summaryrefslogtreecommitdiff
path: root/source4/winbind/wb_server.h
AgeCommit message (Collapse)AuthorFilesLines
2013-07-10s4-winbindd: Do not terminate a connection that is still pending (bug #9820)Andrew Bartlett1-1/+9
Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-08-25s4:winbind: add a netlogon_queue (tevent_queue)Stefan Metzmacher1-0/+2
This will protect the netlogon_creds later. metze
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-1/+1
2010-09-17s4-winbind Add a proxy method to update DNS records with a read-write DCAndrew Bartlett1-0/+1
This must be done in winbindd as it already has the schannel connection and the credential chain. If we re-established that elsewhere, we would break the chain in winbindd. Andrew Bartlett Signed-Off-By: Andrew Tridgell <tridge@samba.org>
2010-09-15s4-winbind: use finddcs_cldap() in winbindAndrew Tridgell1-3/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4-secrets: fetch secure channel type with domain SIDAndrew Tridgell1-0/+1
The secure channel type is needed to work out what DC to connect to Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-10s4:winbind: let WBSRV_SAMBA3_SET_STRING() initialize the whole bufferStefan Metzmacher1-0/+1
We should not send uninitialized bytes to the winbind pipe, this makes also makes valgrind very unhappy. metze
2010-05-18s4:winbindd Record the privilaged pipe dirAndrew Bartlett1-0/+2
This may help us return an accurate priv pipe dir later on. Andrew Bartlett
2010-05-14s4:winbindd Rework some winbind structures to make s3compat easierAndrew Bartlett1-2/+2
By making the winbindd_request and winbindd_response structures pointers, we can more easily integrate with the winbindd from source3/winbindd Andrew Bartlett
2010-04-15s4:winbind: use WINBINDD_SOCKET_NAME instead of WINBINDD_SAMBA3_SOCKETStefan Metzmacher1-2/+0
metze
2010-04-15s4:winbind: wbsrv_samba3_priv_pipe_dir() needs to return the directory not ↵Stefan Metzmacher1-4/+0
the pipe path metze
2010-03-09s4:winbind: implement calls for allowing getent groupsMatthieu Patou1-0/+13
This is to say getgrent and setgrent, and the associated technical objects (states, build directives,...) needed. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-01-20s4-winbind: Migrated winbind connection to tsocket.Andreas Schneider1-4/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-09-10Return the same privilaged winbindd socket as we actually use.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 2209787812fd9224d104f332e25d8ce64ef9ee95)
2008-06-28Fix the wbinfo test on the LDAP backend.Andrew Bartlett1-2/+0
The problem was that we would do a blocking wait for the LDAP server, which was also blocking on us returning (because we were in single process mode). The LDAP connection being made here is useless anyway, and will need to be an async ldb_connect() before anybody reintroucues it (nobody in their right mind would program a winbindd backend on pure LDAP, when the ldb abstraction is available). Andrew Bartlett (This used to be commit 23280b2e6ed5afb968bf0b8c40febb085eed38a1)
2008-02-21idmap: Handle uid->SID mappingKai Blin1-0/+2
(This used to be commit 6ac6de8476ba036eb041e054bc37e4503dc2fde8)
2007-12-21r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and ↵Jelmer Vernooij1-0/+2
wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-10-10r25158: rename nsswitch/winbindd_nss.h => nsswitch/winbind_struct_protocol.hStefan Metzmacher1-1/+1
metze (This used to be commit 1fc3a37902005a4f127191b9183747ddfb1f59a3)
2007-10-10r24712: No longer expose the 'BOOL' data type in any interfaces.Jelmer Vernooij1-1/+1
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
2007-10-10r24575: Implement setpwentKai Blin1-1/+14
(This used to be commit 9bbbedac99278853e30a9f81f594ee3144545268)
2007-10-10r24157: Merge from ↵Kai Blin1-1/+1
kai/samba4-gsoc.git;h=728deba680f8cf85cab168a6278a2cf657f65fdb Make WBSRV_SAMBA3_SET_STRING use safe_strcpy instead of strncpy. (This used to be commit 6b92b816fc70278d83d23f835275acf5f227dd74)
2007-10-10r23995: Work to allow mimir's libnet code to be called from winbind.Andrew Bartlett1-7/+3
We now setup a libnet_ctx for each domain. We should then be able to replace/merge some more of the winbind code with libnet calls, referencing domain->libnet_ctx. Andrew Bartlett (This used to be commit bad2dc14d704be59300f619c84694c11620559e0)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23311: Updating the samba4 winbind protocol to version 18.Kai Blin1-0/+1
nsswitch/winbindd_nss.h is just copied from SAMBA_3_0. nsswitch/winbind_nss_config.h is copied from SAMBA_3_0, too, but I had to drop some of the defines to make things build again. Kai (This used to be commit 553b7e146f52975b45941ba850140e312a280513)
2007-10-10r23141: Use the finddcs() library call rather than a winbind-specific version.Andrew Bartlett1-3/+6
(I created finddcs() from the winbind code a while back, so this finishes that work) Andrew Bartlett (This used to be commit 218b279a46a4ca739597936f0b67573599e6d375)
2007-10-10r23133: I felt pity on Kai, as he starts work on winbind in Samba4, so IAndrew Bartlett1-2/+4
