Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-29 | s3:winbindd: correctly retry if the netlogon pipe gets disconnected during a ↵ | Stefan Metzmacher | 1 | -2/+2 | |
logon call This fixes hopefully the last part of bug #7295. metze | |||||
2010-03-29 | s3:winbindd_reconnect: don't only reconnect on NT_STATUS_UNSUCCESSFUL | Stefan Metzmacher | 1 | -14/+59 | |
metze | |||||
2010-03-29 | s3:winbindd_cm: invalidate connection if cm_connect_netlogon() fails | Stefan Metzmacher | 1 | -2/+2 | |
metze | |||||
2010-03-29 | s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new ↵ | Stefan Metzmacher | 1 | -0/+5 | |
connection metze | |||||
2010-03-29 | s3:winbindd_cm: use rpccli_is_connected() helper function | Stefan Metzmacher | 1 | -4/+4 | |
metze | |||||
2010-03-29 | s3:winbindd_cm: use cli_state_is_connected() helper function | Stefan Metzmacher | 1 | -14/+4 | |
metze | |||||
2010-03-29 | s3: Fix bug 7212, "getent group does not return group members" | Volker Lendecke | 1 | -0/+1 | |
2010-03-26 | s3-smbd: Don't close stdout if we want to log to stdout. | Andreas Schneider | 1 | -1/+1 | |
2010-03-24 | s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them | Stefan Metzmacher | 1 | -1/+5 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-22 | s3: Fix a bad memleak in winbind | Volker Lendecke | 1 | -1/+2 | |
2010-03-10 | s3: Fix a long-standing problem with recycled PIDs | Volker Lendecke | 2 | -9/+6 | |
When a samba server process dies hard, it has no chance to clean up its entries in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb. For locking.tdb and brlock.tdb Samba is robust by checking every time we read an entry from the database if the corresponding process still exists. If it does not exist anymore, the entry is deleted. This is not 100% failsafe though: On systems with a limited PID space there is a non-zero chance that between the smbd's death and the fresh access, the PID is recycled by another long-running process. This renders all files that had been locked by the killed smbd potentially unusable until the new process also dies. This patch is supposed to fix the problem the following way: Every process ID in every database is augmented by a random 64-bit number that is stored in a serverid.tdb. Whenever we need to check if a process still exists we know its PID and the 64-bit number. We look up the PID in serverid.tdb and compare the 64-bit number. If it's the same, the process still is a valid smbd holding the lock. If it is different, a new smbd has taken over. I believe this is safe against an smbd that has died hard and the PID has been taken over by a non-samba process. This process would not have registered itself with a fresh 64-bit number in serverid.tdb, so the old one still exists in serverid.tdb. We protect against this case by the parent smbd taking care of deregistering PIDs from serverid.tdb and the fact that serverid.tdb is CLEAR_IF_FIRST. CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not work when all smbds are restarted. For this, "net serverid wipe" has to be run before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up sessionid.tdb and connections.tdb. While there, this also cleans up overloading connections.tdb with all the process entries just for messaging_send_all(). Volker | |||||
2010-03-05 | s3:winbindd: add DEBUG(10,...) for the end of each top level | Stefan Metzmacher | 2 | -6/+25 | |
That will hopefully make debugging a bit easier (at least for me). metze | |||||
2010-03-06 | s3: Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler. | Bo Yang | 1 | -0/+6 | |
Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2010-02-28 | s3: Remove unused count_all_current_connections() | Volker Lendecke | 1 | -1/+0 | |
2010-02-28 | s3: Fix but 7145 -- duplicate sam and unix accounts | Volker Lendecke | 2 | -0/+22 | |
For me this survives the TESTS=posix_s3 POSIX_SUBTESTS="RPC-SAMR-LARGE-DC LOCAL-NSS-WRAPPER" make test reproducer. Günther, please check! Volker | |||||
2010-02-26 | Fix one of the valgrind warnings from bug #6814 - Fixes for problems ↵ | Roel van Meer | 1 | -0/+8 | |
reported by valgrind The timeval passed to event_add_to_select_args() must be initialized as event_add_to_select_args() uses a timeval_min() on this and next_event. | |||||
2010-02-23 | s3 move the sitename cache in its own file | Simo Sorce | 1 | -0/+1 | |
2010-02-23 | s3: Consolidate server_id_self into the equivalent procid_self() | Volker Lendecke | 1 | -1/+1 | |
2010-02-23 | s3:winbindd: never mark external domains as internal! | Stefan Metzmacher | 1 | -4/+1 | |
This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze | |||||
