1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

360 Commits

Author SHA1 Message Date
Stefan Metzmacher
f87e70a930 s3:libads: improve debug levels/messages in ads_find_dc()
We should not flood the logs (and syslog) with fallback warnings.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul  2 14:41:31 CEST 2015 on sn-devel-104
2015-07-02 14:41:31 +02:00
Uri Simchoni
28f51b9159 libads: further split resolve_and_ping into dns and netbios implementations
split the resolve_and_ping function, which does name lookup followed by
cldap ping, into two variants:
- resolve_and_ping_dns() which uses AD name resolution
- resolve_and_ping_netbios() which uses pre-AD name resolution

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-06-16 01:29:24 +02:00
Uri Simchoni
4d8241e017 libads: Fix fallback logic when finding a domain controller
This is a patch to fix bug 11321.

When finding a domain controller, the method is to resolve
the IP address of candidate servers, and then do an ldap ping until a
suitable server answers.

In case of failure, there's fallback from DNS lookup to netbios lookup
(if netbios is enabled) and then back to site-less DNS lookup. The two
problems here are:
1. It makes more sense to try site-less DNS before NetBIOS because the
fallback to NetBIOS is not likely to give better results.
2. The NetBIOS fallback screws the site-less fallback (I suppose the
"goto considered harmful fellows are sometimes right after all...).

This fix extracts the core code that does name resolving+ldap ping
into a separate function and then activates this function in up to
three modes - site-aware, site-less, and netbios, in that order.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-06-16 01:29:24 +02:00
Richard Sharpe
57568f1900 Convert all uint32/16/8 to _t in a grab-bag of remaining files.
I still need to fix the rpc stuff, but we are almost there.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 14 22:16:56 CEST 2015 on sn-devel-104
2015-05-14 22:16:56 +02:00
David Holder
c324d7901c Add IPv6 support to ADS client side LDAP connects. Corrected format for IPv6 LDAP URI. Signed-off-by: David Holder <david.holder@erion.co.uk>
Signed-off-by: David Holder <david.holder@erion.co.uk>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
2015-05-12 20:46:16 +02:00
Richard Sharpe
5074cf825d Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 22 06:22:29 CEST 2015 on sn-devel-104
2015-04-22 06:22:29 +02:00
Andreas Schneider
7f00fcf558 addns: Remove support for dns_host_file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-12-18 06:47:40 +01:00
Günther Deschner
373d58c91d s3-libads: remove unused dn from ads_get_service_principal_names().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 28 16:46:20 CET 2014 on sn-devel-104
2014-11-28 16:46:20 +01:00
Stefan Metzmacher
f53c7c3082 s3:libads: avoid some compiler warnings in ldap.c
We use helper variables and explicit casts using
discard_const_p() to avoid bogus const warnings.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-25 07:25:44 +01:00
Günther Deschner
a62cc2ce44 samba: pass down size_t instead of int to add_string_to_array().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
2014-11-17 19:53:22 +01:00
Andreas Schneider
e1ee4c8bc7 s3-libads: Add function to search for an element in an array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-09-26 05:55:34 +02:00
Andreas Schneider
4eaa4ccbdf s3-libads: Add a function to retrieve the SPNs of a computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-09-26 05:55:34 +02:00
Günther Deschner
60db71015f s3-libads: allow ads_try_connect() to re-use a resolved ip address.
Pass down a struct sockaddr_storage to ads_try_connect.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
2014-04-17 19:56:16 +02:00
Andreas Schneider
d407446ddc Remove special socket_wrapper code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Andreas Schneider
4dca841d51 s3-libads: Use ldap_initialize() if available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Bjoern Baumbach
2b44c85c7b s3-libads: Use the IP instead of the name.
Thix fixes 'net rpc join' against ADS.

Signed-off-by: Bjoern Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 13 17:06:00 CET 2014 on sn-devel-104
2014-03-13 17:06:00 +01:00
Daniel Liberman
b04e8b7557 s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search.
"Inside ads_do_search_all_args(), if the first call to ads_do_paged_search_args()
fails, the proper error status is returned.

But, if the execution is already inside the loop to get all the accounts doing
several calls to ads_do_paged_search_args(), and one of these calls times out,
the status returned is from the *first* call, so success. This causes
net_ads_search() to interpret the return from ads_do_search_retry() as
success and print all the accounts returned, but it’s only a subset."

Also ensure we free previously returned results on error
in subsequent fetches.

