summaryrefslogtreecommitdiff
path: root/source3/libads
Commit message (Collapse)AuthorAgeFilesLines
* s3:libads: Fix mem leak in ads_create_machine_acctJones Syue2019-11-041-1/+2
| | | | | | | | | | | Use 'goto done' instead of 'return' to fix machine_escaped leak. Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Nov 4 22:48:50 UTC 2019 on sn-devel-184
* s3:libads: Do not turn on canonicalization flag for MIT KerberosAndreas Schneider2019-10-121-0/+15
| | | | | | | | | | | | | | | This partially reverts 303b7e59a286896888ee2473995fc50bb2b5ce5e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155 Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Oct 12 17:39:13 UTC 2019 on sn-devel-184
* s3:libads: Just change the machine password if account already existsAndreas Schneider2019-10-091-22/+145
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Fix creating machine account using LDAPAndreas Schneider2019-10-092-14/+108
| | | | | | | | | | | This implements the same behaviour as Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Don't set supported encryption types during account creationAndreas Schneider2019-10-091-18/+0
| | | | | | | | This is already handled by libnet_join_post_processing_ads_modify() which calls libnet_join_set_etypes() if encrytion types should be set. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Fix detection if acount already exists in ads_find_machine_count()Andreas Schneider2019-10-091-8/+28
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Use a talloc_asprintf in ads_find_machine_acct()Andreas Schneider2019-10-091-4/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Cleanup error code paths in ads_create_machine_acct()Andreas Schneider2019-10-091-11/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libnet: Require sealed LDAP SASL connections for joiningAndreas Schneider2019-10-093-4/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Use ldap_add_ext_s() in ads_gen_add()Andreas Schneider2019-10-091-1/+1
| | | | | | | ldap_add_s() is marked as deprecated. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3/libads: clang: Fix 'Value stored during its initialization is never read'Noel Power2019-09-261-4/+4
| | | | | | | | | | | | | | | | | | | | | Fixes: source3/libads/ldap.c:370:11: warning: Value stored to 'status' during its initialization is never read <--[clang] NTSTATUS status = NT_STATUS_UNSUCCESSFUL; ^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ source3/libads/ldap.c:417:11: warning: Value stored to 'status' during its initialization is never read <--[clang] NTSTATUS status = NT_STATUS_UNSUCCESSFUL; ^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ source3/libads/ldap.c:1783:13: warning: Value stored to 'ret' during its initialization is never read <--[clang] ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS); ^~~ ~~~~~~~~~~~~~~~~~~~~~~~ source3/libads/ldap.c:1862:13: warning: Value stored to 'ret' during its initialization is never read <--[clang] ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS); ^~~ ~~~~~~~~~~~~~~~~~~~~~~~ 4 warnings generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/libads: clang: Fix 'Value stored during initialization is never read'Noel Power2019-09-261-1/+1
| | | | | | | | | | | | Fixes: source3/libads/ldap_utils.c:52:13: warning: Value stored to 'status' during its initialization is never read <--[clang] ADS_STATUS status = ADS_SUCCESS; ^~~~~~ ~~~~~~~~~~~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/libads: clang: Fix 'Value stored to 'nt_status' is never read'Noel Power2019-09-261-1/+0
| | | | | | | | | | | | Fixes: source3/libads/sasl.c:219:2: warning: Value stored to 'nt_status' is never read <--[clang] nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/libads: clang: Fix Array access results in a null pointer dereferenceNoel Power2019-09-251-1/+1
| | | | | | | | | | | | Fixes: source3/libads/cldap.c:400:6: warning: Array access (from variable 'responses') results in a null pointer dereference <--[clang] if (responses[0] == NULL) { ^ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libads: ads_krb5_chg_password() should always use the canonicalized principalStefan Metzmacher2019-09-241-0/+6
| | | | | | | | | | | | | We should always use krb5_get_init_creds_opt_set_canonicalize() and krb5_get_init_creds_opt_set_win2k() for heimdal and expect the client principal to be changed. There's no reason to have a different logic between MIT and Heimdal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:libads/kerberos: always use the canonicalized principal after kinitStefan Metzmacher2019-09-241-5/+4
| | | | | | | | | | | | | We should always use krb5_get_init_creds_opt_set_canonicalize() and krb5_get_init_creds_opt_set_win2k() for heimdal and expect the client principal to be changed. There's no reason to have a different logic between MIT and Heimdal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:libads: let kerberos_kinit_password_ext() return the canonicalized ↵Stefan Metzmacher2019-09-244-8/+47
| | | | | | | | | principal/realm BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-libads: adapt to coding standards, no code changesGünther Deschner2019-09-191-120/+121
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 19 20:48:45 UTC 2019 on sn-devel-184
* s3:ldap: Fix join with don't exists machine accountEvgeny Sinelnikov2019-09-041-2/+3
| | | | | | | | | | | | | | | Add check for requested replies of existing machine object during join machine to domain. This solves regression fail during join with error: "None of the information to be translated has been translated." https://bugzilla.samba.org/show_bug.cgi?id=14007 Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Sep 4 17:02:37 UTC 2019 on sn-devel-184
* Spelling fixes s/convertion/conversion/Mathieu Parent2019-09-011-1/+1
