samba.git/source3/winbindd, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. winbindd:migrate_secrets_tdb_to_ldb() handles no client password 2025-08-26T22:42:39+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2025-02-05T03:50:28+00:00 82120ebf7967584c8f4d55e710d2e4b7b1c32126 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
winbindd: CID 1508963 Fixing print statement for time_t 2025-08-26T15:40:41+00:00 Rabinarayan Panigrahi rapanigr@redhat.com 2025-08-25T07:09:10+00:00 ddac5c999f49db4fc6b31369b3180ab53642a205 Fixing DEBUG output for time_t to uintmax_t Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Aug 26 15:40:41 UTC 2025 on atb-devel-224 
Fixing DEBUG output for time_t to uintmax_t

Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 26 15:40:41 UTC 2025 on atb-devel-224
idmap_ad: add and use ldap_timeout and fix LDAP server failover 2025-08-13T18:30:44+00:00 Ralph Boehme slow@samba.org 2025-07-24T13:49:19+00:00 4d69ec473b7be763399c9787eda8e659a1582184 The key parts are: 1. If an LDAP search fails with the hardcoded fatal error, remove the retry. That would only retry the query against the same server, taken from the DCINFO cache key. Instead, force a DC rediscovery. 2. Set a default ldap_timeout and pass it to tldap_search(). This avoids tldap_search() hanging forever on a stale TCP connection. 3. The LDAP server idmap_ad is using is not necessarily the same DC we're using for RPC, so in case we learn about a dead DC, put it in the negative-conn-cache. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
The key parts are:

1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.

2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.

3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
winbindd: use find_domain_from_name_noinit() in find_dns_domain_name() 2025-08-13T18:30:44+00:00 Ralph Boehme slow@samba.org 2025-07-22T17:16:14+00:00 9ad2e59a464bb472da2071c61a254547b6497625 Avoid triggering a connection to a DC of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
Avoid triggering a connection to a DC of a trusted domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
nsswitch: support all known DS lookup flags in wbclient's wbcLookupDomainController() 2025-08-12T08:26:55+00:00 Günther Deschner gd@samba.org 2025-07-14T18:18:08+00:00 82dd1ee9e75a12751063de324496fcb97af2e89f Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Aug 12 08:26:55 UTC 2025 on atb-devel-224 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Aug 12 08:26:55 UTC 2025 on atb-devel-224
s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC 2025-08-05T13:51:37+00:00 Pavel Filipenský pfilipensky@samba.org 2025-07-23T13:09:21+00:00 4921c3304e5e0480e5bb80a757b3f04b3b92c3b1 server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling in dcip_check_name(). We should resolve the DC name using: - CLDAP in dcip_check_name_ads() instead of: - NETBIOS in nbt_getdc() that fails if Windows is not providing netbios. The impacted environment has: domain->alt_name = example.com domain->active_directory = 1 security = USER server role = ROLE_IPA_DC BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Pair-programmed-with: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling
in dcip_check_name().  We should resolve the DC name using:
- CLDAP in dcip_check_name_ads()
instead of:
- NETBIOS in nbt_getdc() that fails if Windows is not providing netbios.

The impacted environment has:

domain->alt_name = example.com
domain->active_directory = 1
security = USER
server role = ROLE_IPA_DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-programmed-with: Andreas Schneider <asn@samba.org>

Reviewed-by: Alexander Bokovoy <ab@samba.org>
 winbindd: blacklist servers returning ACCESS_DENIED/authoritative=0 2025-07-30T09:09:40+00:00 Stefan Metzmacher metze@samba.org 2022-02-16T13:23:16+00:00 ce80451f3af4418d1c83be009b58b3824c071cae https://bugzilla.samba.org/show_bug.cgi?id=14981 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
winbindd: always use winbind_add_failed_connection_entry() wrapper 2025-07-30T09:09:40+00:00 Stefan Metzmacher metze@samba.org 2022-02-16T13:18:50+00:00 7fed75c495ead8f476c805b91cc6624ebf933427 We should not use add_failed_connection_entry() directly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
We should not use add_failed_connection_entry() directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s3:winbind: Initialize and setup idmap child in winbindd_getgrnam() 2025-07-08T07:21:26+00:00 Samuel Cabrero scabrero@samba.org 2025-07-07T11:15:43+00:00 0c4b632310b6e946d8493735b8cdeeb0d2cc39fe Make sure the idmap child is initialized before delegating the name unmapping. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15882 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Samuel Cabrero <scabrero@samba.org> Autobuild-Date(master): Tue Jul 8 07:21:26 UTC 2025 on atb-devel-224 
Make sure the idmap child is initialized before delegating the name unmapping.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15882

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Jul  8 07:21:26 UTC 2025 on atb-devel-224
s3:winbind: Initialize and setup idmap child in winbindd_getpwnam() 2025-07-08T06:23:37+00:00 Samuel Cabrero scabrero@samba.org 2025-07-07T11:04:15+00:00 96ff066980649c5a7ec549983232a574d437eb71 Make sure the idmap child is initialized before delegating the name unmapping. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15882 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
Make sure the idmap child is initialized before delegating the name unmapping.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15882

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>