sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-29 11:21:54 +03:00
Code
56,002 Commits 60 Branches 1,144 Tags 452 MiB
1f4123677e
Commit Graph

876 Commits

Author SHA1 Message Date
Günther Deschner
21e759ef64 mailslot: always pull a command 25 type reply. 
Guenther
(This used to be commit 1ce726b951)
 2008-06-05 19:09:30 +02:00
Volker Lendecke
d261e16cfd Fix a memleak in ads_find_dc() in case get_sorted_dc_list() fails 
This is really not a proper place to fix this, but as get_gc_list() and friends
are about to be replaced anyway, just work around the broken existing API
(This used to be commit df8d089bc6)
 2008-06-05 10:56:18 +02:00
Marc VanHeyningen
ad00ecd358 Tiny memory leak 
(This used to be commit e7f76a0c65)
 2008-05-29 14:26:50 -07:00
Jeremy Allison
d5d4a9511d Memory leak fixes from Chere Zhou <czhou@isilon.com>. 
Jeremy.
(This used to be commit 201bcc8ed2)
 2008-05-27 12:27:57 -07:00
Tim Prouty
fb37f15600 Cleanup size_t return values in callers of convert_string_allocate 
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc5)
 2008-05-20 22:40:13 +02:00
root
fc3e6851d3 Fix some comments to match get_kdc_ip_string()'s behaviour 
(This used to be commit 30956c784f)
 2008-05-19 12:08:52 +02:00
Günther Deschner
eeb126a379 libads/cldap: store client sitename also keyed by dns domain name. 
Guenther
(This used to be commit 0388b2f0cc)
 2008-05-15 16:38:32 +02:00
Günther Deschner
847d385f7b Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3). 
Guenther
(This used to be commit f3251ba03a)
 2008-05-14 23:53:23 +02:00
Günther Deschner
d59cf703ba dsgetdcname: make use of nbt_cldap_netlogon_15. 
Guenther
(This used to be commit 5b0eda98f3)
 2008-05-09 17:41:50 +02:00
Günther Deschner
4bd94c8338 cldap: move out cldap object to fix the build. 
Guenther
(This used to be commit 56be9c98d2)
 2008-05-09 14:59:19 +02:00
Günther Deschner
cdd9913c4a cldap: let ads_cldap_netlogon() return all possible cldap replies. 
Guenther
(This used to be commit 6f9d5e1cc9)
 2008-05-09 14:59:18 +02:00
Günther Deschner
1f6065765c mailslot/cldap: use nt_version bits in queries. 
Guenther
(This used to be commit b261f06312)
 2008-05-06 09:41:41 +02:00
Gerald W. Carter
43c079ef26 BUG 5107: Fix handling of large DNS replies on AIX and Solaris. 
On AIX, Solaris, and possibly some older glibc systems (e.g. SLES8)
truncated replies never give back a resp_len > buflen
which ends up causing DNS resolve failures on large tcp DNS replies.

Also add more debug lines about processing the DNS reply.
(This used to be commit 5ed9b92097)
 2008-04-30 09:57:15 -05:00
Steven Danneman
778a5414b1 Fix bug 5419: memory leak in ads_do_search_all_args() when enumerating 1000s of entries 
The ads_do_search_all_args() function attempts to string together several
LDAPMessage structures, returned across several paged ldap requests, into a
single LDAPMessage structure.  It does this by pulling entries off the second
LDAPMessage structure and appending them to the first via the OpenLDAP specific
ldap_add_result_entry() call.

The problem with this approach is it skips non-entry messages such as the
result, and controls.  These messages are leaked.

The short term solution as suggested by Volker is to replace the ads_*_entry()
calls with ads_*_message() calls so we don't leak any messages.

