summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-4/+4
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-06-09s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
2011-05-06s3-libsmb: move protos to libsmb/proto.hGünther Deschner1-0/+1
Guenther
2011-05-04Fix warning messages caused by addition of null check in fstrcpy macro.Jeremy Allison1-1/+1
2011-05-02s3: remove various references to server side dcerpc structs (which are not ↵Günther Deschner1-1/+0
needed). Guenther
2011-04-29s3: Make winbindd_reinit_after_fork return NTSTATUSVolker Lendecke1-1/+5
2011-04-29s3: In winbind, close parent/child socketsVolker Lendecke1-1/+1
This should further reduce fd load in winbind children
2011-04-28s3: Close the winbind client fds after forkingVolker Lendecke1-0/+10
In an overload situation, the winbind helper child process inherits all those hundreds of fd's which it will never talk to. Close them. We (Christian Ambach and me) just saw a crash in libkrb5. Christian's analysis showed that libkrb5 also does select, probably exceeding FD_SETSIZE and crashing due to that reason. The parent winbind in theory does not do Kerberos at all, so this should fix that problem. The crash is interesting because the child process did not really crash. Somewhere in glibc backtrace() is called, probably due to an assert() or some explicit consistency check. This then somehow generates a signal probably due to corrupted memory structures. That signal triggers Samba to again call backtrace(). This blocks hard on a ptrace_once(). Sorry for the long backtrace here, but this *is* interesting. The child process blocking and not really crashing makes the situation worse: The parent process does not get told the child has crashed and more client sockets pile up. This patch is intended to put some relief on this problem by closing the majority of sockets the parent holds. (gdb) bt \#0 0x00002ad686a2b07b in pthread_once () from /lib64/libpthread.so.0 \#1 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6 \#2 0x00002ad683eab27c in log_stack_trace () at lib/util.c:1580 \#3 0x00002ad683eab34b in smb_panic (why=0x2ad6841c6ec3 "internal error") at lib/util.c:1481 \#4 0x00002ad683e9af3e in fault_report (sig=1) at lib/fault.c:52 \#5 sig_fault (sig=1) at lib/fault.c:75 #6 <signal handler called> \#7 0x00002ad68673b005 in _int_malloc () from /lib64/libc.so.6 \#8 0x00002ad68673c95d in calloc () from /lib64/libc.so.6 \#9 0x00002ad684503e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2 \#10 0x00002ad6844ffadc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2 \#11 0x00002ad684501d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 \#12 0x00002ad68450ac8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 \#13 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 \#14 0x00002ad68450a68c in _dl_open () from /lib64/ld-linux-x86-64.so.2 \#15 0x00002ad6867d0ba0 in do_dlopen () from /lib64/libc.so.6 \#16 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 \#17 0x00002ad6867d0d07 in __libc_dlopen_mode () from /lib64/libc.so.6 \#18 0x00002ad6867adeea in init () from /lib64/libc.so.6 \#19 0x00002ad686a2b083 in pthread_once () from /lib64/libpthread.so.0 \#20 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6 \#21 0x00002ad68673285f in __libc_message () from /lib64/libc.so.6 \#22 0x00002ad68673a30f in _int_free () from /lib64/libc.so.6 \#23 0x00002ad68673a76b in free () from /lib64/libc.so.6 \#24 0x00002ad6853fe346 in krb5int_sendto () from /usr/lib64/libkrb5.so.3 \#25 0x00002ad6853fe511 in krb5_sendto_kdc () from /usr/lib64/libkrb5.so.3 \#26 0x00002ad6853df7c4 in ?? () from /usr/lib64/libkrb5.so.3 \#27 0x00002ad6853e0919 in krb5_get_init_creds () from /usr/lib64/libkrb5.so.3 \#28 0x00002ad6853e2a94 in krb5_get_init_creds_password () from /usr/lib64/libkrb5.so.3 \#29 0x00002ad684169ff1 in kerberos_kinit_password_ext (principal=0x2ad684702180 "<sanitized>", password=0x2ad6844c5bb0 "<sanitized>", time_offset=0, expire_time=0x2ad6846bf380, renew_till_time=0x0, cache_name=0x2ad6843cb3e0 "MEMORY:winbind_ccache", request_pac=false, add_netbios_addr=false, renewable_time=<value optimized out>, ntstatus=0x0) at libads/kerberos.c:223 \#30 0x00002ad68416a223 in ads_kinit_password (ads=0x2ad6846bf330) at libads/kerberos.c:327 \#31 0x00002ad68415f725 in ads_sasl_spnego_bind (ads=0x2ad6846bf330) at libads/sasl.c:812 \#32 0x00002ad68415dbc1 in ads_sasl_bind (ads=0x2ad6846bf330) at libads/sasl.c:1114 \#33 0x00002ad68415c09b in ads_connect (ads=0x2ad6846bf330) at libads/ldap.c:711 \#34 0x00002ad683e1b8f7 in ads_cached_connection (domain=0x2ad6846b07c0) at winbindd/winbindd_ads.c:124 \#35 0x00002ad683e1bc85 in sequence_number (domain=0x2ad6846b07c0, seq=0x2ad6846b0cd8) at winbindd/winbindd_ads.c:1233 \#36 0x00002ad683dffdd7 in refresh_sequence_number (domain=0x2ad6846b07c0, force=128) at winbindd/winbindd_cache.c:510 \#37 0x00002ad683e00520 in wcache_fetch (cache=<value optimized out>, domain=0x2ad6846b07c0, format=0x2ad68419901e "U/%s") at winbindd/winbindd_cache.c:638 \#38 0x00002ad683e04ac8 in query_user (domain=0x2ad6846b07c0, mem_ctx=0x2ad6846bc920, user_sid=0x7fff1d0cb8c0, info=0x7fff1d0cb810) at winbindd/winbindd_cache.c:1910 \#39 0x00002ad683df2d38 in winbindd_dual_userinfo (domain=0x2ad6846b07c0, state=0x7fff1d0cc9c0) at winbindd/winbindd_user.c:173 \#40 0x00002ad683e232e0 in fork_domain_child (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:485 \#41 schedule_async_request (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:319 \#42 0x00002ad683e229f2 in async_request_fail (state=0x2ad6846c1d00) at winbindd/winbindd_dual.c:214 \#43 0x00002ad683ebabec in run_events (ev=0x2ad6846aebf0, selrtn=0, read_fds=0x7fff1d0ce910, write_fds=<value optimized out>) at lib/events.c:123 \#44 0x00002ad683df08cb in process_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1113 \#45 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1437 Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Apr 28 12:06:12 CEST 2011 on sn-devel-104
2011-04-27Remove fstrings from client struct. Properly talloc strings (ensuring we ↵Jeremy Allison1-1/+6
never end up with a NULL pointer).
2011-04-25s3: Add a 10-second timeout for the 445 or netbios connection to a DCVolker Lendecke1-2/+2
2011-04-24s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status()Stefan Metzmacher1-1/+1
Most fault codes have a NTSTATUS representation, so use that. This brings the fault handling in common with the source4/librpc/rpc code, which make it possible to share more highlevel code, between source3 and source4 as the error checking can be the same now. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104
2011-03-30s3-includes: only include ntdomain.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-messages: make ndr_messaging.h part of messages.h.Günther Deschner1-1/+0
Guenther
2011-03-30s3-messages: only include messages.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-28s3: Fix Coverity ID 2173: FORWARD_NULLVolker Lendecke1-1/+1
2011-03-19s3-build: use HAVE_ADS define in some more places.Günther Deschner1-1/+1
Guenther
2011-03-18s3: Cope with 192.168.1.1/24 in smbcontrol ip-droppedVolker Lendecke1-4/+32
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Mar 18 14:56:38 CET 2011 on sn-devel-104
2011-03-05s3: Fix uninitialized variablesVolker Lendecke1-1/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Mar 5 17:25:43 CET 2011 on sn-devel-104
2011-02-28s3-rpc_client: Move client pipe functions to own header.Andreas Schneider1-0/+1
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner1-0/+1
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2011-02-03Fix value overflow (one too many 'f's ).Jeremy Allison1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Feb 3 03:35:32 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbind_cm.cGünther Deschner1-29/+35
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in invalidate_cm_connection.Günther Deschner1-3/+6
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in cm_connect_sam.Günther Deschner1-13/+35
Guenther
2011-02-02s3-winbind: use status variable name in cm_connect_sam.Günther Deschner1-33/+33
Guenther
2011-01-19s3: Add wbinfo --dc-infoVolker Lendecke1-0/+93
