Age | Commit message (Collapse) | Author | Files | Lines |
|
the stored client sitename with the sitename from each sucessfull CLDAP
connection.
Guenther
(This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
|
|
for a PDC.
Guenther
(This used to be commit 0944c7861004bee2a9d0ac787f022f5bf1d181ac)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
Instead,
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197b1bc9db14a643fdd112b40ef37aaef)
|
|
Jeremy.
(This used to be commit 89b7a0630de0bd95a56263b36d433b4e73517a70)
|
|
The problem occurs like this:
1) running smbd as a domain member without winbindd
2) client1 connects, during auth smbd-1 calls update_trustdom_cache()
3) smbd-1 takes the trustdom cache timestamp lock, then starts
enumerate_domain_trusts
4) enumerate_domain_trusts hangs for some unknown reason
5) other clients connect, all block waiting for read lock on trustdom
cache
6) samba is now hung
The problem is the lock, and really its just trying to avoid a race
where the cure is worse than the problem. A race in updating the
trutdom cache is not a big issue. So I've just removed the lock.
It is still an open question why enumerate_domain_trusts() can
hang. Unfortunately I've not in a position to get a sniff at the site
that is affected. I suspect a full fix will involve ensuring that all
the rpc code paths have appropriate timeouts.
(This used to be commit ab8d41053347a5b342ed5b59a0b0dd4983ca91e6)
|
|
(This used to be commit 44f9d25a9026df29fcaae8723ef52b1d3101628b)
|
|
(This used to be commit e4dea0e64747912da899e846b944c24804772259)
|
|
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
|
|
NULL dereference
(This used to be commit f9edfffeb5aa1fe0700c17cd1c8141c906080188)
|
|
only do it for our primary domain.
Jeremy.
(This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
|
|
more no previous prototype warnings
(This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5)
|
|
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
|
|
(This used to be commit f53983079bc285ad8ced8fc4dd40df66fad13718)
|
|
match Windows NTLMSSP flags.
Jeremy.
(This used to be commit 786318f84bef76c6acffa1ddf7cdba947509fbac)
|
|
(This used to be commit bc4e0a388a2859d2ddcfb8f07920f3b121a37894)
|
|
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
|
|
Jeremy.
(This used to be commit 78c1c43523d787825bdb6d52e128bf0af5eccaae)
|
|
in the affinity cache (which happens all the time here).
Guenther
(This used to be commit 45d6d300767d5b99aff332bdfb0a8f464fd103e0)
|
|
Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
|
|
Jeremy.
(This used to be commit 3b5ab8ab8296339ad0e62d8564d706b5a446dcf3)
|
|
(This used to be commit 3a1be1626c1e285da70a8fd688a494eb633eee2f)
|
|
Guenther
(This used to be commit b076c39b6ac87a078feae30a4384c881c46e81ac)
|
|
metze
(This used to be commit a813c7595541e31dfa77915d80235de4402bfeca)
|
|
opened.
Guenther
(This used to be commit 49e9e1a3e7f6ac1a9cf584c88f3c640ca9d15554)
|
|
metze
(This used to be commit 785ab128c4d630819f141ede8bcf5fc0c705aebb)
|
|
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc1fb877e8601bfd242ee1fd615b554c)
|
|
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5146ea6af0b88d91e030a4ec3d7f01e)
|
|
- "The problem is, with a fresh system, we don't know our sitename,
therefor we do a stupid DNS query for all DCs. The reply we get is a
round-robin list of all 21 DCs, we just pick the first, contact that
and safe that INET.COM#1C query in the name cache for later use...
What we need to do if we don't yet know our sitename, is to contact to
any DC, get the CLDAP reply to tell us in which site we are, then flush
the namecache and requery DNS including the sitename"
Implement the flushing of the #1C entries for a given NetBIOS name/realm
when looking up the site value.
Jeremy.
(This used to be commit b2d1e44f59d32c91b1d48eacd1a158ba7b65762d)
|
|
Guenther
(This used to be commit 4b9d79147ae81fb701abf02dc046076f606443b6)
|
|
metze
(This used to be commit d91041d4b6973fd9779d355cd6f9634e207b7653)
|
|
browser for its
workgroup, decided periodically to stop sending recognized responses to a
NetServerEnum2 request for the workgroup. Instead of returning the list of
servers (only itself; nothing else in the workgroup), it returns a status code
of 8 which is unsupported by samba3, samba4, and ethereal.
