IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Collect the generic utility functions into a lib/util/ (a la GLib is
for the GNOME folks)
- Remove even more files from include/
(This used to be commit ba62880f5b)
included from other headers. In this case, undeffing MIN and MAX is a
really bad idea because the subsequent include of sys/param.h will do
nothing because of its include guards.
(This used to be commit 8aa8be93b0)
in Samba4. This allows us to start winbindd by default, including in
'make test'.
This is via a new 'winbindd socket directory' parameter for utilities
linked against loadparm, as well as a --with-winbindd-socket-dir
option to configure (setting the default and the value for simple
clients).
I hope to add basic winbindd tests, to ensure continued correct
operation, but at least now I don't have to manually change my 'server
services' line.
The other problem with the hard-coded /tmp/.winbind is that RedHat has
moved this in Fedora (to /var/run I think). For this reason, this
functionality should probably be ported to Samba3 as well.
The default for Samba4 is PREFIX/var/run/winbind_pipe.
I have also re-added the paranoia checks from Samba3 for correct
permissions on the socket directory.
Andrew Bartlett
(This used to be commit 8866aa06ff)
This allows the easy addition of additional named pipes and removes the
circular dependencies between the CIFS, RPC and RAP servers.
Simple tests for a custom named pipe included.
(This used to be commit 898d15acbd)
out proto headers.
The reason this is done in this way is that the attribute must be on
the prototype, not the actual function defintion. Hence the macros
which expand to nothing in the C file, but expand to an __attribute__
in the prototype header.
Andrew Bartlett
(This used to be commit a88933668f)
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881)
We now use a different system for initializing the modules for a subsystem.
Most subsystems now have an init function that looks something like this:
init_module_fn static_init[] = STATIC_AUTH_MODULES;
init_module_fn *shared_init = load_samba_modules(NULL, "auth");
run_init_functions(static_init);
run_init_functions(shared_init);
talloc_free(shared_init);
I hope to eliminate the other init functions later on (the
init_programname_subsystems; defines).
(This used to be commit b6d2ad4ce0)
in proto.h previously already did this somehow, probably because it
was used as a return value before it was used as a parameter.
(This used to be commit 30861b0f0e)
Allow specifying the _PUBLIC_ keyword on functions to indicate a function
is public.
Public prototypes can now be written to a seperate header, although this
functionality is not used yet.
(This used to be commit e3466df6df)
This extracts a remote windows domain into a keytab, suitable for use
in ethereal for kerberos decryption.
For the moment, like net samdump and net samsync, the 'password
server' smb.conf option must be set to the binding string for the
server. eg:
password server = ncacn_np:mypdc
Andrew Bartlett
(This used to be commit 272013438f)
system
- this needs to be in one big patch, because of the merging code,
that changes client in server connections and the other way around
- use socket_connect_send/_recv() in the client code
metze
(This used to be commit f0105b7fcd)
it only appeared to be like a SMBtrans request as it was being called
with function 0x11c017 which is "named pipe read write"
I wonder if this means we could do DCE/RPC over SMB using ntioctl
calls as well?
(This used to be commit f2b8857797)
- while running dcerpc over SMB2, the server will occasionally send us
a oh-so-useful STATUS_PENDING result meaning "I don't have a result
for you yet, but I'm working on it". These can be discarded :-)
(This used to be commit 24588a9c49)
- it does Negprot and SessionSetup yet
the rest returns NT_STATUS_NOT_IMPLEMENTED
- it's off by default, enable with:
smbsrv:enable smb2 = yes
- negotition in the SMB Negprot isn't supported yet
- it's only tested with smbtorture SMB2-CONNECT
not with vista as client
metze
(This used to be commit 08b31d5f61)
- added a SMB2-SCANGETINFO test for scanning for available info levels
- added names for the info levels I recognise to smb2.h
(This used to be commit fe5986067e)
connects, giving the following output:
Running SMB2-CONNECT
Negprot reply:
current_time = Fri Nov 11 20:10:42 2005 EST
boot_time = Sat Nov 12 10:34:33 2005 EST
Session setup gave UID 0x40000000071
Session setup gave UID 0x140000000075
Tree connect gave tid = 0x7500000001
Tree connect gave tid = 0x7500000005
SMB2-CONNECT took 0.049024 secs
(This used to be commit a24a4c3110)
the call definitions will be in smb2_calls.h, which will play a
similar role that smb_interfaces.h plays for the old SMB protocol
(This used to be commit 4ef3902a8a)
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.
Volker
(This used to be commit 5718df44d9)
I'm sure this will not be the final resting place, but it will do for
now.
Use the cracknames code in auth/ for creating a server_info given a
principal name only (should avoid assumtions about spliting a
user@realm principal).
