Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit 4b9d79147ae81fb701abf02dc046076f606443b6)
|
|
it can't talk to it.
Jeremy.
(This used to be commit 7385a076f8fd351472d37d9363304948e88f9f99)
|
|
as a generic DC (that should be the LDAP port).
Jeremy.
(This used to be commit f16b41c3c92b1af5cf25d8d244b1f551573cb076)
|
|
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
(This used to be commit 77fe2a3d7418012a8dbfb6aaeb2a8dd57c6e1a5d)
|
|
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
|
|
do what it's supposed to.
Jeremy.
(This used to be commit 4b7387a054bfc1587e0b9b7088f420a5bcf0bad9)
|
|
get_sorted_dc_list
return NTSTATUS.
If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.
Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?
Volker
(This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
|
|
error. Fix our DNS SRV lookup code to deal with multi-homed hosts.
We were noly remembering one IP address per host from the Additional
records section in the SRV response which could have been an unreachable
address.
(This used to be commit 899179d2b9fba13cc6f4dab6efc3c22e44e062bc)
|
|
use the generic IP list sort in get_sorted_dc_list().
(This used to be commit 03a767539d5b09ebd6564c0c9157de2a6e0e6b89)
|
|
DCs isn't resolvable in DNS. The fix is to leave that DC out of the
returned list of DCs. I think the original code intended that anyway,
just didn't quite get it right ('i' wasn't incremented in that code
path, so the loop didn't terminate)
(This used to be commit d7ec9f3cc0439e9e0f4c98988b14ae2155d931b9)
|
|
(This used to be commit 71fd0d3de4a02b9a7b67914f6412f18ec0bb5e7a)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
Thanks,
Volker
(This used to be commit 86f62484dd7db43e036d9edf29e459b8bd0e5fbe)
|
|
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
|
|
think is a direct bug, but some code that needs clarification :-).
Jeremy.
(This used to be commit 61901a3f10de64a72b655d9aa884424a4fc88a44)
|
|
Jeremy.
(This used to be commit 46e10980927f1dfa4a1995e778df880cf823cbdb)
|
|
Jeremy.
(This used to be commit 6196446a03abeb4100bac1721977488ae5843f42)
|
|
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
simultaeneously to all
DCs found. The first one to reply wins.
Volker
(This used to be commit 84ac54aef2bd56b5c889d3b05b8828aceb8ae00e)
|
|
really didn't
(This used to be commit c7036f824627dc555185a52ed95d3e0132babcd8)
|
|
Volker
(This used to be commit 2af98ec054508055a63552cfdb48cfaf43f76b62)
|
|
(This used to be commit 316302ca4a79cfc201311e12df71fdbb974c09c4)
|
|
reuse when filling in the spolss replies (also gets rid of get_called_name()
(This used to be commit 57db8ca91f52329c7f8985c04463b6b69015b0c4)
|
|
Meadows" <jameadows@webopolis.com>.
Jeremy.
(This used to be commit 4cc38b8aea51b55cc449cd2144f18de7d4819637)
|
|
(This used to be commit bf9f02be5fc1d09c8c08c78c3f2df23b2099ba4f)
|
|
(MORIYAMA Masayuki).
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599ab414f7828b83f40a5a8b43479ff64)
|
|
fix up netbios names with mb strings. Includes reformat of libsmb/nmblib.c
so it's readable.
Jeremy.
(This used to be commit 966e49a48c352563cdd7f75fe2768f2d6612ec7e)
|
|
Andrew Bartlett
(This used to be commit e10e176c83da9eda0746e0bd108c72a01a0505e8)
|
|
names
* fix some a mispelled variable name
(This used to be commit bca702c97620ad8f66015d6e4b41abd4adf22076)
|
|
Andrew Bartlett
(This used to be commit 7e75a6d681fc63cacc7e5caa7a04568c6019367f)
|
|
hostname lookups, and ensures that we don't lookup 'short' (ie NetBIOS)
domain names in DNS.
Andrew Bartlett
(This used to be commit 35f6347a73ce7423adb78c7e95492bb6d98f4c40)
|
|
Jeremy.
(This used to be commit d3d0353baeba580d8a7a4688f847463b1b2e750c)
|
|
as that's what they do. Fix string_replace() to fast-path ascii.
Jeremy.
(This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
|
|
(This used to be commit fa354f3ceefe53bdfd4f543559041d337b75613f)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
* move back to qsort() for sorting IP address in get_dc_list()
* remove dc_name_cache in cm_get_dc_name() since it slowed
things down more than it helped. I've made a note of where
to add in the negative connection cache in the ads code.
Will come back to that.
* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
of MAX_ALLOWED)
* only enumerate domain local groups in our domain
* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
|
|
Jeremy.
(This used to be commit 8bcc3116a22ce11b55a35f3363230f54bc5735fc)
|
|
Volker
(This used to be commit 6cde3d4d655bbe1d81e68ec2ec7a23669ac82120)
|
|
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.
Volker
(This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
|
|
Jeremy.
(This used to be commit c832e95c2f4daf175954a60f3c56420cf2f35b45)
|
|
Jeremy.
(This used to be commit 01f6b2694532749807aff1c2e6f338dade2d9b09)
|
|
Andrew Bartlett
(This used to be commit f79324f730c400342f445c931b0d75ff756d7cc7)
|
|
(This used to be commit 18799c115b05d6662350509f6662dbfceb4b71f5)
|
|
Jeremy.
(This used to be commit 7acf9594210f024e8d0c34259fcc990c6c76c838)
|
|
Schnitzer <dominik@schnitzer.at>
Jeremy.
(This used to be commit 15185ac437a6a0f53711bef035879173dbb492c6)
|
|
90% fix for CR 1076. The password server parameter will no take things
like
password server = DC1 *
which means to contact DC1 first and the go to auto lookup if it
fails.
jerry
(This used to be commit 016ef8b36b30846311a5321803298f8e28719244)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
|