summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18107: Only do a SAF realm store if the logon was krb5.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 131682461c87973ac9ce0e2d097ad4d7b7afb23c)
2007-10-10r18063: When we get a successful connection using ADS,Jeremy Allison1-0/+3
cache the SAF name under both the domain name and the realm name, as we could be looking up under both. Jerry please check. Jeremy. (This used to be commit 9d954d2deb46698b3834c7caf5ee0cfe628086b5)
2007-10-10r18015: Try and detect network failures immediately inJeremy Allison1-5/+12
set_dc_type_and_flags(). Fix problem when DC is down in ads_connect, where we fall back to NetBIOS and try exactly the same IP addresses we just put in the negative connection cache.... We can never succeed, so don't try lookups a second time. Jeremy. (This used to be commit 2d28f3e94a1a87bc9e9ed6630ef48b1ce17022e8)
2007-10-10r18010: Ensure we don't timeout twice to the sameJeremy Allison1-8/+11
server in winbindd when it's down and listed in the -ve connection cache. Fix memory leak, reduce timeout for cldap calls - minimum 3 secs. Jeremy. (This used to be commit 10b32cb6de234fa17fdd691bb294864d4d40f782)
2007-10-10r17994: Add debugs that showed me why my site code wasn'tJeremy Allison1-0/+1
working right. Don't update the server site when we have a client one... Jeremy. (This used to be commit 7acbcf9a6c71f8e7f9167880488613c930cef4d9)
2007-10-10r17947: Remove extra const.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 86bfac33e35ee636581b88eb2ff55800c48b9a7b)
2007-10-10r17945: Store the server and client sitenames in the ADSJeremy Allison1-1/+1
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10r17943: The horror, the horror. Add KDC site support byJeremy Allison1-26/+37
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10r17937: Move the saf_ cache into the tcp ad connection code.Jeremy Allison1-2/+16
Cause winbindd to set site support before doing the generic AD server lookup. Jeremy. (This used to be commit a9833941715472ece747bce69ef53ba8ad98d7a5)
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke1-8/+10
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-1/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16479: When dcip_to_name failed to get the name of the ip in saf_servername weGünther Deschner1-1/+1
cannot put saf_name in the failed conn cache as it's uninitialized. Store saf_servername (the ip) in that case. Volker, please check. Guenther (This used to be commit 098a87f492f69caeb523478a7ebcd0e3f636497d)
2007-10-10r16361: Fix Klocwork ID 1731 1770 1771 1775 1796Volker Lendecke1-0/+3
Volker (This used to be commit 8a5cebc19e4709399976efe9e3ba3bf29249620a)
2007-10-10r15904: This does two things:Volker Lendecke1-25/+37
Fix more potential segfaults when something on our way to a DC connection fails. We can not continue if dcip_to_name() fails. With 192.168.234.100 nt4pdc 192.168.234.100 windows#1c 192.168.234.100 windows#1b in the lmhosts file when nt4pdc is rebooted, we do find the DC's IP address, we can connect to TCP 139 while it is booting but anything else fails. So we fall back to put the IP address into domain->dcname. When the DC is fully up later on we try to do the auth2 against \\192.168.234.100 which gives INVALID_COMPUTER_NAME. And we never get out of this loop again. Fix this. Jerry, maybe you can take a look. Thanks, Volker (This used to be commit b1244e79068af9e287252b2dfbb8d612e717674a)
2007-10-10r15845: Ok. This was a tough one. If for some reason the tconX fails towards ↵Volker Lendecke1-0/+1
a domain controller the next time we connect this child ran into a segfault because it tried to reference a half-baked connection. Volker (This used to be commit c8a8204c744cf7aa1a1a6992a3433d99b6bb73a1)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-8/+1
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r14895: Merge the 3.0.22 changeVolker Lendecke1-1/+1
(This used to be commit 62d60a04cd85dc521e7d63726b856f38287466ad)
2007-10-10r14748: store the name/ip address combination when we doa reverse look up in ↵Gerald Carter1-2/+11
case future forward lookups would fail (This used to be commit d56ed46faec46dad74b469d25ff99c9002792c78)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-1/+3
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13515: Make sure to store the correct domain name in the server affinity cache.Gerald Carter1-1/+1
(This used to be commit a918e4ac2426d4cb3cd526c4fad7480b832e6a12)
2007-10-10r13409: No functional changes, just some DEBUG cleanup.Günther Deschner1-1/+1
Guenther (This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-6/+20
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13310: first round of server affinity patches for winbindd & net ads joinGerald Carter1-25/+45
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
2007-10-10r13232: defensive programming in an attempt to prevent crashes due to a PDC ↵Gerald Carter1-3/+5
rebooting (This used to be commit 994794383361cfe5d58098ae494489fb0164e1df)
2007-10-10r12193: Fix some typos.Günther Deschner1-1/+1
Guenther (This used to be commit 499224f02a8722eea0d4644ca81ca55da0e9a86b)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-2/+3
