sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-04 05:18:06 +03:00
Code
55,632 Commits 60 Branches 1,144 Tags 452 MiB
71e9dfc0cd
Commit Graph

876 Commits

Author SHA1 Message Date
Jeremy Allison
9eab2bfaf1 Fix more "ignore return value" warnings from gcc 4.3. 
Jeremy
 2008-12-30 18:24:39 -08:00
Jeremy Allison
d0eeb9aa8d Fix more asprintf warnings and some error path errors. 
Jeremy.
 2008-12-23 12:11:12 -08:00
Jeremy Allison
1966a947d3 More asprintf warning fixes. 
Jeremy.
 2008-12-23 11:56:48 -08:00
Jeremy Allison
94df767f21 More asprintf warning fixes. 
Jeremy.
 2008-12-23 11:45:26 -08:00
Jeremy Allison
b143938b8a Fix more asprintf errors and error code paths. 
Jeremy.
 2008-12-23 11:27:19 -08:00
Stefan Metzmacher
17efebde11 s3:libads/ldap.c: store the dc name in the saf cache as in all other places 
metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 543fa85a71)
 2008-12-13 11:42:36 +01:00
Stefan Metzmacher
a8040d5965 s3:libads/ldap.c: if the client belongs to no site at all any dc is the closest 
metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit f86ef9b53a)
 2008-12-13 11:42:36 +01:00
Stefan Metzmacher
2f27ffc4a2 s3:libads/ldap.c: pass the real workgroup name to get_dc_name() 
metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit c2d4a84abe)
 2008-12-13 11:42:36 +01:00
Stefan Metzmacher
7f779450cb s3: libads: use get_dc_name() instead of get_sorted_dc_list() in the LDAP case 
We use get_dc_name() for LDAP because it generates the selfwritten
krb5.conf with the correct kdc addresses and sets KRB5_CONFIG.

For CLDAP we need to use get_sorted_dc_list() to avoid recursion.

metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d2f7f81f4d)
 2008-12-13 11:42:34 +01:00
Stefan Metzmacher
588f5aae66 s3: correctly detect if the current dc is the closest one 
ads->config.tried_closest_dc was never set.

metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit dfe5b00db3)
 2008-12-13 11:42:22 +01:00
Tim Prouty
1eb743ab8e s3: Change sockaddr util function names for consistency 
Also eliminates name conflicts with OneFS system libraries
 2008-12-03 10:40:20 -08:00
Günther Deschner
c554080dd9 s3-net: allow to list a keytab generated using net rpc vampire. 
Guenther
 2008-12-02 12:59:22 +01:00
Stefan Metzmacher
26461a72da s3:libads/ldap.c: return an error instead of crashing when no realm is given 
The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex
and "disable netbios = yes".

metze

Signed-off-by: Michael Adam <obnox@samba.org>
 2008-11-24 15:23:50 +01:00
Steven Danneman
6d59be1e6d Fix extended DN parse error when AD object does not have a SID. 
Some AD objects, like Exchange Public Folders, can be members of Security
Groups but do not have a SID attribute.  This patch adds more granular return
errors to ads_get_sid_from_extended_dn().  Callers can now determine if a parse
error occured because of bad input, or the DN was valid but contained no SID.

I updated all callers to ignore SIDless objects when appropriate.

