1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

84 Commits

Author SHA1 Message Date
Jeremy Allison
5aadea741f r23448: Doh ! Don't call winbind_child_died() *before* the
kill call as that sets pid = 0 ! :-).
Jeremy.
(This used to be commit bcfce39094)
2007-10-10 12:23:17 -05:00
Jeremy Allison
a5f3e848c0 r23447: Add kill signal to child dead path. After talking
to Jerry add to 3.0.25b.
Jeremy.
(This used to be commit ade91e78cb)
2007-10-10 12:23:16 -05:00
Volker Lendecke
07d2301040 r23446: Restore Jeremy's original formatting, just fix the comment.
(This used to be commit 5b983957e3)
2007-10-10 12:23:16 -05:00
Volker Lendecke
501d97c653 r23426: Correct a comment. The default timeout is not 1min, but 30s. While
there, do some reformatting.

Jeremy, I think we should also kill the child. It might hang in
something (an fcntl lock for example) that the next child might run into
immediately again.
(This used to be commit 6729a4df4b)
2007-10-10 12:23:15 -05:00
Jeremy Allison
24e05d4df2 r23424: Thanks to Jerry, we finally tracked down the :
winbindd: Exceeding 200 client connections, no idle connection found"
bug #3204. This fixes it in Jerry's testing !
Jeremy.
(This used to be commit 0c7ce6a682)
2007-10-10 12:23:15 -05:00
Volker Lendecke
de565785f5 r23410: Merge the core of the cluster code.
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.

There should be no changes to the non-cluster case, it does survive make
test on my laptop.

It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.

Phew...

Volker
(This used to be commit 15553d6327)
2007-10-10 12:23:14 -05:00
Volker Lendecke
f260b45d64 r23117: Factor out local messaging.
This removes message_block / message_unblock. I've talked to Jeremy and
Günther, giving them my reasons why I believe they have no effect.
Neither could come up with a counter-argument, so they go :-)
(This used to be commit a925e0991f)
2007-10-10 12:22:47 -05:00
Volker Lendecke
ac3f08ddbe r23055: Rewrite messages.c to use auto-generated marshalling in the tdb. I'm
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.

Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.

Volker
(This used to be commit eaefd00563)
2007-10-10 12:22:17 -05:00
Volker Lendecke
0570ce21ff r22943: More message_register -> messaging_register
(This used to be commit caece8975b)
2007-10-10 12:22:10 -05:00
Volker Lendecke
fb99bbe675 r22895: Convert some more calls from message_send_buf to messaging_send_buf
(This used to be commit c8b9827340)
2007-10-10 12:22:05 -05:00
Volker Lendecke
e6383f4762 r22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))

Volker
(This used to be commit 0ad4b1226c)
2007-10-10 12:21:52 -05:00
Gerald Carter
09fee9aa18 r22715: When our primary domain does on or offline, make sure to send a msg
to the idmap child.

Also remove the check for the global offline state in child_msg_offline()
as this means we cannot mark domains offline due to network outages.
(This used to be commit 1b99e8b521)
2007-10-10 12:21:49 -05:00
Gerald Carter
391a72f3df r22710: Support one-way trusts.
* Rely on the fact that name2sid will work for any name
  in a trusted domain will work against our primary domain
  (even in the absense of an incoming trust path)

* Only logons will reliably work and the idmap backend
  is responsible for being able to manage id's without contacting
  the trusted domain

* "getent passwd" and "getent group" for trusted users and groups
  will work but we cannot get the group membership of a user in any
  fashion without the user first logging on (via NTLM or krb5)
  and the netsamlogon_cache being updated.
(This used to be commit dee2bce2af)
2007-10-10 12:21:49 -05:00
Gerald Carter
36da6cb584 r22390: Patchset sent to samba-technical to address the winbind
loop when allocating a new id for a SID:

auth_util.patch		Revert create_local_token() to
			the 3.0.24 codebase

idmap_type.patch	Have the caller fillin the
			id_map.xid.type field when
			resolving a SID so that if we allocate
			a new id, we know what type to use

winbindd_api.patch	Remove the WINBINDD_SIDS_TO_XIDS calls
			from the public winbindd interface
			for the 3.0.25 release

idmap_rid.patch		Cleanup the idmap_rid backend to not
			call back into winbindd to resolve
			the SID in order to verify it's type.
(This used to be commit 3b24dae9e7)
2007-10-10 12:19:30 -05:00
Simo Sorce
59523f55a9 r22204: Workaround to quickly close bug #4508
This hack makes thing work, but we will need to try again to
make the getpw* calls fully async, that's the real fix.
(This used to be commit 2552859b3d)
2007-10-10 12:19:19 -05:00
Simo Sorce
1983759266 r21623: Fix copy/paste error
(This used to be commit 0de7472428)
2007-10-10 12:18:18 -05:00
Gerald Carter
b1f4259cd5 r21616: Delay initialization of idmap and nss_info backends until necessary
so they can honor the offline logon state.
(This used to be commit 15b13dfe81)
2007-10-10 12:18:18 -05:00
Günther Deschner
f2b8db93c4 r21106: We neither need a account lockout policy handler nor a check domain
online handler for internal (local SAM, BUILTIN) childs. Jeremy, please
check.

