Age | Commit message (Collapse) | Author | Files | Lines |
|
This one still cheats and only returns one winbindd_pw structure per call.
Also, doesn't get a new libnet_UserList yet.
(This used to be commit e1b93be1e130692a75a2fc4eb5ca8ee425fe1b82)
|
|
(This used to be commit ef93a7991d3b4445ba87f964f2f17c33044ba8c4)
|
|
(This used to be commit 9bbbedac99278853e30a9f81f594ee3144545268)
|
|
(This used to be commit ebdd03ee9e5bf11d1cb85da0ecb66a84f810bbcc)
|
|
(This used to be commit 9fbc8aa15f97ab97f4da801e5d36223a874e912b)
|
|
(This used to be commit 6e6eac551a42d4d68676d408b31207de7b9d0006)
|
|
(This used to be commit ef9bc55a6b1e90d49d621a1c4bebc80b6c7c2be0)
|
|
(This used to be commit 760973856fbc3fc940c903bfa5bd82c51339f25c)
|
|
(This used to be commit e928e56219c8911105b34e3a322bd70f7172382b)
|
|
(This used to be commit a18cf553cf9748749d713c4d54f1452ae92f7218)
|
|
(This used to be commit a8893b3078c927b0a56e9d8e8c98cbeabce3e974)
|
|
(This used to be commit 3b8d8fb2c1c75ce5bf30c8676326ac63bd2a4a3d)
|
|
can be
used for a name2domain call.
(This used to be commit 75e41da039e10127820635500e185e24ea55c777)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
pass against a samba4 winbind
metze
(This used to be commit 57dfc7674352df8b0d4e06750e11a91b574eabb1)
|
|
nsswitch/winbindd_nss.h is just copied from SAMBA_3_0.
nsswitch/winbind_nss_config.h is copied from SAMBA_3_0, too, but I had to
drop some of the defines to make things build again.
Kai
(This used to be commit 553b7e146f52975b45941ba850140e312a280513)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
metze
(This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
- Collect the generic utility functions into a lib/util/ (a la GLib is
for the GNOME folks)
- Remove even more files from include/
(This used to be commit ba62880f5b05c2a505dc7f54676b231197a7e707)
|
|
(This used to be commit a6833db4e6ab8046c8e7f808dfff90bb0529d2d7)
|
|
multiple protocols, replacing it with the packet handling subsystem.
We don't have multiple protocols at present, and the abstraction layer
only serves to confuse matters. Also, the new packet subsystem removes
the need to handle partial reads.
We can easily add new protocols from the socket up instead, becaue the
difficult bits are done by the packet layer.
Andrew Bartlett
(This used to be commit acf9dc8fe9e66f1dd3f18c0245375f502f03a24c)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
possibly
support cldap and other stuff in the future.
This temporarily disables wbinfo -t, but that will come back soon.
Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3
and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION
tgs-rep error.
Volker
(This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
|
|
wb_domain_request, now that we have queued rpc requests.
Volker
(This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
|
|
(This used to be commit a043ef33dca19d5ac1cdead60a4faa8b3a950bf4)
|
|
(This used to be commit d5aef4e2f955025266e59227364b5cccccdb9f32)
|
|
minimal comments much better (much like volker scans code of less than
80 cols better ;-)
Andrew Bartlett
(This used to be commit 8800e9b5b06701ed1cdf9da0a37291a84eb36f7f)
|
|
logins (changing the winbindd interface).
Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing
auth and other replies, such that all replies were having the auth
error strings set. We now do a better job of filling in the right
errors in the right places.
Andrew Bartlett
(This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
|
|
I still have some gremlins that get in the my way in testing this.
Andrew Bartlett
(This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
|
|
metze
(This used to be commit 2f1930fb62011303abf930da6b57e73b1b9601de)
|
|
(This used to be commit 4fe3c9871bff512a464c688a5f6fdb37387833ed)
|
|
(This used to be commit 12a800bc8541c4160a534d1edcaeb6774776e18d)
|
|
because
--user-sids required the extension to trusted domains.
Implement "winbind sealed pipes" parameter for debugging purposes.
Volker
(This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
|
|
Tridge, if you have the time, you might want to look at a problem I'm having
with unix domain stream sockets. From a comment in this commit:
/* Using composite_trigger_error here causes problems with the client
* socket. Linux 2.6.8 gives me a ECONNRESET on the next read after
* writing the reply when I don't wait the 100 milliseconds. */
This is in winbind/wb_cmd_userdomgroups.c:93.
The problem I have is that I can not *immediately* send an error reply to the
client because the next receive fails. Waiting 100 milliseconds helps. It
might also be a problem with epoll(), I don't really know.
I'd appreciate if you took a brief look at this, maybe I'm doing something
wrong.
Thanks,
Volker
(This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
|
|
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
|
|
user...
Volker
(This used to be commit 6e4f774a4948691440362663418243623d1f51f7)
|
|
tested it, but I can not reproduce the problem I had with abartlett's initial
implementation anymore.
Fix a bug found using valgrind.
Volker
(This used to be commit 0c6c71ae3cd0a2f97eab2cc24a752976c32a39fc)
|
|
work yet,
but the version before did not either, so we're not worse than before.
One thing this does better is to call the domain init code if it's not there
yet.
Volker
(This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
|
|
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
|
|
of the
async helpers.
Volker
(This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
|
|
Plaintext should be simple, but I'm going to do some infrustructure
work first.
Andrew Bartlett
(This used to be commit c9273729e4db4adc0061087fe7e0332e2bc24384)
|
|
Abartlet, now I think I need some assistance to implement the pam auth & crap
auth calls.
Volker
(This used to be commit 90a30c8b6585ed48b50e6aed75f3ecfd3543bbdc)
|
|
functions
start to look sane.
Question: What about providing all winbind commands as irpc interfaces that
are called from the samba3 compatibility layer? This way it would be easy for
other samba components to access its functionality. Does that make sense?
Volker
(This used to be commit 2a6b8053859ea5690f90a8d2074d2bb4f06551f8)
|
|
(This used to be commit 1afa893506f3d7157e251eec9baeba28dc011587)
|
|
(This used to be commit 2c3a9f04db5d61305f4eca8b44e33c2dd15a6dc4)
|
|
pipe is safe while inside a rpc callback
(This used to be commit 5d752a519416c7a0c8c7d166f43eadc75cb5c37f)
|
|
queryinfopolicy. Idea is to get a consistency check between that and our
notion of the domain name and sid, and take the lsa pipe as the holder of the
central smbcli_tree that netlogon and samr use as well.
Volker
(This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
|