summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2002-10-17Added new error codes. Fix up connection code to retry in the same wayJeremy Allison1-4/+18
that app-head does. Jeremy. (This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
2002-10-08merge from APP_HEADGerald Carter1-1/+10
* s/driverlocation/comment * detect native mode domain and enumerate local groups Also * Added sendfile stats from SAMBA_2_2 (This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
2002-10-04fix typoGerald Carter1-1/+1
(This used to be commit 38a956c79bbdb5e1eedfcb1cf3ad4f7c906d0cf7)
2002-10-04merge native_mode flag in winbindd_domain struct from app-headGerald Carter1-4/+50
(This used to be commit dd948a302ad6bd4307ecdfb10510e12185150eae)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-1/+1
from APP_HEAD (This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
2002-10-01Doh ! Lookup name before checking negative cache (the way Tim originallyJeremy Allison1-10/+10
had it...). Jeremy. (This used to be commit 6929b65954ff5b94d11db79c8fc6a295311c238f)
2002-09-30Fix memory leak in getting DC list. Remember to exclude failed lookups.Jeremy Allison1-5/+21
Jeremy. (This used to be commit c4fcbb2948beb3b6594d53a7ffdc8b94fd0d94e0)
2002-09-24Moved -ve cache check to correct place.Jeremy Allison1-10/+10
Jeremy. (This used to be commit 38c67632ade40413c0cc2b91e04105e4065a18b7)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+1
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau1-3/+3
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-29fix connecting to a BDC when the PDC is down but in WINS and no bcastAndrew Tridgell1-5/+3
can be used to find a BDC 2nd try .... (This used to be commit f757223ebe88148b83e1a32b87c014c15c0a68dd)
2002-08-29fix connecting to a BDC when the PDC is down but in WINS and no bcastAndrew Tridgell1-0/+7
can be used to find a BDC (This used to be commit e95d8e2c9ee5cf22b628f3e0d99fb74bcc632ea0)
2002-08-23Moved calculation of secure channel type into a new function.Tim Potter1-4/+3
(This used to be commit b8dba26978c281259e02b9d6ebacaa7cba4f7787)
2002-08-05fixed wbinfo -t for netbiosless domainsAndrew Tridgell1-1/+7
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-8/+14
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-07-31support netbiosless search for the DC using ADS in the winbindd AUTHAndrew Tridgell1-58/+110
code. (This used to be commit 3929532e3bfb98b925d73d331c8cbb319fdc8b9a)
2002-07-30Fixed for memory leak in connection caching code when a dc isTim Potter1-1/+13
permanently down. Found by Dan Coppock. (This used to be commit 13c0cc830e3d787a0c3a1aedd47641597026541e)
2002-07-21Renamed all the new_cli_netlogon_* functions to cli_netlogon_*Tim Potter1-2/+2
as they're no longer new! (This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
2002-07-13I just noticed that I never added my copyright when I messed with thisAndrew Bartlett1-0/+1
previously. Fix that. Andrew Bartlett (This used to be commit c552910477f0baca4d2173c2bdf4748de3c3b8ad)
2002-06-25Update cli_full_connection() to take a 'flags' paramater, and try to get aAndrew Bartlett1-1/+1
few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
2002-06-18more debug classess activatedSimo Sorce1-0/+3
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
2002-05-24Remove the password length paramater from cli_full_connection - it reallyAndrew Bartlett1-1/+1
didn't make any sense, and its was always just strlen(password) anyway. This fixes it to be strlen(password)+1 Andrew Bartlett (This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
2002-04-04Fixed the handle leak in the connection management code (this code is crapJeremy Allison1-0/+13
and should be rewritten, just not now... :-). Jeremy. (This used to be commit 5de792e7e9c2ad1422ac146caba632baa3f4e5c5)
2002-03-23Various winbind updates:Andrew Bartlett1-1/+2
- pam_winbind updates from vance, fixing a typo and making some the options work properly. - Extra parinoia in the winbind connection loop - Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do). - Fix up configure.in to use the same method for building the test .so as the Makefile uses. Andrew Bartlett (This used to be commit 8e705dd9215b1cb3f44d6348094679d7dc6a7fbd)
2002-03-19Fix a double-free bug in wbinfo -t's call in winbindd.Andrew Bartlett1-2/+4
I forgot to clean this up when netlogon move across to the connection cache arrangement. Also add some smb_panics to the connection_ok() code to try to catch this kind of thing better in future. Andrew Bartlett (This used to be commit f4f23fad6099143ec26550afc67655390070ceb8)
2002-03-18Allow us to see the difference between these two errors. (We need to chaseAndrew Bartlett1-1/+7
down some bugs with it...). Andrew Bartlett (This used to be commit ef68b28fa0e89345f817ca8fd8f04138a009c21e)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-2/+2
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-11always make winbindd try for the PDC first before trying for a BDCAndrew Tridgell1-5/+7
this prevents propogation delays in the SAM between the PDC and BDCs (This used to be commit 967cb3ed0c3190f3e95a227e4d998a7312b5990b)
2002-03-02Allow Samba to trust NT4 Domains.Andrew Bartlett1-2/+4
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
2002-02-28Ensure that winbindd and smbd both use identical logic to find dc's.Jeremy Allison1-28/+27
Fix bug where zeroip addresses were being checked. Jeremy. (This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
