Age | Commit message (Collapse) | Author | Files | Lines |
|
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
|
|
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.
This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.
Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
|
|
the daemons themselves. Allows client utilities to silently
fail to create a messaging context due to access denied on the
messaging tdb (which I need for the following patch).
Jeremy.
|
|
|
|
Guenther
|
|
metze
|
|
metze
|
|
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
That will hopefully make debugging a bit easier (at least for me).
metze
|
|
(*trusted_domains)
|
|
|
|
|
|
|
|
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.
In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.
Guenther
|
|
Guenther
|
|
|
|
|
|
|
|
We need to enumerate passdb alias members
Thanks to gd for bugging me :-)
|
|
|
|
|
|
|
|
Pass a "flags" argument instead of the original winbind command down the
name_to_sid chain. This way we are independent of the winbind commands and
can take the decision at a much higher level
|
|
|
|
The main loop now allocates the response, this has to be done everywhere
|
|
This shrinks the memory footprint of an idle client by 5592 bytes to 60 bytes
on my 32-bit box.
|
|
Same comment as in baa6084378e530b: This is just a preparatory checkin.
Volker
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In itself, this is pretty pointless. But in the next steps I'll convert the
winbind internal communication to wb_reqtrans which allocates the request
properly. This minimizes the later diff.
Volker
|
|
Guenther
|
|
|
|
It's really confusing to have two versions of 'fd_event'
metze
|
|
metze
|
|
Guenther
(This used to be commit 15b72d44cbde0b8a375d8ed3d045c40ae97ec05a)
|
|
reconnect code to cope with rebooting a DC. This
replaces the code I asked Volker to revert.
The logic is pretty simple. It adds a new parameter,
"winbind reconnect delay", set to 30 seconds by
default, which determines how long to wait between
connection attempts.
To avoid overwhelming the box with DC-probe
forked children, the code now keeps track of
the DC probe child per winbindd_domain struct
and only starts a new one if the existing one
has died.
I also added a little logic to make sure the
dc probe child always sends a message whatever
the reason for exit so we will always reschedule
another connect attempt.
Also added documentation.
Jeremy.
(This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)
|
|
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
|
|
(This used to be commit 6e885aeabba2265a06b726f567cb14dde12c8ccb)
|
|
This reverts commit 0bf0434f22b0ea46fda3ccc4dd612adbc88dd4f2.
(This used to be commit cc536677735ecc318cbd2176ce53b124f44d85a0)
|
|
(This used to be commit 0bf0434f22b0ea46fda3ccc4dd612adbc88dd4f2)
|
|
Attached is the companion patch to
(037b9689d9042a398cb91e4628a82fcdfa913c21), which
made handling of WINBINDD_LIST_GROUPS asynchronous.
Because most all of the list_groups code was reusable, I abstracted it,
and implemented both list_groups and list_users on top of it.
On my large test domain a "wbinfo -u" call went from 70 seconds to 30
seconds with this patch. Plus, the parent process is no longer blocked
from receiving new requests during that time.
Steven Danneman | Software Development Engineer
Isilon Systems P +1-206-315-7500 F +1-206-315-7501
www.isilon.com
(This used to be commit 5188f2861137ff06d5399561d55d7d00c3a08644)
|
|
The wbcLookupDomainController() call supports a set of flags
defined in wbclient.h. Add a mapping function between these
flags and the original DS_XXX flags in order to prevent having
to include the generated RPC headers in wbclient.h.
(This used to be commit 31614cd5e08dd6389c66e6ddf9f2d5429c6ab033)
|
|
NetSamLogonEx has the advantage that it does not use the credential chain
(This used to be commit cfceb063f559f8549b8f24ce347be213c89303b0)
|
|
Guenther
(This used to be commit dd9fa33e968d4e641460fe1c6beb05dfe12fa918)
|
|
Jerry, please have a look if you're fine with that.
Guenther
(This used to be commit beae25c808a3a03d645f247e9befcd05e3ecca2c)
|