1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-15 23:24:37 +03:00

215 Commits

Author SHA1 Message Date
Christopher R. Hertel (crh)
b5b204184a Rename obscure defined constants.
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.

Small changes to clarify some comments regarding the two transport
types.

Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-16 08:29:41 +01:00
Matthieu Patou
05036fab0a s3-winbindd: set the can_do_validation6 also for trusted domain
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
2012-02-10 12:52:19 -08:00
Andrew Bartlett
40715e1251 s3-librpc: pass struct ndr_interface_table down to cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:24 +01:00
Andrew Bartlett
c62af4f652 s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() generic
This also avoids passing NULL as the server to
gensec_set_target_hostname() in spnego_generic_init_client().

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:23 +01:00
Stefan Metzmacher
c53a52a264 s3:winbindd_cm: make use of cli_tree_connect()
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
aa2e415442 s3:winbindd_cm: close sockfd on error in cm_prepare_connection()
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Nov 21 19:58:58 CET 2011 on sn-devel-104
2011-11-21 19:58:57 +01:00
Björn Baumbach
aef5fcbfc7 s3-winbindd/winbindd_cm.c: remove cli_nt_error()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16 19:02:12 +01:00
Stefan Metzmacher
c64ebcf643 s3:winbindd_cm: remove unused ads_status
metze
2011-11-16 19:02:12 +01:00
Stefan Metzmacher
6db670386b s3:winbindd: s/Undefined/SMB_SIGNING_DEFAULT/
metze
2011-11-03 16:55:12 +01:00
Stefan Metzmacher
3f00cce9b3 s3:libsmb: pass max_protocol to cli_negprot()
metze
2011-09-15 10:25:17 +02:00
Stefan Metzmacher
faab79e28e s3:winbindd_cm: make use of cli_state_security_mode()
metze
2011-09-13 18:12:23 +02:00
Stefan Metzmacher
cdca1e0ac3 s3:libsmb: pass CLI_FULL_CONNECTION_* flags to cli_state_create()
metze
2011-09-08 08:51:48 +02:00
Stefan Metzmacher
33a6a4ea85 s3:winbindd_cm: use cli_session_setup() instead of cli_session_setup_spnego()
metze
2011-08-10 11:14:56 +02:00
Stefan Metzmacher
c6a3dedd99 s3:libsmb: store the remote_realm on the cli_state
metze
2011-08-10 11:14:55 +02:00
Stefan Metzmacher
71cec7b37a s3:winbindd_cm: make use of cli_set_timeout()
metze
2011-08-03 09:01:39 +02:00
Stefan Metzmacher
a60b1695b1 s3:winbindd_cm: make use of cli_state_protocol()
metze
2011-08-02 04:54:28 +02:00
Stefan Metzmacher
3ce648aee4 s3:winbindd_cm: make use of cli_state_capabilities()
metze
2011-08-02 04:54:28 +02:00
Stefan Metzmacher
477a8a7e47 s3:winbindd_cm: use controller instead of cli->desthost
The should have the same value.

metze
2011-07-22 17:06:10 +02:00
Stefan Metzmacher
8bea5d6402 s3:winbindd_cm: use cli_state_[local|remote]_sockaddr()
metze
2011-07-22 17:06:08 +02:00
Stefan Metzmacher
2b1fc7c0d3 s3:winbindd_cm: remove unused checks for address family
If we got a connection, we don't need to check what
address family it uses.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jul 21 23:33:48 CEST 2011 on sn-devel-104
2011-07-21 23:33:48 +02:00
Stefan Metzmacher
ebe258dd40 s3:libsmb: replace cli_initialise[_ex]() by cli_state_create()
This makes sure cli_state->src_ss and cli_state->dest_ss are always
initialized.

metze
2011-07-21 22:08:53 +02:00
Christian Ambach
bca69bfbc3 s3:winbindd remove an unused variable
fixes a compiler warning
2011-07-21 14:57:10 +02:00
Stefan Metzmacher
7c10b5e033 s3:winbindd_cm: make use of cli->src_ss instead of calling getsockname()
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jul 11 19:31:14 CEST 2011 on sn-devel-104
2011-07-11 19:31:13 +02:00
Stefan Metzmacher
cf4832d010 s3:winbindd_cm: make use of cli->dest_ss instead calling getpeername()
metze
2011-07-11 18:18:30 +02:00
Stefan Metzmacher
7a795ffeb4 s3:winbindd_cm: make use of cli_state_disconnect()
metze
2011-07-11 18:18:29 +02:00
Stefan Metzmacher
0791a4d5be s3:winbindd_cm: make use of cli_state_is_connected()
metze
2011-07-11 18:18:29 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Andrew Bartlett
73b377432c s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.

