IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
took a _LONG_ time to find.
The problem was that when encoding/decoding password buffers we use
the pull/push string functions, which by default align unicode
strings. But on solaris sparc the buffer is not aligned always (its a
stack variable, an array of uint8_t). That perfectly OK in C, so we
just tell the pull/push functions not to auto-align.
were getting ENOBUFS, which mapped to NT_STATUS_NO_MEMORY, which in
turn caused the messaging code to loop trying until it gave up.
Now it correctly falls back to select. Messaging speed goes from 3
messages per second to over 7000 on my test vmware box. Not bad for a
one line change :)
library. Even though we don't like to that library, it gets loaded via
nss-ldap, which means nss-ldap calls into the samba ldap lib with the
wrong parameters, and crashes.
We really need to use a completely different namespace in libcli/ldap/
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
finished when we need to trigger the continuation immediately.
Via a fairly complex path, this fixes the problem where all hosts in
the build farm that do not have ipv6 failed a lot of the RPC
tests. This happened because the dcerpc_connect() async code used a
composite_continue() on a context which was already in an error state,
due to the socket backend saying that ipv6 was unavailable
to be broken. The %lu modifies apparently can not cope with the high
bit==1. In dom_sid_string I added some printfs and got:
auth: 21
auth: 2666793276
auth: 679821296
auth: 2310223117
auth: 1206
sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206
The "auth:" values are direct printfs, the sid= is the resulting code from
dom_sid_string.
I could not reproduce it with a simple test program, and #ifdef'ing out
HAVE_SNPRINTF in config.h manually does not help either, probably because the
dynamic linker overwrites the symbol in lib/replace.
Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host
"sunx", I would like to see whether it also fixes IRIX and AIX.
Volker
with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)
metze
the composite_context structue, we should try to convert all code
to use this because there're a lot of places where the we have
bugs with this task...
- add a composite_continue_smb2() helper
We should try to hide the internals of the composite code from the users
to avoid errors (and I found a lot of them... and will fix then step by step)
metze
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
