Gerald Carter [Fri, 31 May 2002 22:35:21 +0000 (22:35 +0000)]
fix for clock rolling back.
Tim Potter [Fri, 31 May 2002 07:34:34 +0000 (07:34 +0000)]
Set the DNS timeout values to less generous values. This way we have
a hope of recovering if someone configures us with a broken DNS server.
Tim Potter [Fri, 31 May 2002 07:31:53 +0000 (07:31 +0000)]
Don't try to look up a name with resolve_hosts() if we have recently failed to look it up.
Tim Potter [Fri, 31 May 2002 00:23:40 +0000 (00:23 +0000)]
Removed cromulent wbinfo -T patch. Hooray!
Gerald Carter [Thu, 30 May 2002 20:08:12 +0000 (20:08 +0000)]
make sure we close resolv.conf; needs some testing still
Gerald Carter [Thu, 30 May 2002 19:40:53 +0000 (19:40 +0000)]
fix for CR-636. Kill connection to NETLOGON cli_connection
in winbindd_kill_connection(). Otherwise an invalid
cli_state* might get reused.
Tim Potter [Fri, 24 May 2002 07:28:24 +0000 (07:28 +0000)]
This is really gross. Added a winbindd_request_with_timeout() as an ugly
hack to solve some DNS server related issues, namely what to do with a
badly behaving or misconfigured DNS server?
The best way to fix this IMO is to use an asynchronous DNS library to
implement a gethostbyname_with_timeout() sort of function so we're not at
the mercy of the resolver library.
Gerald Carter [Tue, 21 May 2002 20:26:57 +0000 (20:26 +0000)]
added several pointer checks before derefences to prevent
us from crashing if the unexpected happens.
Gerald Carter [Tue, 21 May 2002 19:42:59 +0000 (19:42 +0000)]
second half of fix for CR-657 to address reconnecting
sam_XXX_handles
Gerald Carter [Fri, 17 May 2002 14:52:30 +0000 (14:52 +0000)]
Fix for 657. When the system clock is reset, make sure that
the time difference is establish_connections() is not negative.
If so, then reconnect regardless.
Note that bug was reported on one box, but I fixed the
problem on another another (same symptoms). Need to verify that
the initial cause was the changing of system time.
Gerald Carter [Thu, 16 May 2002 12:04:28 +0000 (12:04 +0000)]
Proper Fix for CR 652. Check for a cli_state* structure that
has the fd == -1. If found remove the cli_connection* fromthe list
and set the shared cli_state* to NULL for any other
cli_connection*'s sharing this state.
Tim Potter [Thu, 9 May 2002 03:53:15 +0000 (03:53 +0000)]
Oops - removed some debugging code that was accidentally checked in. This
may be masking some authentication problems with wbinfo -t...
Tim Potter [Thu, 9 May 2002 03:45:28 +0000 (03:45 +0000)]
I'm pretty sure this label is in the wrong place. CR636 is a hard to
reproduce winbindd crash which is caused by a completely zeroed out
cli_struct being passed to cli_send_trans().
Moving this label should prevent a condition where deleting one of two
connections sharing the same cli_struct ZERO_STRUCTP's out the shared
cli_struct.
Jeremy Allison [Wed, 24 Apr 2002 22:04:13 +0000 (22:04 +0000)]
Fix for CR#606. Back port of "other sids" parsing fix for W2K DC's.
Jeremy.
Tim Potter [Tue, 23 Apr 2002 06:11:02 +0000 (06:11 +0000)]
When killing the connection to the domain controller, shut down the handle
when you are killing domain->name == lp_workgroup() rather than checking
whether the domain controllers were the same. This led to a bizzare state
where winbindd couldn't recover from a PDC failure.
HP CR#600
Tim Potter [Tue, 23 Apr 2002 00:41:31 +0000 (00:41 +0000)]
Compile fix - d'oh!
Tim Potter [Mon, 22 Apr 2002 06:19:49 +0000 (06:19 +0000)]
Try more password servers when authenticating a user via NTLM or
plaintext. A possible fix for cr592.
Tim Potter [Mon, 22 Apr 2002 02:36:18 +0000 (02:36 +0000)]
Removed pointless debug message.
Jeremy Allison [Wed, 10 Apr 2002 22:13:46 +0000 (22:13 +0000)]
Fix for problem MikeN discovered (no CR#) with winbindd returning ok
when a NT_STATUS_NONE_MAPPED is returned but the SID_NAME_USE is SID
DELETED or something similar. This cannot happen in 2.2.x or HEAD as
they always return error on NONE_MAPPED.
