1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

47 Commits

Author SHA1 Message Date
Günther Deschner
a8c0de35f7 s3-kerberos: remove unused kdc_name from create_local_private_krb5_conf_for_domain().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar  7 18:43:57 CET 2014 on sn-devel-104
2014-03-07 18:43:57 +01:00
Jeremy Allison
32037e0533 Add a talloc context to sitename_fetch().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-05 09:17:27 -07:00
Jeremy Allison
526e875cec Check error returns from strupper_m() (in all reasonable places). 2012-08-09 12:06:54 -07:00
Jeremy Allison
e1ec86a49c Fix missing ads_destroy in error path. 2012-08-09 09:47:35 -07:00
Andrew Bartlett
f3562424b6 lib/param: Move all enum declarations to lib/param
This is in preperation for the parameter table being made common.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-24 11:01:17 +02:00
Volker Lendecke
fec0baacb6 s3: Make is_zero_addr take a sockaddr_storage
All callers had to cast this anyway

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 27 11:02:53 CET 2011 on sn-devel-104
2011-02-27 11:02:53 +01:00
Günther Deschner
e4bf69285b s3-libsmb: fix ifdef check in ads_dc_name.
We are accessing an LDAP structure here, so we better check that LDAP support
was there as well as Kerberos support.

Guenther
2011-02-11 12:22:41 +01:00
Volker Lendecke
8c6b0b61e5 s3: Fix some nonempty blank lines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 12 19:04:25 CET 2011 on sn-devel-104
2011-01-12 19:04:24 +01:00
Günther Deschner
164ee0fe56 s3-libsmb: include nbt.h in namequery_dc code.
Guenther
2010-08-06 15:43:37 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h.
Guenther
2010-08-05 00:32:02 +02:00
Günther Deschner
e3bdff3d67 s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
Guenther
2010-05-17 12:47:50 +02:00
Simo Sorce
61b7a24f16 s3 move the sitename cache in its own file 2010-02-23 12:46:26 -05:00
Tim Prouty
1eb743ab8e s3: Change sockaddr util function names for consistency
Also eliminates name conflicts with OneFS system libraries
2008-12-03 10:40:20 -08:00
Jelmer Vernooij
d6a5476ee7 Use sockaddr_storage only where we rely on the size, use sockaddr
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
2008-10-23 19:53:15 +02:00
Günther Deschner
bcbac69d1a cldap: avoid duplicate definitions so remove ads_cldap.h.
Guenther
(This used to be commit 538eefe22a)
2008-04-21 20:21:40 +02:00
Jeremy Allison
d4307679b9 Change all occurrences of zero_addr(&ss,AF_INET) to
zero_addr(&ss). All current uses were always of the
AF_INET form, so simplify the call. If in the future
we need to zero an addr to AF_INET6 this can be
done separately.
Jeremy.
(This used to be commit 2e92418a13)
2007-10-27 20:29:36 -07:00
Jeremy Allison
f88b7a076b This is a large patch (sorry). Migrate from struct in_addr
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
2007-10-24 14:16:54 -07:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Jeremy Allison
8e54530b52 Add start of IPv6 implementation. Currently most of this is avoiding
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
2007-10-10 18:25:16 -07:00
Lars Müller
a747e8bdcf r25032: Contact an off site DC if non is available on site.
(This used to be commit 50879e6de5)
2007-10-10 12:30:36 -05:00
Stefan Metzmacher
57dd25cccb r23893: add dummy callbacks for LDAP SASL wrapping,
they're not used yet...

metze
(This used to be commit a3b97cdce7)
2007-10-10 12:28:39 -05:00
Stefan Metzmacher
809c9d4d31 r23888: move elements belonging to the current ldap connection to a
substructure.

metze
(This used to be commit 00909194a6)
2007-10-10 12:28:38 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Simo Sorce
b304cabb44 r22425: Avoid to segfault if we only have the realm.
(This used to be commit ace1520270)
2007-10-10 12:19:34 -05:00
Günther Deschner
e9c294b926 r20874: We need to distinguish client sitenames per realm. We were overwriting
the stored client sitename with the sitename from each sucessfull CLDAP
connection.

Guenther
(This used to be commit 6a13e878b5)
2007-10-10 12:17:16 -05:00
Jeremy Allison
bfd099e148 r20857: Silence gives assent :-). Checking in the fix for
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89a)
2007-10-10 12:17:14 -05:00
Jeremy Allison
eeb14fcc94 r20296: If we're going to overwrite krb5.conf
only do it for our primary domain.
Jeremy.
(This used to be commit 61d31ce008)
2007-10-10 12:16:39 -05:00
Günther Deschner
61a38bd4b8 r19651: Fix interesting bug with the automatic site coverage in Active Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.