This fixes the leak but doesn't remove the dependence on the OpenLDAP specific
implementation of ldap_add_result_entry().
(This used to be commit f1a5405409)
 2008-04-26 08:11:20 -07:00
Volker Lendecke
862d7e32b9 Move user/domain from rpc_pipe_client to cli_pipe_auth_data 
(This used to be commit 42de50d2cd)
 2008-04-25 11:12:50 +02:00
Günther Deschner
bcbac69d1a cldap: avoid duplicate definitions so remove ads_cldap.h. 
Guenther
(This used to be commit 538eefe22a)
 2008-04-21 20:21:40 +02:00
Günther Deschner
1dd7ab38e7 cldap: add talloc context to ads_cldap_netlogon(). 
Guenther
(This used to be commit 4cee7b1bd5)
 2008-04-21 20:21:40 +02:00
Günther Deschner
ba98dd4989 libads: Use libnbt for CLDAP reply parsing. 
Guenther
(This used to be commit 751f3064a5)
 2008-04-21 20:21:39 +02:00
Volker Lendecke
cf2442bdcb Use rpc_pipe_client->user_name instead of rpc_pipe_client->cli->user_name 
Also make sure that rpc_pipe_client->user_name is always talloced.
(This used to be commit 3f6c5b9966)
 2008-04-20 00:14:40 +02:00
Volker Lendecke
4c857010e7 Fix two "ignoring asprintf result" warnings 
(This used to be commit 1d261e78b3)
 2008-04-20 00:13:39 +02:00
Volker Lendecke
2a2188591b Add "desthost" to rpc_pipe_client 
This reduces the dependency on cli_state
(This used to be commit 783afab9c8)
 2008-04-20 00:13:09 +02:00
Karolin Seeger
8d7c7c674a Fix typo. 
Karolin
(This used to be commit 42fbbeb1ca)
 2008-04-10 08:38:54 +02:00
Karolin Seeger
a8124367b4 Fix typos. 
Karolin
(This used to be commit 6cee347035)
 2008-04-09 16:14:04 +02:00
Günther Deschner
33a3766f03 Add ads_check_ou_dn(). 
Guenther
(This used to be commit 380e9d26db)
 2008-03-28 16:43:59 +01:00
Volker Lendecke
1b26a7ea6d Fix Coverity ID 488 
"status" was used uninitialized on success -- metze, please check
(This used to be commit a0859529c8)
 2008-03-23 19:44:55 +01:00
Volker Lendecke
561fb9daa4 Fix Coverity ID 487 
(This used to be commit 22cee9c1af)
 2008-03-23 19:44:55 +01:00
Marc VanHeyningen
e06aa46b9f Coverity fixes 
(This used to be commit 3fc85d2259)
 2008-03-17 20:52:25 +01:00
Volker Lendecke
1ebfc66b2c Use a separate tdb for mutexes 
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not
provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC
mutex is needed per-node anyway, so it is perfectly fine to use a local mutex
only.
(This used to be commit f94a63cd8f)
 2008-03-10 21:08:45 +01:00
Volker Lendecke
87805819f1 Fix Coverity ID 551 
Correctly return if we can't create the temporary krb5.conf

Jeremy, please check!
(This used to be commit c2401811aa)
 2008-03-08 23:48:12 +01:00
Günther Deschner
7269a504fd Add my copyright. 
Guenther
(This used to be commit d078a87571)
 2008-02-27 19:38:48 +01:00
Volker Lendecke
3176392878 Fix some warnings 
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result
(This used to be commit ad37b7b0ae)
 2008-02-25 16:09:26 +01:00
Günther Deschner
965774fa8f Fix some more callers of PAC_DATA. 
Guenther
(This used to be commit ea609d1b0e)
 2008-02-17 02:12:00 +01:00
Günther Deschner
3ea40eda94 Some more cleanup in authdata.c. 
Guenther
(This used to be commit 5483f5fb44)
 2008-02-17 02:11:59 +01:00
Günther Deschner
86843631a2 Align our krb5 PAC decoding routines to the samba4 ones. 
(while keeping all the trans krb5 lib support)