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* s3/libads: clang: Fix Value stored to 'canon_princ' is never readNoel Power2019-08-281-1/+2
| | | | | | | | | | | | Fixes: source3/libads/kerberos.c:192:2: warning: Value stored to 'canon_princ' is never read <--[clang] canon_princ = me; ^ ~~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* s3/libads: cppcheck fix error: shiftTooManyBitsSigned: errorNoel Power2019-05-291-1/+1
| | | | | | | | Squash 'Shifting signed 32-bit value by 31 bits is undefined behaviour' error Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:ldap: Leave add machine code early for pre-existing accountsGuenther Deschner2019-04-021-1/+9
| | | | | | | | | | | | | This avoids numerous LDAP constraint violation errors when we try to re-precreate an already existing machine account. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libads: Make sure we can lookup KDCs which are not configuredAndreas Schneider2019-04-021-2/+10
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libads: Print more information when LDAP failsAndreas Schneider2019-04-021-2/+10
| | | | | | | | | | | Currently we just get an error but don't know what exactly we tried to do in 'net ads join -d10'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Remove "struct sid_parse_ret" againVolker Lendecke2019-03-121-6/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Make sid_parse return the parsed lengthVolker Lendecke2019-03-121-5/+9
| | | | | | | | | Use a temporary struct as a return value to make the compiler catch all callers. If we just changed bool->ssize_t, this would just generate a warning. struct sid_parse_ret will go away in the next commit Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libads: Align integer typesVolker Lendecke2019-02-271-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Use dom_sid_str_bufVolker Lendecke2019-02-271-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:libads: do an early return if we don't have a password for ↵Stefan Metzmacher2018-12-231-5/+4
| | | | | | | ads_kinit_password() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Use dom_sid_str_bufVolker Lendecke2018-12-201-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libads: Add kerberos tracingSwen Schillig2018-12-194-30/+31
| | | | | | | | | | Replace kerberos context initialization from raw krb5_init_context() to smb_krb5_init_context_basic() which is adding common tracing as well. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* libads: Use dom_sid_str_bufVolker Lendecke2018-12-111-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:libads: Use #ifdef instead of #if for config.h definitionsAndreas Schneider2018-11-282-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()Volker Lendecke2018-11-281-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Give krb5_errs.c its own headerVolker Lendecke2018-11-275-0/+35
| | | | | | | | The protos were declared in lib/krb5_wrap but the functions are not available there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Align integer typesVolker Lendecke2018-11-231-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Nov 23 20:23:57 CET 2018 on sn-devel-144
* libads: Use dom_sid_string_bufVolker Lendecke2018-11-231-2/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: Free principal if smb_krb5_principal_get_realm() failsSwen Schillig2018-11-221-0/+1
| | | | | | | | | | If smb_krb5_principal_get_realm() fails, procesing is aborted and resources have to be free'd. In this context free'ing the principal was missing. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libads: set proper ads_keytab_flush() return code on errorSwen Schillig2018-11-221-0/+2
| | | | | | | | | | The return code was left on success when the calls to ads_get_machine_kvno() or ads_clear_service_principal_names() failed and the processing had to be aborted. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib: Remove gencache.h from proto.hVolker Lendecke2018-10-191-0/+1
| | | | | | | | | | It's a pain to recompile the world if gencache.h changes Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Oct 19 18:52:50 CEST 2018 on sn-devel-144
* libads: Simplify parse_spn()Volker Lendecke2018-08-221-13/+9
| | | | | | | | | | A few lines less and quite some bytes less .text Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 22 03:59:51 CEST 2018 on sn-devel-144
* libads: Fix an error path talloc leakVolker Lendecke2018-08-221-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Pass mem_ctx to lock_path()Volker Lendecke2018-08-171-2/+2
| | | | | | | | Fix a confusing API: Many places TALLOC_FREE the path where it's not clear you have to do it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libads: Free addr before we free the contextAndreas Schneider2018-08-141-1/+1
| | | | | | | | | | | | | | Introduced by dbdbd4875ecac3e7334750f46f1f494b7afe6628 CID 1438395 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 14 22:02:06 CEST 2018 on sn-devel-144
* s3:libads: Fix memory leaks in ads_krb5_chg_password()Andreas Schneider2018-08-111-0/+2
| | | | | | | | | | | Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* Fix some incorrect debug messages that look to be copy-paste issues.Richard Sharpe2018-05-031-3/+3
| | | | | | | | Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu May 3 08:16:26 CEST 2018 on sn-devel-144
* libsmb: Give namequery.c its own headerVolker Lendecke2018-04-112-0/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Fix CID 1349423 Resource leakVolker Lendecke2018-03-291-1/+2
| | | | | | | | | | get_sorted_dc_list should already take care, but this way it's safer Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 29 03:45:00 CEST 2018 on sn-devel-144
* libads: Fix 1433611 Resource leakVolker Lendecke2018-03-291-0/+1
| | | | | | | Not really a memleak due to the passed-in talloc ctx, but this way it's cleaner Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status