summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2008-04-20Add "desthost" to rpc_pipe_clientVolker Lendecke1-4/+4
This reduces the dependency on cli_state (This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
2008-04-18winbindd: call reinit_after_fork() in the child processesStefan Metzmacher1-3/+2
metze (This used to be commit 8e9fdef792e612e414444e7714a2fd4513892248)
2008-04-17Move GETDC mailslot out of winbindd.Günther Deschner1-162/+2
Guenther (This used to be commit b003ba65e34bb92bf71a7943957715cd7acbcce0)
2008-04-10Also accept 0x15 getdc repliesVolker Lendecke1-19/+22
My NT4SP6 which my DC here trusts sends 0x15 instead of 0x13, from looking at the sniff at least the DC name is at the same place. (This used to be commit 79bc6796b81395d591fc6ef389f153dd981fe68b)
2008-04-09Try anonymous session setupVolker Lendecke1-1/+3
... if there's no trust password Attempt to fix bug 5350 (This used to be commit 99f6b63f3c637457fdda7ed930c6666171b25b61)
2008-04-02Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner1-5/+1
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
2008-03-31Fix enumeration of forest trusts from our root domain.Gerald W. Carter1-1/+1
Do not overwrite the domain->domain_flags when setting infomation in set_dc_type_and_flags_connect(). (This used to be commit 3414eac439b731ad7204b821ddc4fec54fe4435d)
2008-03-26Fix winbind NETLOGON cred chain on a samba dc for w2k8 trusts.Günther Deschner1-1/+5
Guenther (This used to be commit 2586dc34e0f72204749f5bf10c8135cd3a753a42)
2008-03-19Merge dd9e0bea31751 from 3-0-ctdb -- use NetSamLogonEx when possibleVolker Lendecke1-0/+10
NetSamLogonEx has the advantage that it does not use the credential chain (This used to be commit cfceb063f559f8549b8f24ce347be213c89303b0)
2008-03-10Use a separate tdb for mutexesVolker Lendecke1-11/+6
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)
2008-02-08Use rpccli_netr_DsRGetDCName() in rpcclient and winbindd.Günther Deschner1-12/+13
Guenther (This used to be commit 4f3e97cbae3df8e12db37b8a8a0eaee947fa723a)
2008-02-08Use rpccli_lsa_QueryInfoPolicy() all over the place.Günther Deschner1-14/+17
Guenther (This used to be commit ce22abcea3446e4ad42e8e04654b9855b173c5a1)
2008-02-08Use rpccli_lsa_QueryInfoPolicy2 in winbindd.Günther Deschner1-16/+19
Guenther (This used to be commit ccf79cfa88c7f3a10d191f8f0eedb9d421c65f6c)
2008-02-07Use rpccli_netr_GetAnyDCName and rpccli_netr_GetDCName everywhere.Günther Deschner1-12/+18
Guenther (This used to be commit 8abeea9922ac09e7307730ee7695453718356873)
2008-02-04Use rpccli_samr_Connect2() all over the place.Günther Deschner1-12/+15
Guenther (This used to be commit bdf8d562621e1a09bf83e2009dec24966e7fdf22)
2008-02-01Use rpccli_samr_OpenDomain() all over the place.Günther Deschner1-6/+6
Guenther (This used to be commit e4e9d72724d547e1405b2ed4cec509d50ec88c8d)
2008-01-29Remove include/rpc_ds.h and all references to it completly.Günther Deschner1-6/+6
Jerry, please have a look if you're fine with that. Guenther (This used to be commit beae25c808a3a03d645f247e9befcd05e3ecca2c)
2008-01-29Use pidl generated call to enumerate ds trusted domains in winbindd.Günther Deschner1-12/+19
Guenther (This used to be commit 3a3c1aed9bfc681457aa06f706fc6fe2d9b2e903)
2008-01-25Use the correct domain name when looking up the trust password.Gerald W. Carter1-1/+15
On a DC, we always use the domain name given. On a domain member, we use lp_workgroup(). This fixes a bug supporting trusted domains. (This used to be commit 8b063a414149bdf401a8f854d55ed7dc6f94cb60)
2008-01-25Use generated DSSETUP client & server rpc functions and remove the ↵Günther Deschner1-15/+16
hand-written ones. Guenther (This used to be commit d5ebfccebb1f1b56b45673a506fcdb414103c43b)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-1/+1
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2008-01-23Fix get_trust_creds() to return always an upper-cased krb5 principal (thisGünther Deschner1-4/+8
fixes winbind krb5 session at least with heimdal). Guenther (This used to be commit 9cf3a98eacea2dd07f89245f147e002b3f49482e)
2008-01-20Fix a segfaultVolker Lendecke1-3/+10
Pointed out by Steven Danneman on irc, thanks! Jerry, Günther, please check! (This used to be commit 9e71c89ac648040739ef2161a2e6c4299be1e35b)
2008-01-15Apply const to rpccli_lsa_query_info_policy() and ↵Günther Deschner1-3/+3
rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
2008-01-07Fix build warning.Günther Deschner1-16/+18