Jeremy.
Jeremy Allison [Thu, 4 Apr 2002 18:32:17 +0000 (18:32 +0000)]
Fix for CR#465. Enlarge hash table massively to enable winbindd to quickly
find records. Add cache file trimmer to delete and re-create cache at 50mb.
Jeremy.
Tim Potter [Thu, 28 Mar 2002 03:24:08 +0000 (03:24 +0000)]
Fix for CR519.
Previous fix for memory leak broke wbinfo -a (hmm do we need a proper unit
testing framework or what?)
Now we don't destroy the NETLOGON pipe connection at the end of
cli_net_req_chal(). Instead at the beginning of said function check for an
existing connection instead of always creating a new one.
Jeremy Allison [Thu, 21 Mar 2002 19:57:09 +0000 (19:57 +0000)]
Sid tidyup fixes. Genius idea from tridge - don't use mmap in winbindd
cache tdb when in a 24000 user domain ! Fix for CR#465
Jeremy.
Tim Potter [Thu, 21 Mar 2002 01:24:04 +0000 (01:24 +0000)]
Fixed a memory leak in the global connection cache code that has been
around for *ages*. Use a shell script and gnuplot to graph the rss size
over time - very handy. (-:
HP CR 465.
Tim Potter [Thu, 21 Mar 2002 01:20:46 +0000 (01:20 +0000)]
Memory leak fixes found with Insure in check_any() when checking machine
account password.
HP CR 465.
Tim Potter [Tue, 19 Mar 2002 06:34:25 +0000 (06:34 +0000)]
Use char * instead of fstring for passing input parameters in the
name/sid caching code.
Fixed memory leak in winbindd_lookup_sid_by_name()
Tim Potter [Tue, 19 Mar 2002 05:09:21 +0000 (05:09 +0000)]
Fix memory leak in attempt_connect_dc()
Jeremy Allison [Thu, 14 Mar 2002 04:10:52 +0000 (04:10 +0000)]
Fix core dump on lookup_name/sid returning SID_NAME_UNKNOWN - attempt to
fix CR#479.
Jeremy.
Tim Potter [Thu, 7 Mar 2002 01:55:19 +0000 (01:55 +0000)]
Merge of name/sid capitalisation fix from 2.2.
HP CR464.
Tim Potter [Thu, 21 Feb 2002 01:40:06 +0000 (01:40 +0000)]
Check that the domain controllers returned by a WINS server are actually
DCs for the domain they advertise to be. Silly? Yes but I have log files
of a Microsoft WINS server sending the wrong result! Winbindd gets really
stuck when it latches onto a domain controller for a different domain.
Previously this check was slightly lower down in the call chain so wasn't
being made all the time. CR#334
Martin Pool [Fri, 15 Feb 2002 21:55:42 +0000 (21:55 +0000)]
Merge revision 1.48.2.15
> parse_resolvconf should return the number of nameservers found, and
> resolve_hosts should examine this value to make sure we don't print
> out garbage if we fail to parse /etc/resolv.conf.
>
> (HP CR #311)
Jeremy Allison [Fri, 25 Jan 2002 22:35:23 +0000 (22:35 +0000)]
Re-added the admin log code. DON'T REMOVE !
Jeremy.
Tim Potter [Thu, 24 Jan 2002 01:35:43 +0000 (01:35 +0000)]
Oops - forgot to commit this. Fixes compile error. (-:
Tim Potter [Mon, 21 Jan 2002 02:13:45 +0000 (02:13 +0000)]
Code too ugly to live alert! Aooga aooga!
Removed another pointless static buffer - the number of groups a user is a
member of. Winbindd would crash with an assert error if a (successful)
samlogon returned more than 32 groups. Unfortunately the programmer has to
remember to free this data from the info3 after it is no longer needed.
Luckily this general problem has been fixed in HEAD/2.2 by moving to
talloc instead of malloc for unmarshalling dynamic rpc data.
Jeremy Allison [Sat, 19 Jan 2002 21:30:06 +0000 (21:30 +0000)]
Fixup signal handling - close idmap tdb on exit. Don't do termination
inside a signal handler.
Jeremy.
Tim Potter [Thu, 17 Jan 2002 05:43:36 +0000 (05:43 +0000)]
OK this should work this time - I made a typo in merging this last time.
Merge of Jeremy's win2k name status lookup patch.
Tim Potter [Thu, 17 Jan 2002 05:06:56 +0000 (05:06 +0000)]
Merged name_status_find() debugs.
