sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
72,730 Commits 60 Branches 1,146 Tags
Commit Graph

183 Commits

Author SHA1 Message Date
Stefan Metzmacher
73577205cf s3:winbindd: fix problems with SIGCHLD handling (bug #7317) 
The main problem is that we call CatchChild() within the
parent winbindd, which overwrites the signal handler
that was registered by winbindd_setup_sig_chld_handler().

That means winbindd_sig_chld_handler() and winbind_child_died()
are never triggered when a winbindd domain child dies.
As a result will get "broken pipe" for all requests to that domain.

To reduce the risk of similar bugs in future we call
CatchChild() in winbindd_reinit_after_fork() now.

We also use a full winbindd_reinit_after_fork() in the
cache validation child now instead instead of just resetting
the SIGCHLD handler by hand. This will also fix possible
tdb problems on systems without pread/pwrite and disabled mmap
as we now correctly reopen the tdb handle for the child.

metze
 2010-04-01 17:25:11 +02:00
Stefan Metzmacher
a2411c5708 s3:winbindd: correctly invalidate the cached connection 
There're maybe additional TCP connection for ncacn_ip_tcp.

metze
 2010-04-01 13:01:27 +02:00
Stefan Metzmacher
d930904b99 s3:winbindd: make sure we don't try rpc requests against unaccessable domains 
This makes sure we don't crash while trying to dereference domain->conn.cli->foo
while trying to establish a rpc connection to the server.

metze
 2010-04-01 13:01:26 +02:00
Stefan Metzmacher
94a4bcd2f0 s3:winbindd_cm: invalidate connection if cm_connect_netlogon() fails 
metze
 2010-03-29 18:11:18 +02:00
Stefan Metzmacher
4f391fedac s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new connection 
metze
 2010-03-29 18:11:18 +02:00
Stefan Metzmacher
d980c06a99 s3:winbindd_cm: use rpccli_is_connected() helper function 
metze
 2010-03-29 18:11:18 +02:00
Stefan Metzmacher
408a3eb35a s3:winbindd_cm: use cli_state_is_connected() helper function 
metze
 2010-03-29 18:11:17 +02:00
Simo Sorce
61b7a24f16 s3 move the sitename cache in its own file 2010-02-23 12:46:26 -05:00
Stefan Metzmacher
f924b77492 s3:winbindd: never mark external domains as internal! 
This way we can endup with silently using builtin_passdb_methods
for an ad domain without an inbound trust.

This fixes bug #7170.

metze
 2010-02-23 10:23:32 +01:00
Bo Yang
36493bf2f6 s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. 
Signed-off-by: Bo Yang <boyang@samba.org>
 2010-01-06 19:19:35 +08:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Volker Lendecke
de63a5ad91 s3: Always try SamLogonEx 
Required for cluster systems working in a Samba domain. With NT4 this won't
work, but real NT4 DCs should not be around in environments that pay big bucks
for a cluster... And if they are, they can always install a Samba DC trusting
that NT4 domain.
 2009-11-24 16:55:30 +01:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place. 
Guenther
 2009-10-13 10:21:46 +02:00
Volker Lendecke
872f9c4f91 Revert "s3: Attempt to fix machine password change" 
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75.

Ooops, this should not have been committed.
 2009-10-05 22:14:06 +02:00
Volker Lendecke
20a8ea91e1 s3: Attempt to fix machine password change 2009-10-05 22:12:20 +02:00
Stefan Metzmacher
bfd3a6f13a s3:winbindd_cm: don't invalidate the whole connection when just samr gave ACCCESS_DENIED 
metze
 2009-09-25 08:18:45 +02:00
Stefan Metzmacher
f8425b73d7 Revert "s3:winbindd: use a tcp connection for lsa in case lookup_names/lookup_sids doesn't work over ncacn_np" 
This reverts commit f23691cffd39e5df81b7b075e61ed1def6cce9f6.

This should not have been commited...

metze
 2009-09-24 06:45:10 +02:00
Günther Deschner
f23691cffd s3:winbindd: use a tcp connection for lsa in case lookup_names/lookup_sids doesn't work over ncacn_np 
metze
 2009-09-24 06:41:11 +02:00
Volker Lendecke
0724649a8a s3:winbind: Fix an uninitialized variable 2009-09-23 06:25:24 +02:00
Günther Deschner
6a8ef6c424 s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working. 
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.

In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.