wbinfo --dc-info prints the current DC name and IP address. This helps diagnosing problems that might happen when a later wbinfo --ping-dc fails. This patch started out by using the SAF and NBT cache entires, but those are relatively short-lived. So I decided to invent a new gencache entry with a very long timeout. We need to go via the gencache because when for some reason a winbind child process is stuck, we can't query it for the current DC it's connected to. This must eventually go away again when we have a fully async winbind. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
2011-01-13s3-winbind: prefer dcerpc_netr_X functions.Günther Deschner1-9/+23
Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
2011-01-11s3:winbindd: use ndr_dssetup_c.h instead of cli_dssetup.hStefan Metzmacher1-1/+1
metze
2011-01-07s3: Use the new nbt_getdc in winbindd_cmVolker Lendecke1-23/+9
2011-01-04s3:winbindd: use dcerpc_dssetup_DsRoleGetPrimaryDomainInformation()Stefan Metzmacher1-1/+4
metze
2011-01-01s3: Remove unused mem_ctx arg from set_getdc_requestVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jan 1 23:00:24 CET 2011 on sn-devel-104
2010-12-29s3: Allow more control over smbsock_[any_]connectVolker Lendecke1-3/+4
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Dec 29 23:30:44 CET 2010 on sn-devel-104
2010-12-28s3:winbindd: remove useless ';'Stefan Metzmacher1-1/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 28 12:45:20 CET 2010 on sn-devel-104
2010-12-22s3: Use smbsock_any_connect in winbindVolker Lendecke1-45/+13
2010-11-14Fix the unexpected.tdb database problem. Change nmbd to store theJeremy Allison1-1/+6
transaction id of packets it was requested to send via a client, and only store replies that match these ids. On the client side change clients to always attempt to ask nmbd first for name_query and node_status calls, and then fall back to doing socket calls if we can't talk to nmbd (either nmbd is not running, or we're not root and cannot open the messaging tdb's). Fix readers of unexpected.tdb to delete packets they've successfully read. This should fix a long standing problem of unexpected.tdb growing out of control in noisy NetBIOS envioronments with lots of bradcasts, yet still allow unprivileged client apps to work mostly as well as they already did (nmblookup for example) in an environment when nmbd isn't running. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-30s3: Add "smbcontrol winbindd ip-dropped <local-ip>"Volker Lendecke1-0/+33
This is supposed to improve the winbind reconnect time after an ip address has been moved away from a box. Any kind of HA scenario will benefit from this, because winbindd does not have to wait for the TCP timeout to kick in when a local IP address has been dropped and DC replies are not received anymore.
2010-09-10s3/winbind: use mono time for startup timeout checkBjörn Jacke1-2/+2
2010-09-08s3: Make winbind_add_failed_connection_entry staticVolker Lendecke1-3/+4
2010-09-08s3: Fix a typoVolker Lendecke1-1/+1
2010-09-08s3: Simplify cm_connect_sam a bitVolker Lendecke1-5/+1
2010-09-08s3: Check for sid instead of name in cm_connect_samVolker Lendecke1-1/+1
2010-08-23Final part of fix for bug #7636 - winbind internal error, backtrace.Jeremy Allison1-11/+18
Ensure cm_get_schannel_creds() returns NTSTATUS. Jeremy.
2010-08-09s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the ↵Günther Deschner1-7/+13
secure channel. This is an important fix as the following could and is happening: * winbind authenticates a user via schannel secured netlogon samlogonex call, current secure channel cred state is stored in winbind state, winbind sucessfully decrypts session key from the info3 * winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the secure channel on the dc) * subsequent samlogonex calls use the new secure channel creds on the dc to encrypt info3 session key, while winbind tries to use old schannel creds for decryption Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-07s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as ↵Günther Deschner1-0/+8
well. Guenther
2010-07-06s3-winbind: Make sure that the policy handles are closed.Andreas Schneider1-0/+12
2010-05-31s3: only use netlogon/nbt header when needed.Günther Deschner1-0/+1
Guenther