Guenther
(This used to be commit c06e507737)
 2008-02-17 02:11:59 +01:00
Volker Lendecke
b361956942 str_list_free is not needed anymore 
(This used to be commit feddc1447d)
 2008-02-04 21:05:41 +01:00
Volker Lendecke
2762b9a975 Always pass a TALLOC_CTX to str_list_make and str_list_copy 
(This used to be commit e2c9fc4cf5)
 2008-02-04 20:57:49 +01:00
Günther Deschner
6c764172e5 When running with debug level > 10, dump ads_struct in ads_connect(). 
Guenther
(This used to be commit 2dd7c64fa8)
 2008-01-31 11:05:25 +01:00
Günther Deschner
7cab0f5c0c Fix the build. Avoid unrequired ndr_print_ads_struct dependencies. 
Guenther
(This used to be commit c832882e49)
 2008-01-29 15:17:02 +01:00
Gerald W. Carter
c0c93dc2ba Restrict the enctypes in the generated krb5.conf files to Win2003 types. 
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain.  We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
(This used to be commit 8039a2518c)
 2008-01-28 11:32:09 -06:00
Volker Lendecke
587cf54c61 strtok -> strtok_r 
(This used to be commit fd34ce4370)
 2008-01-23 15:08:04 +01:00
Günther Deschner
a92eb76688 Finally enable pidl generated SAMR & NETLOGON headers and clients. 
Guenther
(This used to be commit f7100156a7)
 2008-01-17 16:54:46 +01:00
Jeremy Allison
70426bdd30 Tidy up code and debug for non-default krb5 IPv6 port. 
Jeremy.
(This used to be commit 79b7972de4)
 2008-01-16 13:28:24 -08:00
Jeremy Allison
bd8abea49f Fix IPv6 bug #5204, which caused krb5 DNS lookups 
for a name '[<ipv6 addr>'.
Jeremy.
(This used to be commit f2aa921505)
 2008-01-16 13:21:46 -08:00
Günther Deschner
fbcc7820c6 Fix memleak in ads_build_path(). 
Guenther
(This used to be commit b7a06b54e0)
 2008-01-16 16:06:15 +01:00
Günther Deschner
a32cca7f37 Print principal in debug statement in kerberos_kinit_password() as well. 
Guenther
(This used to be commit 44d67e8462)
 2008-01-14 18:39:08 +01:00
Jeremy Allison
43717a16e2 Fix CID 476. Ensure a valid pac_data pointer is always passed to 
ads_verify_ticket as it's always derefed.
Jeremy.
(This used to be commit 0599d57eff)
 2008-01-11 23:53:27 -08:00
Jeremy Allison
866af9a800 Coverity 512, uninitialized var. 
Jeremy.
(This used to be commit 1b7cc80c61)
 2008-01-11 23:43:33 -08:00
Günther Deschner
f89fa0a6f8 Do not ignore provided machine_name in ads_get_upn(). 
Guenther
(This used to be commit ddc1307844)
 2008-01-08 14:07:01 +01:00
Michael Adam
4aba7475ef Re-Indent function ldap_open_with_timeout(). 
This reverts commit #cafda34783f0961c9b463803c19cfcb69f836e3f .

I just learned (the hard way) that these indeted functions
are not indented by accident but that the intention of this
is to not include the prototype into proto.h.

Michael
(This used to be commit 2e5d01b214)
 2008-01-04 22:56:10 +01:00
Michael Adam
b54310cbaa Add a debug message (when the LDAP server has really been connected). 
Michael
(This used to be commit 7d9d2de390)
 2008-01-04 22:09:36 +01:00
Michael Adam
2cb68e3898 Untangle assignment and result check. 
Michael
(This used to be commit 465a3b356c)
 2008-01-04 22:09:36 +01:00
Michael Adam
34e579fce5 Enhance DEBUG-verbosity of ldap_open_with_timeout(). 
Michael
(This used to be commit 9e70d1f24d)
 2008-01-04 22:09:36 +01:00
Michael Adam
4ad3464fb9 Unindent function header. 
Michael
(This used to be commit cafda34783)
 2008-01-04 22:09:35 +01:00
Michael Adam
3f42428f9b Fix a misleading DEBUG message. 
At this stage, the (tcp) connection to the LDAP server has not
been established, this is what is about to be attempted. What
has been succesfully done, is a CLDAP netlogon query.