Guenther
(This used to be commit ff004f7284)
2007-10-10 12:15:44 -05:00
Jeremy Allison
37be6913fe r19249: Attempt to fix a site lookup bug found by Guenther.
- "The problem is, with a fresh system, we don't know our sitename,
therefor we do a stupid DNS query for all DCs. The reply we get is a
round-robin list of all 21 DCs, we just pick the first, contact that
and safe that INET.COM#1C query in the name cache for later use...
What we need to do if we don't yet know our sitename, is to contact to
any DC, get the CLDAP reply to tell us in which site we are, then flush
the namecache and requery DNS including the sitename"

Implement the flushing of the #1C entries for a given NetBIOS name/realm
when looking up the site value.

Jeremy.
(This used to be commit b2d1e44f59)
2007-10-10 12:15:25 -05:00
Jeremy Allison
2fcd113f55 r17945: Store the server and client sitenames in the ADS
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
(This used to be commit 9be4ecf24b)
2007-10-10 11:39:01 -05:00
Jeremy Allison
6fada7a82a r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d)
2007-10-10 11:39:01 -05:00
Jeremy Allison
bc28b5c700 r17933: Don't print a NULL sitename.
Jeremy.
(This used to be commit 2829dbc3e0)
2007-10-10 11:39:00 -05:00
Jeremy Allison
7b7ce43b40 r17929: Ok, I think I finally figured out where to put
the code to redo the CLDAP query to restrict DC
DNS lookups to the sitename. Jerry, please check
to stop me going insane :-).
Jeremy.
(This used to be commit 8d22cc1115)
2007-10-10 11:38:59 -05:00
Volker Lendecke
c52b3fb89f r17881: Another microstep towards better error reporting: Make get_sorted_dc_list
return NTSTATUS.

If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.

Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?

Volker
(This used to be commit 60a166f034)
2007-10-10 11:38:57 -05:00
Gerald Carter
855e02f164 r13310: first round of server affinity patches for winbindd & net ads join
(This used to be commit 6c3480f9ae)
2007-10-10 11:06:23 -05:00
Jeremy Allison
675ecdd5ba r539: Mem leak fixes from kawasa_r@itg.hitachi.co.jp
Jeremy.
(This used to be commit 8fe47b0bf2)
2007-10-10 10:51:28 -05:00
Andrew Bartlett
a7f8c26d24 Change our Domain controller lookup routines to more carefully seperate
DNS names (realms) from NetBIOS domain names.

Until now, we would experience delays as we broadcast lookups for DNS names
onto the local network segments.

Now if DNS comes back negative, we fall straight back to looking up the
short name.

Andrew Bartlett
(This used to be commit 32397c8b01)
2004-01-05 04:10:28 +00:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
2003-10-22 23:38:20 +00:00
Gerald Carter
4b5257b5b0 fix 2 bugs:
1)  don't ask trusted DC's for a list of trusted domains.  This causes
      us to treat non-transitive ones as if they were transitive.  Not
      needed anyways

  2)  Fix dc lookup bug where we would always try to use DNS to resolve
      the DC's for a domain (even if it was a trusted NT4 domain).
(This used to be commit 4d3acce506)
2003-08-08 23:53:13 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Gerald Carter
e359dbcedb * cleanup more DC name resolution issues in check_*domain_security()
* is_trusted_domain() is broken without winbind.  Still working on this.
* get_global_sam_name() should return the workgroup name unless we
  are a standalone server (verified by volker)
* Get_Pwnam() should always fall back to the username (minus domain name)
  even if it is not our workgroup so that TRUSTEDOMAIN\user can logon
  if 'user' exists in the local list of accounts (on domain members w/o
  winbind)

Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0
domain member not running winbindd.

notes: make_user_info_map() is slightly broken now due to the
fact that is_trusted_domain() only works with winbindd.  disabled
checks temporarily until I can sort this out.
(This used to be commit e1d6094d06)
2003-06-30 20:45:14 +00:00
Gerald Carter
f51d769dd3 large change:
*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda42)
2003-06-25 17:41:05 +00:00
Gerald Carter
f36c96d59c * s/get_dc_name/rpc_dc_name/g (revert a previous change)
* move back to qsort() for sorting IP address in get_dc_list()

* remove dc_name_cache in cm_get_dc_name() since it slowed
  things down more than it helped.  I've made a note of where
  to add in the negative connection cache in the ads code.
  Will come back to that.

* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
  of MAX_ALLOWED)

* only enumerate domain local groups in our domain

* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b)
2003-06-23 19:05:23 +00:00
Jeremy Allison
292a51eda1 Forward port the app-head changes for dc name cache into 3.0.
Jeremy.
(This used to be commit 8bcc3116a2)
2003-06-13 21:03:15 +00:00
Gerald Carter
0d55e9c536 merge from APP_HEAD. Push negative connection cache
into rpc_find_dc().  Should probably be extended some more
in 3.0 but this is what we have for the moment.
(This used to be commit 0e23abf95c)
2003-06-06 14:11:14 +00:00
Gerald Carter
f6c4f25e43 merge of get_dc_name()-like code from APP_HEAD; better support password server = DC1 *
(This used to be commit 6b18ca9511)
2002-12-12 23:35:55 +00:00