summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_cm.c
AgeCommit message (Collapse)AuthorFilesLines
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner1-0/+1
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2011-02-03Fix value overflow (one too many 'f's ).Jeremy Allison1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Feb 3 03:35:32 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbind_cm.cGünther Deschner1-29/+35
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in invalidate_cm_connection.Günther Deschner1-3/+6
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in cm_connect_sam.Günther Deschner1-13/+35
Guenther
2011-02-02s3-winbind: use status variable name in cm_connect_sam.Günther Deschner1-33/+33
Guenther
2011-01-19s3: Add wbinfo --dc-infoVolker Lendecke1-0/+93
wbinfo --dc-info prints the current DC name and IP address. This helps diagnosing problems that might happen when a later wbinfo --ping-dc fails. This patch started out by using the SAF and NBT cache entires, but those are relatively short-lived. So I decided to invent a new gencache entry with a very long timeout. We need to go via the gencache because when for some reason a winbind child process is stuck, we can't query it for the current DC it's connected to. This must eventually go away again when we have a fully async winbind. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
2011-01-13s3-winbind: prefer dcerpc_netr_X functions.Günther Deschner1-9/+23
Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
2011-01-11s3:winbindd: use ndr_dssetup_c.h instead of cli_dssetup.hStefan Metzmacher1-1/+1
metze
2011-01-07s3: Use the new nbt_getdc in winbindd_cmVolker Lendecke1-23/+9
2011-01-04s3:winbindd: use dcerpc_dssetup_DsRoleGetPrimaryDomainInformation()Stefan Metzmacher1-1/+4
metze
2011-01-01s3: Remove unused mem_ctx arg from set_getdc_requestVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jan 1 23:00:24 CET 2011 on sn-devel-104
2010-12-29s3: Allow more control over smbsock_[any_]connectVolker Lendecke1-3/+4
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Dec 29 23:30:44 CET 2010 on sn-devel-104
2010-12-28s3:winbindd: remove useless ';'Stefan Metzmacher1-1/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 28 12:45:20 CET 2010 on sn-devel-104
2010-12-22s3: Use smbsock_any_connect in winbindVolker Lendecke1-45/+13
2010-11-14Fix the unexpected.tdb database problem. Change nmbd to store theJeremy Allison1-1/+6
transaction id of packets it was requested to send via a client, and only store replies that match these ids. On the client side change clients to always attempt to ask nmbd first for name_query and node_status calls, and then fall back to doing socket calls if we can't talk to nmbd (either nmbd is not running, or we're not root and cannot open the messaging tdb's). Fix readers of unexpected.tdb to delete packets they've successfully read. This should fix a long standing problem of unexpected.tdb growing out of control in noisy NetBIOS envioronments with lots of bradcasts, yet still allow unprivileged client apps to work mostly as well as they already did (nmblookup for example) in an environment when nmbd isn't running. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-30s3: Add "smbcontrol winbindd ip-dropped <local-ip>"Volker Lendecke1-0/+33
This is supposed to improve the winbind reconnect time after an ip address has been moved away from a box. Any kind of HA scenario will benefit from this, because winbindd does not have to wait for the TCP timeout to kick in when a local IP address has been dropped and DC replies are not received anymore.
2010-09-10s3/winbind: use mono time for startup timeout checkBjörn Jacke1-2/+2
2010-09-08s3: Make winbind_add_failed_connection_entry staticVolker Lendecke1-3/+4
2010-09-08s3: Fix a typoVolker Lendecke1-1/+1
2010-09-08s3: Simplify cm_connect_sam a bitVolker Lendecke1-5/+1
2010-09-08s3: Check for sid instead of name in cm_connect_samVolker Lendecke1-1/+1
2010-08-23Final part of fix for bug #7636 - winbind internal error, backtrace.Jeremy Allison1-11/+18
Ensure cm_get_schannel_creds() returns NTSTATUS. Jeremy.
2010-08-09s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the ↵Günther Deschner1-7/+13
secure channel. This is an important fix as the following could and is happening: * winbind authenticates a user via schannel secured netlogon samlogonex call, current secure channel cred state is stored in winbind state, winbind sucessfully decrypts session key from the info3 * winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the secure channel on the dc) * subsequent samlogonex calls use the new secure channel creds on the dc to encrypt info3 session key, while winbind tries to use old schannel creds for decryption Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-07s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as ↵Günther Deschner1-0/+8
well. Guenther
2010-07-06s3-winbind: Make sure that the policy handles are closed.Andreas Schneider1-0/+12
2010-05-31s3: only use netlogon/nbt header when needed.Günther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_client: move protos to cli_lsarpc.hGünther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_client: move protos to cli_netlogon.hGünther Deschner1-0/+1
Guenther
2010-05-17s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner1-2/+4
Guenther
2010-05-17s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.Günther Deschner1-5/+25
Note that this failure was hard to track, as winbind did only log a super helpful "cm_prepare_connection: Success" debug message. IPv6 gurus, please check Successfully tested in two independent IPv6 networks now. Guenther
2010-05-06s3: only include gen_ndr headers where needed.Günther Deschner1-0/+1
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
2010-04-23s3: init_dc_connection() can't init for internal domainsVolker Lendecke1-0/+4
This fixes a crash in winbindd_dual_pam_chng_pswd_auth_crap when given global_sam_name() in the domain field
2010-04-01s3:winbindd: fix problems with SIGCHLD handling (bug #7317)Stefan Metzmacher1-3/+0
The main problem is that we call CatchChild() within the parent winbindd, which overwrites the signal handler that was registered by winbindd_setup_sig_chld_handler(). That means winbindd_sig_chld_handler() and winbind_child_died() are never triggered when a winbindd domain child dies. As a result will get "broken pipe" for all requests to that domain. To reduce the risk of similar bugs in future we call CatchChild() in winbindd_reinit_after_fork() now. We also use a full winbindd_reinit_after_fork() in the cache validation child now instead instead of just resetting the SIGCHLD handler by hand. This will also fix possible tdb problems on systems without pread/pwrite and disabled mmap as we now correctly reopen the tdb handle for the child. metze
2010-04-01s3:winbindd: correctly invalidate the cached connectionStefan Metzmacher1-6/+11
There're maybe additional TCP connection for ncacn_ip_tcp. metze
2010-04-01s3:winbindd: make sure we don't try rpc requests against unaccessable domainsStefan Metzmacher1-5/+28
This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. metze
2010-03-29s3:winbindd_cm: invalidate connection if cm_connect_netlogon() failsStefan Metzmacher1-2/+2
metze
2010-03-29s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new ↵Stefan Metzmacher1-0/+5
connection metze
2010-03-29s3:winbindd_cm: use rpccli_is_connected() helper functionStefan Metzmacher1-4/+4
metze
2010-03-29s3:winbindd_cm: use cli_state_is_connected() helper functionStefan Metzmacher1-14/+4
metze
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-0/+1
2010-02-23s3:winbindd: never mark external domains as internal!Stefan Metzmacher1-4/+1
This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze
2010-01-06s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Bo Yang1-1/+2
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org>
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner1-0/+4
samba. Guenther
2009-11-24s3: Always try SamLogonExVolker Lendecke1-2/+6
Required for cluster systems working in a Samba domain. With NT4 this won't work, but real NT4 DCs should not be around in environments that pay big bucks for a cluster... And if they are, they can always install a Samba DC trusting that NT4 domain.
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-1/+1
Guenther
2009-10-05Revert "s3: Attempt to fix machine password change"Volker Lendecke1-2/+0
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.