2010-02-17 | s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OK | Lars Müller | 1 | -1/+1 | |
At the formerly used process_result statement we have alone one NT_STATUS_IS_OK() which never could be hit in our case as we only go here if NT_STATUS_EQUAL is not ok. | |||||
2010-02-09 | s3: Don't invalidate cache for uninitialized domains. | Bo Yang | 3 | -1/+52 | |
Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2010-01-28 | s3/winbind_ccache: Fix typo in debug message. | Karolin Seeger | 1 | -1/+1 | |
Karolin | |||||
2010-01-24 | s3: Add the session key to the ccache_ntlm_auth response | Volker Lendecke | 1 | -4/+18 | |
2010-01-24 | s3: Add wbinfo --ccache-save | Volker Lendecke | 4 | -0/+80 | |
With this command you can give winbind your password for later use by the automatic ntlm_auth | |||||
2010-01-14 | s3 winbindd: Return number of groups in data.num_entries for ↵ | Kai Blin | 1 | -1/+3 | |
WINBINDD_LIST_GROUPS This allows to test if there's something wrong with the group list in extra_data or if there's simply no groups in the database. Volker, please check. | |||||
2010-01-14 | s3 winbindd: Get WINBINDD_CHECK_MACHACC torture test to work again. | Kai Blin | 1 | -1/+4 | |
WINBINDD_CHECK_MACHACC used to report an NTSTATUS error and appropriate error strings. Make this work again. | |||||
2010-01-13 | s3: Fix a winbind segfault in "trusted_domains" | Volker Lendecke | 1 | -3/+4 | |
We have to initialize domain->backend by calling "get_cache" before doing a query Thanks to Christian Ambach to find this :-) | |||||
2010-01-10 | s3: Fix some nonempty blank lines | Volker Lendecke | 2 | -6/+6 | |
2010-01-10 | s3: Replace most calls to sid_append_rid() by sid_compose() | Volker Lendecke | 6 | -13/+8 | |
2010-01-09 | s3: Remove a pointless "else" branch from add_ccache_to_list() | Volker Lendecke | 1 | -4/+3 | |
2010-01-09 | s3: Slightly simplify winbindd_store_creds | Volker Lendecke | 1 | -4/+2 | |
2010-01-09 | s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth() | Volker Lendecke | 1 | -1/+1 | |
ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob after the ntlmssp_end(). | |||||
2010-01-06 | s3: List trusted domains from wcache when domain is offline. | Bo Yang | 1 | -24/+139 | |
Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2010-01-06 | s3: Make winbindd_cache.c aware of domain offline to avoid unnecessary ↵ | Bo Yang | 2 | -4/+265 | |
backend query. Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2010-01-06 | s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵ | Bo Yang | 2 | -9/+4 | |
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2010-01-03 | s3: Slightly simplify winbindd_dual_ccache_ntlm_auth | Volker Lendecke | 1 | -15/+9 | |
data_blob_const can't fail | |||||
2010-01-02 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-01-02 | s3: simplify find_root_domain, find_our_domain() never fails | Volker Lendecke | 1 | -4/+2 | |
2010-01-02 | s3: Use global_sid_Builtin in find_builtin_domain | Volker Lendecke | 1 | -4/+1 | |
2010-01-02 | s3: Avoid adding a domain twice | Volker Lendecke | 1 | -6/+7 | |
If we found a match with sid==NULL, we ended up adding the domain twice | |||||
2010-01-02 | s3: Make free_domain_list() static | Volker Lendecke | 2 | -2/+1 | |
2010-01-02 | s3: Introduce domain_is_forest_root() helper function | Volker Lendecke | 3 | -8/+12 | |
Hopefully this makes the flag tests a bit more understandable | |||||
2009-12-30 | Prevent NULL dereference if group has no members | Jim McDonough | 1 | -4/+4 | |
2009-12-28 | s3: Check for lp_winbind_trusted_domains_only in wb_gettoken() | Volker Lendecke | 2 | -24/+7 | |
This avoids one walk of the domain list | |||||
2009-12-28 | s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid() | Volker Lendecke | 2 | -22/+12 | |
winbindd_getgrgid was not protected by this. | |||||
2009-12-28 | s3: Pass netr_DomainTrustList instead of names and sids through ↵ | Volker Lendecke | 7 | -182/+98 | |
(*trusted_domains) | |||||
2009-12-28 | s3: Simplify winbindd_ads.c:trusted_domains() | Volker Lendecke | 1 | -110/+123 | |
No real code change, this just removes an indentation by turning if ( NT_STATUS_IS_OK(result) && trusts.count) { into if (!NT_STATUS_IS_OK(result)) { return result; } if (trusts.count == 0) { return NT_STATUS_OK; } | |||||
2009-12-28 | s3: Remove some unused code | Volker Lendecke | 1 | -101/+0 | |
Watch the #if 0 -- we never stored this in the cache anymore | |||||
2009-12-28 | s3: Simplify winbindd_list_trusted_domains() slightly | Volker Lendecke | 1 | -31/+23 | |
2009-12-28 | s3: Simplify "setup_domain_child" slightly | Volker Lendecke | 2 | -3/+1 | |