summaryrefslogtreecommitdiff
path: root/source4/winbind/wb_async_helpers.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21535: - fixed a crash in the RAW-ACLS test. When a dcerpc_pipe is createdAndrew Tridgell1-1/+1
using the pattern in the clilsa code, it didn't fill in the p->binding structure. This affects nearly all users of dcerpc_pipe_open_smb(), so the simplest fix is to ensure that dcerpc_pipe_open_smb() initialises the binding if its not already there. - re-enable the RAW-ACLS test (This used to be commit d8875c286d2be49c01703d8fd58bbc1842054bd9)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-1/+1
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r17956: LSA Cleanup!Andrew Bartlett1-2/+2
This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14470: Remove some unnecessary headers.Jelmer Vernooij1-1/+0
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-1/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14402: Generate seperate headers for RPC client functions.Jelmer Vernooij1-0/+3
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-5/+4
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+1
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+4
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12868: Remove unused code. This has moved to libcli/finddcs.c.Andrew Bartlett1-135/+0
Andrew Bartlett (This used to be commit a30a359c45c3dac4b910ec130b73cc01324b399a)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-9/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-2/+1
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell1-1/+1
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
2007-10-10r12014: free the irpc_request structure with the irpc_call_recv functions,Stefan Metzmacher1-1/+0
to match all other _recv functions we have metze (This used to be commit bd4f85ab5f60c7430ac88062fa6a9f6cffa9596f)
2007-10-10r11812: Convert winbind to the async bind routines. Also remove tridge's ↵Volker Lendecke1-49/+78
hack for the winbind "bug" :-) Volker (This used to be commit fb9a3c7ef376f289288c71bc47d67f548ddb7194)
2007-10-10r11727: Minor cleanupVolker Lendecke1-14/+5
(This used to be commit 681451af727d12294ecee1b8fddc595b0148003f)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-0/+3
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke1-66/+32
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11274: Start a connection attempt to the DC's port 389. To do this ↵Volker Lendecke1-2/+1
properly, make socket_connect and ldap_connect properly async. Volker (This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke1-1/+157
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke1-0/+138
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r11094: Connect to SAM, implement getdcnameVolker Lendecke1-81/+1
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
2007-10-10r11093: Implement wb_queue_domain_send: If the domain is not yet ↵Volker Lendecke1-57/+78
initialized, do that first. And if a request is being processed, queue it. This correctly survived 3 endless loops with wbinfo's doing different things while starting up smbd. The number of indirections starts to become a bit scary, but what can you do without a decent programming language that provides closures :-) One thing that we might consider is to auto-generate async rpc requests that return composite_context structs instead of rpc_requests. Otherwise I'd have to write a lot of wrappers like composite_netr_LogonSamLogon_send. The alternative would be to write two versions of wb_queue_domain_send which I would like to avoid. This is cluttered enough already. Volker (This used to be commit 66c1b674f9870de73cce0e611909caf9eff34baa)
2007-10-10r11082: Fix a segfaultVolker Lendecke1-0/+1
(This used to be commit 576a724bf1350ba7f38f95118224bdee98e0be5a)
2007-10-10r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when IVolker Lendecke1-4/+2
tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker (This used to be commit 0c6c71ae3cd0a2f97eab2cc24a752976c32a39fc)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke1-32/+36
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10853: Convert wbinfo -n to properly init the domain.Volker Lendecke1-401/+18
Volker (This used to be commit 512ae49270197146e5967acd654dd97452cf4e77)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-245/+9
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10846: Create a "wbsrv_domain", change wb_finddcs to the style of the rest ↵Volker Lendecke1-180/+213
of the async helpers. Volker (This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
2007-10-10r10838: Get us an schannel'ed netlogon pipe.Volker Lendecke1-13/+123
Abartlet, now I think I need some assistance to implement the pam auth & crap auth calls. Volker (This used to be commit 90a30c8b6585ed48b50e6aed75f3ecfd3543bbdc)
2007-10-10r10834: Work in progress on winbind. With some helper routines the composite ↵Volker Lendecke1-356/+444
functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker (This used to be commit 2a6b8053859ea5690f90a8d2074d2bb4f06551f8)
2007-10-10r10825: Complete wbinfo -nVolker Lendecke1-6/+317
(This used to be commit 1afa893506f3d7157e251eec9baeba28dc011587)
2007-10-10r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does aVolker Lendecke1-5/+323
queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker (This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
2007-10-10r10687: Another one...Volker Lendecke1-1/+0
(This used to be commit d18f7edf92e8420f30cae01649d18f0ae20a80aa)
2007-10-10r10683: Samba3's wbinfo -t should give the correct answer now.Volker Lendecke1-1/+223
Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker (This used to be commit 5436d7764812bb632ba865e633005ed07923b57f)
2007-10-10r10675: Connect to the DC's IPC$Volker Lendecke1-0/+1
Volker (This used to be commit c7557884843a5b2bac9e21ec81cafcaadf436bca)
2007-10-10r10504: - seperate implementation specific stuff, from the generic compositeStefan Metzmacher1-19/+18
stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
2007-10-10r10491: First step towards wbinfo -t: This issues a name request for the primaryVolker Lendecke1-0/+206
domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker (This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)