Michael
(This used to be commit 71c3c8ad4c)
 2008-01-04 22:09:35 +01:00
Günther Deschner
b076a7e802 Add ads_get_joinable_ous(). 
Guenther
(This used to be commit 5bbceac881)
 2008-01-03 18:15:59 +01:00
Volker Lendecke
240391be53 Make use of [un]marshall_sec_desc 
(This used to be commit 54576733d6)
 2007-12-29 23:13:03 +01:00
Jeremy Allison
afc93255d1 Add SMB encryption. Still fixing client decrypt but 
negotiation works.
Jeremy.
(This used to be commit d78045601a)
 2007-12-26 17:12:36 -08:00
Simo Sorce
4869ccfed6 While 'data' is usually 0 terminated, nothing in the spec requires that. The correct way is to copy only 'length' bytes. 
Simo.
(This used to be commit 814c1b0e00)
 2007-12-17 15:26:08 -05:00
Volker Lendecke
d365a43785 make use of unmarshall_sec_desc 
(This used to be commit ced0c42f05)
 2007-12-16 14:15:16 +01:00
Jeremy Allison
8e86b7bb65 Doh, fix typo in error exit. 
Jeremy.
(This used to be commit 44918f39c0)
 2007-12-15 23:32:28 -08:00
Jeremy Allison
5dbc4a23bc Added patch originally by Andreas Schneider <anschneider@suse.de> 
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.
(This used to be commit d0e33840fb)
 2007-12-15 23:22:25 -08:00
Volker Lendecke
2e07c2ade8 s/sid_to_string/sid_to_fstring/ 
least surprise for callers
(This used to be commit eb523ba776)
 2007-12-15 22:47:30 +01:00
Volker Lendecke
14ef4cdec1 Replace sid_string_static with sid_to_string 
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078b)
 2007-12-15 22:09:37 +01:00
Volker Lendecke
54ae9dfcbc Use sid_string_talloc where we have a tmp talloc ctx 
(This used to be commit 0a911d38b8)
 2007-12-15 22:09:36 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs 
(This used to be commit bb35e794ec)
 2007-12-15 22:09:36 +01:00
Michael Adam
d8ac0cecae Remove an incredible amount of whitespace. 
Sorry - could not resist. Michael
(This used to be commit 1000c98eae)
 2007-12-06 14:08:54 +01:00
Stefan Metzmacher
8fd3a7c43e libads: fix typo 
metze
(This used to be commit b55b19190d)
 2007-12-06 09:54:19 +01:00
Volker Lendecke
78c6ee0090 Remove some globals 
(This used to be commit 31d0a846db)
 2007-12-05 14:39:07 +01:00
Jeremy Allison
6f46f75dfc Make strhex_to_str clear on string limits. Remove pstring from web/*.c 
Jeremy.
(This used to be commit f9c8d62389)
 2007-12-03 17:17:05 -08:00
Volker Lendecke
1011b32678 Remove some statics 
(This used to be commit 1fab16ffb8)
 2007-11-27 14:18:47 +01:00
Volker Lendecke
d5b2325fcd Remove a global 
(This used to be commit 3088bc76f1)
 2007-11-26 17:48:40 +01:00
Jeremy Allison
de51d3dd5f More pstring removal.... 
Jeremy.
(This used to be commit 809f5ab4c5)
 2007-11-20 18:55:36 -08:00
Jeremy Allison
acb829ecc3 Add MAX_DNS_NAME_LENGTH, remove more pstrings. 
Jeremy.
(This used to be commit a1725f4ff7)
 2007-11-15 18:27:26 -08:00
Jeremy Allison
32dd016353 Fix the setup_kaddr() call to cope with IPv6. 
This is the last obvious change I can see. At
this point we can start claiming IPv6 support
(Hurrah !:-).
Jeremy.
(This used to be commit bda8c0bf57)
 2007-10-29 15:03:36 -07:00
Jeremy Allison
e2d0526c97 Change our DNS code to cope with AAAA records. A6 records 
look like a nightmare to use, so ignore them for now.
Jeremy.
(This used to be commit 814daded90)
 2007-10-29 13:34:00 -07:00
Jeremy Allison
f88b7a076b This is a large patch (sorry). Migrate from struct in_addr 
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
 2007-10-24 14:16:54 -07:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting 
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
 2007-10-18 17:40:25 -07:00
Gerald (Jerry) Carter
e5a951325a [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. 
(This used to be commit 5c6c8e1fe9)
 2007-10-10 15:34:30 -05:00
Michael Adam
b12e11f29f r25422: Get rid of some cast warnings. 
(This used to be commit 3e155b249e)
 2007-10-10 12:31:04 -05:00
Gerald Carter
5221ebb299 r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree. 
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336)
 2007-10-10 12:31:03 -05:00
Gerald Carter
3529156971 r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags, 
and client fixes.  Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba73)
 2007-10-10 12:31:02 -05:00
Günther Deschner
3309aacc99 r25328: When using ldap sasl wrapping with gssapi it's important to receive warnings 
for clock-skew errors.

