summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2012-07-17Enable AES in winbind.Andreas Schneider1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-14Fix bug #9016 - Connection to outbound trusted domain goes offline.Jeremy Allison1-6/+0
By the time we've gotten to init_dc_connection_network() we shouldn't be second guessing the caller by calling winbindd_can_contact_domain(). If for some reason we do need to restrict the contact list here we can add a condition to only contact the primary domain or domains listed in the tdc cache, but I don't think that's neccessary. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam1-1/+1
This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
2012-05-28s3:libsmb: get rid of cli_negprotLuk Claes1-1/+2
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_disconnectLuk Claes1-2/+2
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_security_modeLuk Claes1-1/+1
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_capabilitiesLuk Claes1-1/+1
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_protocolLuk Claes1-2/+2
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_remote_nameLuk Claes1-2/+2
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_*_sockaddrLuk Claes1-2/+3
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-23Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no ↵Herb Lewis1-0/+1
timeout. If we're running with SEC_ADS and we don't get a cldap response from the server when querying its name, don't fall back to NetBIOS requests as they're unlikely to succeed. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104
2012-05-22Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout.Jeremy Allison1-1/+1
Add a timeout_in_seconds parameter to nbt_getdc() to make it fail after that time with NT_STATUS_IO_TIMEOUT.
2012-04-27s3:winbindd: also try SMB2 when connecting to "IPC$"Stefan Metzmacher1-7/+20
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Apr 27 13:10:15 CEST 2012 on sn-devel-104
2012-03-24lib/util: Remove obsolete sys_getpid() and sys_fork().Jelmer Vernooij1-2/+2
The performance of these is minimal (these days) and they can return invalid results when used as part of applications that do not use sys_fork(). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)1-1/+1
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-10s3-winbindd: set the can_do_validation6 also for trusted domainMatthieu Patou1-0/+2
The flag can_do_validation6 was only set for the domain to which winbindd is the member. Setting this flag in other domains (trusted domain) if it's active directory domain is a good idea as it allow to do level 6 validation also when winbindd is querying them directly.
2012-01-18s3-librpc: pass struct ndr_interface_table down to ↵Andrew Bartlett1-2/+2
cli_pipe_open_generic/spnego() This allows the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() genericAndrew Bartlett1-9/+14
This also avoids passing NULL as the server to gensec_set_target_hostname() in spnego_generic_init_client(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-24s3:winbindd_cm: make use of cli_tree_connect()Stefan Metzmacher1-1/+1
metze
2011-11-21s3:winbindd_cm: close sockfd on error in cm_prepare_connection()Stefan Metzmacher1-0/+2
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Nov 21 19:58:58 CET 2011 on sn-devel-104
2011-11-16s3-winbindd/winbindd_cm.c: remove cli_nt_error()Björn Baumbach1-8/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3:winbindd_cm: remove unused ads_statusStefan Metzmacher1-3/+0
metze
2011-11-03s3:winbindd: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher1-1/+1
metze
2011-09-15s3:libsmb: pass max_protocol to cli_negprot()Stefan Metzmacher1-1/+1
metze
2011-09-13s3:winbindd_cm: make use of cli_state_security_mode()Stefan Metzmacher1-1/+3
metze
2011-09-08s3:libsmb: pass CLI_FULL_CONNECTION_* flags to cli_state_create()Stefan Metzmacher1-3/+4
metze
2011-08-10s3:winbindd_cm: use cli_session_setup() instead of cli_session_setup_spnego()Stefan Metzmacher1-15/+18