Tim Potter [Wed, 16 Jan 2002 06:37:22 +0000 (06:37 +0000)]
Backed out win2k name_status_find() patches as they are breaking some
other stuff. Not quite sure this is the best way to do it anyway.
Tim.
Tim Potter [Wed, 16 Jan 2002 01:30:57 +0000 (01:30 +0000)]
Added some debugs to name_status_find() - a simple matter of programming.
(-:
Martin Pool [Tue, 15 Jan 2002 03:57:26 +0000 (03:57 +0000)]
Try to make winbindd build properly again after merge to
name_status_find() in namequery.c,1.35.2.8.2.9, by passing what I
*think* is the relevant domain name as the first parameter.
I'm really not sure if 0x20 is still the right query-type; somebody
please review this!
Tim Potter [Thu, 10 Jan 2002 02:48:59 +0000 (02:48 +0000)]
Merge ... Jeremy's *#00 lookup for win2k patches. I'm still not convinced
there is a problem (can't reproduce it) but merging for a customer test.
Tim Potter [Tue, 8 Jan 2002 06:11:36 +0000 (06:11 +0000)]
Added a yucky hack to make sure we always try to check the machine account
password even if we are having network problems.
Tim Potter [Tue, 8 Jan 2002 05:53:17 +0000 (05:53 +0000)]
Fixed uninitialised result variable when checking machine account
password.
If we had a WINS server, 'password server = *', and all the domain
controllers were down we would return OK even though the secret had not
actually been checked. Now we return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND.
Tim Potter [Tue, 8 Jan 2002 05:50:30 +0000 (05:50 +0000)]
Added some debugs to internal_resolve_name() so we can see what it is
looking up and what it is returning.
Remove duplicates from the list of returned addresses as for #1c lookups
the PDC IP is returned twice and if it is down we have to wear two lots of
timeouts.
Tim Potter [Fri, 21 Dec 2001 02:36:38 +0000 (02:36 +0000)]
Merge from HEAD.
Tim Potter [Wed, 12 Dec 2001 03:05:45 +0000 (03:05 +0000)]
Fixed logic error in winbindd_kill_connections() which was causing it to
get stuck in an infinite loop.
Tim Potter [Wed, 12 Dec 2001 02:45:50 +0000 (02:45 +0000)]
Fixed typo in debug statement.
Tim Potter [Mon, 10 Dec 2001 06:03:15 +0000 (06:03 +0000)]
Fix memory leaks in enumerating groups with wbinfo -g
Tim Potter [Thu, 6 Dec 2001 04:29:25 +0000 (04:29 +0000)]
Ensure we have open sam handles when querying the domain sequence number.
This fixes Jeremy's merge of the name<->sid caching code from HEAD.
Tim Potter [Thu, 6 Dec 2001 04:22:26 +0000 (04:22 +0000)]
Fixed typo in debug.
Jeremy Allison [Wed, 5 Dec 2001 04:36:41 +0000 (04:36 +0000)]
Added -ve caching for pw lookups.
Jeremy.
Jeremy Allison [Wed, 5 Dec 2001 04:28:37 +0000 (04:28 +0000)]
Made parse_domain_user return a bool.
Added +ve/-ve sid and user name caching. Back ported from 2.2
Jeremy.
Jeremy Allison [Wed, 5 Dec 2001 02:51:45 +0000 (02:51 +0000)]
Commit to correct branch this time...
Jeremy.
Jeremy Allison [Wed, 5 Dec 2001 02:50:26 +0000 (02:50 +0000)]
Commit to correct branch.... :-(.
Jeremy.
Tim Potter [Wed, 28 Nov 2001 00:17:26 +0000 (00:17 +0000)]
Fix from HEAD: Use the challenge length instead of the size of the
challenge array in make_id_info2().
Tim Potter [Wed, 28 Nov 2001 00:06:58 +0000 (00:06 +0000)]
Use lm_resp_len and nt_resp_len sent by the winbind client rather
than hardcoding to 24.
Tim Potter [Fri, 16 Nov 2001 02:23:03 +0000 (02:23 +0000)]
Merged DNS robustness patch from HEAD:
> revision 1.302
> date: 2001/06/18 05:42:18; author: tpot; state: Exp; lines: +4 -65
> Removed silly Get_Hostbyname() wrapper as DNS names are case-insensitive
> and the use of this function only increased timeouts when Samba queries
> a broken DNS server.