Guenther
(This used to be commit 53c99d415d)
 2007-10-10 12:31:00 -05:00
Jeremy Allison
ab9d7bf4f9 r25165: Use talloc_asprintf_append_buffer with an unmodified 
string.
Jeremy.
(This used to be commit fe30a523df)
 2007-10-10 12:30:47 -05:00
Günther Deschner
1874c564db r25133: Fix sasl wrapping (for ldap sign&seal). 
The gss_import_name() broke as we switched from the internal MIT OID
"gss_nt_krb5_principal" to "GSS_KRB5_NT_PRINCIPAL_NAME" and didn't switch from
passing the krb5_principal (or better: a pointer to that, see MIT's "*HORRIBLE*
bug") to pass the string principal directly.

Jerry, Jeremy, neither I could figure out the need of passing in a
krb5_principal at all nor could I reproduce the crash you were seeing.

I sucessfully tested the code (now importing a string) with MIT 1.2.7, 1.3.6,
1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0, 1.0.1.

Guenther
(This used to be commit cb2dc715e3)
 2007-10-10 12:30:43 -05:00
Günther Deschner
1ef2464451 r25109: Remove obsolete argument from ads_guess_service_principal(). 
Guenther
(This used to be commit 2dea9464bb)
 2007-10-10 12:30:41 -05:00
Günther Deschner
dc58b03517 r25108: Make ifdef labyrinth in sasl code a bit more readable. 
Guenther
(This used to be commit f31949ec34)
 2007-10-10 12:30:40 -05:00
Günther Deschner
cd45a258a7 r25080: Once we decrypted the packet but have timing problems (closkew, tkt not yet or 
no longer valid) there is no point to bother the keytab routines.

Guenther
(This used to be commit 7e4dcf8e7e)
 2007-10-10 12:30:38 -05:00
Lars Müller
9fa56b9ae9 r25030: ip_srv_nonsite and count_nonsite are initialized in get_kdc_list() in any 
case.
(This used to be commit 287604a1c7)
 2007-10-10 12:30:36 -05:00
Michael Adam
b202692875 r24836: Initialize some uninitialized variables. 
This prevents a segfault when get_kdc_ip_string() is called
with sitename == NULL.

Michael
(This used to be commit 58d31e057b)
 2007-10-10 12:30:26 -05:00
Günther Deschner
55b59eb80b r24833: Move locator to nsswitch (does not belong to libads anymore). 
Guenther
(This used to be commit af90c6949c)
 2007-10-10 12:30:26 -05:00
Günther Deschner
dbdc0fecb6 r24832: In the winbind-locator recursion case, try to pick up the kdc from the 
environment.

Guenther
(This used to be commit 7f42fe4e08)
 2007-10-10 12:30:26 -05:00
Günther Deschner
647abf0a7b r24804: As a temporary workaround, also try to guess the server's principal in the 
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.

Guenther
(This used to be commit f5b3de4d30)
 2007-10-10 12:30:23 -05:00
Günther Deschner
60fb367fd9 r24769: Merge error handling for locator plugin. 
Guenther
(This used to be commit b83626676c)
 2007-10-10 12:30:19 -05:00
Günther Deschner
6227abc043 r24752: Make sure to return properly when the locator is called from within winbindd. 
Guenther
(This used to be commit 6cf7187e88)
 2007-10-10 12:30:18 -05:00
Günther Deschner
49e92d0d56 r24748: Remove all dependencies to samba internals and convert the krb5 locator plugin 
into a tiny winbindd DsGetDcName client. This still does not solve the case of
using the locator from within winbindd itself but at least gencache.tdb and
others are no longer corrupted.

