Age | Commit message (Collapse) | Author | Files | Lines |
|
Original message:
This patch attemptes to clean up winbindd's mutex locking.
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
|
|
Jeremy.
(This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
|
|
Jeremy.
(This used to be commit ea4fe9baadd70e6fc22c5e33de66165895d2e42c)
|
|
server = DC1 *
(This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
|
|
90% fix for CR 1076. The password server parameter will no take things
like
password server = DC1 *
which means to contact DC1 first and the go to auto lookup if it
fails.
jerry
(This used to be commit 016ef8b36b30846311a5321803298f8e28719244)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
|
|
(This used to be commit 6ba7847ce2756fde94e530fd0bf2a055f3e27373)
|
|
anonymous support) is blank.
(This used to be commit b376b7dad003593d26c867ffe8f906084e42160e)
|
|
that app-head does.
Jeremy.
(This used to be commit ec7953f20145799f6286a295472df4826bfdfb8f)
|
|
(This used to be commit 09c6f6329d6ae9327b7ef06de0ea78d24d805456)
|
|
(This used to be commit 324da9fdb93cdc5ed240a3291020858765e70acc)
|
|
* add some files missing from a previous commit
(This used to be commit 29159c97371c75327e377f9d13406dad46095568)
|
|
from APP_HEAD
(This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
|
|
had it...).
Jeremy.
(This used to be commit 151f0c1c526a04ea14ae054e977c76c8617bb113)
|
|
Jeremy.
(This used to be commit 80ee515d7a45965271be0274b0b3815032f27aa1)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
and should be rewritten, just not now... :-).
Jeremy.
(This used to be commit 5de792e7e9c2ad1422ac146caba632baa3f4e5c5)
|
|
- pam_winbind updates from vance, fixing a typo and making some the options
work properly.
- Extra parinoia in the winbind connection loop
- Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do).
- Fix up configure.in to use the same method for building the test .so
as the Makefile uses.
Andrew Bartlett
(This used to be commit 8e705dd9215b1cb3f44d6348094679d7dc6a7fbd)
|
|
I forgot to clean this up when netlogon move across to the connection cache
arrangement.
Also add some smb_panics to the connection_ok() code to try to catch this kind
of thing better in future.
Andrew Bartlett
(This used to be commit f4f23fad6099143ec26550afc67655390070ceb8)
|
|
down some bugs with it...).
Andrew Bartlett
(This used to be commit ef68b28fa0e89345f817ca8fd8f04138a009c21e)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
this prevents propogation delays in the SAM between the PDC and BDCs
(This used to be commit 967cb3ed0c3190f3e95a227e4d998a7312b5990b)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
Fix bug where zeroip addresses were being checked.
Jeremy.
(This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
|
|
This patch fixes the segfaults I introduced in the previous conneciton caching
patch. It cleans up the connection cache a *lot* - in particular it adds
significant robustness to the operation.
If a the DC goes down, we no longer fail the next operation - the code checks
if the connection died during one of its own operations on the socket, and
restarts the conneciton as required.
There is still a memory leak in here somewhere - but this code also cleans up a
number of these.
Also added is the abilty to sepecify the domain of the 'get around restrict anonymous'
user that winbind uses.
Andrew Bartlett
(This used to be commit 92cbefdf2783bf9dbbb2179c1b2f7cdb802d84a9)
|
|
Add a connection cache to the netlogon pipe. This makes a *massive* difference
to the time-per-auth. Also fix up *some* of the memory leaks in other
connection caches.
Add some debugging messages for the is_connected() code. I'm thinking we
should get a client implementation of SMBecho and call it here - as it would
allow us to always know the DC is around before we start.
Down the debug level for some of the pam_winbind code - I'll probably down it
further when I'm finished debugging.
Andrew Bartlett
(This used to be commit 49d3e476662220775ef8da7db01ea17e77e11b0b)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 1f7172b48e77dcda8bfd20d8e79a90b523727493)
|
|
the "password server" smb.conf parameter when choosing a DC to connect to.
Due to the origin of the code in cm_get_dc_name() it wouldn't try
additional DCs if the first DC didn't work. This would wedge winbindd if you
had "password server = foo1, foo2" and foo1 was down.
(This used to be commit fc7ed1b4a8774a6a07a8d8fd08d9d2f15cd5c1dc)
|
|
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
|
|
Also removed the dependency on auth_util.o, which makes things nicer.
Finally, this kills off the NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ
makefile variable - becouse Samba dependencies are starting to be sane again!
Andrew Bartlett
(This used to be commit 4609edcac3b70c11025f0c5aa0ddbeed93369c84)
|
|
IPC$ connections to domain controllers.
(This used to be commit 1217ef28a6c18c085fcb2eac3bf04866c166d959)
|
|
This just splits off the dispinfo call behind a methods structure.
I'll split off a few more functions soon, then we will be ready for
LDAP replacement methods
(This used to be commit 0216b0fca115c903ec31ed21427a83c62077dc95)
|
|
name_status_find() call here should look up a #1c name instead of #1d.
This fixes some bugs currently with BDC authentication in winbindd and in
smbd as you can't query the #1d name with the ip address of a BDC.
Who is Uncle Tom Cobbley anyway?
(This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
|
|
M-x tabify
(This used to be commit 6446d2acd5ead098e5e51b06df5bf78b9e315418)
|
|
(This used to be commit b5999473482475ef64212f4f7204c7895cf8fdf3)
|
|
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
|
|
connection caching. Getting ready for back-merge to 2.2.3.
Jeremy.
(This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf)
|
|
Now we just keep a record of the open pipes.
(This used to be commit 77c287e9460eed7bde7004c7e6c8cb0099c6ba6f)
|
|
Cache negative connection attempt lookups.
Fixed loginc bug in connection_ok()
(This used to be commit e07bcfcccd6d4a29f188d978b2c34a7b18ff21fa)
|
|
the currently open connections when winbindd receives a USR1 signal.
Hmm - I've just realised this will conflict with the messaging code
but we don't use that yet.
(This used to be commit caef54e40081477609a824185949ddf6db6ba363)
|
|
pam authentication. This allows us to link in less other crap.
Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
(This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
|
|
Volker
(This used to be commit fd1d0064b3a4fe834c5d8e810a12a8077f9d2a66)
|
|
(This used to be commit 4f4dace5772780cf4eedc0ebca1c60d04171eb74)
|
|
(This used to be commit 63731d4a00e7a70b48d0c25677c76ec6b2e04ce1)
|
|
- implemented some of the sam related connection manager routines
- fill in group id and gecos fields for getpwnam/getpwuid routines
- convert querydispinfo to cm
- getent passwd now works
Now for the group related routines...
(This used to be commit 4f8ea877876e91d4762f22e78aeb1bce4c65f011)
|
|
I've wrapped up all the decisions about managing, making and closing
connections into a connection manager in nsswitch/winbindd_cm.c.
It's rather incomplete at the moment - only querying basic user info works
at the moment (i.e finger -m DOMAIN/user) and everything else is broken.
Jeremy, please take a look and I'll start moving across the rest of
winbindd to this new system.
(This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
|