metze
2011-08-10s3:libsmb: store the remote_realm on the cli_stateStefan Metzmacher1-1/+3
metze
2011-08-03s3:winbindd_cm: make use of cli_set_timeout()Stefan Metzmacher1-1/+1
metze
2011-08-02s3:winbindd_cm: make use of cli_state_protocol()Stefan Metzmacher1-1/+1
metze
2011-08-02s3:winbindd_cm: make use of cli_state_capabilities()Stefan Metzmacher1-1/+1
metze
2011-07-22s3:winbindd_cm: use controller instead of cli->desthostStefan Metzmacher1-2/+2
The should have the same value. metze
2011-07-22s3:winbindd_cm: use cli_state_[local|remote]_sockaddr()Stefan Metzmacher1-14/+4
metze
2011-07-21s3:winbindd_cm: remove unused checks for address familyStefan Metzmacher1-37/+0
If we got a connection, we don't need to check what address family it uses. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jul 21 23:33:48 CEST 2011 on sn-devel-104
2011-07-21s3:libsmb: replace cli_initialise[_ex]() by cli_state_create()Stefan Metzmacher1-7/+2
This makes sure cli_state->src_ss and cli_state->dest_ss are always initialized. metze
2011-07-21s3:winbindd remove an unused variableChristian Ambach1-2/+0
fixes a compiler warning
2011-07-11s3:winbindd_cm: make use of cli->src_ss instead of calling getsockname()Stefan Metzmacher1-2/+8
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 11 19:31:14 CEST 2011 on sn-devel-104
2011-07-11s3:winbindd_cm: make use of cli->dest_ss instead calling getpeername()Stefan Metzmacher1-1/+7
metze
2011-07-11s3:winbindd_cm: make use of cli_state_disconnect()Stefan Metzmacher1-4/+2
metze
2011-07-11s3:winbindd_cm: make use of cli_state_is_connected()Stefan Metzmacher1-9/+6
metze
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-4/+4
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-06-09s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
2011-05-06s3-libsmb: move protos to libsmb/proto.hGünther Deschner1-0/+1
Guenther
2011-05-04Fix warning messages caused by addition of null check in fstrcpy macro.Jeremy Allison1-1/+1
2011-05-02s3: remove various references to server side dcerpc structs (which are not ↵Günther Deschner1-1/+0
needed). Guenther
2011-04-29s3: Make winbindd_reinit_after_fork return NTSTATUSVolker Lendecke1-1/+5
2011-04-29s3: In winbind, close parent/child socketsVolker Lendecke1-1/+1
This should further reduce fd load in winbind children
2011-04-28s3: Close the winbind client fds after forkingVolker Lendecke1-0/+10
In an overload situation, the winbind helper child process inherits all those hundreds of fd's which it will never talk to. Close them. We (Christian Ambach and me) just saw a crash in libkrb5. Christian's analysis showed that libkrb5 also does select, probably exceeding FD_SETSIZE and crashing due to that reason. The parent winbind in theory does not do Kerberos at all, so this should fix that problem. The crash is interesting because the child process did not really crash. Somewhere in glibc backtrace() is called, probably due to an assert() or some explicit consistency check. This then somehow generates a signal probably due to corrupted memory structures. That signal triggers Samba to again call backtrace(). This blocks hard on a ptrace_once(). Sorry for the long backtrace here, but this *is* interesting. The child process blocking and not really crashing makes the situation worse: The parent process does not get told the child has crashed and more client sockets pile up. This patch is intended to put some relief on this problem by closing the majority of sockets the parent holds. (gdb) bt \#0 0x00002ad686a2b07b in pthread_once () from /lib64/libpthread.so.0 \#1 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6 \#2 0x00002ad683eab27c in log_stack_trace () at lib/util.c:1580 \#3 0x00002ad683eab34b in smb_panic (why=0x2ad6841c6ec3 "internal error") at lib/util.c:1481 \#4 0x00002ad683e9af3e in fault_report (sig=1) at lib/fault.c:52 \#5 sig_fault (sig=1) at lib/fault.c:75 #6 <signal handler called> \#7 0x00002ad68673b005 