Guenther
(This used to be commit 908e7963b8)
 2007-10-10 12:30:17 -05:00
Günther Deschner
22cf5a3f80 r24739: With resolve_ads() allow to query for PDCs as well. 
Also add dns query functions to find GCs and DCs by GUID.

Guenther
(This used to be commit cc469157f6)
 2007-10-10 12:30:16 -05:00
Günther Deschner
d61c180e49 r24654: Adapt to coding conventions. 
Guenther
(This used to be commit a669ac2bc4)
 2007-10-10 12:30:13 -05:00
Günther Deschner
201f0e1ce4 r24432: Expand kerberos_return_pac() so that it can be used in winbindd. 
Guenther
(This used to be commit e70bf0ecc3)
 2007-10-10 12:29:46 -05:00
Günther Deschner
3e00e2e9ce r24424: Fix the build. 
Guenther
(This used to be commit 029bf26f8a)
 2007-10-10 12:29:45 -05:00
Günther Deschner
6ba2d944a0 r24252: Dump guid of msExchMailboxGuid when returned. 
Guenther
(This used to be commit 1142f3df54)
 2007-10-10 12:29:21 -05:00
Günther Deschner
bed0ea0693 r24251: Neverending fun: 
Heimdal doesn't accept all OIDs and gss_import_name() fails with
GSS_S_BAD_NAMETYPE using this one. Use the GSS_KRB5_NT_PRINCIPAL_NAME OID
instead (which works with at least MIT 1.6.1 and Heimdal 1.0.1).

Guenther
(This used to be commit f783b32b65)
 2007-10-10 12:29:21 -05:00
Volker Lendecke
8476d072d3 r24166: Fix Coverity ID 391 
(This used to be commit 461974d2cc)
 2007-10-10 12:29:17 -05:00
Gerald Carter
cdd140fe27 r24158: SE_GROUP_RESOURCE in the other_sids list apparently means a 
domain local group.

Fix a typo in the PAC debugging routine
(This used to be commit b0b66b2e7a)
 2007-10-10 12:29:15 -05:00
Stefan Metzmacher
cc8d700364 r24131: - make it more clear what the different min and max fields mean 
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation
  is independed from the req_flags and ret_flags
- verify the server supports the wrapping type we want
- better handling on negotiated buffer sizes

metze
(This used to be commit d0ec732387)
 2007-10-10 12:29:09 -05:00
Stefan Metzmacher
d2900ddf11 r24128: fix double free in error path 
metze
(This used to be commit 29e2d8e044)
 2007-10-10 12:29:09 -05:00
Stefan Metzmacher
e1b1177196 r24104: fix the build, sorry... 
metze
(This used to be commit a5e1f9fd29)
 2007-10-10 12:29:07 -05:00
Stefan Metzmacher
56766b1f3e r24103: add some useful debug messages, as not all LDAP 
libraries support wrapping hooks...

metze
(This used to be commit 581a1d3a20)
 2007-10-10 12:29:07 -05:00
Stefan Metzmacher
3edc6088aa r24098: - make use of the ads_service_principal abstraction 
also for the "GSSAPI" sasl mech.
- also use the ads_kinit_password() fallback logic
  from the "GSS-SPNEGO" sasl mech.

metze
(This used to be commit cbaf44de1e)
 2007-10-10 12:29:06 -05:00
Stefan Metzmacher
db718085fd r24095: add one more fallback alternative to 
construct the principal

metze
(This used to be commit b545667d2a)
 2007-10-10 12:29:05 -05:00
Stefan Metzmacher
062bca6675 r24093: move gssapi/krb5 principal handling into a function 
metze
(This used to be commit 83de27968d)
 2007-10-10 12:29:05 -05:00
Stefan Metzmacher
31dc9126c1 r24072: Add "client ldap sasl wrapping" parameter. 
Possible values are "plain" (default), "sign" or "seal".

