summaryrefslogtreecommitdiff
path: root/source4/winbind/wb_init_domain.c
AgeCommit message (Collapse)AuthorFilesLines
2013-06-20s4-winbind: Add special case for BUILTIN domainAndrew Bartlett1-18/+20
This should mean that lookups for the BUILTIN domain cause less trouble then they have in the past, because they will no longer go via the trusted domain handler. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
2013-06-04s4:winbind: don't leak libnet_context into the main event contextStefan Metzmacher1-0/+2
This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts gid 3000000 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
2012-08-25s4:winbind: add a netlogon_queue (tevent_queue)Stefan Metzmacher1-0/+10
This will protect the netlogon_creds later. metze
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett1-1/+1
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-02-29s4:winbind: use ncalrpc for connections to ourselfStefan Metzmacher1-7/+18
That avoids recursion if "smbd" is used as file server. metze
2011-12-14s4-librpc: Fix NETLOGON credential chain with Windows 2008.Andreas Schneider1-2/+2
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call netrServerAuthenticate2 during a domain join without setting the strong keys flag (128bit crypto). Only for NT4 we need to do a downgrade to the returned negotiate flags. See also 0970369ca0cb9ae465cff40e5c75739824daf1d0.
2011-06-22s4:winbind/wb_init_domain: use DCERPC_SCHANNEL_128 in order to work against ↵Stefan Metzmacher1-1/+1
w2k8r2 metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 19:40:47 CEST 2011 on sn-devel-104
2010-09-15s4-winbind: use finddcs_cldap() in winbindAndrew Tridgell1-10/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-4/+4
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-03-12s4:winbind/wb_init_domain.c: make use of use tevent_req based ↵Stefan Metzmacher1-18/+25
dcerpc_binding_handle stubs metze
2010-03-01s4:winbind: make use of explicit dcerpc_*_recv functionsStefan Metzmacher1-2/+2
metze
2009-10-20s4: ran minimal_includes.pl on source4/winbindAndrew Tridgell1-5/+0
2009-08-07fixed another ambiguous talloc callAndrew Tridgell1-3/+3
During the creation of the 3 RPC pipes in winbind we try to steal the RPC binding structure to be a child of the pipe once the pipe is established. This fails with a talloc warning as the rpc connection code already holds a reference to the binding. The fix is to use talloc_reparent() instead.
2009-01-06s4 winbind: Silence a "discards const" warningKai Blin1-1/+3
2009-01-02Revert "s4 winbind: Copy SID to avoid "discard const" warning"Stefan Metzmacher1-2/+1
This reverts commit 102028ec722d942d7f91eb92e8da4f1480d140d1. state->ctx is the composite_context, which is a temporary context! metze
2008-12-29s4 winbind: Copy SID to avoid "discard const" warningKai Blin1-1/+2
2008-12-23Fix more compiler warnings in various places.Jelmer Vernooij1-1/+0
2008-12-06s4:winbind: fill in the correct variable...Stefan Metzmacher1-1/+1
metze
2008-10-27s4-lsa: merge lsa_QueryInfoPolicy/{2} from s3 lsa idl.Günther Deschner1-1/+6
Guenther
2008-06-28Fix the wbinfo test on the LDAP backend.Andrew Bartlett1-32/+0
The problem was that we would do a blocking wait for the LDAP server, which was also blocking on us returning (because we were in single process mode). The LDAP connection being made here is useless anyway, and will need to be an async ldb_connect() before anybody reintroucues it (nobody in their right mind would program a winbindd backend on pure LDAP, when the ldb abstraction is available). Andrew Bartlett (This used to be commit 23280b2e6ed5afb968bf0b8c40febb085eed38a1)
2008-04-18fixed a double free in winbind Andrew Tridgell1-1/+0
state->domain->netlogon_binding is a child of ctx, and ctx is freed by the composite_is_ok failure callback (This used to be commit 3c217518ba9a7b64fe6c842187499f1ee5189567)
2008-04-17Remove event context tracking from the credentials struct.Jelmer Vernooij1-2/+0
(This used to be commit 4d7fc946b2ec50e774689c9036423b6feef99b8e)
2007-12-21r26430: require explicit specification of loadparm context.Jelmer Vernooij1-1/+1
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
2007-12-21r26355: Eliminate global_loadparm in more places.Jelmer Vernooij1-1/+1
(This used to be commit 5d589a0d94bd76a9b4c9fc748854e8098ea43c4d)
2007-12-21r26353: Remove use of global_loadparm.Jelmer Vernooij1-1/+2
(This used to be commit 17637e4490e42db6cdef619286c4d5a0982e9d1a)
2007-12-21r26327: Explicit loadparm_context for RPC client functions.Jelmer Vernooij1-5/+10
(This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
