summaryrefslogtreecommitdiff
path: root/source4/winbind/config.mk
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11828: split out the async helper function into a new subsystem WB_HELPERStefan Metzmacher1-3/+11
to use it in torture tests too metze (This used to be commit 364b092355cd872d52612895cd711625f5702997)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-0/+2
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke1-1/+0
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-16/+16
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11193: Implement wbinfo -mVolker Lendecke1-0/+1
(This used to be commit 12a800bc8541c4160a534d1edcaeb6774776e18d)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke1-0/+4
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke1-0/+1
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r11094: Connect to SAM, implement getdcnameVolker Lendecke1-0/+3
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
2007-10-10r10936: Commit work in progress: wb_pam_auth_crap made async. This does not ↵Volker Lendecke1-0/+1
work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke1-0/+1
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-0/+1
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does aVolker Lendecke1-1/+1
queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker (This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
2007-10-10r10491: First step towards wbinfo -t: This issues a name request for the primaryVolker Lendecke1-1/+2
domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker (This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
2007-10-10r10426: - restructure the winbind server code a bitStefan Metzmacher1-2/+4
- remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze (This used to be commit 32f3e68a569e9273b8d34fbd797c0a28494e5b6d)
2007-10-10r4729: add dummy "winbind" serviceStefan Metzmacher1-0/+12
- this creates a new task and then starts a process_model "single" with service "winbind_task" - that means with -M single everything is in one process with - M standard winbind is a seperate process but didn't fork for each connection with -M thread winbind is a seperate thread but didn't thread for each connection - the dummy server listen s on /tmp/.winbind/echo and for better testing with telnet also on 127.0.255.1 port 55555 metze (This used to be commit 5190f60dedc4076d94fbf77e02eb3b5312d953ec)