summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20296: If we're going to overwrite krb5.confJeremy Allison1-15/+12
only do it for our primary domain. Jeremy. (This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
2007-10-10r20250: If we've come from being globally offline weJeremy Allison1-10/+26
don't have a check online event handler set. We need to add one once we're been asked to go back online as this is the only way to actually go into the online state. Doh ! :-). Jeremy. (This used to be commit 5d36c4e0313c2d735242dfdd57343372be59c6e1)
2007-10-10r20245: merge 20244 from samba_3_0_24Herb Lewis1-3/+3
get rid of more nested extern declarations warnings (This used to be commit e9df051f5201843e3428ddbed7a719553c2e799a)
2007-10-10r20206: Start cleaning up the talloc_ctx mess.Jeremy Allison1-0/+3
child->mem_ctx isn't actually used for anything, so remove it. Jeremy. (This used to be commit a7f294b59238826c11e579a7b1a4dca7284bb89d)
2007-10-10r20146: Now online checks are fully async we can do themJeremy Allison1-7/+1
every cache timeout times. Jeremy. (This used to be commit 5d364bc5ccc45b8d7bf3e484d16b37ac9e06b5cf)
2007-10-10r20140: Make online/offline detection completely asynchronous.Jeremy Allison1-22/+177
Now I've done this I might be able to reduce the probe timeout and reduce the backoff algorithm, going back to checking every cache time seconds (5 mins by default), as the parent or forked domain child will never block. Jeremy. (This used to be commit d0add5f946cf63ea43067e8e935876b5346d11de)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-1/+2
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-11/+27
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r20060: Fix the timout calculation.Jeremy Allison1-7/+9
Jeremy. (This used to be commit 017be792f3c41aba2cbda10b53d80aad91c5d666)
2007-10-10r20058: Ensure we actually do the increasing timeJeremy Allison1-3/+1
calculation when in offline mode. Jeremy. (This used to be commit b7dc67ab2a78aba8dc8324430798ef56325d3cd6)
2007-10-10r20057: Attempt to fix connect timeouts when connected onJeremy Allison1-7/+54
a network but not one on which any home DC's can be found (hotel network problem). Still testing but this is getting close. Jeremy. (This used to be commit 369c9e4138b93f7cfb6680f0beb541f58554e856)
2007-10-10r19754: * When using a krb5 session setup, we don't fill in the server_nameGerald Carter1-2/+2
string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete() (This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
2007-10-10r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner1-1/+1
Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
2007-10-10r19212: Make sure domains marked internal don't doJeremy Allison1-5/+18
network queries. Jeremy. (This used to be commit e4d5e1d90b40fee1edc5cf0134b276645eea63bf)
2007-10-10r19159: The getdc call can take a long time. Allow for timeouts.Jeremy Allison1-1/+9
Jeremy. (This used to be commit 99bebb65273c78d9867254c47438577bb21af4ee)
2007-10-10r19148: Finish last nights patch - make offlineJeremy Allison1-45/+60
work again. Still under test. Jeremy. (This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)
2007-10-10r19143: getdcname on the NETLOGON pipe returns WERROR, not NTSTATUS.Günther Deschner1-3/+4
Guenther (This used to be commit 44e228ac796fca2db8509915067511ed705032bf)
2007-10-10r19105: Ok - this is currently untested (but I'm testing it atJeremy Allison1-0/+15
the moment) but winbindd isn't run in the build farm so hopefully won't break anything too badly - I don't want to lose this. If winbindd starts offline then it falls back to using MS-RPC backend. On going online it needs to reset the backend and try and go to using the AD backend code if possible, as the MS-RPC sequence number fetch just returns 1 as the sequence number if run against an AD DC. In addition, the winbindd async child may end up with the AD backend whilst the main winbindd - which still contacts the DC for some non-async calls, is left using MS-RPC. This can cause some trouble (as you can imagine :-). Attempt to ensure both main winbindd and async children us AD backends on going online. Jeremy. (This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
2007-10-10r19064: This code block is already #ifdef'ed by WITH_ADS which should implyVolker Lendecke1-2/+2
HAVE_KRB5. If WITH_ADS does not imply KRB5, we have to fix that. Lets see what the build farm thinks about this. Volker (This used to be commit 27b063078dff0d8c5eb552dd73825f6858d04e4b)
2007-10-10r18980: Be a little more intelligent about "startup_time",Jeremy Allison1-2/+25
move into the domain struct. Allow message to go online to set this state and cope with removing it. Jeremy. (This used to be commit 51f0e60cc3a652b0ff1658d4c07bfc9493fbc51a)
2007-10-10r18557: If you've set security=ads, do the DNS queries first.Jeremy Allison1-9/+6
Doing otherwise means site support doesn't work correctly. Jeremy. (This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90)
2007-10-10r18552: Ensure the sitename matches before we SAF store a DC in ADS mode.Jeremy Allison1-2/+4
Jeremy. (This used to be commit 03e1078b459531af5a2336b584b3c886c5dd1e29)
2007-10-10r18551: Implement a 30 seconds from startup, during which weJeremy Allison1-2/+2
try hard to connect a DC even if we might be offline. Jeremy. (This used to be commit a9f115140700487767bafa058db744eea5ee8f77)
2007-10-10r18525: Be a little less agressive about going back online when requested.Jeremy Allison1-7/+15
Jeremy. (This used to be commit 9a0066278c30b123eeaed8213294b6d81a339524)
2007-10-10r18506: Fix online requests to cause an immediate DC connection.Jeremy Allison1-5/+35