metze
(This used to be commit 26ccbad721)
 2007-10-10 12:29:02 -05:00
Günther Deschner
3ec8b1702c r24066: Fix memleak found by Volker. We don't leak keys now with MIT and Heimdal. 
Guenther
(This used to be commit 7755ad750f)
 2007-10-10 12:29:01 -05:00
Volker Lendecke
bf27a77c05 r24065: According to gd, this breaks heimdal. Thanks for checking! 
(This used to be commit ea5f53eac8)
 2007-10-10 12:29:01 -05:00
Stefan Metzmacher
b4f6db40ab r24062: fix logic for broken krb5 libs which always force 
sign and seal...

metze
(This used to be commit 4a4fc8cccb)
 2007-10-10 12:29:00 -05:00
Volker Lendecke
d44063715a r24058: Fix some memory leaks in ads_secrets_verify_ticket. 
Jeremy, Günther, please review!

Thanks,

Volker
(This used to be commit 000e096c27)
 2007-10-10 12:29:00 -05:00
Stefan Metzmacher
75ae998b99 r24042: add support for krb5 sign and seal in LDAP via "GSS-SPNEGO" 
metze
(This used to be commit 34ab84aceb)
 2007-10-10 12:28:59 -05:00
Stefan Metzmacher
6b5c55b0f0 r24037: only setup sasl wrapping after a successful bind 
metze
(This used to be commit 85d6cd3dfb)
 2007-10-10 12:28:58 -05:00
Günther Deschner
2349acdd43 r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew, 
pac).

Guenther
(This used to be commit 4cada7c148)
 2007-10-10 12:28:51 -05:00
Günther Deschner
f659ffc0ee r23970: Allow to set the debuglevel at which to dump the PAC logon info. 
Guenther
(This used to be commit 7d321aad83)
 2007-10-10 12:28:50 -05:00
Günther Deschner
fce64f6833 r23969: Some helper routines to retrieve a PAC and PAC elements. 
Guenther
(This used to be commit d4c87c792a)
 2007-10-10 12:28:50 -05:00
Volker Lendecke
f5033a1e62 r23953: Some C++ warnings 
(This used to be commit 8716edf157)
 2007-10-10 12:28:49 -05:00
Günther Deschner
e6875b1b45 r23951: Fix segfault. 
Guenther
(This used to be commit 1a5c8780ae)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
14e81b3009 r23948: add gsskrb5 sign and seal support for LDAP connections 
NOTE: only for the "GSSAPI" SASL mech yet

metze
(This used to be commit a079b66384)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
ea3c3b9272 r23946: add support for NTLMSSP sign and seal 
NOTE: windows servers are broken with sign only...

metze
(This used to be commit 408bb2e6e2)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
07c034f7c4 r23945: add infrastructure to select plain, sign or seal LDAP connection 
metze
(This used to be commit 2075c05b3d)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
e0c4034393 r23943: - always provide ads_setup_sasl_wrapping() function 
- read/write returning 0 means EOF and we need to return direct

metze
(This used to be commit 885d557ae7)
 2007-10-10 12:28:48 -05:00
Günther Deschner
9e0c550922 r23937: Use ads_config_path() when we need to know the configration context. 
Guenther
(This used to be commit 1a62c731c6)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
00b27d2d69 r23933: - implement ctrl SASL wrapping hook 
- pass down sign or seal hooks
- some sasl wrapping fixes

