summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach1-2/+2
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23225: Attached find a patch that makes use of NetSamLogonEx inVolker Lendecke1-0/+11
winbind. With this and W2k3 DCs around it is possible to use more than one winbind on the same machine account, because NetSamLogonEx does not use the credentials chain. I added the flag domain->can_do_samlogon_ex because this only works against W2k3 and with schannel. The theory is to try if we're AD and have schannel, and fall back to NetSamLogon if this fails. can_do_samlogon_ex is thus a protection against multiple failures. Only checking into 3_0, this needs more review before going into a production release. Feel free to comment :-) (This used to be commit f5d525399b0b03a3d0b223fe72ef0a8a631fc599)
2007-10-10r23210: Very funny, we thought to use netr_GetDcName (e.g. in winbind) but ↵Günther Deschner1-5/+5
were using netr_GetDcAnyName all the time (which is the correct thing to do). Fix the naming and opcode mixup in all branches. Guenther (This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
2007-10-10r23117: Factor out local messaging.Volker Lendecke1-4/+0
This removes message_block / message_unblock. I've talked to Jeremy and Günther, giving them my reasons why I believe they have no effect. Neither could come up with a counter-argument, so they go :-) (This used to be commit a925e0991ffbaea4a533bab3a5d61e5d367d46c8)
2007-10-10r23015: Make message_(de)register static to messages.cVolker Lendecke1-2/+4
(This used to be commit a8082a3c7c3d1e68c27fc3bf42f3d44402cc6f9f)
2007-10-10r22943: More message_register -> messaging_registerVolker Lendecke1-12/+20
(This used to be commit caece8975b0c2bad56d6a6a576bf8ce54626183f)
2007-10-10r22905: cli_send_mailslot had a message_send_pid insideVolker Lendecke1-1/+2
(This used to be commit 3fdfb5b7cdf25f4db7bbacb416523d75cab1b103)
2007-10-10r22895: Convert some more calls from message_send_buf to messaging_send_bufVolker Lendecke1-16/+20
(This used to be commit c8b98273406242a89a7e5d1fb5d79120ebe5822a)
2007-10-10r22736: Start to merge the low-hanging fruit from the now 7000-line cluster ↵Volker Lendecke1-2/+2
patch. This changes "struct process_id" to "struct server_id", keeping both is just too much hassle. No functional change (I hope ;-)) Volker (This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
2007-10-10r22715: When our primary domain does on or offline, make sure to send a msgGerald Carter1-2/+37
to the idmap child. Also remove the check for the global offline state in child_msg_offline() as this means we cannot mark domains offline due to network outages. (This used to be commit 1b99e8b521eae3e9fa775577de01116bb20fb8b3)
2007-10-10r22709: we can only use tschannel when commectcing to our primary (might ↵Gerald Carter1-1/+8
need some fixing here for a Samba DC) (This used to be commit 3d2123383d9dab6f0c8832e0f04238aa9a972c70)
2007-10-10r22705: Implement new set_dc_type_and_flags() called based on theGerald Carter1-8/+139
information return from our DC in the DsEnumerateDomainTrusts() call. If the fails, we callback ot the older connect-to-the-remote-domain method. Note that this means we can only reliably expect the native_mode flag to be set for our own domain as this information in not available outside our primary domain from the trusted information. This is ok as we only really need the flag when trying to determine to enumerate domain local groups via RPC. Use the AD flag rather than the native_mode flag when using ldap to obtain the seq_num for a domain. (This used to be commit 4b4148a9642f03b8f27dda2132708bcc0cbb3b8e)
2007-10-10r21454: Fix debug typo.Günther Deschner1-1/+1
Guenther (This used to be commit 5c4a58ff3ab261e32789f39f2cf478367b727318)
2007-10-10r21382: Important fix for winbind when using non-AD domains.Günther Deschner1-1/+7
Jeremy, I'm afraid you removed the "domain->initialized" from the set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed (with rev. 19148). This causes now that init_dc_connection_network is called again and again which in turn rescans the DC each time (which of course fails each time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the non-PI_LSARPC_DS scan so that the domain is initialized properly. Guenther (This used to be commit c6f63a08f55a4121cbe5aac537d2ef983dc25a97)
