summaryrefslogtreecommitdiffstats
path: root/source3/winbindd/winbindd_cm.c
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:winbindd: use a tcp connection for lsa in case lookup_names/lookup_sids ↵Günther Deschner2009-09-241-0/+9
| | | | | | doesn't work over ncacn_np metze
* s3:winbind: Fix an uninitialized variableVolker Lendecke2009-09-231-1/+1
|
* s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner2009-09-221-0/+2
| | | | | | | | | | | Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther
* s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner2009-09-221-0/+59
| | | | Guenther
* s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner2009-09-151-5/+5
| | | | Guenther
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner2009-09-111-3/+4
| | | | Guenther
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-09-111-1/+2
| | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther
* s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server ↵Günther Deschner2009-09-091-1/+1
| | | | | | | | | | principal. Patch from Robert LeBlanc <robert@leblancnet.us>. Thanks! Guenther
* s3:winbind: For internal domains it is pointless to connect to a DCVolker Lendecke2009-08-231-0/+6
|
* Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison2009-07-281-2/+2
| | | | | | | | | | W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
* Fix a typoVolker Lendecke2009-07-271-1/+1
|
* Fix some type-punned warningsVolker Lendecke2009-05-071-2/+5
|
* s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner2009-04-211-9/+9
| | | | Guenther
* Fix to use modified cli_rpc_pipe_open_schannel_with_key APIAndrew Bartlett2009-04-201-2/+2
|
* Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()Andrew Bartlett2009-04-201-1/+1
|
* s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIsAndrew Bartlett2009-04-141-9/+9
|
* Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett2009-04-141-0/+1
| | | | | | | | | | | This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
* s3: remove POLICY_HND.Günther Deschner2009-03-181-3/+3
| | | | Guenther
* Fix a valgrind errorVolker Lendecke2009-03-171-1/+1
| | | | Found in "make test" -- if we can't connect at all, "cli" is uninitialized
* Remove pwd_cache.c, it was doing nothing. Make user_name, domain, andJeremy Allison2009-03-131-14/+25
| | | | | password talloc'ed strings within the cli_struct. Jeremy.
* s3:winbindd_cm: remove useless cli_setup_signing_state(*cli, Undefined) callStefan Metzmacher2009-03-061-2/+0
| | | | | | cli_setup_signing_state() with Undefined is a noop. metze
* Make cli_tcon_andx asyncVolker Lendecke2009-01-301-7/+2
|
* Fix bug in get_dc_name_via_netlogon(), null pointer refrence.Bo Yang2009-01-141-1/+1
|
* From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison2009-01-131-3/+3
| | | | Jeremy.
* Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison2009-01-061-14/+10
| | | | Jeremy.
* s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher2009-01-051-4/+2
| | | | metze
* s3:winbindd: regain tickets for all ccache entries, when we go onlineStefan Metzmacher2009-01-051-7/+1
| | | | | | | set_event_dispatch_time() is stupid by design and only handles the first event with a given name. metze
* s3:winbindd: recreate the per domain check_online_event without relying on ↵Stefan Metzmacher2009-01-051-19/+20
| | | | | | | | | global state set_event_dispatch_time() is stupid by design and just picks the first event with the given name. metze
* Fix broken krb5 refresh chainBo Yang2009-01-051-0/+2
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* clean event context after child is forked.Bo Yang2009-01-051-1/+2
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Make cli_negprot return NTSTATUS instead of boolVolker Lendecke2008-12-191-3/+4
|
* s3: Change sockaddr util function names for consistencyTim Prouty2008-12-031-1/+1
| | | | Also eliminates name conflicts with OneFS system libraries
* s3: fix a few "shadows a global declaration" warningsTim Prouty2008-11-031-4/+4
|
* Rename dos_errstr() to win_errstr() for consistency with Samba 4.Jelmer Vernooij2008-11-011-1/+1
|
* s3: fix simple "incompatible pointer type" build warningTim Prouty2008-10-231-1/+1
|
* Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij2008-10-231-1/+1
| | | | | otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
* s3: fix NETLOGON_NT_VERSION version flags.Günther Deschner2008-09-231-1/+1
| | | | Guenther
* Cleanup of DC enumeration in get_dcs()Steven Danneman2008-09-041-24/+74