Also did some cleanup to the out paths of lookup_usergroups_memberof()
 2008-11-18 13:02:21 -08:00
Steven Danneman
9a7900fb38 Whitespace and >80 column cleanups. 2008-11-18 13:02:20 -08:00
Jelmer Vernooij
ddcab787c4 Rename dos_errstr() to win_errstr() for consistency with Samba 4. 2008-11-01 17:19:26 +01:00
Jelmer Vernooij
d6a5476ee7 Use sockaddr_storage only where we rely on the size, use sockaddr 
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
 2008-10-23 19:53:15 +02:00
Günther Deschner
c0cf457c85 s3-asn1: make all of s3 asn1 code do a proper asn1_init() first. 
Guenther
 2008-10-22 21:37:36 +02:00
Günther Deschner
d9f1fff5b3 s3: use shared asn1 code. 
Guenther
 2008-10-22 21:37:36 +02:00
Günther Deschner
4b59ecb903 s3-build: no need to duplicate generated ndr_ prototypes. 
Guenther
 2008-10-20 19:47:00 +02:00
Jelmer Vernooij
7275952568 Add TALLOC_CTX pointer to generate_random_str(), for consistency with 
Samba 4.
 2008-10-19 10:05:48 +02:00
Günther Deschner
e9e1246021 kerberos: fix some heimdal build warnings. 
Guenther
 2008-10-15 21:43:50 +02:00
Jelmer Vernooij
1f3e4f39c5 Use GUID_string rather than smb_uuid_string(). 2008-10-14 02:26:18 +02:00
Günther Deschner
d5a11f9679 fix build warnings. 
Guenther
 2008-10-13 00:40:57 +02:00
Jelmer Vernooij
218f482fbf Use common strlist implementation in Samba 3 and Samba 4. 2008-10-12 00:56:56 +02:00
Jelmer Vernooij
cb78d4593b Cope with changed signature of http_timestring(). 2008-10-11 23:57:44 +02:00
Volker Lendecke
80665a0b5a Fix an unlikely memleak found by the IBM checker 2008-10-04 22:19:11 +02:00
Volker Lendecke
9eea6929e3 Fix an uninitialized variable found by the IBM Checker 2008-10-04 22:15:03 +02:00
Volker Lendecke
af1c802791 The IRIX compiler does not like embedded unnamed unions 2008-10-02 08:09:25 +02:00
Günther Deschner
f07431f5ba s3-nbt: use the new generated nbt. 
Guenther
 2008-09-24 03:34:23 +02:00
Günther Deschner
de54bac54c s3: fix NETLOGON_NT_VERSION version flags. 
Guenther
 2008-09-23 23:20:10 +02:00
Günther Deschner
c48186f507 s3: use samba4 prototype for ndr_push/pull_struct_blob. 
Guenther
 2008-09-23 09:37:23 +02:00
Gerald (Jerry) Carter
28d2683903 * Allow an admin to define the "uid" attribute for a RFC2307 
user object in AD to be the username alias.

For example:

  $ net ads search "(uid=coffeedude)"
  distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
  sAMAccountName: gcarter
  memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
  memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
  memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
  memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
  uid: coffeedude
  uidNumber: 10000
  gidNumber: 10000
  unixHomeDirectory: /home/gcarter
  loginShell: /bin/bash

  $ ssh coffeedude@192.168.56.91
  Password:

  coffeedude@orville:~$ id
  uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)

  $ getent passwd PINK\\gcarter
  coffeedude:*:10000:10000::/home/gcarter:/bin/bash