2007-10-10r21098: When get_dc_name_via_netlogon() in get_dcs() fails to find a trusted DCGünther Deschner1-2/+2
we may not just assume that we look for our own realm's dcs next. Guenther (This used to be commit bf0c4ce7b1194e18cc16a044b042d0066463cf87)
2007-10-10r21064: The core of this patch isVolker Lendecke1-4/+8
void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
2007-10-10r21033: To make the logs a bit more readable let the winbind dc connect childGünther Deschner1-0/+3
write to a separate logfile. Guenther (This used to be commit 0313edc0d66c26b5acb6250e0f146218a02b42cd)
2007-10-10r20915: Fixed the bad merge from 3.0.24.Jeremy Allison1-6/+8
Jeremy. (This used to be commit 018d7805b5ecb17e21e1a55b6cc65efaab4b3f63)
2007-10-10r20914: Sync up incorrect differences between 3.0.24 and 3.0Jeremy Allison1-12/+11
Jeremy. (This used to be commit a2222a565c658fe5154d9321edab69a95ddeed15)
2007-10-10r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner1-2/+2
the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
2007-10-10r20860: Adding some small tweaks. When we have no sitename, there is no need toGünther Deschner1-9/+11
ask for the list of DCs twice. Guenther (This used to be commit a9baf27e1348dd6dadd7a2fafdf9c269087b80ac)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison1-4/+31
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20846: Before this gets out of control...Volker Lendecke1-14/+18
This add a struct event_context and infrastructure for fd events to smbd. This is step zero to import lib/events. Jeremy, I rely on you to watch the change in receive_message_or_smb() closely. For the normal code path this should be the only relevant change. The rest is either not yet used or is cosmetic. Volker (This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
2007-10-10r20489: Missed patch ofthe forest_name patch for lookupnameGerald Carter1-4/+8
(This used to be commit 25c4ebb55f425816e033491138f1216125de6edb)
2007-10-10r20329: Fix a winbindd crash bug. If someone pullsJeremy Allison1-5/+7
the network cable out of the machine *exactly* after the init_dc_connect() call in cm_connect_sam() or cm_connect_lsa() call succeeded but before any of the other calls fail, and they have debug level 10 set in the log, then we'd crash due to dereferencing a now NULL pointer (conn->cli gets set to NULL when the init_dc_connect() call called from cm_get_schannel_dcinfo() fails). Yes, before you ask this *did* happen on a customer site :-). Jeremy. (This used to be commit a0278a0cb062500ba97e237d02f55855b68719ec)
2007-10-10r20296: If we're going to overwrite krb5.confJeremy Allison1-15/+12
only do it for our primary domain. Jeremy. (This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
2007-10-10r20250: If we've come from being globally offline weJeremy Allison1-10/+26
don't have a check online event handler set. We need to add one once we're been asked to go back online as this is the only way to actually go into the online state. Doh ! :-). Jeremy. (This used to be commit 5d36c4e0313c2d735242dfdd57343372be59c6e1)
2007-10-10r20245: merge 20244 from samba_3_0_24Herb Lewis1-3/+3
get rid of more nested extern declarations warnings (This used to be commit e9df051f5201843e3428ddbed7a719553c2e799a)
2007-10-10r20206: Start cleaning up the talloc_ctx mess.Jeremy Allison1-0/+3
child->mem_ctx isn't actually used for anything, so remove it. Jeremy. (This used to be commit a7f294b59238826c11e579a7b1a4dca7284bb89d)
2007-10-10r20146: Now online checks are fully async we can do themJeremy Allison1-7/+1
every cache timeout times. Jeremy. (This used to be commit 5d364bc5ccc45b8d7bf3e484d16b37ac9e06b5cf)
2007-10-10r20140: Make online/offline detection completely asynchronous.Jeremy Allison1-22/+177
Now I've done this I might be able to reduce the probe timeout and reduce the backoff algorithm, going back to checking every cache time seconds (5 mins by default), as the parent or forked domain child will never block. Jeremy. (This used to be commit d0add5f946cf63ea43067e8e935876b5346d11de)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-1/+2
