndreas Schneider2018-11-281-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* s3-libads: Use the configured LDAP page size.Justin Maggard2016-01-151-2/+2
| | | | | | | | | | | | | | We already allow the user to configure LDAP page size, and use it in pdb_ldap. But then we hard-code the initial LDAP page size value to 1000 in ads_init, so it doesn't take effect there. So let's use the configured LDAP page size value in ads_init also, which defaults to 1000. Signed-off-by: Justin Maggard <jmaggard@netgear.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jan 15 03:59:16 CET 2016 on sn-devel-144
* libads: Remove "foreign" from ads_structVolker Lendecke2015-12-181-8/+0
| | | | | | | AFAICS this was never actually used Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-libads: Fix memory leaks in ads_build_path().Andreas Schneider2014-01-091-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* Avoid overriding default ccache for ads operations.Simo Sorce2012-09-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
* Correctly check for errors in strlower_m() returns.Jeremy Allison2012-08-091-1/+5
|
* s3-libads: Use a reducing page size to try and cope with a slow LDAP serverAndrew Bartlett2012-05-261-0/+4
| | | | | | | | | If we cannot get 1000 users downloaded in 15seconds, try with 500, 250 and then 125 users at a time. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
* More strlcat/strlcpy truncate checks.Jeremy Allison2012-03-301-2/+9
|
* s3: Fix some nonempty blank linesVolker Lendecke2011-01-121-8/+8
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 12 19:04:25 CET 2011 on sn-devel-104
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3-libads: add ads_set_sasl_wrap_flags().Günther Deschner2010-05-201-0/+14
| | | | Guenther
* More asprintf warning fixes.Jeremy Allison2008-12-231-3/+8
| | | | Jeremy.
* strtok -> strtok_rVolker Lendecke2008-01-231-3/+4
| | | | (This used to be commit fd34ce437057bb34cdc37f4b066e424000d36789)
* Fix memleak in ads_build_path().Günther Deschner2008-01-161-5/+11
| | | | | Guenther (This used to be commit b7a06b54e0a58c4cd6c5351b1e4a0a2c253cfea1)
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-1/+1
| | | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
* r24072: Add "client ldap sasl wrapping" parameter.Stefan Metzmacher2007-10-101-0/+8
| | | | | | | Possible values are "plain" (default), "sign" or "seal". metze (This used to be commit 26ccbad7212e9acd480b98789f04b71c1e940ea8)
* r23886: add ads_disconnect() functionStefan Metzmacher2007-10-101-3/+1
| | | | | metze (This used to be commit ba70737b7043cae89dd90f8668a24881212ac6fb)
* r23838: Allow to store schema and config path in ADS_STRUCT config.Günther Deschner2007-10-101-0/+2
| | | | | Guenther (This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-10-101-2/+1
| | | | (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
* r23779: Change from v2 or later to v3 or later.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
* r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter2007-10-101-6/+0
| | | | | | | | | | | | This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
* r20173: DNS update fixes:Gerald Carter2007-10-101-0/+22
| | | | | | | | | | * Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() (This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7)
* r17945: Store the server and client sitenames in the ADSJeremy Allison2007-10-101-0/+2
| | | | | | | struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
* r17626: Some C++ WarningsVolker Lendecke2007-10-101-1/+1
| | | | (This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
* r16199: Fix Klocwork #1 - ensure we test the firstJeremy Allison2007-10-101-10/+12
| | | | | | strtok for NULL. Jeremy. (This used to be commit 98751e8190317416de56b4a19a489c5f4b7d6bc9)
* r15697: I take no comments as no objections :)Günther Deschner2007-10-101-5/+5
| | | | | | | | | | | Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
* r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter2007-10-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
* r13657: Let winbindd try to obtain the gecos field from the msSFU30GecosGünther Deschner2007-10-101-0/+1
| | | | | | | attribute when "winbind nss info = sfu" is set. Fixes #3539. Guenther (This used to be commit ffce0461de130828345c44293e564ca03227607d)
* r11508: Removed incorrect patch hunk. Thanks to AndrewJeremy Allison2007-10-101-2/+0
| | | | | | Bartlett for pointing this out. Jeremy. (This used to be commit c93a08be4a29854354a16c6e8f984477e19f41c0)
* r11504: Added Andrew Bartletts removal of another NTLMSSP implementationJeremy Allison2007-10-101-0/+2
| | | | | | patch. Jeremy. (This used to be commit 4591984176fd32ba25155fbc6889a1c637019a08)
* r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner2007-10-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
* r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2007-10-101-6/+6
| | | | | | | | | | allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
* bug 1195: add flag to ADS_STRUCT so we know who owns the main structure's ↵Gerald Carter2004-03-221-8/+11
| | | | | | memory (not the members though) (This used to be commit 4449e0e251190b741f51348819669453f0758f36)
* Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison2003-10-221-2/+2
| | | | | | | in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
* large change:Gerald Carter2003-06-251-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | *) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
* Mem alloc checks.Jeremy Allison2003-02-041-8/+10
| | | | | Jeremy. (This used to be commit 46ea028169426fbcad92d3d5bf786e88be8f5112)
* sanity checks from Ken CrossGerald Carter2003-01-211-2/+2
| | | | (This used to be commit 9f35846b8e0d711c9101ade9e79394219045383c)
* syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter2002-10-011-0/+1
| | | | | | (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
* sync 3.0 branch with headJelmer Vernooij2002-08-171-82/+25
| | | | (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
* updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell2002-07-151-4/+24
| | | | (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
* much better support for organisational units in ADS joinAndrew Tridgell2002-01-161-11/+25
| | | | (This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
* much better ADS error handling systemAndrew Tridgell2001-12-191-30/+4
| | | | (This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
* we only have gss_ fns on a krb5 capable boxAndrew Tridgell2001-12-191-3/+6
| | | | (This used to be commit 344b786efe00f72ed81f0eeb4d422c655d866557)
* - added initial support for trusted domains in winbindd_adsAndrew Tridgell2001-12-191-0/+26
| | | | | | | - gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
* try the PDC for our workgroup if we can't find the ldap serverAndrew Tridgell2001-12-131-3/+8
| | | | (This used to be commit fc9fd2ca19899e757a6d3ccbba3d4a10f27d7a3f)
* added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell2001-12-081-44/+5
| | | | | | cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
* fix link errorAndrew Tridgell2001-12-051-0/+2
| | | | (This used to be commit 58e93a8b7de10f60a1e68570f1bdd6e3d8fa44a5)
* added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell2001-12-051-1/+4
| | | | | | | winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
View Lorry Controller Status