Guenther
(This used to be commit 7d0e2e7068)
2007-10-10 12:17:38 -05:00
Volker Lendecke
caf8c6a76b r21064: The core of this patch is
void message_register(int msg_type,
                      void (*fn)(int msg_type, struct process_id pid,
-                                void *buf, size_t len))
+                                void *buf, size_t len,
+                                void *private_data),
+                     void *private_data)
 {
        struct dispatch_fns *dfn;

So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.

Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.

Volker
(This used to be commit c8ae60ed65)
2007-10-10 12:17:32 -05:00
Günther Deschner
c51e4c3440 r21056: Moving the set_domain_online_request to fork_domain_child() (formerly
lived in trustdom_recv().

Jeremy, this is the better place I think but please check.

Guenther
(This used to be commit beed8b8b32)
2007-10-10 12:17:30 -05:00
Volker Lendecke
bf219447a3 r20846: Before this gets out of control...
This add a struct event_context and infrastructure for fd events to smbd. This
is step zero to import lib/events.

Jeremy, I rely on you to watch the change in receive_message_or_smb()
closely. For the normal code path this should be the only relevant change. The
rest is either not yet used or is cosmetic.

Volker
(This used to be commit cd07f93a8a)
2007-10-10 12:17:13 -05:00
Jeremy Allison
c04b948750 r20330: And here's the fix for the parent winbindd crashing
after it's child died unexpectedly whilst the parent
was waiting for a reply. We need to clean up the request
we're not going to service, plus we still need to call
the continuation function with a "False" flag so it
can clean things up. Still testing this, but I think
I'm right.
Jeremy
(This used to be commit 9b04ac0c81)
2007-10-10 12:16:41 -05:00
Günther Deschner
bd7b2c76f3 r20254: The pam_chauthtok needs to go through the async interface as well.
This fixes pam password changes in the online case.

Guenther
(This used to be commit 2d2de1ac27)
2007-10-10 12:16:37 -05:00
Jeremy Allison
bf8988feaf r20206: Start cleaning up the talloc_ctx mess.
child->mem_ctx isn't actually used for
anything, so remove it.
Jeremy.
(This used to be commit a7f294b592)
2007-10-10 12:16:31 -05:00
Jeremy Allison
ebb8161e1c r20140: Make online/offline detection completely asynchronous.
Now I've done this I might be able to reduce the probe
timeout and reduce the backoff algorithm, going back
to checking every cache time seconds (5 mins by default),
as the parent or forked domain child will never block.
Jeremy.
(This used to be commit d0add5f946)
2007-10-10 12:16:27 -05:00
Herb Lewis
791f48f167 r20124: clean up nested extern declaration warnings
(This used to be commit ac3eb7813e)
2007-10-10 12:16:26 -05:00
Simo Sorce
4225f9a4bd r20116: Start merging in the work done to create the new idmap subsystem.
Simo.
(This used to be commit 50cd8bffee)
2007-10-10 12:16:25 -05:00
Jeremy Allison
5ce139751b r20087: Ensure we clean up any random pending events we
may have inherited from our parent in the winbindd
forked child.
Jeremy.
(This used to be commit 0a1352f440)
2007-10-10 12:16:23 -05:00
Jeremy Allison
5be92d0d18 r20082: When fork_domain_child is forked when we're offline
the child inherits *all* active check_online timout handlers.
This is bad when it's not our domain (ie. BUILTIN).
Jeremy.
(This used to be commit 8d815ec4c1)
2007-10-10 12:16:23 -05:00
Jeremy Allison
ee0ec18101 r19230: Doh ! Fix obvious crash bug.....
(This used to be commit e656027049)
2007-10-10 12:15:23 -05:00
Jeremy Allison
fe3fc9c8d5 r19209: Ensure we don't make mistakes by sending online/offline
messages to internal domains, or to domains not being
serviced by a winbindd child. Ensure the child online
offline requests are domain specific.
Jeremy.
(This used to be commit 81a9dc4b9f)
2007-10-10 12:15:22 -05:00
Jeremy Allison
4be3f7665c r19105: Ok - this is currently untested (but I'm testing it at
the moment) but winbindd isn't run in the build farm
so hopefully won't break anything too badly - I don't
want to lose this.