Guenther (This used to be commit 73233a06d6f0f1346c48b465750af4b532cd7306)
2008-01-04When connecting to an AD DC, use the DsGetDCName variant.Gerald (Jerry) Carter1-2/+36
This allows us to deal with child domains in transitive forest trusts. It also allows us to fill in the forest name to the target domain to the struct winbindd_domain *. (This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)
2007-12-29Use correct size value for linearize call.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a5df44f5b7887d10c1e1a0b7a3dd05bcf31015e1)
2007-12-29Remove tiny code duplicationVolker Lendecke1-4/+7
sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
2007-12-21Kill fstring in getdcname & getanydcname return.Günther Deschner1-2/+2
Guenther (This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
2007-12-18Fix logic error in cm_connect_sam().Michael Adam1-1/+0
Don't fall back to schannel when trust creds could be obtained. This is still not complete, but I am getting closer. Michael (This used to be commit 7c9fa597d684a25822b4db6615f28336f2d64ef3)
2007-12-17Fix a segv in winbindd caused by trying to free an fstring.Gerald (Jerry) Carter1-2/+6
Make a copy of the machine_password and machine_account strings in all conditional paths so that SAFE_FREE() will always be valid. (This used to be commit 194c4640b158457a6d0d5ea91e28d41d619c77de)
2007-12-13Make cm_connect_sam() try harder to connect autheticated.Michael Adam1-9/+26
Even if the session setup was anonymous, try and collect trust creds with get_trust_creds() and use these before falling back to schannel. This is the first attempt to fix interdomain trusts. (get password policy and stuff) Michael (This used to be commit e180bbd45452435e981192028a0ad90078c04236)
2007-12-13Refactor out assembling of trust creds (pw, account name, principal).Michael Adam1-17/+38
Michael (This used to be commit 481f18b20d6d5ee12c62120a3559bb16cc98e465)
2007-12-13Streamline and fix logic of cm_prepare_connection().Michael Adam1-25/+37
Do not attempt to do a session setup when in a trusted domain situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT). Use get_trust_pw_clear to get machine trust account. Only call this when the results is really used. Use the proper domain and account name for session setup. Michael (This used to be commit 18c66a364e0ddc4960769871ca190944f7fe5c44)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-19/+3
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13Streamline logic in cm_connect_netlogon()Michael Adam1-5/+6
by retrieving trust password only, when it will be used. Michael (This used to be commit cdc60d8ae8c0ef804206b20b451e9557f97d4439)
2007-12-13In cm_prepare_connection(), only get auth user creds if we need to.Michael Adam1-2/+2
Michael (This used to be commit 164bfb25d7b5cfeffeb4d81958b7629a11ca5d5e)
2007-12-10Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison1-1/+1
them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
2007-12-03Last pstring here.Jeremy Allison1-4/+6
Jeremy. (This used to be commit 98d86dcbd898f48748bbfbe1066a7014d25392d1)
2007-11-29Remove the explicit TALLOC_CTX * from cli_struct.Jeremy Allison1-11/+12
Make us very explicit about how long a talloc ctx should last. Jeremy. (This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62)
2007-11-21Add set_sockaddr_port function for winbindd.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 4b47052694285a1d1d313dfd61bd17011d62948d)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-58/+111
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-18/+18
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10Add start of IPv6 implementation. Currently most of this is avoidingJeremy Allison1-2/+2
IPv6 in winbindd, but moves most of the socket functions that were wrongly in lib/util.c into lib/util_sock.c and provides generic IPv4/6 independent versions of most things. Still lots of work to do, but now I can see how I'll fix the access check code. Nasty part that remains is the name resolution code which is used to returning arrays of in_addr structs. Jeremy. (This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-11/+0
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-1/+1
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-1/+1
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r25154: move winbindd code into winbindd/Stefan Metzmacher1-0/+2271
metze (This used to be commit 3ac7566ae14c48ff9b0f6b232e0ec4b2f73df558)