IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0)
took a _LONG_ time to find.
The problem was that when encoding/decoding password buffers we use
the pull/push string functions, which by default align unicode
strings. But on solaris sparc the buffer is not aligned always (its a
stack variable, an array of uint8_t). That perfectly OK in C, so we
just tell the pull/push functions not to auto-align.
(This used to be commit bb7835eced)
were getting ENOBUFS, which mapped to NT_STATUS_NO_MEMORY, which in
turn caused the messaging code to loop trying until it gave up.
Now it correctly falls back to select. Messaging speed goes from 3
messages per second to over 7000 on my test vmware box. Not bad for a
one line change :)
(This used to be commit 6568f30adf)
library. Even though we don't like to that library, it gets loaded via
nss-ldap, which means nss-ldap calls into the samba ldap lib with the
wrong parameters, and crashes.
We really need to use a completely different namespace in libcli/ldap/
(This used to be commit c440e0eed9)
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84eff)
finished when we need to trigger the continuation immediately.
Via a fairly complex path, this fixes the problem where all hosts in
the build farm that do not have ipv6 failed a lot of the RPC
tests. This happened because the dcerpc_connect() async code used a
composite_continue() on a context which was already in an error state,
due to the socket backend saying that ipv6 was unavailable
(This used to be commit dbf935d38b)
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77)
to be broken. The %lu modifies apparently can not cope with the high
bit==1. In dom_sid_string I added some printfs and got:
auth: 21
auth: 2666793276
auth: 679821296
auth: 2310223117
auth: 1206
sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206
The "auth:" values are direct printfs, the sid= is the resulting code from
dom_sid_string.
I could not reproduce it with a simple test program, and #ifdef'ing out
HAVE_SNPRINTF in config.h manually does not help either, probably because the
dynamic linker overwrites the symbol in lib/replace.
Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host
"sunx", I would like to see whether it also fixes IRIX and AIX.
Volker
(This used to be commit 1a9401738f)
with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)
metze
(This used to be commit 4ccd0f8171)
the composite_context structue, we should try to convert all code
to use this because there're a lot of places where the we have
bugs with this task...
- add a composite_continue_smb2() helper
We should try to hide the internals of the composite code from the users
to avoid errors (and I found a lot of them... and will fix then step by step)
metze
(This used to be commit a16180f202)
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c)
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb)
- the 0xffffffffffffffff seqnum is reserved for SMB2 Break (oplock breaks)
so don't use it in a request. we should someday try to test this...
metze
(This used to be commit 730cdc4475)
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
(This used to be commit 6718550822)
there're 8 more unknown bytes...
Note:
- vista-CTP also support this as a server,
but uses the old format as client
- but vista-beta2 only uses and accept the new format
metze
(This used to be commit b3bdd4afde)
as we setup the 1 padding byte for non present dynamic part,
we need to overwrite it when we're getting a real dynamic part,
so we need to remove the buf->size +=1 when we do the first
push to the dynamic part (when buf->dynamic is still but->body + buf->body_fixed)
metze
(This used to be commit f309209629)
correct, or we try and do a memcmp on the trailing '\0'.
This happens because we now use memcmp for the prefix matching.
I just wish I had a test other than a particular invocation of the OSX
client. (I've tried and failed so far)
Andrew Bartlett
(This used to be commit 36aa839080)
of smb_open, as it's not nicely alligned for all levels,
If someone has an idea for a better solution where we can access
it via op->generic.out.file.* please let me know:-)
metze
(This used to be commit d0a7408280)
This reduces caller complexity, because the TLS code is now called
just like any other socket. (A new socket context is returned by the
tls_init_server and tls_init_client routines).
When TLS is not available, the original socket is returned.
Andrew Bartlett
(This used to be commit 09b2f30dfa)
seemed to work quite well and this technique might be good for
generating an interface to use for automated testing.
Tested by doing a nbt lookup against smbd.
(This used to be commit 11150b3140)
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728ed)
"." for "..". These express the intention better that strcmp or strequal
and improve searchability via cscope/ctags.
(This used to be commit 7e4ad7e8e5)
