summaryrefslogtreecommitdiff
path: root/source4/winbind
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13244: Allow control of the location of the Samba3-compatible winbindd pipeAndrew Bartlett2-9/+10
in Samba4. This allows us to start winbindd by default, including in 'make test'. This is via a new 'winbindd socket directory' parameter for utilities linked against loadparm, as well as a --with-winbindd-socket-dir option to configure (setting the default and the value for simple clients). I hope to add basic winbindd tests, to ensure continued correct operation, but at least now I don't have to manually change my 'server services' line. The other problem with the hard-coded /tmp/.winbind is that RedHat has moved this in Fedora (to /var/run I think). For this reason, this functionality should probably be ported to Samba3 as well. The default for Samba4 is PREFIX/var/run/winbind_pipe. I have also re-added the paranoia checks from Samba3 for correct permissions on the socket directory. Andrew Bartlett (This used to be commit 8866aa06ffc3896094c878e9c07b40c03826d9a7)
2007-10-10r12868: Remove unused code. This has moved to libcli/finddcs.c.Andrew Bartlett2-140/+0
Andrew Bartlett (This used to be commit a30a359c45c3dac4b910ec130b73cc01324b399a)
2007-10-10r12867: Remove deleted header.Andrew Bartlett1-1/+0
(This used to be commit a6833db4e6ab8046c8e7f808dfff90bb0529d2d7)
2007-10-10r12866: This removes the abstraction layer in winbindd intended to deal withAndrew Bartlett5-309/+165
multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett (This used to be commit acf9dc8fe9e66f1dd3f18c0245375f502f03a24c)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett3-7/+24
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij1-0/+4
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij15-57/+1
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij2-0/+3
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij4-12/+6
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-2/+2
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12265: as all server_service modules are specified in smbd/config.mkStefan Metzmacher1-7/+5
follow this rule for the winbind one too metze (This used to be commit 2ace7e0d2d608f7b5e9d17a2d533514fe0d22840)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell2-2/+2
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
2007-10-10r12014: free the irpc_request structure with the irpc_call_recv functions,Stefan Metzmacher2-2/+0
to match all other _recv functions we have metze (This used to be commit bd4f85ab5f60c7430ac88062fa6a9f6cffa9596f)
2007-10-10r11968: More warning fixes. We're on track to getting to double digits forTim Potter1-2/+2
the number of warnings generated now. (This used to be commit d479f2d7607adc698d71c5ba26932c72a26dcaab)
2007-10-10r11828: split out the async helper function into a new subsystem WB_HELPERStefan Metzmacher1-3/+11
to use it in torture tests too metze (This used to be commit 364b092355cd872d52612895cd711625f5702997)
2007-10-10r11825: Fix a debug msgVolker Lendecke1-1/+1
(This used to be commit fc6458d0d4d9059e00b19ad6c54e3fd5a4119341)
2007-10-10r11812: Convert winbind to the async bind routines. Also remove tridge's ↵Volker Lendecke4-82/+196
hack for the winbind "bug" :-) Volker (This used to be commit fb9a3c7ef376f289288c71bc47d67f548ddb7194)
2007-10-10r11809: Make dcerpc_bind_auth async.Volker Lendecke3-18/+16
This also removes dcerpc_bind_auth_password, the only user of dcerpc_bind_auth. And this was not only passwords anyway. Andrew Bartlett, as usual: Please take a close look. Thanks, Volker (This used to be commit 2ff2dae3d035af6cb0c131573cfd983fc9a58eee)
2007-10-10r11727: Minor cleanupVolker Lendecke1-14/+5
(This used to be commit 681451af727d12294ecee1b8fddc595b0148003f)
2007-10-10r11626: Fix unhandled enum in case statement warnings by noting appropriatelyTim Potter1-0/+43
that some values aren't handled. The remaining warnings I think are actual bugs or required functionality that is missing (mostly lack of server side Unix extensions). (This used to be commit 03c7da27a06736f2a27d76e6a00a24ab54453af9)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke11-355/+569
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke16-703/+489
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11423: Add some TALLOC_CTXVolker Lendecke4-13/+16
(This used to be commit a043ef33dca19d5ac1cdead60a4faa8b3a950bf4)
2007-10-10r11422: Remove unused argsVolker Lendecke3-8/+4
(This used to be commit d5aef4e2f955025266e59227364b5cccccdb9f32)