in _int_malloc () from /lib64/libc.so.6 \#8 0x00002ad68673c95d in calloc () from /lib64/libc.so.6 \#9 0x00002ad684503e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2 \#10 0x00002ad6844ffadc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2 \#11 0x00002ad684501d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 \#12 0x00002ad68450ac8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 \#13 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 \#14 0x00002ad68450a68c in _dl_open () from /lib64/ld-linux-x86-64.so.2 \#15 0x00002ad6867d0ba0 in do_dlopen () from /lib64/libc.so.6 \#16 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 \#17 0x00002ad6867d0d07 in __libc_dlopen_mode () from /lib64/libc.so.6 \#18 0x00002ad6867adeea in init () from /lib64/libc.so.6 \#19 0x00002ad686a2b083 in pthread_once () from /lib64/libpthread.so.0 \#20 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6 \#21 0x00002ad68673285f in __libc_message () from /lib64/libc.so.6 \#22 0x00002ad68673a30f in _int_free () from /lib64/libc.so.6 \#23 0x00002ad68673a76b in free () from /lib64/libc.so.6 \#24 0x00002ad6853fe346 in krb5int_sendto () from /usr/lib64/libkrb5.so.3 \#25 0x00002ad6853fe511 in krb5_sendto_kdc () from /usr/lib64/libkrb5.so.3 \#26 0x00002ad6853df7c4 in ?? () from /usr/lib64/libkrb5.so.3 \#27 0x00002ad6853e0919 in krb5_get_init_creds () from /usr/lib64/libkrb5.so.3 \#28 0x00002ad6853e2a94 in krb5_get_init_creds_password () from /usr/lib64/libkrb5.so.3 \#29 0x00002ad684169ff1 in kerberos_kinit_password_ext (principal=0x2ad684702180 "<sanitized>", password=0x2ad6844c5bb0 "<sanitized>", time_offset=0, expire_time=0x2ad6846bf380, renew_till_time=0x0, cache_name=0x2ad6843cb3e0 "MEMORY:winbind_ccache", request_pac=false, add_netbios_addr=false, renewable_time=<value optimized out>, ntstatus=0x0) at libads/kerberos.c:223 \#30 0x00002ad68416a223 in ads_kinit_password (ads=0x2ad6846bf330) at libads/kerberos.c:327 \#31 0x00002ad68415f725 in ads_sasl_spnego_bind (ads=0x2ad6846bf330) at libads/sasl.c:812 \#32 0x00002ad68415dbc1 in ads_sasl_bind (ads=0x2ad6846bf330) at libads/sasl.c:1114 \#33 0x00002ad68415c09b in ads_connect (ads=0x2ad6846bf330) at libads/ldap.c:711 \#34 0x00002ad683e1b8f7 in ads_cached_connection (domain=0x2ad6846b07c0) at winbindd/winbindd_ads.c:124 \#35 0x00002ad683e1bc85 in sequence_number (domain=0x2ad6846b07c0, seq=0x2ad6846b0cd8) at winbindd/winbindd_ads.c:1233 \#36 0x00002ad683dffdd7 in refresh_sequence_number (domain=0x2ad6846b07c0, force=128) at winbindd/winbindd_cache.c:510 \#37 0x00002ad683e00520 in wcache_fetch (cache=<value optimized out>, domain=0x2ad6846b07c0, format=0x2ad68419901e "U/%s") at winbindd/winbindd_cache.c:638 \#38 0x00002ad683e04ac8 in query_user (domain=0x2ad6846b07c0, mem_ctx=0x2ad6846bc920, user_sid=0x7fff1d0cb8c0, info=0x7fff1d0cb810) at winbindd/winbindd_cache.c:1910 \#39 0x00002ad683df2d38 in winbindd_dual_userinfo (domain=0x2ad6846b07c0, state=0x7fff1d0cc9c0) at winbindd/winbindd_user.c:173 \#40 0x00002ad683e232e0 in fork_domain_child (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:485 \#41 schedule_async_request (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:319 \#42 0x00002ad683e229f2 in async_request_fail (state=0x2ad6846c1d00) at winbindd/winbindd_dual.c:214 \#43 0x00002ad683ebabec in run_events (ev=0x2ad6846aebf0, selrtn=0, read_fds=0x7fff1d0ce910, write_fds=<value optimized out>) at lib/events.c:123 \#44 0x00002ad683df08cb in process_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1113 \#45 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1437 Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Apr 28 12:06:12 CEST 2011 on sn-devel-104
2011-04-27Remove fstrings from client struct. Properly talloc strings (ensuring we ↵Jeremy Allison1-1/+6
never end up with a NULL pointer).
2011-04-25s3: Add a 10-second timeout for the 445 or netbios connection to a DCVolker Lendecke1-2/+2
generated by cgit (git 2.34.1) at 2024-11-01 11:53:02 +0000