summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2009-09-25s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher1-1/+12
ACCCESS_DENIED metze
2009-09-24Revert "s3:winbindd: use a tcp connection for lsa in case ↵Stefan Metzmacher1-9/+0
lookup_names/lookup_sids doesn't work over ncacn_np" This reverts commit f23691cffd39e5df81b7b075e61ed1def6cce9f6. This should not have been commited... metze
2009-09-24s3:winbindd: use a tcp connection for lsa in case lookup_names/lookup_sids ↵Günther Deschner1-0/+9
doesn't work over ncacn_np metze
2009-09-23s3:winbind: Fix an uninitialized variableVolker Lendecke1-1/+1
2009-09-22s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner1-0/+2
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther
2009-09-22s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner1-0/+59
Guenther
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-5/+5
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner1-3/+4
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner1-1/+2
and cli_rpc_pipe_open_ntlmssp. Guenther
2009-09-09s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server ↵Günther Deschner1-1/+1
principal. Patch from Robert LeBlanc <robert@leblancnet.us>. Thanks! Guenther
2009-08-23s3:winbind: For internal domains it is pointless to connect to a DCVolker Lendecke1-0/+6
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-2/+2
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-07-27Fix a typoVolker Lendecke1-1/+1
2009-05-07Fix some type-punned warningsVolker Lendecke1-2/+5
2009-04-21s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner1-9/+9
Guenther
2009-04-20Fix to use modified cli_rpc_pipe_open_schannel_with_key APIAndrew Bartlett1-2/+2
2009-04-20Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()Andrew Bartlett1-1/+1
2009-04-14s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIsAndrew Bartlett1-9/+9
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-03-18s3: remove POLICY_HND.Günther Deschner1-3/+3
Guenther
2009-03-17Fix a valgrind errorVolker Lendecke1-1/+1
Found in "make test" -- if we can't connect at all, "cli" is uninitialized
2009-03-13Remove pwd_cache.c, it was doing nothing. Make user_name, domain, andJeremy Allison1-14/+25
password talloc'ed strings within the cli_struct. Jeremy.
2009-03-06s3:winbindd_cm: remove useless cli_setup_signing_state(*cli, Undefined) callStefan Metzmacher1-2/+0
cli_setup_signing_state() with Undefined is a noop. metze
2009-01-30Make cli_tcon_andx asyncVolker Lendecke1-7/+2
2009-01-14Fix bug in get_dc_name_via_netlogon(), null pointer refrence.Bo Yang1-1/+1
2009-01-13From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison1-3/+3
Jeremy.
2009-01-06Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison1-14/+10
Jeremy.
2009-01-05s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher1-4/+2
metze
2009-01-05s3:winbindd: regain tickets for all ccache entries, when we go onlineStefan Metzmacher1-7/+1
set_event_dispatch_time() is stupid by design and only handles the first event with a given name. metze
2009-01-05s3:winbindd: recreate the per domain check_online_event without relying on ↵Stefan Metzmacher1-19/+20
global state set_event_dispatch_time() is stupid by design and just picks the first event with the given name. metze
2009-01-05Fix broken krb5 refresh chainBo Yang1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-01-05clean event context after child is forked.Bo Yang1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-19Make cli_negprot return NTSTATUS instead of boolVolker Lendecke1-3/+4
2008-12-03s3: Change sockaddr util function names for consistencyTim Prouty1-1/+1
Also eliminates name conflicts with OneFS system libraries
2008-11-03s3: fix a few "shadows a global declaration" warningsTim Prouty1-4/+4
2008-11-01Rename dos_errstr() to win_errstr() for consistency with Samba 4.Jelmer Vernooij1-1/+1
2008-10-23s3: fix simple "incompatible pointer type" build warningTim Prouty1-1/+1
2008-10-23Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij1-1/+1
otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
2008-09-23s3: fix NETLOGON_NT_VERSION version flags.Günther Deschner1-1/+1
Guenther
2008-09-04Cleanup of DC enumeration in get_dcs()Steven Danneman1-24/+74
This is a fix for a few small inefficiencies/bugs in the get_dcs() path. * because the third add_one_dc_unique() loop was outside the ADS check all DCs returned from the non-sitename lookup were being tacked onto the dc_name_ip list twice. * add_one_dc_unique() now checks if the given IP address already exists before adding it to the list, making the returned list actually unique * added more thorough doxygen comment headers (This used to be commit cb2d488e1dbd90953c496c5e25d648977884f7e3)
2008-08-23Fix some nonempty blank linesVolker Lendecke1-26/+26
(This used to be commit 541e088656773d2b3b56a5a8bdc8dea6c9edec86)
2008-08-22Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison1-0/+3
farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (This used to be commit dca827791276906436452c650062164eb819dfe0)
2008-08-22winbindd: Fix crash in cm_connect_sam()Gerald (Jerry) Carter1-2/+7
Fix segv when talking to parent DC (joined to child domain). The root cause was (a) storing the parent domain in the cli_state struct caused the NTLMSSP pipe bind to fail which made us fallover to the schannel code path (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning NULL even though the function indicated success. (This used to be commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
2008-08-20Here is a re-working of the winbinddJeremy Allison1-8/+31
reconnect code to cope with rebooting a DC. This replaces the code I asked Volker to revert. The logic is pretty simple. It adds a new parameter, "winbind reconnect delay", set to 30 seconds by default, which determines how long to wait between connection attempts. To avoid overwhelming the box with DC-probe forked children, the code now keeps track of the DC probe child per winbindd_domain struct and only starts a new one if the existing one has died. I also added a little logic to make sure the dc probe child always sends a message whatever the reason for exit so we will always reschedule another connect attempt. Also added documentation. Jeremy. (This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)
2008-08-14Revert "Add winbind:online check timeout parameter"Volker Lendecke1-16/+0
This reverts commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6. (This used to be commit 34a32db9060e7b60455774f923f61b7367ee3fcf)
2008-08-13Add winbind:online check timeout parameterVolker Lendecke1-0/+16
This is a band-aid for the rather convoluted offline/online mess in winbind right now. Winbind re-uses the offline functionality that is targeted at domain client installations on laptops to not overload disfunctional DCs. It uses the winbind cache timeout as the retry timeout after a DC reboot. I am using a parametric options because when this mess is cleaned up, that parameter needs to go away again. I'd recommend to use something like winbind:online check timeout = 30 in typical LAN environments. This means a reconnect is attempted every 30 seconds. Volker (This used to be commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6)
2008-08-06fixed a fd leak when trying to regain contact to a domain controllerAndrew Tridgell1-0/+1
in winbind When a w2k3 DC is rebooted the 139/445 ports come up before the udp/389 cldap port. During this brief period, winbind manages to connect to 139/445 but not to udp 389. It then enters a tight loop where it leaks one fd each time. In a couple of seconds it runs out of file descriptors, and leaves winbind crippled after the DC does finally come up (This used to be commit 57187cafbcc053e75bb54750494df9feabe3a738)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_schannel_with_keyVolker Lendecke1-16/+14
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_ntlmsspVolker Lendecke1-11/+14
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit a13f0599551609394904b99e4014d580ec65c506)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-15/+18
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
generated by cgit (git 2.34.1) at 2024-11-02 20:47:11 +0000