summaryrefslogtreecommitdiffstats
path: root/source3/winbindd/winbindd_cm.c
Commit message (Collapse)AuthorAgeFilesLines
* winbindd: Call set_dc_type_and_flags on the internal domainAndrew Bartlett2014-06-111-14/+68
| | | | | | | | | | | | | | | | | | This allows the AD DC to be picked up correctly and gives the correct DNS name. To ensure no confusion, we also always init it with the full DNS name. It also means that, aside from the BUILTIN domain the initialized flag is set only in one place, which will help when we add more details to the domain structure in the future. This in turn allows kerberos authentication against winbindd on the AD DC. Andrew Bartlett Change-Id: Idc829cfe5f2e867c87107b49275b17f294821dcd Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: remove unused kdc_name from ↵Günther Deschner2014-03-071-4/+2
| | | | | | | | | | | | create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
* param: rename lp function and variable from "cli_minprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "client_min_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "cli_maxprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "client_max_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-071-52/+73
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-071-4/+1
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-071-25/+11
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of the "winbind sealed pipes" option for all connectionsStefan Metzmacher2014-01-071-3/+17
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbind3: Fix CID 1107229 Uninitialized pointer readVolker Lendecke2013-10-191-1/+2
| | | | | | | | | | The first "goto done" would TALLOC_FREE the uninitialized "value" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Oct 19 03:43:04 CEST 2013 on sn-devel-104
* s3:winbindd: don't hide the error in cm_connect_lsa()Stefan Metzmacher2013-10-171-1/+0
| | | | | | | | We should not overwrite the error with NT_STATUS_PIPE_NOT_AVAILABLE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-winbind: Send online/offline message of the domain to the parent.Andreas Schneider2013-10-111-0/+22
| | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104
* s3-winbind: Add functions for domain online/offline handling.Andreas Schneider2013-10-111-0/+40
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib: Use "mem_ctx" arg in gencache_getVolker Lendecke2013-09-051-1/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
* Add a talloc context to sitename_fetch().Jeremy Allison2013-09-051-4/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* Add a talloc context to saf_fetch().Jeremy Allison2013-09-051-6/+6
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke2013-09-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbindd: make use of lp_cli_{min,max}protocol()Stefan Metzmacher2013-08-151-2/+3
| | | | | | | | | This changes winbindd back to use NT1 as defeault. https://bugzilla.samba.org/show_bug.cgi?id=9514 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Followup patch for BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082Andreas Schneider2013-08-151-1/+1
| | | | | | | | | | | Thanks to Jim Brown <jim.brown@rsmas.miami.edu> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 15 03:46:20 CEST 2013 on sn-devel-104
* winbind3: Fix an invalid freeVolker Lendecke2013-08-141-1/+1
| | | | | | | | | | | | This fixes a warning I've never seen before :-) ../source3/winbindd/winbindd_cm.c:781:59: warning: attempt to free a non-heap object ‘machine_krb5_principal’ [-Wfree-nonheap-object] Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Aug 14 14:04:16 CEST 2013 on sn-devel-104
* s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().Günther Deschner2013-08-131-2/+7
| | | | | | | | | | | | | | | | | | Fallback to lsa named-pipe connection when tcp connection has failed twice (it could be a trusted domain connection where we cannot setup a secure channel). Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615 BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899 Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
* s3-winbind: Fix a segfault passing NULL to a fstring argument.Andreas Schneider2013-08-131-2/+11
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 13 13:58:26 CEST 2013 on sn-devel-104
* s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().Günther Deschner2013-08-051-5/+5
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_cli: pass down ndr_interface_table to ↵Günther Deschner2013-08-051-4/+4
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Correctly use names in the domain struct.Andreas Schneider2013-03-051-2/+2
| | | | Reviewed-by: David Disseldorp <ddiss@samba.org>
* winbind: Use talloc for allocating domain, dns, forest and dc name.Andreas Schneider2013-03-051-35/+91
| | | | Reviewed-by: David Disseldorp <ddiss@samba.org>
* winbind: Don't leak memory on return.Andreas Schneider2013-02-221-0/+3
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* winbind: Use uint8_t type and use const where needed.Andreas Schneider2013-02-221-7/+7
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:winbindd: s/event_add_timed/tevent_add_timerStefan Metzmacher2013-02-191-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:winbindd: s/struct timed_event/struct tevent_timerStefan Metzmacher2013-02-191-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:winbindd: s/struct event_context/struct tevent_contextStefan Metzmacher2013-02-191-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: add cm_connect_lsat().Günther Deschner2012-11-301-0/+31
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* BUG 9436: Fix leaking sockets of SMB connections to a DC.Andreas Schneider2012-11-281-0/+4
| | | | | | | | | | | | As this is a burst of 3 unbound sockets with each try to reach a DC we're running out of file descriptors pretty fast. So winbind is then mostly spinning in an accept loop failing with EMFILE. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Wed Nov 28 17:17:21 CET 2012 on sn-devel-104
* s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175)Stefan Metzmacher2012-11-011-1/+1
| | | | | | | | | | We should use the latest supported dialect. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewd-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 1 18:11:27 CET 2012 on sn-devel-104
* s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175)Stefan Metzmacher2012-11-011-0/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliableSumit Bose2012-09-281-2/+9
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-091-1/+4
|
* lib/param: Move all enum declarations to lib/paramAndrew Bartlett2012-07-241-0/+1
| | | | | | | | This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
* Enable AES in winbind.Andreas Schneider2012-07-171-1/+1
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* Fix bug #9016 - Connection to outbound trusted domain goes offline.Jeremy Allison2012-07-141-6/+0
| | | | | | | | | | | | By the time we've gotten to init_dc_connection_network() we shouldn't be second guessing the caller by calling winbindd_can_contact_domain(). If for some reason we do need to restrict the contact list here we can add a condition to only contact the primary domain or domains listed in the tdc cache, but I don't think that's neccessary. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
* s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam2012-07-121-1/+1
| | | | | | This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
* s3:libsmb: get rid of cli_negprotLuk Claes2012-05-281-1/+2
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: get rid of cli_state_disconnectLuk Claes2012-05-281-2/+2
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: get rid of cli_state_security_modeLuk Claes2012-05-281-1/+1
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: get rid of cli_state_capabilitiesLuk Claes2012-05-281-1/+1
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: get rid of cli_state_protocolLuk Claes2012-05-281-2/+2
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: get rid of cli_state_remote_nameLuk Claes2012-05-281-2/+2
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libsmb: get rid of cli_state_*_sockaddrLuk Claes2012-05-281-2/+3
| | | | | Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no ↵Herb Lewis2012-05-231-0/+1
| | | | | | | | | | | | | timeout. If we're running with SEC_ADS and we don't get a cldap response from the server when querying its name, don't fall back to NetBIOS requests as they're unlikely to succeed. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104
* Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout.Jeremy Allison2012-05-221-1/+1
| | | | | Add a timeout_in_seconds parameter to nbt_getdc() to make it fail after that time with NT_STATUS_IO_TIMEOUT.
* s3:winbindd: also try SMB2 when connecting to "IPC$"Stefan Metzmacher2012-04-271-7/+20
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Apr 27 13:10:15 CEST 2012 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-27 03:43:50 +0000