Jeremy. (This used to be commit 03b1699fa7d94fd637ff8c3bd2c59358673d2607)
2007-10-10r18473: Once we go online, trigger a "get krb5 ticket event"Jeremy Allison1-0/+6
immediately if we were waiting on one. Jeremy. (This used to be commit 6dc8f9042f057e1f9aff46042a0fe697cb8a912c)
2007-10-10r18224: Paranoia - ensure the oplock event handler isJeremy Allison1-1/+10
removed immediately in the handler. Extra debug info tracking down winbindd DC selection. Jeremy. (This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
2007-10-10r18199: Allow winbindd to delete a saf_ entry if it knowsJeremy Allison1-0/+4
it can't talk to it. Jeremy. (This used to be commit 7385a076f8fd351472d37d9363304948e88f9f99)
2007-10-10r18196: Fix debug message (this should be online not offline).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9c943dfe2d23e2d01df53ac81625278d4f870aa3)
2007-10-10r18191: Fix the online/offline state handling of winbindd.Jeremy Allison1-8/+117
Instead of trying to do this in the winbindd_cache entries, add a timed even handler to probe every 5 mins when disconnected. Fix events to run all pending events, rather than only one. Jeremy. (This used to be commit 7bfbe1b4fb9a91c6678035f220bbf0b4f5afdcac)
2007-10-10r18189: When tearing down a connection we can be harsherJeremy Allison1-5/+29
with timeouts. Also, wait for 5 seconds not 10 on connecting to a DC. Jeremy. (This used to be commit 6792460ba6a198646404abae10979489ca03ca5c)
2007-10-10r18107: Only do a SAF realm store if the logon was krb5.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 131682461c87973ac9ce0e2d097ad4d7b7afb23c)
2007-10-10r18063: When we get a successful connection using ADS,Jeremy Allison1-0/+3
cache the SAF name under both the domain name and the realm name, as we could be looking up under both. Jerry please check. Jeremy. (This used to be commit 9d954d2deb46698b3834c7caf5ee0cfe628086b5)
2007-10-10r18015: Try and detect network failures immediately inJeremy Allison1-5/+12
set_dc_type_and_flags(). Fix problem when DC is down in ads_connect, where we fall back to NetBIOS and try exactly the same IP addresses we just put in the negative connection cache.... We can never succeed, so don't try lookups a second time. Jeremy. (This used to be commit 2d28f3e94a1a87bc9e9ed6630ef48b1ce17022e8)
2007-10-10r18010: Ensure we don't timeout twice to the sameJeremy Allison1-8/+11
server in winbindd when it's down and listed in the -ve connection cache. Fix memory leak, reduce timeout for cldap calls - minimum 3 secs. Jeremy. (This used to be commit 10b32cb6de234fa17fdd691bb294864d4d40f782)
2007-10-10r17994: Add debugs that showed me why my site code wasn'tJeremy Allison1-0/+1
working right. Don't update the server site when we have a client one... Jeremy. (This used to be commit 7acbcf9a6c71f8e7f9167880488613c930cef4d9)
2007-10-10r17947: Remove extra const.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 86bfac33e35ee636581b88eb2ff55800c48b9a7b)
2007-10-10r17945: Store the server and client sitenames in the ADSJeremy Allison1-1/+1
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10r17943: The horror, the horror. Add KDC site support byJeremy Allison1-26/+37
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10r17937: Move the saf_ cache into the tcp ad connection code.Jeremy Allison1-2/+16
Cause winbindd to set site support before doing the generic AD server lookup. Jeremy. (This used to be commit a9833941715472ece747bce69ef53ba8ad98d7a5)
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke1-8/+10
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-1/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16479: When dcip_to_name failed to get the name of the ip in saf_servername weGünther Deschner1-1/+1
cannot put saf_name in the failed conn cache as it's uninitialized. Store saf_servername (the ip) in that case. Volker, please check. Guenther (This used to be commit 098a87f492f69caeb523478a7ebcd0e3f636497d)
2007-10-10r16361: Fix Klocwork ID 1731 1770 1771 1775 1796Volker Lendecke1-0/+3
Volker (This used to be commit 8a5cebc19e4709399976efe9e3ba3bf29249620a)
2007-10-10r15904: This does two things:Volker Lendecke1-25/+37
Fix more potential segfaults when something on our way to a DC connection fails. We can not continue if dcip_to_name() fails. With 192.168.234.100 nt4pdc 192.168.234.100 windows#1c 192.168.234.100 windows#1b in the lmhosts file when nt4pdc is rebooted, we do find the DC's IP address, we can connect to TCP 139 while it is booting but anything else fails. So we fall back to put the IP address into domain->dcname. When the DC is fully up later on we try to do the auth2 against \\192.168.234.100 which gives INVALID_COMPUTER_NAME. And we never get out of this loop again. Fix this. Jerry, maybe you can take a look. Thanks, Volker (This used to be commit b1244e79068af9e287252b2dfbb8d612e717674a)
2007-10-10r15845: Ok. This was a tough one. If for some reason the tconX fails towards ↵Volker Lendecke1-0/+1
a domain controller the next time we connect this child ran into a segfault because it tried to reference a half-baked connection. Volker (This used to be commit c8a8204c744cf7aa1a1a6992a3433d99b6bb73a1)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-8/+1
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r14895: Merge the 3.0.22 changeVolker Lendecke1-1/+1
(This used to be commit 62d60a04cd85dc521e7d63726b856f38287466ad)
2007-10-10r14748: store the name/ip address combination when we doa reverse look up in ↵Gerald Carter1-2/+11
case future forward lookups would fail (This used to be commit d56ed46faec46dad74b469d25ff99c9002792c78)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-1/+3
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)