Andrew Bartlett
2011-06-09 12:40:08 +02:00
Günther Deschner
27022587e3 s3-libsmb: move protos to libsmb/proto.h
Guenther
2011-05-06 16:37:18 +02:00
Jeremy Allison
8380835fc6 Fix warning messages caused by addition of null check in fstrcpy macro. 2011-05-04 12:12:15 -07:00
Günther Deschner
0bb4701a74 s3: remove various references to server side dcerpc structs (which are not needed).
Guenther
2011-05-02 15:03:44 +02:00
Volker Lendecke
aa5abcaf7e s3: Make winbindd_reinit_after_fork return NTSTATUS 2011-04-29 16:57:37 +02:00
Volker Lendecke
0757688eb3 s3: In winbind, close parent/child sockets
This should further reduce fd load in winbind children
2011-04-29 16:57:36 +02:00
Volker Lendecke
2e1522f378 s3: Close the winbind client fds after forking
In an overload situation, the winbind helper child process inherits all those
hundreds of fd's which it will never talk to. Close them.

We (Christian Ambach and me) just saw a crash in libkrb5. Christian's analysis
showed that libkrb5 also does select, probably exceeding FD_SETSIZE and
crashing due to that reason. The parent winbind in theory does not do Kerberos
at all, so this should fix that problem.

The crash is interesting because the child process did not really crash.
Somewhere in glibc backtrace() is called, probably due to an assert() or some
explicit consistency check. This then somehow generates a signal probably due
to corrupted memory structures. That signal triggers Samba to again call
backtrace(). This blocks hard on a ptrace_once(). Sorry for the long backtrace
here, but this *is* interesting.

The child process blocking and not really crashing makes the situation worse:
The parent process does not get told the child has crashed and more client
sockets pile up.

This patch is intended to put some relief on this problem by closing the
majority of sockets the parent holds.

(gdb) bt
\#0  0x00002ad686a2b07b in pthread_once () from /lib64/libpthread.so.0
\#1  0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6
\#2  0x00002ad683eab27c in log_stack_trace () at lib/util.c:1580
\#3  0x00002ad683eab34b in smb_panic (why=0x2ad6841c6ec3 "internal error") at lib/util.c:1481
\#4  0x00002ad683e9af3e in fault_report (sig=1) at lib/fault.c:52
\#5  sig_fault (sig=1) at lib/fault.c:75 #6  <signal handler called>
\#7  0x00002ad68673b005 in _int_malloc () from /lib64/libc.so.6
\#8  0x00002ad68673c95d in calloc () from /lib64/libc.so.6
\#9  0x00002ad684503e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2
\#10 0x00002ad6844ffadc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2
\#11 0x00002ad684501d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2
\#12 0x00002ad68450ac8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
\#13 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
\#14 0x00002ad68450a68c in _dl_open () from /lib64/ld-linux-x86-64.so.2
\#15 0x00002ad6867d0ba0 in do_dlopen () from /lib64/libc.so.6
\#16 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
\#17 0x00002ad6867d0d07 in __libc_dlopen_mode () from /lib64/libc.so.6
\#18 0x00002ad6867adeea in init () from /lib64/libc.so.6
\#19 0x00002ad686a2b083 in pthread_once () from /lib64/libpthread.so.0
\#20 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6
\#21 0x00002ad68673285f in __libc_message () from /lib64/libc.so.6
\#22 0x00002ad68673a30f in _int_free () from /lib64/libc.so.6
\#23 0x00002ad68673a76b in free () from /lib64/libc.so.6
\#24 0x00002ad6853fe346 in krb5int_sendto () from /usr/lib64/libkrb5.so.3
\#25 0x00002ad6853fe511 in krb5_sendto_kdc () from /usr/lib64/libkrb5.so.3
\#26 0x00002ad6853df7c4 in ?? () from /usr/lib64/libkrb5.so.3
\#27 0x00002ad6853e0919 in krb5_get_init_creds () from /usr/lib64/libkrb5.so.3
\#28 0x00002ad6853e2a94 in krb5_get_init_creds_password () from /usr/lib64/libkrb5.so.3
\#29 0x00002ad684169ff1 in kerberos_kinit_password_ext (principal=0x2ad684702180 "<sanitized>", password=0x2ad6844c5bb0 "<sanitized>", time_offset=0, expire_time=0x2ad6846bf380, renew_till_time=0x0, cache_name=0x2ad6843cb3e0 "MEMORY:winbind_ccache", request_pac=false, add_netbios_addr=false, renewable_time=<value optimized out>, ntstatus=0x0) at libads/kerberos.c:223
\#30 0x00002ad68416a223 in ads_kinit_password (ads=0x2ad6846bf330) at libads/kerberos.c:327
\#31 0x00002ad68415f725 in ads_sasl_spnego_bind (ads=0x2ad6846bf330) at libads/sasl.c:812
\#32 0x00002ad68415dbc1 in ads_sasl_bind (ads=0x2ad6846bf330) at libads/sasl.c:1114
\#33 0x00002ad68415c09b in ads_connect (ads=0x2ad6846bf330) at libads/ldap.c:711
\#34 0x00002ad683e1b8f7 in ads_cached_connection (domain=0x2ad6846b07c0) at winbindd/winbindd_ads.c:124
\#35 0x00002ad683e1bc85 in sequence_number (domain=0x2ad6846b07c0, seq=0x2ad6846b0cd8) at winbindd/winbindd_ads.c:1233
\#36 0x00002ad683dffdd7 in refresh_sequence_number (domain=0x2ad6846b07c0, force=128) at winbindd/winbindd_cache.c:510
\#37 0x00002ad683e00520 in wcache_fetch (cache=<value optimized out>, domain=0x2ad6846b07c0, format=0x2ad68419901e "U/%s") at winbindd/winbindd_cache.c:638
\#38 0x00002ad683e04ac8 in query_user (domain=0x2ad6846b07c0, mem_ctx=0x2ad6846bc920, user_sid=0x7fff1d0cb8c0, info=0x7fff1d0cb810) at winbindd/winbindd_cache.c:1910
\#39 0x00002ad683df2d38 in winbindd_dual_userinfo (domain=0x2ad6846b07c0, state=0x7fff1d0cc9c0) at winbindd/winbindd_user.c:173
\#40 0x00002ad683e232e0 in fork_domain_child (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:485
\#41 schedule_async_request (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:319
\#42 0x00002ad683e229f2 in async_request_fail (state=0x2ad6846c1d00) at winbindd/winbindd_dual.c:214
\#43 0x00002ad683ebabec in run_events (ev=0x2ad6846aebf0, selrtn=0, read_fds=0x7fff1d0ce910, write_fds=<value optimized out>) at lib/events.c:123
\#44 0x00002ad683df08cb in process_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1113
\#45 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1437

