Jelmer Vernooij
4db7642caa
r18745: Use the Samba4 data structures for security descriptors and security descriptor
...
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db
)
2007-10-10 12:00:54 -05:00
Günther Deschner
4fa5a1c845
r18670: Fix memleaks.
...
Guenther
(This used to be commit 2fc63fb8f7
)
2007-10-10 12:00:46 -05:00
Jeremy Allison
664c3f4166
r18663: Fix one more uuid -> GUID.
...
Jeremy.
(This used to be commit e568271af2
)
2007-10-10 12:00:44 -05:00
Günther Deschner
245aa33f0d
r18620: Fallback to non-paging LDAP searches in ads_do_search_retry_internal()
...
for anonymous bound connections.
When doing anonymous bind you can never use paged LDAP control for
RootDSE searches on AD.
Guenther
(This used to be commit dc1d92faab
)
2007-10-10 11:52:01 -05:00
Jeremy Allison
a0aaa82f6d
r18552: Ensure the sitename matches before we SAF store a DC in ADS mode.
...
Jeremy.
(This used to be commit 03e1078b45
)
2007-10-10 11:51:49 -05:00
Günther Deschner
2ad8c705b2
r18512: Add krb5conf file environment to debug statement.
...
Guenther
(This used to be commit 398f368c8a
)
2007-10-10 11:51:45 -05:00
Günther Deschner
dda94fdf96
r18508: A query for the LDAP schema can never be done anonymously against AD.
...
Guenther
(This used to be commit 8bb6e82f02
)
2007-10-10 11:51:44 -05:00
Jeremy Allison
a4743f3a76
r18480: Doh ! Double-free of hostnameDN.
...
Jeremy.
(This used to be commit f8984fa8b7
)
2007-10-10 11:51:43 -05:00
Volker Lendecke
6b3c42b1a1
r18466: Attempt to fix the AIX build
...
(This used to be commit 1398425067
)
2007-10-10 11:51:42 -05:00
Volker Lendecke
dfa62cfa98
r18464: Solaris has LDAP_SCOPE_ONELEVEL. Linux seems to have it as well.
...
Fix a C++ compat warning.
Volker
(This used to be commit 351e583f66
)
2007-10-10 11:51:42 -05:00
Volker Lendecke
d3237d2233
r18453: Attempt to fix the non-ldap build
...
(This used to be commit 86db854230
)
2007-10-10 11:51:42 -05:00
Jeremy Allison
8c2c5c5d1d
r18446: Add the ldap 'leave domain' code - call this as
...
a non-fatal error path if the 'disable machine
account' code succeeded.
Jeremy.
(This used to be commit f47bffa21e
)
2007-10-10 11:51:42 -05:00
Günther Deschner
59e5149d8f
r18425: Fix ads_ntstatus(). LDAP_SUCCESS should really map to NT_STATUS_OK.
...
Guenther
(This used to be commit 8ab214956e
)
2007-10-10 11:51:23 -05:00
Gerald Carter
2b27c93a9a
r18271: Big change:
...
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28
)
2007-10-10 11:51:18 -05:00
Jeremy Allison
6cfe7be80e
r18241: If replacing the krb5.conf, ensure it's readable.
...
Jeremy.
(This used to be commit dfd93a3031
)
2007-10-10 11:51:18 -05:00
Jeremy Allison
ed0274433c
r18234: DNS failures are too common to log at level zero or 1.
...
Jeremy.
(This used to be commit 943e21d5da
)
2007-10-10 11:51:17 -05:00
Jeremy Allison
34a25efad2
r18226: Ensure we only do this evil thing if it's our realm.
...
Jeremy.
(This used to be commit 0a89b37b1a
)
2007-10-10 11:51:16 -05:00
Jeremy Allison
80052bcf13
r18225: If we're going to overwrite krb5.conf, at least
...
be polite enough to make a backup.
Jeremy.
(This used to be commit c82aac594f
)
2007-10-10 11:51:16 -05:00
Jeremy Allison
253c01f29e
r18201: Make explicit what's going on here.
...
Jeremy.
(This used to be commit 38b8a2b527
)
2007-10-10 11:51:16 -05:00
Jeremy Allison
6d4c7b1345
r18200: Experimental code to allow system /etc/krb5.conf to be
...
overwritten by winbindd. Don't enable this :-).
Jeremy.
(This used to be commit 88e11ee91a
)
2007-10-10 11:51:16 -05:00
Jelmer Vernooij
995205fc60
r18188: merge 3.0-libndr branch
...
(This used to be commit 1115745cae
)
2007-10-10 11:43:56 -05:00
Günther Deschner
b5f6cbbe1b
r18177: Some build- and memleak-fixes for the (not build by default) ADS GPO
...
routines.
Guenther
(This used to be commit 0ef504a0a6
)
2007-10-10 11:43:30 -05:00
Günther Deschner
171a5cd5c0
r18175: Forgot to call asn1_free() in previous commit.
...
Guenther
(This used to be commit af3779a516
)
2007-10-10 11:43:30 -05:00
Günther Deschner
4bc83e60de
r18174: Do not return "success" when we failed to write in the CLDAP code.
...
Guenther
(This used to be commit 1fe4724f57
)
2007-10-10 11:43:30 -05:00
Günther Deschner
5a87bbd48a
r18172: Just a little more verbosity in this debug statement.
...