  $ getent passwd coffeedude
  coffeedude:*:10000:10000::/home/gcarter:/bin/bash

  $ getent group PINK\\Unixusers
  PINK\unixusers10000:coffeedude
 2008-09-16 10:35:21 -07:00
Günther Deschner
862ff66da9 kerberos: fix indent of enc type lines in generated krb5.conf files. 
Guenther
(This used to be commit 18a26f08b6)
 2008-09-04 15:17:57 +02:00
Günther Deschner
bff20e14c3 kerberos: use KRB5_KT_KEY macro where appropriate. 
Guenther
(This used to be commit a042dffd71)
 2008-08-29 11:01:34 +02:00
Günther Deschner
825f06c3f9 libads: remove unused vars. 
Guenther
(This used to be commit ea9fc3bea3)
 2008-08-20 22:07:40 +02:00
Jeremy Allison
d701d23b60 Fix uninitialized variables. 
Jeremy.
(This used to be commit 1db7e00a54)
 2008-07-30 16:06:30 -07:00
Günther Deschner
c11fb13864 kerberos: make smb_krb5_kt_add_entry() static. 
Guenther
(This used to be commit 04b1847f87)
 2008-07-18 16:42:55 +02:00
Volker Lendecke
d3def9a18c Revert "Pass NULL to gencache_get when we are not interested in the timeout value" 
This reverts commit 16062dfc3d.
(This used to be commit 114ca85775)
 2008-07-11 17:53:25 +02:00
Volker Lendecke
962beb2872 Pass NULL to gencache_get when we are not interested in the timeout value 
(This used to be commit 16062dfc3d)
 2008-07-03 15:17:58 +02:00
Günther Deschner
16e44ee112 kerberos: allow to keep entries with old kvno's while creating keytab. 
Guenther
(This used to be commit 6194244bd9)
 2008-06-30 12:38:40 +02:00
Günther Deschner
52635c6f58 kerberos: rename smb_krb5_kt_add_entry to smb_krb5_kt_add_entry_ext. 
Guenther
(This used to be commit 48600a0019)
 2008-06-30 12:38:32 +02:00
Gerald W. Carter
893e3522fc Return NULL in sitename_fetch() if gencache_init() fails. Not false 
(This used to be commit 8704c2ab37)
 2008-06-28 09:36:30 -04:00
Gerald W. Carter
9ff1ffcbee libads: Add API call to connect to a global catalog server. 
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389.  Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c)
 2008-06-27 10:26:11 -04:00
Günther Deschner
7b1f015675 libads: add ads_connect_user_creds() that won't overwrite given user creds. 
Guenther
(This used to be commit 026018c9f1)
 2008-06-24 23:37:49 +02:00
Günther Deschner
6b4b76c40e libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames. 
Guenther
(This used to be commit b5aaf5aa0f)
 2008-06-24 23:37:40 +02:00
Günther Deschner
0ac8c5d49a kerberos: make smb_krb5_kt_add_entry public, allow to pass keys without salting them. 
Guenther
(This used to be commit 7c4da23be1)
 2008-06-24 23:34:05 +02:00
Günther Deschner
0447e6a0a7 libads: add ads_get_machine_kvno() to make ads_get_kvno() a bit more generic. 
Guenther
(This used to be commit cb7ace209c)
 2008-06-17 19:54:09 +02:00
Günther Deschner
3688eeafa3 libads: fix logic error in ads_get_kvno(). 
Guenther
(This used to be commit 132b038581)
 2008-06-17 19:51:14 +02:00
Volker Lendecke
aaa2a4f447 Revert "Fix a memleak in ads_find_dc() in case get_sorted_dc_list() fails" 
This reverts commit df8d089bc6.
(This used to be commit 342f885820)
 2008-06-17 12:20:54 +02:00
Günther Deschner
21e759ef64 mailslot: always pull a command 25 type reply. 
Guenther
(This used to be commit 1ce726b951)
 2008-06-05 19:09:30 +02:00
Volker Lendecke
d261e16cfd Fix a memleak in ads_find_dc() in case get_sorted_dc_list() fails 
This is really not a proper place to fix this, but as get_gc_list() and friends
are about to be replaced anyway, just work around the broken existing API
(This used to be commit df8d089bc6)
 2008-06-05 10:56:18 +02:00
Marc VanHeyningen
ad00ecd358 Tiny memory leak 
(This used to be commit e7f76a0c65)
 2008-05-29 14:26:50 -07:00
Jeremy Allison
d5d4a9511d Memory leak fixes from Chere Zhou <czhou@isilon.com>. 
Jeremy.
(This used to be commit 201bcc8ed2)
 2008-05-27 12:27:57 -07:00
Tim Prouty
fb37f15600 Cleanup size_t return values in callers of convert_string_allocate 
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc5)
 2008-05-20 22:40:13 +02:00
root
fc3e6851d3 Fix some comments to match get_kdc_ip_string()'s behaviour 
(This used to be commit 30956c784f)
 2008-05-19 12:08:52 +02:00
Günther Deschner
eeb126a379 libads/cldap: store client sitename also keyed by dns domain name. 
Guenther
(This used to be commit 0388b2f0cc)
 2008-05-15 16:38:32 +02:00
Günther Deschner
847d385f7b Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3). 
Guenther
(This used to be commit f3251ba03a)
 2008-05-14 23:53:23 +02:00
Günther Deschner
d59cf703ba dsgetdcname: make use of nbt_cldap_netlogon_15. 
Guenther
(This used to be commit 5b0eda98f3)
 2008-05-09 17:41:50 +02:00
Günther Deschner
4bd94c8338 cldap: move out cldap object to fix the build. 
Guenther
(This used to be commit 56be9c98d2)
 2008-05-09 14:59:19 +02:00
Günther Deschner
cdd9913c4a cldap: let ads_cldap_netlogon() return all possible cldap replies. 
Guenther
(This used to be commit 6f9d5e1cc9)
 2008-05-09 14:59:18 +02:00
Günther Deschner
1f6065765c mailslot/cldap: use nt_version bits in queries. 
Guenther
(This used to be commit b261f06312)
 2008-05-06 09:41:41 +02:00
Gerald W. Carter
43c079ef26 BUG 5107: Fix handling of large DNS replies on AIX and Solaris. 
On AIX, Solaris, and possibly some older glibc systems (e.g. SLES8)
truncated replies never give back a resp_len > buflen
which ends up causing DNS resolve failures on large tcp DNS replies.