Guenther
 2009-09-22 16:49:31 +02:00
Günther Deschner
58f2deb940 s3-winbindd: add cm_connect_lsa_tcp(). 
Guenther
 2009-09-22 11:38:06 +02:00
Günther Deschner
d3af0346c8 s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags. 
Guenther
 2009-09-15 17:49:34 +02:00
Günther Deschner
bea8e5fa60 s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel(). 
Guenther
 2009-09-11 09:59:04 +02:00
Günther Deschner
032e01e7c1 s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp and cli_rpc_pipe_open_ntlmssp. 
Guenther
 2009-09-11 09:59:04 +02:00
Günther Deschner
32c28e4f64 s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal. 
Patch from Robert LeBlanc <robert@leblancnet.us>.

Thanks!

Guenther
 2009-09-09 02:29:58 +02:00
Volker Lendecke
963419be1b s3:winbind: For internal domains it is pointless to connect to a DC 2009-08-23 10:19:32 +02:00
Jeremy Allison
5d05d22999 Added prefer_ipv4 bool parameter to resolve_name(). 
W2K3 DC's can have IPv6 addresses but won't serve
krb5/ldap or cldap on those addresses. Make sure when
we're asking for DC's we prefer IPv4.
If you have an IPv6-only network this prioritizing code
will be a no-op. And if you have a mixed network then you
need to prioritize IPv4 due to W2K3 DC's.
Jeremy.
 2009-07-28 11:51:58 -07:00
Volker Lendecke
d3132e21f3 Fix a typo 2009-07-27 16:15:54 +02:00
Volker Lendecke
646668bc51 Fix some type-punned warnings 2009-05-07 23:38:48 +02:00
Günther Deschner
b5bec1a6d7 s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. 
Guenther
 2009-04-21 12:40:47 +02:00
Andrew Bartlett
c185e7a29c Fix to use modified cli_rpc_pipe_open_schannel_with_key API 2009-04-20 17:04:33 +02:00
Andrew Bartlett
53765c81f7 Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key() 2009-04-20 16:50:49 +02:00
Andrew Bartlett
32062013c3 s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIs 2009-04-14 19:33:04 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Günther Deschner
531af136f9 s3: remove POLICY_HND. 
Guenther
 2009-03-18 23:22:29 +01:00
Volker Lendecke
7735650f2e Fix a valgrind error 
Found in "make test" -- if we can't connect at all, "cli" is uninitialized
 2009-03-17 11:32:23 +01:00
Jeremy Allison
f48a345e4a Remove pwd_cache.c, it was doing nothing. Make user_name, domain, and 
password talloc'ed strings within the cli_struct.
Jeremy.
 2009-03-13 17:49:24 -07:00
Stefan Metzmacher
589eb81e3f s3:winbindd_cm: remove useless cli_setup_signing_state(*cli, Undefined) call 
cli_setup_signing_state() with Undefined is a noop.

metze
 2009-03-06 16:37:20 +01:00
Volker Lendecke
0bd92281e4 Make cli_tcon_andx async 2009-01-30 12:47:59 +01:00
Bo Yang
e3ef19b9b9 Fix bug in get_dc_name_via_netlogon(), null pointer refrence. 2009-01-14 11:47:45 -08:00
Jeremy Allison
58b680446f From boyang - ensure we never "return" from a forked child, always _exit(). 
Jeremy.
 2009-01-13 15:42:56 -08:00
Jeremy Allison
d1f7a37174 Make winbindd_cm.c use winbindd_reinit_after_fork(). 
Jeremy.
 2009-01-06 17:34:06 -08:00
Stefan Metzmacher
c34d5f445a s3:events: change event_add_timed() prototype to match samba4 
metze
 2009-01-05 15:07:35 +01:00
Stefan Metzmacher
492d0e3517 s3:winbindd: regain tickets for all ccache entries, when we go online 
set_event_dispatch_time() is stupid by design and only handles
the first event with a given name.

metze
 2009-01-05 15:07:33 +01:00
Stefan Metzmacher
f81f21c09b s3:winbindd: recreate the per domain check_online_event without relying on global state 
set_event_dispatch_time() is stupid by design and just picks the first
event with the given name.

metze
 2009-01-05 15:07:32 +01:00
Bo Yang
f389b97c69 Fix broken krb5 refresh chain 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2009-01-05 15:07:31 +01:00
Bo Yang
022e2f8199 clean event context after child is forked. 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2009-01-05 15:07:31 +01:00
Volker Lendecke
bb8ca0fdbf Make cli_negprot return NTSTATUS instead of bool 2008-12-19 10:28:30 +01:00
Tim Prouty
1eb743ab8e s3: Change sockaddr util function names for consistency 
Also eliminates name conflicts with OneFS system libraries
 2008-12-03 10:40:20 -08:00
Tim Prouty
2efacde8c4 s3: fix a few "shadows a global declaration" warnings 2008-11-03 14:44:38 -08:00