summaryrefslogtreecommitdiffstats
path: root/source3/winbindd/winbindd_cm.c
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-winbind: prefer dcerpc_samr_X functions in invalidate_cm_connection.Günther Deschner2011-02-021-3/+6
| | | | Guenther
* s3-winbind: prefer dcerpc_samr_X functions in cm_connect_sam.Günther Deschner2011-02-021-13/+35
| | | | Guenther
* s3-winbind: use status variable name in cm_connect_sam.Günther Deschner2011-02-021-33/+33
| | | | Guenther
* s3: Add wbinfo --dc-infoVolker Lendecke2011-01-191-0/+93
| | | | | | | | | | | | | | | wbinfo --dc-info prints the current DC name and IP address. This helps diagnosing problems that might happen when a later wbinfo --ping-dc fails. This patch started out by using the SAF and NBT cache entires, but those are relatively short-lived. So I decided to invent a new gencache entry with a very long timeout. We need to go via the gencache because when for some reason a winbind child process is stuck, we can't query it for the current DC it's connected to. This must eventually go away again when we have a fully async winbind. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
* s3-winbind: prefer dcerpc_netr_X functions.Günther Deschner2011-01-131-9/+23
| | | | | | Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
* s3:winbindd: use ndr_dssetup_c.h instead of cli_dssetup.hStefan Metzmacher2011-01-111-1/+1
| | | | metze
* s3: Use the new nbt_getdc in winbindd_cmVolker Lendecke2011-01-071-23/+9
|
* s3:winbindd: use dcerpc_dssetup_DsRoleGetPrimaryDomainInformation()Stefan Metzmacher2011-01-041-1/+4
| | | | metze
* s3: Remove unused mem_ctx arg from set_getdc_requestVolker Lendecke2011-01-011-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jan 1 23:00:24 CET 2011 on sn-devel-104
* s3: Allow more control over smbsock_[any_]connectVolker Lendecke2010-12-291-3/+4
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Dec 29 23:30:44 CET 2010 on sn-devel-104
* s3:winbindd: remove useless ';'Stefan Metzmacher2010-12-281-1/+1
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 28 12:45:20 CET 2010 on sn-devel-104
* s3: Use smbsock_any_connect in winbindVolker Lendecke2010-12-221-45/+13
|
* Fix the unexpected.tdb database problem. Change nmbd to store theJeremy Allison2010-11-141-1/+6
| | | | | | | | | | | | | | | | | | | | | transaction id of packets it was requested to send via a client, and only store replies that match these ids. On the client side change clients to always attempt to ask nmbd first for name_query and node_status calls, and then fall back to doing socket calls if we can't talk to nmbd (either nmbd is not running, or we're not root and cannot open the messaging tdb's). Fix readers of unexpected.tdb to delete packets they've successfully read. This should fix a long standing problem of unexpected.tdb growing out of control in noisy NetBIOS envioronments with lots of bradcasts, yet still allow unprivileged client apps to work mostly as well as they already did (nmblookup for example) in an environment when nmbd isn't running. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-0/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3: Add "smbcontrol winbindd ip-dropped <local-ip>"Volker Lendecke2010-09-301-0/+33
| | | | | | | | This is supposed to improve the winbind reconnect time after an ip address has been moved away from a box. Any kind of HA scenario will benefit from this, because winbindd does not have to wait for the TCP timeout to kick in when a local IP address has been dropped and DC replies are not received anymore.
* s3/winbind: use mono time for startup timeout checkBjörn Jacke2010-09-101-2/+2
|
* s3: Make winbind_add_failed_connection_entry staticVolker Lendecke2010-09-081-3/+4
|
* s3: Fix a typoVolker Lendecke2010-09-081-1/+1
|
* s3: Simplify cm_connect_sam a bitVolker Lendecke2010-09-081-5/+1
|
* s3: Check for sid instead of name in cm_connect_samVolker Lendecke2010-09-081-1/+1
|
* Final part of fix for bug #7636 - winbind internal error, backtrace.Jeremy Allison2010-08-231-11/+18
| | | | | | Ensure cm_get_schannel_creds() returns NTSTATUS. Jeremy.