Also add more debug lines about processing the DNS reply.
(This used to be commit 5ed9b92097)
 2008-04-30 09:57:15 -05:00
Steven Danneman
778a5414b1 Fix bug 5419: memory leak in ads_do_search_all_args() when enumerating 1000s of entries 
The ads_do_search_all_args() function attempts to string together several
LDAPMessage structures, returned across several paged ldap requests, into a
single LDAPMessage structure.  It does this by pulling entries off the second
LDAPMessage structure and appending them to the first via the OpenLDAP specific
ldap_add_result_entry() call.

The problem with this approach is it skips non-entry messages such as the
result, and controls.  These messages are leaked.

The short term solution as suggested by Volker is to replace the ads_*_entry()
calls with ads_*_message() calls so we don't leak any messages.

This fixes the leak but doesn't remove the dependence on the OpenLDAP specific
implementation of ldap_add_result_entry().
(This used to be commit f1a5405409)
 2008-04-26 08:11:20 -07:00
Volker Lendecke
862d7e32b9 Move user/domain from rpc_pipe_client to cli_pipe_auth_data 
(This used to be commit 42de50d2cd)
 2008-04-25 11:12:50 +02:00
Günther Deschner
bcbac69d1a cldap: avoid duplicate definitions so remove ads_cldap.h. 
Guenther
(This used to be commit 538eefe22a)
 2008-04-21 20:21:40 +02:00
Günther Deschner
1dd7ab38e7 cldap: add talloc context to ads_cldap_netlogon(). 
Guenther
(This used to be commit 4cee7b1bd5)
 2008-04-21 20:21:40 +02:00
Günther Deschner
ba98dd4989 libads: Use libnbt for CLDAP reply parsing. 
Guenther
(This used to be commit 751f3064a5)
 2008-04-21 20:21:39 +02:00
Volker Lendecke
cf2442bdcb Use rpc_pipe_client->user_name instead of rpc_pipe_client->cli->user_name 
Also make sure that rpc_pipe_client->user_name is always talloced.
(This used to be commit 3f6c5b9966)
 2008-04-20 00:14:40 +02:00
Volker Lendecke
4c857010e7 Fix two "ignoring asprintf result" warnings 
(This used to be commit 1d261e78b3)
 2008-04-20 00:13:39 +02:00
Volker Lendecke
2a2188591b Add "desthost" to rpc_pipe_client 
This reduces the dependency on cli_state
(This used to be commit 783afab9c8)
 2008-04-20 00:13:09 +02:00
Karolin Seeger
8d7c7c674a Fix typo. 
Karolin
(This used to be commit 42fbbeb1ca)
 2008-04-10 08:38:54 +02:00
Karolin Seeger
a8124367b4 Fix typos. 
Karolin
(This used to be commit 6cee347035)
 2008-04-09 16:14:04 +02:00
Günther Deschner
33a3766f03 Add ads_check_ou_dn(). 
Guenther
(This used to be commit 380e9d26db)
 2008-03-28 16:43:59 +01:00
Volker Lendecke
1b26a7ea6d Fix Coverity ID 488 
"status" was used uninitialized on success -- metze, please check
(This used to be commit a0859529c8)
 2008-03-23 19:44:55 +01:00
Volker Lendecke
561fb9daa4 Fix Coverity ID 487 
(This used to be commit 22cee9c1af)
 2008-03-23 19:44:55 +01:00
Marc VanHeyningen
e06aa46b9f Coverity fixes 
(This used to be commit 3fc85d2259)
 2008-03-17 20:52:25 +01:00
Volker Lendecke
1ebfc66b2c Use a separate tdb for mutexes 
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not
provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC
mutex is needed per-node anyway, so it is perfectly fine to use a local mutex
only.
(This used to be commit f94a63cd8f)
 2008-03-10 21:08:45 +01:00
Volker Lendecke
87805819f1 Fix Coverity ID 551 
Correctly return if we can't create the temporary krb5.conf

