1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

63 Commits

Author SHA1 Message Date
Günther Deschner
21691b38bc s3-winbindd: no need to globally include ldap headers in winbindd.
Guenther
2011-11-17 02:11:46 +01:00
Günther Deschner
50883cfeb4 s3-tevent: only include ../lib/util/tevent wrappers where needed.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Apr 29 14:00:30 CEST 2011 on sn-devel-104
2011-04-29 14:00:30 +02:00
Günther Deschner
cc94bcb952 s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
fad0112373 s3-build: stop including ldap and lber headers everywhere in the code.
Instead use new header smb_ldap.h where all LDAP API related things are handled,
while smbldap.h only deals with our smbldap_X() API.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Mar 16 10:54:51 CET 2011 on sn-devel-104
2011-03-16 10:54:50 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
2011-02-04 18:11:04 +01:00
Volker Lendecke
9c2fcb689b s3:winbind: Fork multiple children per domain
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.

This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.

Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
2011-01-21 13:51:27 +01:00
Jeremy Allison
781c4aabb8 Move error reporting of messaging context creation fail into
the daemons themselves. Allows client utilities to silently
fail to create a messaging context due to access denied on the
messaging tdb (which I need for the following patch).

Jeremy.
2010-11-14 04:39:05 +00:00
Björn Jacke
306465a5a4 s3/winbind: use mono time for startup timeout check 2010-09-10 23:10:26 +02:00
Günther Deschner
8b4f5319ef s3-build: use talloc_dict.h only where needed.
Guenther
2010-08-26 00:25:58 +02:00
Stefan Metzmacher
760948a5d4 s3:winbindd: remove rpc_pipe_client references from winbind_dual_ndr code
metze
2010-08-16 14:30:21 +02:00
Stefan Metzmacher
2ccaa23558 s3:winbindd: add binding_handle to struct winbindd_child
metze
2010-08-16 14:30:20 +02:00
Simo Sorce
cbda0369a8 s3:winbindd use common server context functions 2010-06-10 17:30:45 -04:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Stefan Metzmacher
31293c64a3 s3:winbindd: add DEBUG(10,...) for the end of each top level
That will hopefully make debugging a bit easier (at least for me).

metze
2010-03-05 14:03:55 +01:00
Volker Lendecke
b8fcba9cb8 s3: Pass netr_DomainTrustList instead of names and sids through (*trusted_domains) 2009-12-28 15:54:13 +01:00
Volker Lendecke
634d084517 s3: Replace IS_DOMAIN_OFFLINE by a function 2009-12-26 12:26:07 +01:00
Volker Lendecke
03617df24d s3: winbindd_cli_state->getgrent_state is no longer used 2009-12-26 12:26:06 +01:00
Volker Lendecke
6dc924fcf3 s3: Remove some unused code 2009-12-23 12:02:19 +01:00
Günther Deschner
6a8ef6c424 s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp
connection when talking to AD for LSA lookup calls.

In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an
schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve
sids and names.

Guenther
2009-09-22 16:49:31 +02:00
Günther Deschner
58f2deb940 s3-winbindd: add cm_connect_lsa_tcp().
Guenther
2009-09-22 11:38:06 +02:00
Volker Lendecke
10e9df2975 s3:winbind: Add async wb_next_grent 2009-08-29 19:42:27 +02:00
Volker Lendecke
9c30a8dc6f s3:winbind: Convert the GETPWENT routines to the new API 2009-08-29 19:42:26 +02:00
Volker Lendecke
6e2bf7e234 s3:winbind: Add async next_pwent 2009-08-29 19:42:26 +02:00
Volker Lendecke
99cf696150 s3:winbind: Fix a bug found by RPC-SAMR
We need to enumerate passdb alias members

Thanks to gd for bugging me :-)
2009-08-29 10:44:13 +02:00
Volker Lendecke
c6b36ce573 s3:winbind: WINBIND_USERINFO -> wbint_userinfo 2009-08-16 10:38:24 +02:00
Volker Lendecke
6cf3db9149 s3:winbind: Add NDR-based parent-child communication to winbind 2009-08-05 03:21:19 -04:00
Volker Lendecke
7180ae0b8e Add some const to winbind_userinfo 2009-08-03 22:48:45 +02:00
Volker Lendecke
4f147388c0 Refactor 9b78af1f: Fix lookupname recursion
Pass a "flags" argument instead of the original winbind command down the
name_to_sid chain. This way we are independent of the winbind commands and
can take the decision at a much higher level
2009-08-02 11:24:48 +02:00
Volker Lendecke
42becbc7a8 Fix some nonempty lines 2009-07-31 23:19:05 +02:00
Volker Lendecke
f511ccbc42 Slightly restructure the async winbind request calling convention
The main loop now allocates the response, this has to be done everywhere
2009-07-31 17:28:53 +02:00
Volker Lendecke
49eccee209 Remove "winbindd_request" and "winbindd_response" from winbindd_cli_state
This shrinks the memory footprint of an idle client by 5592 bytes to 60 bytes
on my 32-bit box.
2009-06-14 22:22:10 +02:00
Volker Lendecke
97ba4f6efd Make winbindd_cli_state->response a pointer instead of a struct member
Same comment as in baa6084378: This is just a preparatory checkin.