metze
(This used to be commit 8c64ca3394)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
307e51ed14 r23926: implement output buffer handling for the SASL write wrapper 
metze
(This used to be commit 65ce6fa21a)
 2007-10-10 12:28:45 -05:00
Stefan Metzmacher
7bef162aeb r23922: implement input buffer handling for the SASL read wrapper 
metze
(This used to be commit 7d8518ebd9)
 2007-10-10 12:28:42 -05:00
Stefan Metzmacher
8cd89a20ce r23918: not all ldap libraries support debugging 
metze
(This used to be commit 3f68189c9a)
 2007-10-10 12:28:41 -05:00
Stefan Metzmacher
d48dbc8bad r23916: use the correct io operations for debugging 
metze
(This used to be commit d745a1a719)
 2007-10-10 12:28:41 -05:00
Stefan Metzmacher
77619f37a0 r23898: rename HAVE_ADS_SASL_WRAPPING -> HAVE_LDAP_SASL_WRAPPING 
metze
(This used to be commit 873eaff8fe)
 2007-10-10 12:28:39 -05:00
Stefan Metzmacher
57dd25cccb r23893: add dummy callbacks for LDAP SASL wrapping, 
they're not used yet...

metze
(This used to be commit a3b97cdce7)
 2007-10-10 12:28:39 -05:00
Stefan Metzmacher
809c9d4d31 r23888: move elements belonging to the current ldap connection to a 
substructure.

metze
(This used to be commit 00909194a6)
 2007-10-10 12:28:38 -05:00
Stefan Metzmacher
2fc53c947b r23886: add ads_disconnect() function 
metze
(This used to be commit ba70737b70)
 2007-10-10 12:28:38 -05:00
Günther Deschner
28041b6064 r23869: Protect against partial security descriptors. 
Guenther
(This used to be commit 0a96a11f01)
 2007-10-10 12:28:36 -05:00
Günther Deschner
ed0ffc5cef r23861: Fix return code in ads_find_samaccount(). 
Guenther
(This used to be commit 684fcf39dc)
 2007-10-10 12:28:35 -05:00
Günther Deschner
8d786a4e2b r23842: Attempt to fix the build with LDAP. 
Guenther
(This used to be commit efd817ae11)
 2007-10-10 12:28:33 -05:00
Günther Deschner
34d091f1c6 r23839: Try to get the attribute name from schema GUIDs or the display name from 
extended rights GUID from ad while dumping the security descriptors's aces.

This would perform much better with a guid cache, but for the rare cases where
it is used

	net ads search cn=mymachine ntSecurityDescriptor -U user%pass

it should be ok for now.

Guenther
(This used to be commit b36913433e)
 2007-10-10 12:28:33 -05:00
Günther Deschner
b62ade20d0 r23838: Allow to store schema and config path in ADS_STRUCT config. 
Guenther
(This used to be commit 1d5b08326f)
 2007-10-10 12:28:33 -05:00
Günther Deschner
9d6f8ed5e7 r23837: Pass ADS_STRUCT and TALLOC_CTX down to ads_disp_sd. 
Guenther
(This used to be commit ad0a6d5703)
 2007-10-10 12:28:32 -05:00
Günther Deschner
f05dcab9bf r23836: Add ads_config_path() and ads_get_extended_right_name_by_guid(). 
Guenther
(This used to be commit 4d62f1191b)
 2007-10-10 12:28:32 -05:00
Günther Deschner
fd8dc4b561 r23835: Pass down a struct GUID to ads_get_attrname_by_guid() directly. 
Guenther
(This used to be commit a4d5206d0b)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c252b04abf r23834: Allow to pass an ADS_STRUCT pointer down to the dump function callback in 
libads.

Guenther
(This used to be commit 311bbbafa6)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c8e23e4091 r23833: Document ads_find_samaccount(). 
Guenther
(This used to be commit 3effd1c346)
 2007-10-10 12:28:31 -05:00
Günther Deschner
e7705f9eb9 r23829: Add ads_get_attrname_by_guid(). 
Guenther
(This used to be commit a84fd83006)
 2007-10-10 12:28:31 -05:00
Günther Deschner
1c957f9559 r23826: Fix gpo security filtering by matching the security descriptor ace's for the 
extended apply group policy right.

Guenther
(This used to be commit d832014a6f)
 2007-10-10 12:28:31 -05:00
Günther Deschner
6d0141c17e r23820: Display security_ace_object in LDAP security descriptors for debugging. 
Guenther
(This used to be commit 3925e85812)
 2007-10-10 12:28:30 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address. 
(This used to be commit 87c91e4362)
 2007-10-10 12:28:27 -05:00