Jeremy Allison [Wed, 14 Nov 2001 04:29:00 +0000 (04:29 +0000)]
*Usefull* debugs for winbindd. These will appear in 2.2 and HEAD shortly..
Jeremy.
Gerald Carter [Tue, 13 Nov 2001 14:38:58 +0000 (14:38 +0000)]
Sync up open_socket_in() with APPLIANCE_HEAD. This was the cause
of some previous broken DNS dependencies. Just for safety sake
here.
Tim Potter [Fri, 9 Nov 2001 05:41:03 +0000 (05:41 +0000)]
Added -a option to usage info.
Tim Potter [Thu, 8 Nov 2001 03:26:06 +0000 (03:26 +0000)]
Remove silly ".client" extension from log file name.
Tim Potter [Thu, 8 Nov 2001 01:42:32 +0000 (01:42 +0000)]
Converted a bunch of report() calls to DEBUG() statements so they appear in
the log file when the -l option is used.
Oops - should have mentioned in the previous commit message that a "-a"
option to append to a log file instead of overwriting it was added to
lib/cmd_interp.c
Tim Potter [Thu, 8 Nov 2001 01:40:54 +0000 (01:40 +0000)]
Converted a bunch of report() calls to DEBUG() statements so they appear in
the log file when the -l option is used.
Gerald Carter [Thu, 30 Aug 2001 00:11:15 +0000 (00:11 +0000)]
fixed free() that was causing memory cooruption later on.
Gerald Carter [Wed, 29 Aug 2001 23:31:02 +0000 (23:31 +0000)]
fix for enumerating groups from trusted domains.
Gerald Carter [Fri, 24 Aug 2001 21:06:01 +0000 (21:06 +0000)]
fixed looping logic bug that caused wbinfo -g to never return
Gerald Carter [Thu, 23 Aug 2001 20:03:22 +0000 (20:03 +0000)]
fix for bug where 'wbinfo -g' would not return a complete
list of groups from a PDC with >1000 groups.
also fixed a bug that would cause the NSS module to get a
premature end of listing of groups.
jerry
Tim Potter [Thu, 23 Aug 2001 03:09:05 +0000 (03:09 +0000)]
Replace broken NTLM challenge/response authentication command with new
shiny working one.
Tim Potter [Thu, 16 Aug 2001 01:24:31 +0000 (01:24 +0000)]
Updated wbinfo to link in some encryption code for hashing passwords.
Tim Potter [Thu, 16 Aug 2001 01:18:18 +0000 (01:18 +0000)]
Added wbinfo client functions to test user authentication with
plaintext/hashed passwords.
Tim Potter [Thu, 16 Aug 2001 01:02:18 +0000 (01:02 +0000)]
Added a winbind server function to authenticate a user with a hashed
password instead of a plaintext one.
Tim Potter [Thu, 19 Jul 2001 00:37:12 +0000 (00:37 +0000)]
winbindd_kill_connections() was sometimes closing the wrong connection
which could result in a window where the pdc lsa handle was not
contactable.
Tim Potter [Wed, 18 Jul 2001 23:54:53 +0000 (23:54 +0000)]
Backed out unstable fix for bdc problems.
When looking up domain sid, compare the domain name with our workgroup
instead of the netbios names as this will now work properly with BDCs.
Tim Potter [Tue, 17 Jul 2001 23:58:42 +0000 (23:58 +0000)]
By setting the password server parameter to a BDC it was possible to get
stuck in a condition where winbindd would not have a valid lsa handle.
This produces a small window where it is impossible to retrieve any domain
information from the BDC. When looking up domain information open a lsa
connection if it is not already opened.
(This commit message applies to the previous rev - managed to commit the
wrong file last time )-:)
Tim Potter [Tue, 17 Jul 2001 23:55:27 +0000 (23:55 +0000)]
Added a debug when winbind ignores a request because it is recovering from
a broken connection.
Tim Potter [Tue, 17 Jul 2001 23:52:46 +0000 (23:52 +0000)]
Fixed bug in get_any_dc_name() so we can tell the difference between a
machine that is a domain controller for another domain versus a machine
that is not a domain controller at all.
This also fixes spurious warning messages about garbage domains.
Tim Potter [Tue, 17 Jul 2001 07:24:26 +0000 (07:24 +0000)]
BDCs seem to lag behind by a random amount of time when the trust account
password is changed. Use the PDC when this condition is detected even if
a BDC is listed in the 'password server' list or when it is the closest DC
available. Still need to test some weird corner cases.