2007-10-10r11413: More comments, plus always check (and update) the credentials chain,Andrew Bartlett1-5/+33
regardless the authentication result on a particular user. Andrew Bartlett (This used to be commit 2ee7ed000ef099b2e38d540be75cbc8de386839a)
2007-10-10r11412: These comments may not be much, but my eyes scan code with evenAndrew Bartlett1-0/+61
minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett (This used to be commit 8800e9b5b06701ed1cdf9da0a37291a84eb36f7f)
2007-10-10r11411: Add to Samba4 the Samba3 patch I just posted for machine accountAndrew Bartlett2-25/+46
logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett (This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
2007-10-10r11374: On request from VL, put the plaintext auth patch in.Andrew Bartlett2-31/+170
I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2007-10-10r11276: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 2f1930fb62011303abf930da6b57e73b1b9601de)
2007-10-10r11274: Start a connection attempt to the DC's port 389. To do this ↵Volker Lendecke5-37/+58
properly, make socket_connect and ldap_connect properly async. Volker (This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
2007-10-10r11267: Fix a memleak and an uninitialized variable. Andrew Bartlett, this ↵Volker Lendecke1-4/+5
was the one I sent to you. Sorry for bothering you. Volker (This used to be commit 3a9f2291ae6e96a715f463899957c6c598fc7627)
2007-10-10r11263: Some cleanupVolker Lendecke1-133/+38
(This used to be commit 4fe3c9871bff512a464c688a5f6fdb37387833ed)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-16/+16
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij1-6/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r11193: Implement wbinfo -mVolker Lendecke5-8/+172
(This used to be commit 12a800bc8541c4160a534d1edcaeb6774776e18d)
2007-10-10r11192: Too many contexts around... :-)Volker Lendecke1-1/+1
(This used to be commit 134e104c3ff39e5f3ebdaf9168df78a156490ed7)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke18-240/+1418
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke5-0/+384
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r11094: Connect to SAM, implement getdcnameVolker Lendecke9-83/+578
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
2007-10-10r11093: Implement wb_queue_domain_send: If the domain is not yet ↵Volker Lendecke5-132/+234
initialized, do that first. And if a request is being processed, queue it. This correctly survived 3 endless loops with wbinfo's doing different things while starting up smbd. The number of indirections starts to become a bit scary, but what can you do without a decent programming language that provides closures :-) One thing that we might consider is to auto-generate async rpc requests that return composite_context structs instead of rpc_requests. Otherwise I'd have to write a lot of wrappers like composite_netr_LogonSamLogon_send. The alternative would be to write two versions of wb_queue_domain_send which I would like to avoid. This is cluttered enough already. Volker (This used to be commit 66c1b674f9870de73cce0e611909caf9eff34baa)
2007-10-10r11082: Fix a segfaultVolker Lendecke1-0/+1
(This used to be commit 576a724bf1350ba7f38f95118224bdee98e0be5a)
2007-10-10r11070: Fix a cut&paste error, now wbinfo can properly separate domain and ↵Volker Lendecke2-8/+6
user... Volker (This used to be commit 6e4f774a4948691440362663418243623d1f51f7)
2007-10-10r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when IVolker Lendecke3-163/+113
tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker (This used to be commit 0c6c71ae3cd0a2f97eab2cc24a752976c32a39fc)
2007-10-10r10941: Hmmm. Making that fn static is more correct.Volker Lendecke1-1/+1
(This used to be commit eaf347bdeaaddb655fe72ddb98f3a67ace795937)
2007-10-10r10936: Commit work in progress: wb_pam_auth_crap made async. This does not ↵Volker Lendecke3-19/+325
work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke4-307/+412
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10859: Make the flow a bit clearerVolker Lendecke1-8/+7
(This used to be commit 66c90483b49bd8a8de1a46b12cce5270571f4090)
2007-10-10r10853: Convert wbinfo -n to properly init the domain.Volker Lendecke3-401/+32
Volker (This used to be commit 512ae49270197146e5967acd654dd97452cf4e77)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke5-248/+589
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10846: Create a "wbsrv_domain", change wb_finddcs to the style of the rest ↵Volker Lendecke5-199/+262
of the async helpers. Volker (This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)