sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code
255f2e0699
samba-mirror/source3
History
Stefan Metzmacher 255f2e0699 s3:winbindd: catch lookup_names/sids schannel errors over ncacn_ip_tcp (bug #7944) 
If winbindd connects to a domain controller it doesn't establish the lsa
connection over ncacn_ip_tcp direct. This happens only on demand.

If someone does a 'net rpc testjoin' and then a
wbinfo -n DOMAIN\\administrator, we'll get DCERPC faults with
ACCESS_DENIED/SEC_PKG_ERROR, because winbindd's in memory copy
of the schannel session key is invalidated.

This problem can also happen on other calls, but the
lookup_names/sids calls on thet lsa ncacn_ip_tcp connection
are the most important ones.

The long term fix is to store the schannel client state in a
tdb, but for now it's enough to catch the error and invalidate
the all connections to the dc and reestablish the schannel
session key.

The fix for bug 7568 (commit be396411a4)
made this worse, as it assumes winbindd's in memory session key is
always the current one.

metze
2011-02-02 15:45:19 +01:00
..
auth s3: Make sure we call wbcAuthenticateUserEx correctly 2011-01-17 16:30:11 +01:00
build s3-waf: add PKGCONFIGDIR. 2011-01-25 11:42:46 +01:00
client s3-smbclient: Fix cli_errstr() usage (part of bug #7864) 2011-01-25 11:41:53 +01:00
exports s3: Remove a leftover of my lua experiments 2010-04-19 15:25:57 +02:00
groupdb libcli/security Provide a common, top level libcli/security/security.h 2010-10-12 05:54:10 +00:00
include Revert "s3:events: Call all ready fd event handlers on each iteration of the main loop" 2011-01-31 16:16:09 +01:00
intl
lib s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
libads s3:libads: use dcerpc_spoolss_X() functions 2011-01-21 12:30:22 +01:00
libgpo s3-waf: avoid module name uppercasing. 2010-12-01 18:39:14 +01:00
libnet s3:libnet/libnet_samsync_display: fix netr_DELTA_* display 2011-02-01 18:35:22 +01:00
librpc s3-librpc: Added dcerpc_binding_vector_create function. 2011-02-02 12:44:20 +01:00
libsmb s3:libsmb: display NT_STATUS_RPC_SEC_PKG_ERROR in error strings 2011-01-30 17:36:21 +01:00
locale Updated french translations from Jean Delvare <jdelvare@suse.de> 2010-12-04 18:23:54 +01:00
locking Missed one debug printf of name_hash. Ensure always use %x. 2011-01-26 00:46:27 +01:00
m4 s3: Make nmbd socket dir configurable 2011-01-07 14:14:19 +01:00
modules s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
nmbd s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
pam_smbpass s3-waf: check for "WITH_PAM_MODULES" to determine pam_smbpass build. 2010-12-14 22:42:18 +01:00
param s3: Make _lp_maxprotocol static 2011-01-29 16:07:28 +01:00
passdb s3-auth: Fixed account lockout check. 2011-01-17 16:50:50 +01:00
pkgconfig
po
printing s3:printing: use dcerpc_spoolss_X() functions 2011-01-21 13:14:49 +01:00
profile Rename vfs operation posix_fallocate to just fallocate and add the vfs_fallocate_mode parameter. 2010-12-18 08:59:27 +01:00
registry s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
rpc_client s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
rpc_server s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
rpcclient s3: Remove superfluous ; 2011-02-02 15:44:21 +01:00
script s3-selftest: Enable RPC-EPMAPPER tests. 2011-02-02 13:28:41 +01:00
selftest s3-selftest: re-sync with s4-selftest wscript. 2011-01-10 13:41:38 +01:00
services s3: Avoid a ton of registry writes at startup 2011-01-08 12:39:09 +01:00
smbd s3-smbd: Added a function to setup rpc services. 2011-02-02 12:44:20 +01:00
stf
tests
torture s3: test addrchange 2011-02-01 15:11:06 +01:00
utils s3: Fix a typo 2011-02-02 14:58:52 +01:00
web s3: Fix a type error 2011-01-08 11:30:18 +01:00
winbindd s3:winbindd: catch lookup_names/sids schannel errors over ncacn_ip_tcp (bug #7944) 2011-02-02 15:45:19 +01:00
.dmallocrc
.indent.pro
autogen-waf.sh s3-waf: add autogen-waf.sh to source3. 2010-09-24 11:26:11 -07:00
autogen.sh s3-build: remove another leftover of -I../source4. 2011-01-27 13:30:30 +01:00
change-log
config.guess
config.sub
configure.developer
configure.in s3: Add support for AF_NETLINK addr notifications 2011-02-01 15:11:06 +01:00
Doxyfile
dynconfig.c s3: Make nmbd socket dir configurable 2011-01-07 14:14:19 +01:00
install-sh
localedir.c
mainpage.dox
Makefile.in s3-smbd: Added a function to setup rpc services. 2011-02-02 12:44:20 +01:00
smbadduser.in
VERSION s3: Fix a typo 2010-04-08 10:49:57 +02:00
wscript s3-waf: fix the build after linux netlink changes. 2011-02-01 23:21:50 +01:00
wscript_build s3-waf: fix the build after linux netlink changes. 2011-02-01 23:21:50 +01:00