Andrew Bartlett
(This used to be commit c9d5d8e45d)
first. And if a request is being processed, queue it. This correctly survived
3 endless loops with wbinfo's doing different things while starting up smbd.
The number of indirections starts to become a bit scary, but what can you do
without a decent programming language that provides closures :-)
One thing that we might consider is to auto-generate async rpc requests that
return composite_context structs instead of rpc_requests. Otherwise I'd have
to write a lot of wrappers like composite_netr_LogonSamLogon_send.
The alternative would be to write two versions of wb_queue_domain_send which I
would like to avoid. This is cluttered enough already.
Volker
(This used to be commit 66c1b674f9)
fix the build for changes from SAMBA_4_0 branch
metze
r10541@SERNOX: metze | 2005-09-27 15:05:33 +0200
use a transaction when we allocate a new version
metze
r10549@SERNOX: metze | 2005-09-27 18:58:37 +0200
- add first start of wins pull replication
- we not yet apply records to our database but we fetch them correct form our partners
(we need conflict handling for this)
- we also need to filter out our own records!
metze
r10568@SERNOX: metze | 2005-09-28 11:33:04 +0200
move composite helpers to a seperate file, create a a seperate file for the conflict resolving logic
metze
r10571@SERNOX: metze | 2005-09-28 12:00:17 +0200
add forward declarations...to fix the build
metze
r10612@SERNOX: metze | 2005-09-29 16:11:06 +0200
we have a nbt_name now, and don't need to parse it
metze
r10614@SERNOX: metze | 2005-09-29 16:38:35 +0200
filter out our own records
metze
r10620@SERNOX: metze | 2005-09-29 18:07:08 +0200
- handle mutliple addresses in WREPL_REPL_SEND_REPLY
- make strings always valid talloc pointers
metze
r10621@SERNOX: metze | 2005-09-29 18:09:41 +0200
use debug level 2
metze
r10622@SERNOX: metze | 2005-09-29 18:48:05 +0200
- add one more debug message when we reply no record
- fix min max logic
metze
r10623@SERNOX: metze | 2005-09-29 20:49:06 +0200
build fixes...
metze
r10629@SERNOX: metze | 2005-09-30 00:11:41 +0200
- use seperate attributes for type, state, nodetype, is_static
... the winserver.c code needs some more updates to correctly,
create special group and multihomed registrations...
metze
r10640@SERNOX: metze | 2005-09-30 04:07:34 +0200
- add some short path for the composite helper functions
they will be used in the next commit
metze
r10642@SERNOX: metze | 2005-09-30 06:29:06 +0200
fix the build
metze
r10655@SERNOX: metze | 2005-09-30 17:36:49 +0200
- implement the WREPL_REPL_UPDATE* and WREPL_REPL_INFORM*
this includes the connection fliping into a client connection
for WREPL_REPL_UPDATE*
NOTE: I not yet found out how to get the w2k server to use INFORM against samba4
it uses inform against w2k and w2k3 but UPDATE against nt4 and samba4
what's left now is to be able to initiate INFORM and UPDATE requests to notify
our pull partners
metze
r10727@SERNOX: metze | 2005-10-05 14:11:05 +0200
fix the build
metze
r10770@SERNOX: metze | 2005-10-06 16:56:01 +0200
- move the table filling to a seperate function, will be reused later
- fix the build, wrepl_nbt_name fixes
- remove state -> update_state
metze
r10771@SERNOX: metze | 2005-10-06 17:04:48 +0200
add a function to create a wreplsrv_in_connection from a client connection
metze
r10772@SERNOX: metze | 2005-10-06 17:13:51 +0200
- make the connection code more generic to handle the pull cached connection,
push cached connection or given connections
- when we don't use a cached connection, disconnection when a pull_cycle is done
- fix the build and use the configured source ip
metze
r10773@SERNOX: metze | 2005-10-06 17:18:49 +0200
- add composite functions for push notification
metze
r10774@SERNOX: metze | 2005-10-06 17:23:46 +0200
- use periodic push notifycation, this is just for now
as it needs to be configurable and and be triggered when the local database
has changes since the last notify
- I also need to work out how to decide if the partner supports
persistent connections and WREPL_REPL_INFORM* messages
metze
r10923@SERNOX: metze | 2005-10-12 16:52:34 +0200
fix the build becuse of conflicts with main SAMBA_4_0 tree
metze
(This used to be commit 6d97dd6e50)
create winsdb_record() and winsdb_message() as public functions
so that they can be used in the wrepl_server/
metze
(This used to be commit b8b48c8aa5)
- load our wins partners at start time:
# this is a sample partner record:
dn: name=SERNOX4-1,CN=PARTNERS
objectClass: wreplPartner
name: SERNOX4-9
address: 172.31.1.1
ourAddress: 172.31.9.1
type: 0x3
pullInterval: 3600
- go through all winsdb records in the database and create the wins_owner table,
but don't add ourself to it as out nbt task will update the db too, we refetch
the local max_versiion, each time we need it, (that typicaly onces per replication cycle)
metze
(This used to be commit 4490a2864e)
- move structs to a seperate header file
- move the code for the wreplsrv_in_call handling to a seperate file
metze
(This used to be commit c9a8544446)
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae)
but the version before did not either, so we're not worse than before.