https://bugzilla.samba.org/show_bug.cgi?id=10387

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 23 01:40:54 CET 2014 on sn-devel-104
2014-01-23 01:40:54 +01:00
Jeremy Allison
32037e0533 Add a talloc context to sitename_fetch().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-05 09:17:27 -07:00
Andreas Schneider
7bad9d1fcd s3-libads: Print the debug string of a failed call with LDAP_OTHER.
Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 12 13:46:57 CEST 2013 on sn-devel-104
2013-06-12 13:46:57 +02:00
Andreas Schneider
a7f067c244 BUG 9699: Fix adding case sensitive spn.
We should be able to define the case of the spn cause it is important
for some services like nfs. 'net ads keytab add "nfs"' should not
result in an uppercase spn.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  3 23:57:32 CEST 2013 on sn-devel-104
2013-04-03 23:57:32 +02:00
Alexander Bokovoy
140bb288be s3-smbldap: use smbldap_ prefixed functions 2012-09-07 12:31:42 +02:00
Jeremy Allison
b70f23c2b5 Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
Jeremy Allison
526e875cec Check error returns from strupper_m() (in all reasonable places). 2012-08-09 12:06:54 -07:00
Andrew Bartlett
f3562424b6 lib/param: Move all enum declarations to lib/param
This is in preperation for the parameter table being made common.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-24 11:01:17 +02:00
Andrew Bartlett
0da10c842e s3-libads: Use a reducing page size to try and cope with a slow LDAP server
If we cannot get 1000 users downloaded in 15seconds, try with 500, 250
and then 125 users at a time.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-05-26 02:03:08 +02:00
Simo Sorce
34a65739d3 Move source3/libads/dns.c to lib/addns 2012-05-23 17:51:48 +03:00
Simo Sorce
a7e94fce3f s3-ads-dns: Break dependency on lp_parm
In preparation of making this code common to s3 and s4
2012-05-23 17:51:48 +03:00
Andrew Bartlett
a6aa24428a s3-libads: Remove unused ads_pull_sids_from_extendeddn()
Found by callcatcher.

Andrew Bartlett
2012-02-23 16:14:19 +11:00
Jeremy Allison
92a655da86 If "ldap timeout" is non-zero, set the local search timeout to
be one second longer than the remote search timeout (which is
set to the "ldap timeout" value). This allows the remote search
timeout to fire in preference.

Allow lp_ldap_timeout() to be zero. Don't set the any local alarm
if so.
2011-08-19 18:43:51 -07:00
Volker Lendecke
31ee78fea9 s3: Increase a debug level in ads_find_dc
This message can happen with AD trusts that winbind can not cope with. The
message is not really clear and not worth spamming syslog always.
2011-08-17 12:30:08 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Andrew Bartlett
8d4a8389bb s3-talloc Change TALLOC_MEMDUP() to talloc_memdup()
Using the standard macro makes it easier to move code into common, as
TALLOC_MEMDUP isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
5e26e94092 s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
3d15137653 s3-talloc Change TALLOC_ARRAY() to talloc_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Andrew Bartlett
73b377432c s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.

Andrew Bartlett
2011-06-09 12:40:08 +02:00
Andrew Bartlett
7630e73dac s3-param prepare for some lp_ functions to return const 2011-06-01 04:19:05 +02:00
Andrew Bartlett
c615ebed6e s3-lib Replace StrCaseCmp() with strcasecmp_m()
strcasecmp_m() never needs to call to talloc, and via next_codepoint()
still has an ASCII fast-path bypassing iconv() calls.

Andrew Bartlett
2011-05-18 16:12:08 +02:00
Jeremy Allison
f85e095dd2 More simple const fixups. 2011-05-05 23:56:08 +02:00
Andrew Bartlett
5cc7a3a222 s3-libads Move variables into if (socket_wrapper_dir()) where they are used. 2011-04-29 16:38:12 +10:00
Andrew Bartlett
a427652010 s3-libads: Use ldap_init_fd() to connect to AD server in socket_wrapper
This means that we control the connection setup, don't rely on signals
for timeouts and the connection uses socket_wrapper where that is
required in our test environment.

According to bug reports, this method is also used by curl and other
tools, so we are not the first to (ab)use the OpenLDAP libs in this
way.

It is ONLY enabled for socket_wrapper at this time, as this is the
best way to get 'make test' working for S3 winbind tests in an S4
domain.

Andrew Bartlett
2011-04-28 05:30:21 +02:00
Andrew Bartlett
818ec32d0c s3-libads Pass a struct sockaddr_storage to cldap routines
This avoids these routines doing a DNS lookup that has already been
done, and ensures that the emulated DNS lookup isn't thrown away.

Andrew Bartlett
2011-04-28 05:30:20 +02:00
Andrew Bartlett
806eef63ba s3-libads Don't start a DEBUG with 'time'
This strange requirement comes from our subunit test harness.

Andrew Bartlett
2011-04-27 11:25:53 +10:00
Andrew Bartlett
ccb62947e9 s3-libads Remove KRB5_DNS_HACK
We have winbindd write a custom krb5.conf or use a kdc locator plugin
to do this properly now.

Andrew Bartlett
2011-04-26 17:16:34 +10:00
Volker Lendecke
f9e3af71d3 s3: Fix Coverity ID 2336, NULL_RETURNS 2011-04-22 10:06:36 +02:00
Volker Lendecke
16b007c223 Quite some callers of sid_split_rid do not care about the rid 2011-03-10 18:48:34 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
03011bf118 s3-libads call common GUID_from_ndr_blob()
This does a length-limited check, and so avoids reading beyond the
allocated memory if the server sends less than 16 bytes.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 16:15:11 -07:00
Günther Deschner
62544c5d2b s3-build: only include smbldap.h where needed.
Guenther
2010-09-20 13:54:56 -07:00
Jeremy Allison
447d96878a Fix all sid_parse returns to be checked. Tidy up some checks and error
messages.

Jeremy.
2010-09-15 15:40:15 -07:00