* s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the ↵Günther Deschner2010-08-091-7/+13
| | | | | | | | | | | | | | | | | | | secure channel. This is an important fix as the following could and is happening: * winbind authenticates a user via schannel secured netlogon samlogonex call, current secure channel cred state is stored in winbind state, winbind sucessfully decrypts session key from the info3 * winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the secure channel on the dc) * subsequent samlogonex calls use the new secure channel creds on the dc to encrypt info3 session key, while winbind tries to use old schannel creds for decryption Guenther
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as ↵Günther Deschner2010-07-071-0/+8
| | | | | | well. Guenther
* s3-winbind: Make sure that the policy handles are closed.Andreas Schneider2010-07-061-0/+12
|
* s3: only use netlogon/nbt header when needed.Günther Deschner2010-05-311-0/+1
| | | | Guenther
* s3-rpc_client: move protos to cli_lsarpc.hGünther Deschner2010-05-181-0/+1
| | | | Guenther
* s3-rpc_client: move protos to cli_netlogon.hGünther Deschner2010-05-181-0/+1
| | | | Guenther
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2010-05-171-2/+4
| | | | Guenther
* s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.Günther Deschner2010-05-171-5/+25
| | | | | | | | | | | Note that this failure was hard to track, as winbind did only log a super helpful "cm_prepare_connection: Success" debug message. IPv6 gurus, please check Successfully tested in two independent IPv6 networks now. Guenther
* s3: only include gen_ndr headers where needed.Günther Deschner2010-05-061-0/+1
| | | | | | | | | | | | | | | | | This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
* s3: init_dc_connection() can't init for internal domainsVolker Lendecke2010-04-231-0/+4
| | | | | This fixes a crash in winbindd_dual_pam_chng_pswd_auth_crap when given global_sam_name() in the domain field
* s3:winbindd: fix problems with SIGCHLD handling (bug #7317)Stefan Metzmacher2010-04-011-3/+0
| | | | | | | | | | | | | | | | | | | | | The main problem is that we call CatchChild() within the parent winbindd, which overwrites the signal handler that was registered by winbindd_setup_sig_chld_handler(). That means winbindd_sig_chld_handler() and winbind_child_died() are never triggered when a winbindd domain child dies. As a result will get "broken pipe" for all requests to that domain. To reduce the risk of similar bugs in future we call CatchChild() in winbindd_reinit_after_fork() now. We also use a full winbindd_reinit_after_fork() in the cache validation child now instead instead of just resetting the SIGCHLD handler by hand. This will also fix possible tdb problems on systems without pread/pwrite and disabled mmap as we now correctly reopen the tdb handle for the child. metze
* s3:winbindd: correctly invalidate the cached connectionStefan Metzmacher2010-04-011-6/+11
| | | | | | There're maybe additional TCP connection for ncacn_ip_tcp. metze
* s3:winbindd: make sure we don't try rpc requests against unaccessable domainsStefan Metzmacher2010-04-011-5/+28
| | | | | | | This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. metze
* s3:winbindd_cm: invalidate connection if cm_connect_netlogon() failsStefan Metzmacher2010-03-291-2/+2
| | | | metze
* s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new ↵Stefan Metzmacher2010-03-291-0/+5
| | | | | | connection metze
* s3:winbindd_cm: use rpccli_is_connected() helper functionStefan Metzmacher2010-03-291-4/+4
| | | | metze
* s3:winbindd_cm: use cli_state_is_connected() helper functionStefan Metzmacher2010-03-291-14/+4
| | | | metze
* s3 move the sitename cache in its own fileSimo Sorce2010-02-231-0/+1
|
* s3:winbindd: never mark external domains as internal!Stefan Metzmacher2010-02-231-4/+1
| | | | | | | | | This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze
* s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Bo Yang2010-01-061-1/+2
| | | | | | lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org>
* s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner2009-11-261-0/+4
| | | | | | samba. Guenther
* s3: Always try SamLogonExVolker Lendecke2009-11-241-2/+6
| | | | | | | Required for cluster systems working in a Samba domain. With NT4 this won't work, but real NT4 DCs should not be around in environments that pay big bucks for a cluster... And if they are, they can always install a Samba DC trusting that NT4 domain.
* s3: use enum netr_SchannelType all over the place.Günther Deschner2009-10-131-1/+1
| | | | Guenther
* Revert "s3: Attempt to fix machine password change"Volker Lendecke2009-10-051-2/+0
| | | | | | This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.
* s3: Attempt to fix machine password changeVolker Lendecke2009-10-051-0/+2
|
* s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher2009-09-251-1/+12
| | | | | | ACCCESS_DENIED metze
* Revert "s3:winbindd: use a tcp connection for lsa in case ↵Stefan Metzmacher2009-09-241-9/+0
| | | | | | | | | | lookup_names/lookup_sids doesn't work over ncacn_np" This reverts commit f23691cffd39e5df81b7b075e61ed1def6cce9f6. This should not have been commited... metze
generated by cgit (git 2.34.1) at 2025-09-27 19:51:06 +0000