Guenther
(This used to be commit e852bc4646
)
2007-10-10 11:43:30 -05:00
Günther Deschner
73d25f6f78
r18165: Fix memleaks.
...
Guenther
(This used to be commit 6f301b2dc3
)
2007-10-10 11:43:29 -05:00
Günther Deschner
30c0e93156
r18162: Close socket when the CLDAP request has failed.
...
Guenther
(This used to be commit 714ea3ceab
)
2007-10-10 11:43:29 -05:00
Jeremy Allison
8d812f8eed
r18063: When we get a successful connection using ADS,
...
cache the SAF name under both the domain name
and the realm name, as we could be looking up
under both. Jerry please check.
Jeremy.
(This used to be commit 9d954d2deb
)
2007-10-10 11:43:24 -05:00
Volker Lendecke
f8a17bd8bd
r18047: More C++ stuff
...
(This used to be commit 86f4ca84f2
)
2007-10-10 11:43:24 -05:00
Volker Lendecke
ee0e397d6f
r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.
...
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680eb
)
2007-10-10 11:39:49 -05:00
Jeremy Allison
98cfbd3ccf
r18015: Try and detect network failures immediately in
...
set_dc_type_and_flags().
Fix problem when DC is down in ads_connect, where
we fall back to NetBIOS and try exactly the same
IP addresses we just put in the negative connection
cache.... We can never succeed, so don't try lookups
a second time.
Jeremy.
(This used to be commit 2d28f3e94a
)
2007-10-10 11:39:48 -05:00
Jeremy Allison
fea5d59b84
r18010: Ensure we don't timeout twice to the same
...
server in winbindd when it's down and listed
in the -ve connection cache. Fix memory leak,
reduce timeout for cldap calls - minimum 3 secs.
Jeremy.
(This used to be commit 10b32cb6de
)
2007-10-10 11:39:48 -05:00
Jeremy Allison
0f1bc28744
r18006: Actually a smaller change than it looks. Leverage
...
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
(This used to be commit 77fe2a3d74
)
2007-10-10 11:39:47 -05:00
Jeremy Allison
d0bbe3751a
r18004: If you're writing out a krb5.conf, at least
...
get the syntax right... :-).
Jeremy.
(This used to be commit ecca467e46
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
b05c81a184
r18003: Creating a directory and getting EEXIST isn't an error.
...
Jeremy.
(This used to be commit 515f86167b
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
0a847b4111
r18002: Improved debug.
...
Jeremy.
(This used to be commit 5f84c8c815
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
d31ee84d88
r18001: Proper error reporting on write/close fail.
...
Jeremy.
(This used to be commit ba311ac4ea
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
e05728b669
r18000: Get nelem/size args right for x_fwrite.
...
Jeremy.
(This used to be commit f1c5409b9f
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
1bd715d915
r17999: No need to prevent others from reading. Use 755 instead
...
of 700, and 644 instead of 600. Reading might help
debugging.
Jeremy.
(This used to be commit 99f100cfec
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
d62c3cff51
r17997: Ensure lockdir exists for winbindd. Store tmp
...
krb5.conf files under lockdir, not privatedir.
Jeremy.
(This used to be commit c59eff3e53
)
2007-10-10 11:39:46 -05:00
Jeremy Allison
ef92f91cd7
r17996: Don't talloc free the memory then reference it. Doh !
...
Jeremy.
(This used to be commit 188eb9794d
)
2007-10-10 11:39:45 -05:00
Jeremy Allison
fc6bce6d9c
r17995: Ensure we create the domain-specific krb5 files in a
...
separate directory.
Jeremy.
(This used to be commit 541594153b
)
2007-10-10 11:39:45 -05:00
Jeremy Allison
0c9ca3fe19
r17994: Add debugs that showed me why my site code wasn't
...
working right. Don't update the server site when we
have a client one...
Jeremy.
(This used to be commit 7acbcf9a6c
)
2007-10-10 11:39:45 -05:00
Gerald Carter
ac25c32322
r17972: revert accidental commit to ads_verify_ticket()
...
(This used to be commit 95f6b22e51
)
2007-10-10 11:39:44 -05:00
Gerald Carter
e53dfa1f4a
r17971: Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain to the SID<->uid/gid cache. FIxes a bug in token creation
...
(This used to be commit fa05708789
)
2007-10-10 11:39:44 -05:00
Jeremy Allison
305ceade39
r17970: Add missing include-guards around ads.h and ads_cldap.h.
...
Remove all reference to "Default-First-Site-Name" and
treat it like any other site.
Jeremy.
(This used to be commit 5ae3564d68
)
2007-10-10 11:39:44 -05:00
Jeremy Allison
a78c61b9cd
r17946: Fix couple of typos...
...
Jeremy.
(This used to be commit 638d53e2ad
)
2007-10-10 11:39:01 -05:00
Jeremy Allison
2fcd113f55
r17945: Store the server and client sitenames in the ADS
...
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
(This used to be commit 9be4ecf24b
)
2007-10-10 11:39:01 -05:00
Jeremy Allison
cceb492250
r17944: Handle locking madness.
...
Jeremy.
(This used to be commit 408267a2d7
)
2007-10-10 11:39:01 -05:00
Jeremy Allison
6fada7a82a
r17943: The horror, the horror. Add KDC site support by
...
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d
)
2007-10-10 11:39:01 -05:00