Jeremy, please check!
(This used to be commit c2401811aa)
 2008-03-08 23:48:12 +01:00
Günther Deschner
7269a504fd Add my copyright. 
Guenther
(This used to be commit d078a87571)
 2008-02-27 19:38:48 +01:00
Volker Lendecke
3176392878 Fix some warnings 
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result
(This used to be commit ad37b7b0ae)
 2008-02-25 16:09:26 +01:00
Günther Deschner
965774fa8f Fix some more callers of PAC_DATA. 
Guenther
(This used to be commit ea609d1b0e)
 2008-02-17 02:12:00 +01:00
Günther Deschner
3ea40eda94 Some more cleanup in authdata.c. 
Guenther
(This used to be commit 5483f5fb44)
 2008-02-17 02:11:59 +01:00
Günther Deschner
86843631a2 Align our krb5 PAC decoding routines to the samba4 ones. 
(while keeping all the trans krb5 lib support)

Guenther
(This used to be commit c06e507737)
 2008-02-17 02:11:59 +01:00
Volker Lendecke
b361956942 str_list_free is not needed anymore 
(This used to be commit feddc1447d)
 2008-02-04 21:05:41 +01:00
Volker Lendecke
2762b9a975 Always pass a TALLOC_CTX to str_list_make and str_list_copy 
(This used to be commit e2c9fc4cf5)
 2008-02-04 20:57:49 +01:00
Günther Deschner
6c764172e5 When running with debug level > 10, dump ads_struct in ads_connect(). 
Guenther
(This used to be commit 2dd7c64fa8)
 2008-01-31 11:05:25 +01:00
Günther Deschner
7cab0f5c0c Fix the build. Avoid unrequired ndr_print_ads_struct dependencies. 
Guenther
(This used to be commit c832882e49)
 2008-01-29 15:17:02 +01:00
Gerald W. Carter
c0c93dc2ba Restrict the enctypes in the generated krb5.conf files to Win2003 types. 
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain.  We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
(This used to be commit 8039a2518c)
 2008-01-28 11:32:09 -06:00
Volker Lendecke
587cf54c61 strtok -> strtok_r 
(This used to be commit fd34ce4370)
 2008-01-23 15:08:04 +01:00
Günther Deschner
a92eb76688 Finally enable pidl generated SAMR & NETLOGON headers and clients. 
Guenther
(This used to be commit f7100156a7)
 2008-01-17 16:54:46 +01:00
Jeremy Allison
70426bdd30 Tidy up code and debug for non-default krb5 IPv6 port. 
Jeremy.
(This used to be commit 79b7972de4)
 2008-01-16 13:28:24 -08:00
Jeremy Allison
bd8abea49f Fix IPv6 bug #5204, which caused krb5 DNS lookups 
for a name '[<ipv6 addr>'.
Jeremy.
(This used to be commit f2aa921505)
 2008-01-16 13:21:46 -08:00
Günther Deschner
fbcc7820c6 Fix memleak in ads_build_path(). 
Guenther
(This used to be commit b7a06b54e0)
 2008-01-16 16:06:15 +01:00
Günther Deschner
a32cca7f37 Print principal in debug statement in kerberos_kinit_password() as well. 
Guenther
(This used to be commit 44d67e8462)
 2008-01-14 18:39:08 +01:00
Jeremy Allison
43717a16e2 Fix CID 476. Ensure a valid pac_data pointer is always passed to 
ads_verify_ticket as it's always derefed.
Jeremy.
(This used to be commit 0599d57eff)
 2008-01-11 23:53:27 -08:00
Jeremy Allison
866af9a800 Coverity 512, uninitialized var. 
Jeremy.
(This used to be commit 1b7cc80c61)
 2008-01-11 23:43:33 -08:00
Günther Deschner
f89fa0a6f8 Do not ignore provided machine_name in ads_get_upn(). 
Guenther
(This used to be commit ddc1307844)
 2008-01-08 14:07:01 +01:00
Michael Adam
4aba7475ef Re-Indent function ldap_open_with_timeout(). 
This reverts commit #cafda34783f0961c9b463803c19cfcb69f836e3f .

I just learned (the hard way) that these indeted functions
are not indented by accident but that the intention of this
is to not include the prototype into proto.h.

Michael
(This used to be commit 2e5d01b214)
 2008-01-04 22:56:10 +01:00
Michael Adam
b54310cbaa Add a debug message (when the LDAP server has really been connected). 
Michael
(This used to be commit 7d9d2de390)
 2008-01-04 22:09:36 +01:00