The code for this request assumed that if an unexpected status code was
received, the connection had a problem, i.e. that cli_errno() would show a
problem. That turns out not to be the case.
This patch changes the behavior so tha any time a response is received and
cli_errno() == 0, we continue processing the reply and base our response on
the returned count (zero). The pre-existing code then converts this count=0
into an ENOENT errno which can be properly handled by the application (whereas
an error return with errno=0 can't be).
This packet dump has only 2 frames. Sorry about the text version but it's
most easily attached to this log message. I also have it saved as .pcap if
anyone wants it.
Derrell
No. Time Source Destination Protocol Info
1 14:31:59.802668 192.168.1.106 192.168.1.100 LANMAN NetServerEnum2 Request, Server, SQL Server, Domain Controller, Backup Controller, Time Source, Apple Server, Novell Server, Domain Member Server, Print Queue Server, Dialin Server, Xenix Server, NT Workstation, Windows for Workgroups, Unknown server type:14, NT Server
Frame 1 (196 bytes on wire, 196 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.802668000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 196 bytes
Capture Length: 196 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: IntelCor_4a:47:bb (00:13:20:4a:47:bb), Dst: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Destination: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Source: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.106 (192.168.1.106), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 182
Identification: 0xb838 (47160)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfdea [correct]
Good: True
Bad : False
Source: 192.168.1.106 (192.168.1.106)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: 44932 (44932), Dst Port: netbios-ssn (139), Seq: 851982066, Ack: 1274726157, Len: 130
Source port: 44932 (44932)
Destination port: netbios-ssn (139)
Sequence number: 851982066
Next sequence number: 851982196
Acknowledgement number: 1274726157
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0xb4e0 [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1184074739, tsecr 11576161
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 126
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 2
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x08
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Request (0x25)
Word Count (WCT): 14
Total Parameter Count: 36
Total Data Count: 0
Max Parameter Count: 8
Max Data Count: 65535
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 36
Parameter Offset: 90
Data Count: 0
Data Offset: 126
Setup Count: 0
Reserved: 00
Byte Count (BCC): 63
Transaction Name: \PIPE\LANMAN
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Parameter Descriptor: WrLehDz
Return Descriptor: B16BBDz
Detail Level: 1
Receive Buffer Length: 65535
Server Type: 0x0000fffe
.... .... .... .... .... .... .... ...0 = Workstation: This is NOT a Workstation
.... .... .... .... .... .... .... ..1. = Server: This is a Server
.... .... .... .... .... .... .... .1.. = SQL: This is an SQL server
.... .... .... .... .... .... .... 1... = Domain Controller: This is a Domain Controller
.... .... .... .... .... .... ...1 .... = Backup Controller: This is a Backup Controller
.... .... .... .... .... .... ..1. .... = Time Source: This is a Time Source
.... .... .... .... .... .... .1.. .... = Apple: This is an Apple host
.... .... .... .... .... .... 1... .... = Novell: This is a Novell server
.... .... .... .... .... ...1 .... .... = Member: This is a Domain Member server
.... .... .... .... .... ..1. .... .... = Print: This is a Print Queue server
.... .... .... .... .... .1.. .... .... = Dialin: This is a Dialin server
.... .... .... .... .... 1... .... .... = Xenix: This is a Xenix server
.... .... .... .... ...1 .... .... .... = NT Workstation: This is an NT Workstation
.... .... .... .... ..1. .... .... .... = WfW: This is a WfW host
.... .... .... .... 1... .... .... .... = NT Server: This is an NT Server
.... .... .... ...0 .... .... .... .... = Potential Browser: This is NOT a Potential Browser
.... .... .... ..0. .... .... .... .... = Backup Browser: This is NOT a Backup Browser
.... .... .... .0.. .... .... .... .... = Master Browser: This is NOT a Master Browser
.... .... .... 0... .... .... .... .... = Domain Master Browser: This is NOT a Domain Master Browser
.... .... ...0 .... .... .... .... .... = OSF: This is NOT an OSF host
.... .... ..0. .... .... .... .... .... = VMS: This is NOT a VMS host