| | | | | | | | | | | | This is a fix for a few small inefficiencies/bugs in the get_dcs() path. * because the third add_one_dc_unique() loop was outside the ADS check all DCs returned from the non-sitename lookup were being tacked onto the dc_name_ip list twice. * add_one_dc_unique() now checks if the given IP address already exists before adding it to the list, making the returned list actually unique * added more thorough doxygen comment headers (This used to be commit cb2d488e1dbd90953c496c5e25d648977884f7e3)
* Fix some nonempty blank linesVolker Lendecke2008-08-231-26/+26
| | | | (This used to be commit 541e088656773d2b3b56a5a8bdc8dea6c9edec86)
* Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison2008-08-221-0/+3
| | | | | | | | farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (This used to be commit dca827791276906436452c650062164eb819dfe0)
* winbindd: Fix crash in cm_connect_sam()Gerald (Jerry) Carter2008-08-221-2/+7
| | | | | | | | | | | | | Fix segv when talking to parent DC (joined to child domain). The root cause was (a) storing the parent domain in the cli_state struct caused the NTLMSSP pipe bind to fail which made us fallover to the schannel code path (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning NULL even though the function indicated success. (This used to be commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
* Here is a re-working of the winbinddJeremy Allison2008-08-201-8/+31
| | | | | | | | | | | | | | | | | | | | | reconnect code to cope with rebooting a DC. This replaces the code I asked Volker to revert. The logic is pretty simple. It adds a new parameter, "winbind reconnect delay", set to 30 seconds by default, which determines how long to wait between connection attempts. To avoid overwhelming the box with DC-probe forked children, the code now keeps track of the DC probe child per winbindd_domain struct and only starts a new one if the existing one has died. I also added a little logic to make sure the dc probe child always sends a message whatever the reason for exit so we will always reschedule another connect attempt. Also added documentation. Jeremy. (This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)
* Revert "Add winbind:online check timeout parameter"Volker Lendecke2008-08-141-16/+0
| | | | | This reverts commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6. (This used to be commit 34a32db9060e7b60455774f923f61b7367ee3fcf)
* Add winbind:online check timeout parameterVolker Lendecke2008-08-131-0/+16
| | | | | | | | | | | | | | | | | | | | This is a band-aid for the rather convoluted offline/online mess in winbind right now. Winbind re-uses the offline functionality that is targeted at domain client installations on laptops to not overload disfunctional DCs. It uses the winbind cache timeout as the retry timeout after a DC reboot. I am using a parametric options because when this mess is cleaned up, that parameter needs to go away again. I'd recommend to use something like winbind:online check timeout = 30 in typical LAN environments. This means a reconnect is attempted every 30 seconds. Volker (This used to be commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6)
* fixed a fd leak when trying to regain contact to a domain controllerAndrew Tridgell2008-08-061-0/+1
| | | | | | | | | | | | in winbind When a w2k3 DC is rebooted the 139/445 ports come up before the udp/389 cldap port. During this brief period, winbind manages to connect to 139/445 but not to udp 389. It then enters a tight loop where it leaks one fd each time. In a couple of seconds it runs out of file descriptors, and leaves winbind crippled after the DC does finally come up (This used to be commit 57187cafbcc053e75bb54750494df9feabe3a738)
* Refactoring: Change calling conventions for cli_rpc_pipe_open_schannel_with_keyVolker Lendecke2008-07-201-16/+14
| | | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1)
* Refactoring: Change calling conventions for cli_rpc_pipe_open_ntlmsspVolker Lendecke2008-07-201-11/+14
| | | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit a13f0599551609394904b99e4014d580ec65c506)
* Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke2008-07-201-15/+18
| | | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
* libads: Add API call to connect to a global catalog server.Gerald W. Carter2008-06-271-2/+4
| | | | | | | Extends ads_connect() to a new call ads_connect_gc() which connects on port 3268 rather than port 389. Also makes ads_try_connect() static and only used internally to ldap.c (This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
* Revert "Fix a memleak caused by a crappy get_sorted_dc_list() API"Volker Lendecke2008-06-171-14/+1
| | | | | This reverts commit 2ea03a1e95a30e321e390bef9408a1215711de07. (This used to be commit 80c2e8295a00c3d88372b55b81d03b455feb69b2)
generated by cgit (git 2.34.1) at 2025-09-28 07:03:04 +0000