summaryrefslogtreecommitdiff
path: root/source4/winbind/wb_samba3_cmd.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12867: Remove deleted header.Andrew Bartlett1-1/+0
(This used to be commit a6833db4e6ab8046c8e7f808dfff90bb0529d2d7)
2007-10-10r12866: This removes the abstraction layer in winbindd intended to deal withAndrew Bartlett1-26/+18
multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett (This used to be commit acf9dc8fe9e66f1dd3f18c0245375f502f03a24c)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-6/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-0/+2
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke1-8/+12
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11423: Add some TALLOC_CTXVolker Lendecke1-2/+2
(This used to be commit a043ef33dca19d5ac1cdead60a4faa8b3a950bf4)
2007-10-10r11422: Remove unused argsVolker Lendecke1-2/+2
(This used to be commit d5aef4e2f955025266e59227364b5cccccdb9f32)
2007-10-10r11412: These comments may not be much, but my eyes scan code with evenAndrew Bartlett1-0/+61
minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett (This used to be commit 8800e9b5b06701ed1cdf9da0a37291a84eb36f7f)
2007-10-10r11411: Add to Samba4 the Samba3 patch I just posted for machine accountAndrew Bartlett1-22/+36
logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett (This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
2007-10-10r11374: On request from VL, put the plaintext auth patch in.Andrew Bartlett1-28/+68
I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2007-10-10r11276: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 2f1930fb62011303abf930da6b57e73b1b9601de)
2007-10-10r11263: Some cleanupVolker Lendecke1-133/+38
(This used to be commit 4fe3c9871bff512a464c688a5f6fdb37387833ed)
2007-10-10r11193: Implement wbinfo -mVolker Lendecke1-1/+76
(This used to be commit 12a800bc8541c4160a534d1edcaeb6774776e18d)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke1-3/+162
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke1-0/+78
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r11094: Connect to SAM, implement getdcnameVolker Lendecke1-0/+51
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
2007-10-10r11070: Fix a cut&paste error, now wbinfo can properly separate domain and ↵Volker Lendecke1-7/+5
user... Volker (This used to be commit 6e4f774a4948691440362663418243623d1f51f7)
2007-10-10r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when IVolker Lendecke1-135/+87
tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker (This used to be commit 0c6c71ae3cd0a2f97eab2cc24a752976c32a39fc)
2007-10-10r10936: Commit work in progress: wb_pam_auth_crap made async. This does not ↵Volker Lendecke1-19/+59
work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-2/+2
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10846: Create a "wbsrv_domain", change wb_finddcs to the style of the rest ↵Volker Lendecke1-4/+4
of the async helpers. Volker (This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
2007-10-10r10844: Add challenge-response authentication to Samba4's winbindd for VL.Andrew Bartlett1-0/+120
Plaintext should be simple, but I'm going to do some infrustructure work first. Andrew Bartlett (This used to be commit c9273729e4db4adc0061087fe7e0332e2bc24384)
2007-10-10r10838: Get us an schannel'ed netlogon pipe.Volker Lendecke1-2/+2
Abartlet, now I think I need some assistance to implement the pam auth & crap auth calls. Volker (This used to be commit 90a30c8b6585ed48b50e6aed75f3ecfd3543bbdc)
2007-10-10r10834: Work in progress on winbind. With some helper routines the composite ↵Volker Lendecke1-291/+33
functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker (This used to be commit 2a6b8053859ea5690f90a8d2074d2bb4f06551f8)
2007-10-10r10825: Complete wbinfo -nVolker Lendecke1-6/+61
(This used to be commit 1afa893506f3d7157e251eec9baeba28dc011587)
2007-10-10r10704: don't try to free the netlogon pipe twiceAndrew Tridgell1-0/+1
(This used to be commit 2c3a9f04db5d61305f4eca8b44e33c2dd15a6dc4)
2007-10-10r10700: removed volkers temporary timer hack now that freeing the netlogonAndrew Tridgell1-12/+1
pipe is safe while inside a rpc callback (This used to be commit 5d752a519416c7a0c8c7d166f43eadc75cb5c37f)
2007-10-10r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does aVolker Lendecke1-0/+77
queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker (This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
2007-10-10r10686: Fix the buildVolker Lendecke1-1/+0
(This used to be commit a7137fd3ec2e484c8feb73fa228031c8b75107bf)
2007-10-10r10685: Why wait 5 seconds...Volker Lendecke1-2/+2
(This used to be commit 820b4180dd3c1d07dd529fcb654ea01407a481cb)
2007-10-10r10684: Add a nasty hack for the failure case of wbinfo -t. Tridge has a ↵Volker Lendecke1-2/+17
proper fix for it pending. Also fix a bug with timed events: Don't call the same event recursively in the handler's inner semi-async event loop. Volker (This used to be commit e38e50127a3414461578421e676a9c58c106c272)
2007-10-10r10683: Samba3's wbinfo -t should give the correct answer now.Volker Lendecke1-48/+129
Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker (This used to be commit 5436d7764812bb632ba865e633005ed07923b57f)
2007-10-10r10677: Add smb_composite_connectmulti: Send out multiple SYN packets at ↵Volker Lendecke1-1/+2
once, use the first one that replies correctly. Add a talloc context to smb_composite_connect() Volker (This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
2007-10-10r10675: Connect to the DC's IPC$Volker Lendecke1-9/+83
Volker (This used to be commit c7557884843a5b2bac9e21ec81cafcaadf436bca)
2007-10-10r10508: - implement WINBINDD_NETBIOS_NAME, WINBINDD_DOMAIN_NAME and ↵Stefan Metzmacher1-4/+25
WINBINDD_INFO is there a way to test this calls? vl: please review this metze (This used to be commit 85d4565fce0fcd6abad5fb11246d2671675ee37d)
2007-10-10r10506: set return data correctlyStefan Metzmacher1-0/+8
metze (This used to be commit 37b5f6b41719048fbc0530eed942caebe9e520a9)
2007-10-10r10504: - seperate implementation specific stuff, from the generic compositeStefan Metzmacher1-2/+2
stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
2007-10-10r10491: First step towards wbinfo -t: This issues a name request for the primaryVolker Lendecke1-0/+64
domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker (This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
2007-10-10r10426: - restructure the winbind server code a bitStefan Metzmacher1-0/+50
- remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze (This used to be commit 32f3e68a569e9273b8d34fbd797c0a28494e5b6d)