sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-18 17:57:55 +03:00
Code
7,683 Commits 62 Branches 1,152 Tags
Commit Graph

51 Commits

Author SHA1 Message Date
Tim Potter
6a58c9bd06 Removed version number from file header. 
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
 -
Jim McDonough
7e5d7dfa83 Enable net ads commands to use existing tickets if the user doesn't specify a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified. -
Andrew Tridgell
7e876057d5 much better support for organisational units in ADS join -
Martin Pool
312c6d906e Move local variable to avoid warning when compiled without GSSAPI. -
Andrew Bartlett
ab8ff85f03 Fix up 'net ads join' to delete and rejoin if the account already exists. 
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.

Andrew Bartlett
 -
Andrew Tridgell
f383e19e09 added nTSecurityDescriptor field to host acct dump -
Andrew Bartlett
a308abbab7 Fix up C99 comment. 
// -> /* */
 -
Andrew Tridgell
c4d928e55f cope with systems that don't have full gssapi libs -
Andrew Bartlett
f60e445001 Allow this to build without LDAP, as per the example below it. 
Andrew Bartlett
 -
Andrew Bartlett
33ae29028b Fix the compile on systems without a full kerberos kit. 
Andrew Bartlett
 -
Andrew Bartlett
14407c87e2 Make Samba compile on RH 6.2 again. 
We now include the libber.h file if required, but currently we just don't use
ldap.  (I'll chase this up).

In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).

Andrew Bartlett
 -
Andrew Tridgell
ff002a458a added ads_domain_sid() function -
Andrew Tridgell
7984ae0121 forgot to commit this file from remus -
Andrew Tridgell
412e79c448 net ads password and net ads chostpass commands from Remus Koos -
Andrew Tridgell
05a90a2884 much better ADS error handling system -
Andrew Tridgell
344b786efe we only have gss_ fns on a krb5 capable box -
Andrew Tridgell
ee1c3e1f04 - added initial support for trusted domains in winbindd_ads 
- gss error code patch from a.bokovoy@sam-solutions.net
- better sid dumping in ads_dump
- fixed help in wbinfo
 -
Andrew Tridgell
f1231c2b54 allow selection of the organisational unit when joining a realm -
Andrew Tridgell
ed6279481b better error handling -
Andrew Tridgell
fc9fd2ca19 try the PDC for our workgroup if we can't find the ldap server -
Andrew Tridgell
cb9dbcef7c allow overriding the local time in kerberos_kinit_password() -
Andrew Tridgell
be254eb13c moved ccache location change into winbindd code -
Andrew Tridgell
4a6d297686 make sid_binstring available without HAVE_ADS -
Andrew Tridgell
f7ead035eb fixed used of string after free -
Andrew Tridgell
18da530293 fix a DEBUG() line -
Andrew Tridgell
435fdf276a added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm -
Andrew Tridgell
3de552f365 put the winbindd krb5 credentials cache in the lock directory 
this prevents it clobbering the users cache
 -
Andrew Tridgell
3ace8f1fcc added a propoer kerberos_kinit_password call 
contribution from remus@snapserver.com

thanks!
 -
Andrew Tridgell
5985d7e6ee fixed a minor password memory leak -
Andrew Tridgell
58e93a8b7d fix link error -
Andrew Tridgell
0d85815c99 handle ldap server down better -
Andrew Tridgell
7d94f1b736 added a REALLY gross hack into kerberos_kinit_password so that 
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
 -
Andrew Tridgell
4f004eb54d added timeouts and retries to ldap operations -
Andrew Tridgell
9a084f0bb9 moved the sequence number fetch into the backend, and fetch the 
sequence number via ldap when using ads
 -
Andrew Tridgell
13b933104e paranoia fixes in based ldap routines for potential memory leaks -
Andrew Tridgell
eb6f0e91dd more memory leak fixes -
Andrew Tridgell
31d6d049b3 added functions that convert a ads binary blob to a string (for 
searching on SID)
 -
Andrew Tridgell
bc83d55f44 added ads_search_dn() and ads_pull_sids() -
Andrew Tridgell
88241cab98 added a basic ADS backend to winbind. More work needed, but at 
least basic operations work
 -
Andrew Tridgell
2a4ce3de6a ads->realm must not be NULL 
perhaps we should just fail ads_init() in this case?
 -
Andrew Tridgell
5a5f140f84 define LDAP_PORT when not available -
Andrew Bartlett
8f9ce71781 Make better use of the ads_init() function to get the kerberos relam etc. 
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.

Also fix mem leaks etc.

Andrew Bartlett
 -
Andrew Tridgell
23ef22f117 fixed some krb5 ifdefs -
Herb Lewis
5f625f2877 add .po32 files to ignore list -
Andrew Tridgell
e2ba2383c9 fix a bunch of places where we can double-free a cli structure -
Andrew Tridgell
f482583139 added "net ads user" and "net ads group" commands -
Andrew Tridgell
ae0eabd04c added "net ads status" command -
Andrew Tridgell
69d256af46 better auto-selection of realm and ldap server -
Andrew Tridgell
058a5aee90 added "net join" command 
this completes the first stage of the smbd ADS support
 -
Tim Potter
5d343b4065 Ignore *.po files. -