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-11/+27
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r20060: Fix the timout calculation.Jeremy Allison1-7/+9
Jeremy. (This used to be commit 017be792f3c41aba2cbda10b53d80aad91c5d666)
2007-10-10r20058: Ensure we actually do the increasing timeJeremy Allison1-3/+1
calculation when in offline mode. Jeremy. (This used to be commit b7dc67ab2a78aba8dc8324430798ef56325d3cd6)
2007-10-10r20057: Attempt to fix connect timeouts when connected onJeremy Allison1-7/+54
a network but not one on which any home DC's can be found (hotel network problem). Still testing but this is getting close. Jeremy. (This used to be commit 369c9e4138b93f7cfb6680f0beb541f58554e856)
2007-10-10r19754: * When using a krb5 session setup, we don't fill in the server_nameGerald Carter1-2/+2
string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete() (This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
2007-10-10r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner1-1/+1
Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
2007-10-10r19212: Make sure domains marked internal don't doJeremy Allison1-5/+18
network queries. Jeremy. (This used to be commit e4d5e1d90b40fee1edc5cf0134b276645eea63bf)
2007-10-10r19159: The getdc call can take a long time. Allow for timeouts.Jeremy Allison1-1/+9
Jeremy. (This used to be commit 99bebb65273c78d9867254c47438577bb21af4ee)
2007-10-10r19148: Finish last nights patch - make offlineJeremy Allison1-45/+60
work again. Still under test. Jeremy. (This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)
2007-10-10r19143: getdcname on the NETLOGON pipe returns WERROR, not NTSTATUS.Günther Deschner1-3/+4
Guenther (This used to be commit 44e228ac796fca2db8509915067511ed705032bf)
2007-10-10r19105: Ok - this is currently untested (but I'm testing it atJeremy Allison1-0/+15
the moment) but winbindd isn't run in the build farm so hopefully won't break anything too badly - I don't want to lose this. If winbindd starts offline then it falls back to using MS-RPC backend. On going online it needs to reset the backend and try and go to using the AD backend code if possible, as the MS-RPC sequence number fetch just returns 1 as the sequence number if run against an AD DC. In addition, the winbindd async child may end up with the AD backend whilst the main winbindd - which still contacts the DC for some non-async calls, is left using MS-RPC. This can cause some trouble (as you can imagine :-). Attempt to ensure both main winbindd and async children us AD backends on going online. Jeremy. (This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
2007-10-10r19064: This code block is already #ifdef'ed by WITH_ADS which should implyVolker Lendecke1-2/+2
HAVE_KRB5. If WITH_ADS does not imply KRB5, we have to fix that. Lets see what the build farm thinks about this. Volker (This used to be commit 27b063078dff0d8c5eb552dd73825f6858d04e4b)
2007-10-10r18980: Be a little more intelligent about "startup_time",Jeremy Allison1-2/+25
move into the domain struct. Allow message to go online to set this state and cope with removing it. Jeremy. (This used to be commit 51f0e60cc3a652b0ff1658d4c07bfc9493fbc51a)
2007-10-10r18557: If you've set security=ads, do the DNS queries first.Jeremy Allison1-9/+6
Doing otherwise means site support doesn't work correctly. Jeremy. (This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90)
2007-10-10r18552: Ensure the sitename matches before we SAF store a DC in ADS mode.Jeremy Allison1-2/+4
Jeremy. (This used to be commit 03e1078b459531af5a2336b584b3c886c5dd1e29)
2007-10-10r18551: Implement a 30 seconds from startup, during which weJeremy Allison1-2/+2
try hard to connect a DC even if we might be offline. Jeremy. (This used to be commit a9f115140700487767bafa058db744eea5ee8f77)
2007-10-10r18525: Be a little less agressive about going back online when requested.Jeremy Allison1-7/+15
Jeremy. (This used to be commit 9a0066278c30b123eeaed8213294b6d81a339524)
2007-10-10r18506: Fix online requests to cause an immediate DC connection.Jeremy Allison1-5/+35
Jeremy. (This used to be commit 03b1699fa7d94fd637ff8c3bd2c59358673d2607)