Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 15:42:35 CET 2011 on sn-devel-104
|
|
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.
This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.
Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
|
|
wbinfo --dc-info prints the current DC name and IP address. This helps
diagnosing problems that might happen when a later wbinfo --ping-dc fails.
This patch started out by using the SAF and NBT cache entires, but those are
relatively short-lived. So I decided to invent a new gencache entry with a very
long timeout. We need to go via the gencache because when for some reason a
winbind child process is stuck, we can't query it for the current DC it's
connected to. This must eventually go away again when we have a fully async
winbind.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 19 11:21:00 CET 2010 on sn-devel-104
|
|
|
|
|
|
add a function to lookup a domain in the winbind cache by domain SID
|
|
|
|
This prints the security token including the privileges as strings
instead of just a bitmap.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.
|
|
Guenther
|
|
|
|
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
All callers have passed in NULL
|
|
|
|
|
|
|
|
metze
|
|
Michael
|
|
Michael
|
|
|
|
Guenther
|
|
well.
Guenther
|
|
|
|
By putting this code inline in winbindd_setup_listeners() we remove 2
static variables and simplify the code.
By putting the get_winbind_priv_pipe_dir() in the same file, we allow
it to be reimplemented in s3compat.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
I'm experimenting with a different entry point
This reverts commit f5c0f90da5f5372ca6b7a72daa8d073a2444a068.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This function provides a useful entry point for s3compat to set things
up in winbindd.
Andrew Bartlett
|
|
This provides a more useful entry point for s3compat.
Andrew Bartlett
|
|
This allows this function to be easily replaced in s3compat
Andrew Bartlett
|
|
|
|
|
|
|
|
None of this blocks, so there is no reason to keep this in
a winbind child process
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
|