Volker
2009-06-14 22:22:10 +02:00
Volker Lendecke
90535b5fad Remove an unused struct member in winbindd_cli_state 2009-06-14 22:21:07 +02:00
Volker Lendecke
eaaaea01e0 Avoid scanning the client list when a client exits 2009-06-14 11:25:48 +02:00
Volker Lendecke
e3bed4848f Add an async wb request loop 2009-06-14 11:25:47 +02:00
Volker Lendecke
0834574fdd Remove some unused code 2009-06-14 11:25:47 +02:00
Volker Lendecke
9b06c27cdb Convert the winbind parent->child communication to wb_reqtrans 2009-06-14 11:25:47 +02:00
Volker Lendecke
c049d098d1 Convert the main winbind client communication to wb_reqtrans.c 2009-06-14 11:25:46 +02:00
Volker Lendecke
baa6084378 Make winbindd_cli_state->request a pointer instead of a struct member
In itself, this is pretty pointless. But in the next steps I'll convert the
winbind internal communication to wb_reqtrans which allocates the request
properly. This minimizes the later diff.

Volker
2009-06-14 11:25:44 +02:00
Günther Deschner
531af136f9 s3: remove POLICY_HND.
Guenther
2009-03-18 23:22:29 +01:00
Volker Lendecke
00a401aa3e Remove unused struct CLI_POLICY_HND 2009-01-07 17:17:03 +01:00
Stefan Metzmacher
a1c9e61643 s3:winbindd: rename fd_event => winbindd_fd_event
It's really confusing to have two versions of 'fd_event'

metze
2009-01-05 15:07:32 +01:00
Stefan Metzmacher
2428ec46d8 s3:winbindd: move WINBINDD_CCACHE_ENTRY and WINBINDD_MEMORY_CREDS to winbindd.h
metze
2009-01-05 15:07:32 +01:00
Günther Deschner
6e89443eba winbindd: add event based machine password change.
Guenther
(This used to be commit 15b72d44cb)
2008-08-23 13:19:35 +02:00
Jeremy Allison
79150da70b Here is a re-working of the winbindd
reconnect code to cope with rebooting a DC. This
replaces the code I asked Volker to revert.
The logic is pretty simple. It adds a new parameter,
"winbind reconnect delay", set to 30 seconds by
default, which determines how long to wait between
connection attempts.
To avoid overwhelming the box with DC-probe
forked children, the code now keeps track of
the DC probe child per winbindd_domain struct
and only starts a new one if the existing one
has died.
I also added a little logic to make sure the
dc probe child always sends a message whatever
the reason for exit so we will always reschedule
another connect attempt.
Also added documentation.
Jeremy.
(This used to be commit 8027197635)
2008-08-20 16:24:22 -07:00
Volker Lendecke
340ab6a256 idmap rewrite
(This used to be commit 30a180f2fc)
2008-08-12 11:28:29 +02:00
Volker Lendecke
08f7c2d0fc Move the uid2sid cache to the parent winbind process
(This used to be commit 6e885aeabb)
2008-08-12 11:28:28 +02:00
Volker Lendecke
b6dcc24987 Revert "Convert idmap_cache to gencache"
This reverts commit 0bf0434f22.
(This used to be commit cc53667773)
2008-07-11 17:53:24 +02:00
Volker Lendecke
0234276af8 Convert idmap_cache to gencache
(This used to be commit 0bf0434f22)
2008-07-05 12:19:13 +02:00
Jeremy Allison
120c09b125 From Steve Danneman @ Isilon.
Attached is the companion patch to
(037b9689d9), which
made handling of WINBINDD_LIST_GROUPS asynchronous.

Because most all of the list_groups code was reusable, I abstracted it,
and implemented both list_groups and list_users on top of it.

On my large test domain a "wbinfo -u" call went from 70 seconds to 30
seconds with this patch.  Plus, the parent process is no longer blocked
from receiving new requests during that time.

Steven Danneman | Software Development Engineer
Isilon Systems    P +1-206-315-7500     F +1-206-315-7501
www.isilon.com
(This used to be commit 5188f28611)
2008-06-26 14:02:39 -07:00