.... .... .0.. .... .... .... .... .... = Windows 95+: This is NOT a Windows 95 or above host
.0.. .... .... .... .... .... .... .... = Local: This is NOT a local list only request
0... .... .... .... .... .... .... .... = Domain Enum: This is NOT a Domain Enum request
Enumeration Domain: WORKGROUP
No. Time Source Destination Protocol Info
2 14:31:59.803918 192.168.1.100 192.168.1.106 LANMAN NetServerEnum2 Response
Frame 2 (134 bytes on wire, 134 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.803918000
Time delta from previous packet: 0.001250000 seconds
Time since reference or first frame: 0.001250000 seconds
Frame Number: 2
Packet Length: 134 bytes
Capture Length: 134 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: Micro-St_74:16:e7 (00:0c:76:74:16:e7), Dst: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Destination: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Source: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.106 (192.168.1.106)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 120
Identification: 0xea10 (59920)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8c50 [correct]
Good: True
Bad : False
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.106 (192.168.1.106)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 44932 (44932), Seq: 1274726157, Ack: 851982196, Len: 68
Source port: netbios-ssn (139)
Destination port: 44932 (44932)
Sequence number: 1274726157
Next sequence number: 1274726225
Acknowledgement number: 851982196
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64606
Checksum: 0x1e0d [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 11576161, tsecr 1184074739
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 64
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 1
Time from request: 0.001250000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 8
Total Data Count: 0
Reserved: 0000
Parameter Count: 8
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 0
Data Offset: 64
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 9
Padding: 00
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Status: Unknown (8)
Convert: 0
Entry Count: 0
Available Entries: 0
(This used to be commit 88fa5ac7347cbae92abe17da8d3af00e85110c43)
|
|
Implement 'net rap server name'.
Volker
(This used to be commit 919385ed2a2a07e848bc0baaac9ed3d1964d4386)
|
|
Guenther
(This used to be commit 78b0124a6e7051da2df3157f02593f06f7f31a1b)
|
|
with
asn1_pop_tag.
Volker
(This used to be commit d18e9f1da9a22aa16860aa2a91e7c788d28d3314)
|
|
KRB5 in
SPNEGO, as long as we don't make use of it without krb libs. Makes the code a
bit simpler.
Volker
(This used to be commit 23549e6c082e92e45ced4eee215bcc0094b2a88b)
|
|
Volker
(This used to be commit b601fc42cb289366b7c522f41aa4c66920006890)
|
|
patch some
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
(This used to be commit af85d8ec02b36b765ceadf0a342c7eda2410034b)
|
|
(This used to be commit 1c18ebe67500a59d4bf08c7e2e2c2af416bfa084)
|
|
Guenther
(This used to be commit 1308a842716bc3bd1a9853b9b206dc7308a8c1dd)
|
|
Guenther
(This used to be commit 31f21282cd5fb27c867615790e7fd27df4cd4c0e)
|
|
reported that Samba3 on Solaris Sparc with the native compiler can't
join Windows domains. If it worked we were just lucky. I suspect it
just didn't work.
(This used to be commit 9df1e7d98973ac1ec6ba25d528591216e568f2f3)
|
|
(This used to be commit 47c19811ae2282259f523a0d41a08d84de74cbda)
|
|
still doesn't compile with immediate structures and the
NTSTATUS/WERROR separation, as there are still several places where
the two error types are mixed up. I haven't fixed those as they
require decisions about the rpcclient code that I really don't want to
get into (the error handling there is a mess)
So samba3 compiles now, but only becaise HAVE_IMMEDIATE_STRUCTURES is
not used (look for HAVE_IMMEDIATE_STRUCTURES_XX_DISABLED)
(This used to be commit 8438a6a7d4506d395c8b4bd0e99f9c100e5e3c4e)
|
|
can no longer handle it (at least with gcc 4.1.2). Disable it until
investigated and fixed properly.
(This used to be commit c8670b33b490daeaff987c21fcb0ec601a91d54e)
|
|
Guenther
(This used to be commit a0aedee1c90af163210dd459603dd5dffb73e132)
|
|
and server code.
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399c4b82700dc431b4d93431ffdd42d98)
|
|
descriptor
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
|
|
from 10 seconds to 30 seconds. I don't think you
meant to do this....
Jeremy.
(This used to be commit dd1691cf81492cfecc7f015ba201b78e2588db90)
|
|
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.
metze
(This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
|