If winbindd starts offline then it falls back to using
MS-RPC backend. On going online it needs to reset the
backend and try and go to using the AD backend code if
possible, as the MS-RPC sequence number fetch just returns
1 as the sequence number if run against an AD DC.

In addition, the winbindd async child may end up
with the AD backend whilst the main winbindd - which
still contacts the DC for some non-async calls, is
left using MS-RPC. This can cause some trouble (as
you can imagine :-).

Attempt to ensure both main winbindd and async children
us AD backends on going online.

Jeremy.
(This used to be commit 5efd4b04b8)
2007-10-10 12:15:13 -05:00
Jeremy Allison
0f56237bc0 r18980: Be a little more intelligent about "startup_time",
move into the domain struct. Allow message to go online
to set this state and cope with removing it.
Jeremy.
(This used to be commit 51f0e60cc3)
2007-10-10 12:14:52 -05:00
Gerald Carter
6a492e7122 r18937: Protect against segc in the idmap winbindd child process
(the domain is NULL here)
(This used to be commit a36de910d2)
2007-10-10 12:14:48 -05:00
Günther Deschner
a3e1f7e44d r18703: Fix the annoying effect that happens when nscd is running:
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.

Guenther
(This used to be commit 7db6ce295a)
2007-10-10 12:00:49 -05:00
Stefan Metzmacher
258a465e20 r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.

metze
(This used to be commit 2f58645b70)
2007-10-10 11:51:59 -05:00
Jeremy Allison
07e9f4e61a r18551: Implement a 30 seconds from startup, during which we
try hard to connect a DC even if we might be offline.
Jeremy.
(This used to be commit a9f1151407)
2007-10-10 11:51:49 -05:00
Jeremy Allison
041e49d196 r18533: Ensure we clear out the failed connection cache for an entire
domain when going back online.
Jeremy.
(This used to be commit c7e4c8d0b4)
2007-10-10 11:51:48 -05:00
Jeremy Allison
ddbf923253 r18506: Fix online requests to cause an immediate DC connection.
Jeremy.
(This used to be commit 03b1699fa7)
2007-10-10 11:51:44 -05:00
Jeremy Allison
3a55aa918c r18411: Getting a zero length read is common. Don't log at
debug level zero.
Jeremy.
(This used to be commit e23caeb7b5)
2007-10-10 11:51:22 -05:00
Jeremy Allison
ccdd921e61 r18191: Fix the online/offline state handling of winbindd.
Instead of trying to do this in the winbindd_cache
entries, add a timed even handler to probe every
5 mins when disconnected.
Fix events to run all pending events, rather than
only one.
Jeremy.
(This used to be commit 7bfbe1b4fb)
2007-10-10 11:43:57 -05:00
Jeremy Allison
b41e14abfd r17610: Added the ability for firefox to drive the winbindd
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a1)
2007-10-10 11:38:43 -05:00
Volker Lendecke
0b56ff1ea3 r17605: Some C++ warnings
(This used to be commit 05268d7a73)
2007-10-10 11:38:42 -05:00
Simo Sorce
3bb5b15801 r17459: As by Jerry's word commit this without his review.
This patch add some missing async functions to
solve UID/GID -> SID requests not just out of the cache,
but down the remote idmap if necessary.

This patch solves the problem of servers not showing users/groups names
for allocated UID/GIDs when joined to a group of servers that share a
prepopulated idmap backend.

Also correctly resolve UID/GIDs to SIDs when looking ACLs from the
windows security tab on teh same situation.

Simo.
(This used to be commit b8578bfab6)
2007-10-10 11:38:35 -05:00
Andrew Bartlett
0dc8f720e1 r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b713)
2007-10-10 11:19:17 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Günther Deschner
491b9e637d r16475: destroy talloc ctx when we weren't able to collect onlinestatus
messages.

Guenther
(This used to be commit d6b52e8181)
2007-10-10 11:18:56 -05:00
Günther Deschner
025b546392 r16474: There is no point in figuring out lockout policies if we do not allow
offline logons at all.

Guenther
(This used to be commit dfbe555c69)
2007-10-10 11:18:55 -05:00
Günther Deschner
7029a2ee70 r15526: Avoid double \n.
Guenther
(This used to be commit 3546187bb4)
2007-10-10 11:16:56 -05:00
Günther Deschner
a0ff50efa7 r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.
Guenther
(This used to be commit 9e15b1659c)
2007-10-10 11:16:43 -05:00