summaryrefslogtreecommitdiff
path: root/source4/winbind
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke4-307/+412
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10859: Make the flow a bit clearerVolker Lendecke1-8/+7
(This used to be commit 66c90483b49bd8a8de1a46b12cce5270571f4090)
2007-10-10r10853: Convert wbinfo -n to properly init the domain.Volker Lendecke3-401/+32
Volker (This used to be commit 512ae49270197146e5967acd654dd97452cf4e77)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke5-248/+589
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10846: Create a "wbsrv_domain", change wb_finddcs to the style of the rest ↵Volker Lendecke5-199/+262
of the async helpers. Volker (This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
2007-10-10r10844: Add challenge-response authentication to Samba4's winbindd for VL.Andrew Bartlett2-0/+126
Plaintext should be simple, but I'm going to do some infrustructure work first. Andrew Bartlett (This used to be commit c9273729e4db4adc0061087fe7e0332e2bc24384)
2007-10-10r10843: ReformattingVolker Lendecke1-16/+26
(This used to be commit ecaa70f63b7f38a1daf8e33ded738107c5f6b53a)
2007-10-10r10838: Get us an schannel'ed netlogon pipe.Volker Lendecke3-16/+130
Abartlet, now I think I need some assistance to implement the pam auth & crap auth calls. Volker (This used to be commit 90a30c8b6585ed48b50e6aed75f3ecfd3543bbdc)
2007-10-10r10834: Work in progress on winbind. With some helper routines the composite ↵Volker Lendecke4-670/+478
functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker (This used to be commit 2a6b8053859ea5690f90a8d2074d2bb4f06551f8)
2007-10-10r10825: Complete wbinfo -nVolker Lendecke3-12/+387
(This used to be commit 1afa893506f3d7157e251eec9baeba28dc011587)
2007-10-10r10704: don't try to free the netlogon pipe twiceAndrew Tridgell1-0/+1
(This used to be commit 2c3a9f04db5d61305f4eca8b44e33c2dd15a6dc4)
2007-10-10r10700: removed volkers temporary timer hack now that freeing the netlogonAndrew Tridgell1-12/+1
pipe is safe while inside a rpc callback (This used to be commit 5d752a519416c7a0c8c7d166f43eadc75cb5c37f)
2007-10-10r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does aVolker Lendecke6-6/+417
queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker (This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
2007-10-10r10687: Another one...Volker Lendecke1-1/+0
(This used to be commit d18f7edf92e8420f30cae01649d18f0ae20a80aa)
2007-10-10r10686: Fix the buildVolker Lendecke1-1/+0
(This used to be commit a7137fd3ec2e484c8feb73fa228031c8b75107bf)
2007-10-10r10685: Why wait 5 seconds...Volker Lendecke1-2/+2
(This used to be commit 820b4180dd3c1d07dd529fcb654ea01407a481cb)
2007-10-10r10684: Add a nasty hack for the failure case of wbinfo -t. Tridge has a ↵Volker Lendecke1-2/+17
proper fix for it pending. Also fix a bug with timed events: Don't call the same event recursively in the handler's inner semi-async event loop. Volker (This used to be commit e38e50127a3414461578421e676a9c58c106c272)
2007-10-10r10683: Samba3's wbinfo -t should give the correct answer now.Volker Lendecke4-49/+363
Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker (This used to be commit 5436d7764812bb632ba865e633005ed07923b57f)
2007-10-10r10677: Add smb_composite_connectmulti: Send out multiple SYN packets at ↵Volker Lendecke1-1/+2
once, use the first one that replies correctly. Add a talloc context to smb_composite_connect() Volker (This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
2007-10-10r10675: Connect to the DC's IPC$Volker Lendecke3-10/+86
Volker (This used to be commit c7557884843a5b2bac9e21ec81cafcaadf436bca)
2007-10-10r10586: Add MergedObject() builder. Default to Library() ratherJelmer Vernooij1-2/+1
then StaticLibrary() (This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
2007-10-10r10508: - implement WINBINDD_NETBIOS_NAME, WINBINDD_DOMAIN_NAME and ↵Stefan Metzmacher3-8/+42
WINBINDD_INFO is there a way to test this calls? vl: please review this metze (This used to be commit 85d4565fce0fcd6abad5fb11246d2671675ee37d)
2007-10-10r10506: set return data correctlyStefan Metzmacher1-0/+8
metze (This used to be commit 37b5f6b41719048fbc0530eed942caebe9e520a9)
2007-10-10r10504: - seperate implementation specific stuff, from the generic compositeStefan Metzmacher2-21/+20
stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
2007-10-10r10491: First step towards wbinfo -t: This issues a name request for the primaryVolker Lendecke7-13/+324
domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker (This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
2007-10-10r10438: Move portability functions to lib/replace/; replace now simply ensuresJelmer Vernooij1-1/+1
that a given set of (working) POSIX functions are available (without prefixes to their names, etc). See lib/replace/README for a list. Functions that behave different from their POSIX specification (such as sys_select, sys_read, etc) have kept the sys_ prefix. (This used to be commit 29919a71059b29fa27a49b1f5b84bb8881de65fc)
2007-10-10r10435: fill in the reference to the generic wbsrv_call in the ↵Stefan Metzmacher1-0/+1
wbsrv_samba3_call, so that async function can use it. metze (This used to be commit 72302b5d3dc3657caf885d40696495b6c8aabefb)
2007-10-10r10434: add a short path to the event context that should be used for async ↵Stefan Metzmacher2-1/+5
replies metze (This used to be commit cc9579d08567ec38adf0617901669fb3bb91e489)
2007-10-10r10426: - restructure the winbind server code a bitStefan Metzmacher7-253/+523
- remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze (This used to be commit 32f3e68a569e9273b8d34fbd797c0a28494e5b6d)
2007-10-10r10365: Use nsswitch/winbindd_nss.h in winbind/, update that file to the ↵Volker Lendecke2-324/+2
current 3_0 interface. Volker (This used to be commit 90f98e9be310edcdf6ac8b5f7ce792b52cec1d79)
2007-10-10r10363: Nobody loudly screamed "noo", so commit the samba3 winbind interface toVolker Lendecke2-3/+510
samba4. Ok, maybe the silence is due to timezones, but what can you do... ;-) Volker (This used to be commit 9a5d8f55ab2841572b94fbc3a86a47f65a7d74a6)
2007-10-10r10348: Add scons scripts for remaining subsystems. Most subsystems build now,Jelmer Vernooij1-0/+3
but final linking still fails (as does generating files asn1, et, idl and proto files) (This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
2007-10-10r10078: - add a 'struct data_blob_list_item'Stefan Metzmacher1-14/+11
- use this for the send_queue's of the different stream_servers to not redefine the same struct so often, and it maybe will be used in other places too metze (This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
2007-10-10r7911: task_terminate() is defined in the macosx headers, so change the nameAndrew Tridgell1-3/+3
to task_server_terminate() (This used to be commit a7447e25ac203f0ee09ffdf72df1094eb70e7c0c)
2007-10-10r7850: Support mkdir() with just one parameter. Patch fromJelmer Vernooij1-0/+1
Steven Edwards <steven_ed4153@yahoo.com>. I've moved the Win32-specific tests to win32.m4 so it does not make any of the POSIX configure stuff more complicated. (This used to be commit bf85fdd01552f75b745fdf3159a7a87cd6521ed2)
2007-10-10r5304: removed lib/socket/socket.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10r5302: fixed a compilation problem on solaris caused by the recent includeAndrew Tridgell1-1/+1
changes (This used to be commit e7e015f79b10c353848a17f31c91a0593790a560)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-0/+1
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-2/+2
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-2/+2
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5122: fixed name of winbind stream opsAndrew Tridgell1-1/+1
(This used to be commit 984c737c1b5e9106979be95738c11f52ae6cddc2)
2007-10-10r5104: - added support for task based servers. These are servers that withinAndrew Tridgell1-144/+109
themselves are run as a single process, but run as a child of the main process when smbd is run in the standard model, and run as part of the main process when in the single mode. - rewrote the winbind template code to use the new task services. Also fixed the packet queueing - got rid of event_context_merge() as it is no longer needed (This used to be commit 339964a596689278d2138cff05d7d444798a3504)
2007-10-10r4729: add dummy "winbind" serviceStefan Metzmacher2-0/+241
- this creates a new task and then starts a process_model "single" with service "winbind_task" - that means with -M single everything is in one process with - M standard winbind is a seperate process but didn't fork for each connection with -M thread winbind is a seperate thread but didn't thread for each connection - the dummy server listen s on /tmp/.winbind/echo and for better testing with telnet also on 127.0.255.1 port 55555 metze (This used to be commit 5190f60dedc4076d94fbf77e02eb3b5312d953ec)