2002-02-15Winbind cleanup.Andrew Bartlett1-173/+204
This patch fixes the segfaults I introduced in the previous conneciton caching patch. It cleans up the connection cache a *lot* - in particular it adds significant robustness to the operation. If a the DC goes down, we no longer fail the next operation - the code checks if the connection died during one of its own operations on the socket, and restarts the conneciton as required. There is still a memory leak in here somewhere - but this code also cleans up a number of these. Also added is the abilty to sepecify the domain of the 'get around restrict anonymous' user that winbind uses. Andrew Bartlett (This used to be commit 92cbefdf2783bf9dbbb2179c1b2f7cdb802d84a9)
2002-02-11A few small winbind updates:Andrew Bartlett1-14/+55
Add a connection cache to the netlogon pipe. This makes a *massive* difference to the time-per-auth. Also fix up *some* of the memory leaks in other connection caches. Add some debugging messages for the is_connected() code. I'm thinking we should get a client implementation of SMBecho and call it here - as it would allow us to always know the DC is around before we start. Down the debug level for some of the pam_winbind code - I'll probably down it further when I'm finished debugging. Andrew Bartlett (This used to be commit 49d3e476662220775ef8da7db01ea17e77e11b0b)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-25Removed dodgy init of local variable.Tim Potter1-1/+1
(This used to be commit 1f7172b48e77dcda8bfd20d8e79a90b523727493)
2002-01-25Much more useful handling of backup domain controllers in winbindd. HonourTim Potter1-25/+51
the "password server" smb.conf parameter when choosing a DC to connect to. Due to the origin of the code in cm_get_dc_name() it wouldn't try additional DCs if the first DC didn't work. This would wedge winbindd if you had "password server = foo1, foo2" and foo1 was down. (This used to be commit fc7ed1b4a8774a6a07a8d8fd08d9d2f15cd5c1dc)
2002-01-19fixes (asprintf) from 2.2Simo Sorce1-4/+6
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
2002-01-01Further rpc_client removal, this time from winbindd.Andrew Bartlett1-1/+1
Also removed the dependency on auth_util.o, which makes things nicer. Finally, this kills off the NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ makefile variable - becouse Samba dependencies are starting to be sane again! Andrew Bartlett (This used to be commit 4609edcac3b70c11025f0c5aa0ddbeed93369c84)
2001-12-11Modify winbindd to use authenticated user info from secrets.tdb when makingTim Potter1-2/+29
IPC$ connections to domain controllers. (This used to be commit 1217ef28a6c18c085fcb2eac3bf04866c166d959)
2001-12-01The beginnings of alternative backends for winbinddAndrew Tridgell1-1/+1
This just splits off the dispinfo call behind a methods structure. I'll split off a few more functions soon, then we will be ready for LDAP replacement methods (This used to be commit 0216b0fca115c903ec31ed21427a83c62077dc95)
2001-11-29I think the lookup_pdc_name() should be called lookup_dc_name() and theTim Potter1-4/+13
name_status_find() call here should look up a #1c name instead of #1d. This fixes some bugs currently with BDC authentication in winbindd and in smbd as you can't query the #1d name with the ip address of a BDC. Who is Uncle Tom Cobbley anyway? (This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
2001-11-27Some reformatting.Tim Potter1-223/+229
M-x tabify (This used to be commit 6446d2acd5ead098e5e51b06df5bf78b9e315418)
2001-11-26don't die with a FPE if there are no DCsAndrew Tridgell1-0/+2
(This used to be commit b5999473482475ef64212f4f7204c7895cf8fdf3)
2001-11-23Fixed check machine account function.Tim Potter1-6/+8
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
2001-11-15Tidyup formatting a bit (spaces->tabs) whilst reading new code to understandJeremy Allison1-214/+198
connection caching. Getting ready for back-merge to 2.2.3. Jeremy. (This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf)
2001-11-15Caching user, group and domain sam handles was a stupid idea.Tim Potter1-78/+9
Now we just keep a record of the open pipes. (This used to be commit 77c287e9460eed7bde7004c7e6c8cb0099c6ba6f)
2001-11-15Cache positive and negative name domain controller lookups.Tim Potter1-11/+148
Cache negative connection attempt lookups. Fixed loginc bug in connection_ok() (This used to be commit e07bcfcccd6d4a29f188d978b2c34a7b18ff21fa)
2001-11-14Random connection robustness related fixes. Display some debugs aboutTim Potter1-20/+109
the currently open connections when winbindd receives a USR1 signal. Hmm - I've just realised this will conflict with the messaging code but we don't use that yet. (This used to be commit caef54e40081477609a824185949ddf6db6ba363)
2001-11-05Use cli_nt_login_network() instead of domain_client_validate() to performTim Potter1-0/+30
pam authentication. This allows us to link in less other crap. Authenticating with a challenge/response doesn't seem to work though - we always get back NT_STATUS_WRONG_PASSWORD. (This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
2001-10-29Don't force winbind to use non-local DC's.Volker Lendecke1-1/+1
Volker (This used to be commit fd1d0064b3a4fe834c5d8e810a12a8077f9d2a66)
2001-10-27Added some connection checking code. Doesn't work yet though.Tim Potter1-10/+43
(This used to be commit 4f4dace5772780cf4eedc0ebca1c60d04171eb74)