summaryrefslogtreecommitdiff
path: root/source4/winbind/wb_init_domain.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+1
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r14205: move smb specific stuff out of includes.h (finally!!!:-)Stefan Metzmacher1-0/+1
all this changes really help ccache to speed up the samba4 build:-) metze (This used to be commit 180a79d1036e54fc0c50572b820818e9aafa28e9)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+3
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-1/+2
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-12/+1
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-2/+1
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r11812: Convert winbind to the async bind routines. Also remove tridge's ↵Volker Lendecke1-7/+17
hack for the winbind "bug" :-) Volker (This used to be commit fb9a3c7ef376f289288c71bc47d67f548ddb7194)
2007-10-10r11809: Make dcerpc_bind_auth async.Volker Lendecke1-6/+6
This also removes dcerpc_bind_auth_password, the only user of dcerpc_bind_auth. And this was not only passwords anyway. Andrew Bartlett, as usual: Please take a close look. Thanks, Volker (This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-184/+84
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke1-16/+16
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11274: Start a connection attempt to the DC's port 389. To do this ↵Volker Lendecke1-25/+51
properly, make socket_connect and ldap_connect properly async. Volker (This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke1-113/+49
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11094: Connect to SAM, implement getdcnameVolker Lendecke1-2/+43
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
2007-10-10r11093: Implement wb_queue_domain_send: If the domain is not yet ↵Volker Lendecke1-0/+112
initialized, do that first. And if a request is being processed, queue it. This correctly survived 3 endless loops with wbinfo's doing different things while starting up smbd. The number of indirections starts to become a bit scary, but what can you do without a decent programming language that provides closures :-) One thing that we might consider is to auto-generate async rpc requests that return composite_context structs instead of rpc_requests. Otherwise I'd have to write a lot of wrappers like composite_netr_LogonSamLogon_send. The alternative would be to write two versions of wb_queue_domain_send which I would like to avoid. This is cluttered enough already. Volker (This used to be commit 66c1b674f9870de73cce0e611909caf9eff34baa)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke1-275/+52
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10859: Make the flow a bit clearerVolker Lendecke1-8/+7
(This used to be commit 66c90483b49bd8a8de1a46b12cce5270571f4090)
2007-10-10r10853: Convert wbinfo -n to properly init the domain.Volker Lendecke1-0/+12
Volker (This used to be commit 512ae49270197146e5967acd654dd97452cf4e77)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-0/+564
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)