summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2009-11-20s3:idmap_ldap: trim the " chars from the location string in idmap_ldap_db_initMichael Adam1-0/+2
When idmap backend is specified as idmap backend = ldap:"ldap://server1 ldap://server2" then currently "ldap://server1 ldap://server2" was passed to ldap_initialize including the quotes, leading to an ldap error. Michael
2009-11-20s3:idmap_ldap: trim the " chars from the location string in ↵Michael Adam1-0/+2
idmap_ldap_alloc_init When idmap alloc backend is specified as idmap alloc backend = ldap:"ldap://server1 ldap://server2" then currently "ldap://server1 ldap://server2" was passed to ldap_initialize including the quotes, leading to an ldap error. Michael
2009-11-19s3: Avoid races to change the machine password in winbindVolker Lendecke1-0/+18
The machine password handler has code to deal with every node in the cluster trying to change the machine password at the same time. However, it is not very nice to the DC if everyone tries this simultaneously. This adds a random 0-255 second offset to our timed event. When this fires a bit later than strictly calculated, someone else might have stepped in and have already changed it. The timed event handler will handle this gracefully, it won't even try to do it again.
2009-11-19s3: Protect against flooding the DC with pwchange requestsVolker Lendecke1-14/+24
When there is a temporary problem changing passwords we flooded the DC with pwchange requests. This gives the DC a 60-second break to recover.
2009-11-19s3: Re-check the timeout in machine_password_change_handler()Volker Lendecke1-0/+6
Someone else might have come in between and changed the password since we created that timed request
2009-11-19s3: Add some debugs to the winbind machine pwchange machineryVolker Lendecke1-0/+16
2009-11-19s3: Do not kill the whole smb session if a machine pwchange failedVolker Lendecke1-1/+1
2009-11-08Revert "s3: Do not reference ndr_table_<pipe> in the cli_ routines directly"Volker Lendecke1-7/+4
This reverts commit daa964013bc5d036f4da571ce22c0052ef40943a.
2009-11-08Revert "s3: Do not reference the ndr_tables in the server calls directly"Volker Lendecke1-1/+0
This reverts commit 98fb71782e05ae72cd6abeb38b6e0b96a50c1761.
2009-11-08Revert "s3: Do not reference ndr_table when calling rpc_srv_register"Volker Lendecke1-1/+1
This reverts commit 494b2aff8826947e3bd556aecb175746163da485.
2009-11-08s3: Do not reference ndr_table when calling rpc_srv_registerVolker Lendecke1-1/+1
2009-11-08s3: Do not reference the ndr_tables in the server calls directlyVolker Lendecke1-0/+1
This involves storing the interface table in the pipes_struct
2009-11-08s3: Do not reference ndr_table_<pipe> in the cli_ routines directlyVolker Lendecke1-4/+7
2009-11-06s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.Günther Deschner1-0/+1
Guenther
2009-11-06s3: Fix kerberos refresh chain.Bo Yang1-1/+3
Signed-off-by: Bo Yang <boyang@samba.org>
2009-11-03s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().Günther Deschner1-3/+1
Guenther
2009-10-19Fix typo.Karolin Seeger1-1/+1
privilage -> privilege Karolin
2009-10-17s3:winbind: Move fillup_pw_field() as static to wb_fill_pwent.cVolker Lendecke3-47/+47
2009-10-15Fix valgrind memory leak in bug #6814 - Fixes for problems reported by valgrindJeremy Allison1-0/+1
Jeremy.
2009-10-14Fix the build, missing ->.Jeremy Allison1-1/+1
Jeremy.
2009-10-14Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: Signal 6"Jeremy Allison1-0/+2
Don't use mapped_user uninitialized. Jeremy.
2009-10-14s3:winbind: Fix a double-freeVolker Lendecke1-1/+0
Part of a fix for bug #6793.
2009-10-14s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_authVolker Lendecke1-7/+6
2009-10-13s3-winbindd: add wbint_ChangeMachineAccount implementation.Günther Deschner5-0/+165
Guenther
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-1/+1
Guenther
2009-10-08s3-winbindd: NDR_WBINT_CHECKMACHINEACCOUNT should not be cacheable.Günther Deschner1-0/+1
Guenther
2009-10-08s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer1-2/+2
2009-10-07s3-winbindd: libwbclient: implement secure channel verification for specific ↵Günther Deschner2-5/+14
domains in wbcCheckTrustCredentials(). Guenther
2009-10-06s3:winbind: Make query_user_list in winbindd_rpc a bit more readableVolker Lendecke1-8/+13
2009-10-06s3-winbindd: make sure to reset connections when machine account password ↵Günther Deschner1-0/+8
change chain was broken. Guenther
2009-10-05Revert "s3: Attempt to fix machine password change"Volker Lendecke2-35/+9
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.
2009-10-05s3:winbind: Slightly simplify the logic of nss_init(), make it staticVolker Lendecke1-12/+16
2009-10-05s3:winbind: Fix typosVolker Lendecke1-2/+2
2009-10-05s3: Attempt to fix machine password changeVolker Lendecke2-9/+35
2009-10-04s3:winbind: use wb_fill_pwent in wb_getpwsidVolker Lendecke1-79/+10
2009-10-04s3:winbind: No point in using strequal to detect a 0-length stringVolker Lendecke1-2/+2
2009-10-03s3:winbind: use talloc_tos() instead of NULL in fillup_pw_fieldVolker Lendecke1-2/+2
2009-10-03s3:winbind: Fix a debug messageVolker Lendecke1-2/+2
2009-09-28s3:winbind: remove a pointless initializationVolker Lendecke1-1/+1
2009-09-28s3:winbind: Make check_info3_in_group, sanitize its memory handlingVolker Lendecke2-15/+23
2009-09-28s3:winbind: Make "check_request_flags" publically availableVolker Lendecke2-2/+4
2009-09-28s3:winbind: Sanitize the args for find_auth_domain: It only needs the flagsVolker Lendecke3-9/+10
2009-09-28s3:winbind: Make append_data publically available as append_auth_dataVolker Lendecke2-6/+12
2009-09-25s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher1-1/+12
ACCCESS_DENIED metze
2009-09-24s3-winbindd: no reason to call winbindd_can_contact_domain() three times in ↵Günther Deschner1-12/+0
query_user(). Guenther
2009-09-24Revert "s3:winbindd: use a tcp connection for lsa in case ↵Stefan Metzmacher1-9/+0
lookup_names/lookup_sids doesn't work over ncacn_np" This reverts commit f23691cffd39e5df81b7b075e61ed1def6cce9f6. This should not have been commited... metze
2009-09-24s3:winbindd: use a tcp connection for lsa in case lookup_names/lookup_sids ↵Günther Deschner1-0/+9
doesn't work over ncacn_np metze
2009-09-23s3:winbind: Fix an uninitialized variableVolker Lendecke1-1/+1
2009-09-22s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner3-5/+63
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther
2009-09-22s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner3-0/+63
Guenther