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r11381: Correctly connect to 445 and 139 after a successful getdcname.Volker Lendecke1-3/+10
Volker (This used to be commit 440e7b3342e6b7b12208b789853962de72a9cac2)
2007-10-10r11338: Move knowledge of \\ needed into rpc_client/cli_netlogonJeremy Allison1-7/+1
(this is the way it's been done in other functions). Instead of moving this into the IDL, I think the best solution would be to write a wrapper function around any call that needs this (this is what we already do for many of the calls). Jeremy. (This used to be commit aeca4efa11728be53b81967bb5442b5b09d1a975)
2007-10-10r11328: Actually verify that the bind on a pipe succeeded with a samr_connect orVolker Lendecke1-167/+196
lsa_openpolicy and fall back appropriately. In particular an ntlmssp bind failure can not be detected before the first real rpc request, at least according to abartlet :-) Works for me against w2k3, w2k and nt4. Sooner or later I should test against samba4 ... :-) Volker (This used to be commit 48a9e35208ae7b6271508085f59833e5def640e8)
2007-10-10r11324: Re-formatting before I can get a very *narrow* focus on the bugs in ↵Volker Lendecke1-59/+61
here. ;-) We can only tell if the bind succeeded on the first real RPC call. So we have to decide according to success of samrconnect whether we have to fall back. Similarly for lsaopenpolicy. Volker (This used to be commit 0603e1c8456ee87b87b051e0303a35fdbfbcf7ca)
2007-10-10r11323: Fix usage of rpccli_netlogon_getdcname. Add some debug messages.Volker Lendecke1-3/+18
Volker (This used to be commit 770ad2a8a72ae7bfcdc1b86b72142e11f662d975)
2007-10-10r11253: Fix an annoying timeout when no nmbd is aroundVolker Lendecke1-8/+8
(This used to be commit 10fb32ec52b32b72a46a783b73c6dd1f24625d9b)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-204/+309
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r10556: BUG 3083: patch from Alex Deiter <tiamat@komi.mts.ru> to fix ↵Gerald Carter1-1/+4
checking trusted account for winbindd running on a Samba PDC (This used to be commit 24b43af642c9d41c14b9ad64704e13cc9150378d)
2007-10-10r8800: grr...get logic right when checking #defineGerald Carter1-2/+2
(This used to be commit c2f69827de13a6e63077bfc4a62738c0f88e0835)
2007-10-10r8799: disabling schannel on samr and lsa until I figure outGerald Carter1-9/+15
the latest MS changes in 2003 sp1 and 2004 sp4 sr1 (This used to be commit 7588c32baa50994bdc6e351d79da3edff1fdc876)
2007-10-10r8796: disable schannel on the lsa client pipe for now to deal with Windows ↵Gerald Carter1-0/+7
2003 sp1 and Windows 2000 SP4 SR1 (This used to be commit bc1443837c81bebbac7894075a15fe96338f8b0a)
2007-10-10r7454: couple of winbindd fixesGerald Carter1-3/+11
* make sure to use our domain as the account name in the net_req_auth2() request when running on a Samba DC * make sure to lookup the correct domain (not default to ours) when getting an async getpwnam() call (This used to be commit c9c3e3c122a6a04847c448d298b6f1adb4f35a60)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-461/+509
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6296: add message about known interoperability issue with Windows 2003 SP1 DCsGerald Carter1-0/+10
(This used to be commit 88c2ed1534d5239273458768b7b3f05102a2af16)
2007-10-10r6158: fix some misleading error messagesGerald Carter1-2/+2
(This used to be commit 91a8e1ac6debffe457624a625e0f407bdbbbcb15)
2007-10-10r6154: fix winbindd <-> Windows 2003 sp1 issue.Gerald Carter1-1/+5
Can't do LsaOpenPolicy() over schannel anymore. This is an interesting find as it could imply that there are other changes we haven't seen yet in sp1. Volker, You might want to look at this for trunk. (This used to be commit 82e3a9d9b526522376ea967c66c67b02f2c68dd8)
2007-10-10r5336: BUG 2329: fix to re-enable winbindd to locate DC's when 'disable ↵Gerald Carter1-64/+86
netbios = yes' (This used to be commit 75a223f1188ae0041c9e3c748af107d642f73810)
2007-10-10r4905: patch from abartlet to remove storing the auth-user credentials from ↵Gerald Carter1-4/+0
the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail (This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)
2007-10-10r4749: Fix memleakVolker Lendecke1-0/+2
(This used to be commit a8aab6de7516b70cae6c096883874fa152777b13)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter1-15/+0
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4732: Even if we have 'password server' set, we need to look up the native ↵Volker Lendecke1-0/+6
DC name via netbios, as the user might have set an IP address or a fqdn. Volker (This used to be commit 61466f38429ba67ace3e84c870a0f913f64d122c)
2007-10-10r4575: adding extra debug to cm_prepare_connection()Gerald Carter1-0/+3
(This used to be commit 13a2aa50ea203cee9c2323bb0428f8c50a3c0f77)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-4/+4
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3843: If a connection to a DC is requested, open connections ↵Volker Lendecke1-160/+424
simultaeneously to all DCs found. The first one to reply wins. Volker (This used to be commit 84ac54aef2bd56b5c889d3b05b8828aceb8ae00e)