decided to clean it up a little. We now use SPNEGO for authentication if possible, and common routines shared with the rest of the librpc codebase. Rather than make a connection to IPC$, then connect the pipes to it, we instead have the lsa and samr pipes as 'secondary connections'. Andrew Bartlett (This used to be commit 86654056b22245a57396544d572de6401069b9e5)
2007-10-10r17342: implement a SamLogon via IRPC in samba4's winbindStefan Metzmacher1-0/+1
metze (This used to be commit c3ce7a0c3708f0c8e784404e86034f7a00685f88)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-0/+1
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r13244: Allow control of the location of the Samba3-compatible winbindd pipeAndrew Bartlett1-5/+2
in Samba4. This allows us to start winbindd by default, including in 'make test'. This is via a new 'winbindd socket directory' parameter for utilities linked against loadparm, as well as a --with-winbindd-socket-dir option to configure (setting the default and the value for simple clients). I hope to add basic winbindd tests, to ensure continued correct operation, but at least now I don't have to manually change my 'server services' line. The other problem with the hard-coded /tmp/.winbind is that RedHat has moved this in Fedora (to /var/run I think). For this reason, this functionality should probably be ported to Samba3 as well. The default for Samba4 is PREFIX/var/run/winbind_pipe. I have also re-added the paranoia checks from Samba3 for correct permissions on the socket directory. Andrew Bartlett (This used to be commit 8866aa06ffc3896094c878e9c07b40c03826d9a7)
2007-10-10r12866: This removes the abstraction layer in winbindd intended to deal withAndrew Bartlett1-31/+18
multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett (This used to be commit acf9dc8fe9e66f1dd3f18c0245375f502f03a24c)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij1-0/+4
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+2
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-11/+11
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke1-0/+2
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11274: Start a connection attempt to the DC's port 389. To do this ↵Volker Lendecke1-0/+2
properly, make socket_connect and ldap_connect properly async. Volker (This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke1-1/+3
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11094: Connect to SAM, implement getdcnameVolker Lendecke1-0/+5
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
2007-10-10r11093: Implement wb_queue_domain_send: If the domain is not yet ↵Volker Lendecke1-0/+3
initialized, do that first. And if a request is being processed, queue it. This correctly survived 3 endless loops with wbinfo's doing different things while starting up smbd. The number of indirections starts to become a bit scary, but what can you do without a decent programming language that provides closures :-) One thing that we might consider is to auto-generate async rpc requests that return composite_context structs instead of rpc_requests. Otherwise I'd have to write a lot of wrappers like composite_netr_LogonSamLogon_send. The alternative would be to write two versions of wb_queue_domain_send which I would like to avoid. This is cluttered enough already. Volker (This used to be commit 66c1b674f9870de73cce0e611909caf9eff34baa)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-1/+13
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10846: Create a "wbsrv_domain", change wb_finddcs to the style of the rest ↵Volker Lendecke1-2/+10
of the async helpers. Volker (This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
2007-10-10r10838: Get us an schannel'ed netlogon pipe.Volker Lendecke1-1/+5
Abartlet, now I think I need some assistance to implement the pam auth & crap auth calls. Volker (This used to be commit 90a30c8b6585ed48b50e6aed75f3ecfd3543bbdc)
2007-10-10r10834: Work in progress on winbind. With some helper routines the composite ↵Volker Lendecke1-1/+1
functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker (This used to be commit 2a6b8053859ea5690f90a8d2074d2bb4f06551f8)
2007-10-10r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does aVolker Lendecke1-0/+1
queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker (This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
2007-10-10r10683: Samba3's wbinfo -t should give the correct answer now.Volker Lendecke1-0/+1
Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker (This used to be commit 5436d7764812bb632ba865e633005ed07923b57f)
2007-10-10r10491: First step towards wbinfo -t: This issues a name request for the primaryVolker Lendecke1-10/+11
domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker (This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
2007-10-10r10434: add a short path to the event context that should be used for async ↵Stefan Metzmacher1-0/+3
replies metze (This used to be commit cc9579d08567ec38adf0617901669fb3bb91e489)
2007-10-10r10426: - restructure the winbind server code a bitStefan Metzmacher1-0/+115
- remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze (This used to be commit 32f3e68a569e9273b8d34fbd797c0a28494e5b6d)