Tim Potter [Wed, 4 Jul 2001 02:12:54 +0000 (02:12 +0000)]
Fixed a race condition in winbindd between fetching the trust account
password and checking it against the PDC if you join the domain while the
check is in progress.
Tim Potter [Wed, 20 Jun 2001 06:39:54 +0000 (06:39 +0000)]
Fix for winbind behaviour when broken password servers are specified and no
other DCs are available. Forgot that next_token() changes the first
argument passed to it. )-:
Tim Potter [Wed, 20 Jun 2001 06:25:10 +0000 (06:25 +0000)]
Merge of forgot to check in this bit. (-:
Tim Potter [Wed, 20 Jun 2001 01:45:02 +0000 (01:45 +0000)]
Don't call find_domain_from_name() from winbindd_kill_connections() as
you get stuck in an infinite loop!
Tim Potter [Wed, 6 Jun 2001 02:22:13 +0000 (02:22 +0000)]
Fixed up debug message.
Tim Potter [Wed, 6 Jun 2001 02:18:15 +0000 (02:18 +0000)]
Fix for winbindd accidentally picking up a domain controller for a trusted
domain if we have erroneously specified it as a password server.
Tim Potter [Tue, 22 May 2001 00:48:59 +0000 (00:48 +0000)]
Why do we have to try to (re-)set the ACB to be the same as what we passed
in the samr_create_dom_user() call? When a NT workstation is joined to a
domain by an administrator the acb_info is set to 0x80. For a normal user
with "Add workstations to the domain" rights the acb_info is 0x84. I'm not
sure whether it is supposed to make a difference or not. NT seems to cope
with either value so don't bomb out if the set userinfo2 level 0x10 fails.
Tim Potter [Thu, 10 May 2001 07:10:33 +0000 (07:10 +0000)]
Only dos_to_unix workgroup if it was passed in from the command line. This
i18n is oh so dodgy. )-:
Tim Potter [Thu, 3 May 2001 07:06:06 +0000 (07:06 +0000)]
Fix for using samedit with an account that has "Add workstations to domain"
right but is not in the administrators group.
Tim Potter [Thu, 3 May 2001 05:02:59 +0000 (05:02 +0000)]
Woot!
Another i18n fix for using samedit with -S * and -W DOMAIN where DOMAIN
contains an international character.
Tim Potter [Tue, 1 May 2001 05:48:01 +0000 (05:48 +0000)]
Fix for wbinfo -t when joining a domain containing an international
character.
Tim Potter [Thu, 15 Mar 2001 02:17:33 +0000 (02:17 +0000)]
Don't use 'password server' when contacting trusted domains.
Tim Potter [Thu, 15 Mar 2001 01:15:41 +0000 (01:15 +0000)]
Fixed a problem in locating domain controllers where specifying a password
server in smb.conf would cause winbind to always use that server regardless
of whether that server was a domain controller for the domain in question.
Tim Potter [Wed, 14 Mar 2001 23:38:59 +0000 (23:38 +0000)]
When looking up domain SIDS for trusted domains we were incorrectly
querying the PDC for the primary domain instead of the PDC for the domain
being looked up. Doh!!
Tim Potter [Thu, 1 Mar 2001 07:16:37 +0000 (07:16 +0000)]
Compare domain names rather than domain controller names when looking up
domain sids.
Tim Potter [Sat, 17 Feb 2001 04:06:13 +0000 (04:06 +0000)]
Fix for machine account check when PDC is down and using a WINS server.
Tim Potter [Fri, 16 Feb 2001 00:41:23 +0000 (00:41 +0000)]
Convert strings to dos codepage before running strupper(). Yeech!
Tim Potter [Fri, 16 Feb 2001 00:40:56 +0000 (00:40 +0000)]
Up to date protos.
Tim Potter [Fri, 16 Feb 2001 00:40:33 +0000 (00:40 +0000)]
When checking machine secret, use BDC if PDC is down.
Tim Potter [Fri, 16 Feb 2001 00:39:50 +0000 (00:39 +0000)]
Merge of name_status_find() stuff from head.
Tim Potter [Wed, 14 Feb 2001 03:27:18 +0000 (03:27 +0000)]
Store key for machine trust account in dos codepage.
Tim Potter [Tue, 13 Feb 2001 03:34:53 +0000 (03:34 +0000)]
Use O_TRUNC on open instead of unlink()
Tim Potter [Mon, 12 Feb 2001 02:14:47 +0000 (02:14 +0000)]
i18n fix from HEAD
Tim Potter [Sat, 3 Feb 2001 19:07:16 +0000 (19:07 +0000)]
Removed unused variables.