One thing this does better is to call the domain init code if it's not there
yet.
Volker
(This used to be commit 35bcfb185b)
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecc)
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07c)
start to look sane.
Question: What about providing all winbind commands as irpc interfaces that
are called from the samba3 compatibility layer? This way it would be easy for
other samba components to access its functionality. Does that make sense?
Volker
(This used to be commit 2a6b805385)
used for WREPL_REPL_INFORM* messsages
- make it possible to close the connection after a request was send
used for WREPL_ASSOCIATION_STOP
- fix the torture test that tests the assoc context handling
between connections, you can issue a request and get the reply
on another connection, I think we should not implement that in our server
code, as I think it's a security hole, you can cause a windows server
to send the replies to someone another client, that doesn't wait for data,
and as there're no massage_id in the protocol the client would be confused
by a replies that doesn't belong to a query
metze
(This used to be commit dfc95de8fa)
queryinfopolicy. Idea is to get a consistency check between that and our
notion of the domain name and sid, and take the lsa pipe as the holder of the
central smbcli_tree that netlogon and samr use as well.
Volker
(This used to be commit 126c80aefc)
Tridge, if you have time, you might want to look at the segfault I was still
seeing. Now I store the handle to the netlogon pipe in the global winbind
state and free it on the next entry into check_machacc. The problem seems to
be that talloc_free()ing a pipe struct from within a callback function on that
pipe is not possible. I think I can live with that, but it has been not really
obvious. To reproduce the segfault you might want to look at putting a
talloc_free(state->getcreds->out.netlogon) into
wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc
callback function.
In particular if the check failed it would be nice if I could delete the pipe
directly and not post a different event to some winbind queue.
I tried to delete the pipe from a timed event triggered immediately, but this
also fails because the inner loop seems to hit the same event again, calling
it twice.
Volker
(This used to be commit 5436d77648)
of an existing socket, that is needed to handle WREPL_REPL_UPDATE
in the server, because we need to flig the connection and act as client on it
metze
(This used to be commit 131e5dfe69)
domain and gets the DC's name via a mailslot call.
Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with
irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And
as everything is async anyway, the semantics should not be too much of a
problem.
Volker
(This used to be commit 4637964b19)
that a given set of (working) POSIX functions are available (without
prefixes to their names, etc). See lib/replace/README for a list.
Functions that behave different from their POSIX specification
(such as sys_select, sys_read, etc) have kept the sys_ prefix.
(This used to be commit 29919a7105)
- remove the echo test stuff
- abstract out the used protocol
- we have a seperate handler for the samba3 protocol now
- the backend can easy do async replies
by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call
and then call wbsrv_queue_reply() later
metze
(This used to be commit 32f3e68a56)
- use this for the send_queue's of the different stream_servers
to not redefine the same struct so often, and it maybe will be used
in other places too
metze
(This used to be commit b6694f067a)
Currently uses the prefix "param" for all functions and structures; suggestions for better ones are welcome...
Remove old smb.conf-parsing code from libsamba3.
(This used to be commit 414e5f7f6d)
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6e)
as it isn't needed
- parse some more DsAddEntry() errors
- add some more attid constands so that all attribute that are needed
for a DsAddEntry in the DC Domain Join are mapped
- add value() for __ndr_size, to more attribute container, so that the caller
doesn't need to fill them in, that was the reason for getting an NDR_FAULT
metze
(This used to be commit a9a1a6f861)
what WinXP does when joining an AD domain, but in the meantime this
removes the excess unions, and uses the LSA pipe in same way XP does.
Andrew Bartlett
(This used to be commit d2789c4260)
into LDB are actually quite easy.
This brings us the users, and sets basic domain information.
You are expected to have provisioned with the settings for the target
domain, and have joined the domain as a BDC. Then simply 'net
samsync'.
Now we just need to flesh out the delta types.
Andrew Bartlett
(This used to be commit 1e0f7792bb)
Work on the talloc memory tree, as I think talloc_reference and other
things were biting me.
Crush unions in the name of code reform. ;-)
Andrew Bartlett
(This used to be commit 2eadcf4669)
- undefine anything in the win32 api or PSDK headers that Samba already defines
- map BSD error codes to Winsock Error codes
(This used to be commit d2ea619125)