2007-12-21r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and ↵Jelmer Vernooij1-5/+5
wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-5/+5
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24557: rename 'dcerpc_table_' -> 'ndr_table_'Stefan Metzmacher1-7/+7
metze (This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
2007-10-10r24556: forgot to commit the winbind/ subdir...sorryStefan Metzmacher1-2/+2
metze (This used to be commit 184a7cfc36860e16f9483347ae70a053a5823e83)
2007-10-10r24127: Set the Domain SID into the libnet context, and have libnet_UserInfoAndrew Bartlett1-0/+1
return full SIDs for the user SID and primary group sid. This should help kai with his getpwnam work in winbind. Andrew Bartlett (This used to be commit 078671d5015c63e4bcd96815e150dae918763b83)
2007-10-10r24112: Complete initialistion of the libnet_ctx when setting up the domain.Andrew Bartlett1-0/+4
We need to set the access_mask and the domain name, or else libnet will try to do this itself. This seems to fix the issues Kai was having. Andrew Bartlett (This used to be commit 44c193272b05959c756ee0078d666bcdf1374023)
2007-10-10r23995: Work to allow mimir's libnet code to be called from winbind.Andrew Bartlett1-30/+29
We now setup a libnet_ctx for each domain. We should then be able to replace/merge some more of the winbind code with libnet calls, referencing domain->libnet_ctx. Andrew Bartlett (This used to be commit bad2dc14d704be59300f619c84694c11620559e0)
2007-10-10r23890: Allow wbinfo -a to work against Samba4's winbind.Andrew Bartlett1-7/+15
Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-10-10r23880: Don't crash when we run wbinfo -a against our own winbind when we ↵Andrew Bartlett1-3/+5
are a DC. Next step is to make it work... Andrew Bartlett (This used to be commit a1b6c9ecb9a6f17bcbabf81a8128398df6447490)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23149: Fix up the trusted domain lookup code to use the new structures.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 6ecb3cb0b337260f31abd257e9f900661de4cfd2)
2007-10-10r23141: Use the finddcs() library call rather than a winbind-specific version.Andrew Bartlett1-5/+18
(I created finddcs() from the winbind code a while back, so this finishes that work) Andrew Bartlett (This used to be commit 218b279a46a4ca739597936f0b67573599e6d375)
2007-10-10r23133: I felt pity on Kai, as he starts work on winbind in Samba4, so IAndrew Bartlett1-132/+193
decided to clean it up a little. We now use SPNEGO for authentication if possible, and common routines shared with the rest of the librpc codebase. Rather than make a connection to IPC$, then connect the pipes to it, we instead have the lsa and samr pipes as 'secondary connections'. Andrew Bartlett (This used to be commit 86654056b22245a57396544d572de6401069b9e5)
2007-10-10r22944: fix bug #4618:Stefan Metzmacher1-1/+1
rename private -> private_data metze (This used to be commit 58551f2f28fce8f1fcd04736c47ecd7458f32ea2)
2007-10-10r22582: Cleanups towards making winbind work again. We still have a long ↵Andrew Bartlett1-4/+1
way to go, as this has bitrotted over the past months. This change in particular catches winbind up with the next composite_create() function. We also needed to remove an unused flags field, and fill in the lm response. Andrew Bartlett (This used to be commit bd26e4ffaf1c060fdc3aae28fd4393e83c5a83ea)
2007-10-10r21535: - fixed a crash in the RAW-ACLS test. When a dcerpc_pipe is createdAndrew Tridgell1-1/+1
using the pattern in the clilsa code, it didn't fill in the p->binding structure. This affects nearly all users of dcerpc_pipe_open_smb(), so the simplest fix is to ensure that dcerpc_pipe_open_smb() initialises the binding if its not already there. - re-enable the RAW-ACLS test (This used to be commit d8875c286d2be49c01703d8fd58bbc1842054bd9)
2007-10-10r18309: FreeBSD 6.1 has a symbol ldap_new_connection() in the system ldapAndrew Tridgell1-1/+1
library. Even though we don't like to that library, it gets loaded via nss-ldap, which means nss-ldap calls into the samba ldap lib with the wrong parameters, and crashes. We really need to use a completely different namespace in libcli/ldap/ (This used to be commit c440e0eed9afae5fe69995a7416971e7c8560779)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+0
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14470: Remove some unnecessary headers.Jelmer Vernooij1-1/+1
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14402: Generate seperate headers for RPC client functions.Jelmer Vernooij1-0/+1
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
generated by cgit (git 2.34.1) at 2024-05-23 14:03:54 +0000