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Apr 28 12:06:12 CEST 2011 on sn-devel-104
2011-04-28 12:06:12 +02:00
Jeremy Allison
1815f0298f Remove fstrings from client struct. Properly talloc strings (ensuring we never end up with a NULL pointer). 2011-04-27 12:06:25 -07:00
Volker Lendecke
23a6af46c8 s3: Add a 10-second timeout for the 445 or netbios connection to a DC 2011-04-25 09:50:32 +02:00
Stefan Metzmacher
f7bc84409a s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status()
Most fault codes have a NTSTATUS representation, so use that.

This brings the fault handling in common with the source4/librpc/rpc code,
which make it possible to share more highlevel code, between source3 and
source4 as the error checking can be the same now.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104
2011-04-24 10:44:53 +02:00
Günther Deschner
6e3f0d28a4 s3-includes: only include ntdomain.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
ab36d597e7 s3-messages: make ndr_messaging.h part of messages.h.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
b2af281e50 s3-messages: only include messages.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
235f148590 s3-passdb: use passdb headers where needed.
Guenther
2011-03-30 01:13:08 +02:00
Volker Lendecke
6e9b69fb07 s3: Fix Coverity ID 2173: FORWARD_NULL 2011-03-28 11:16:55 +02:00
Günther Deschner
c53e7f8d58 s3-build: use HAVE_ADS define in some more places.
Guenther
2011-03-19 00:11:18 +01:00
Volker Lendecke
3e4879f3bd s3: Cope with 192.168.1.1/24 in smbcontrol ip-dropped
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Mar 18 14:56:38 CET 2011 on sn-devel-104
2011-03-18 14:56:38 +01:00
Volker Lendecke
a40bb91213 s3: Fix uninitialized variables
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar  5 17:25:43 CET 2011 on sn-devel-104
2011-03-05 17:25:43 +01:00
Andreas Schneider
bf18403c81 s3-rpc_client: Move client pipe functions to own header. 2011-02-28 18:15:04 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
2011-02-04 18:11:04 +01:00
Jeremy Allison
3b4738b2fd Fix value overflow (one too many 'f's ).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb  3 03:35:32 CET 2011 on sn-devel-104
2011-02-03 03:35:32 +01:00
Günther Deschner
a85b20a164 s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbind_cm.c
Guenther
2011-02-02 20:00:56 +01:00
Günther Deschner
f21f9192f1 s3-winbind: prefer dcerpc_samr_X functions in invalidate_cm_connection.
Guenther
2011-02-02 13:30:04 +01:00