IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If we cannot get 1000 users downloaded in 15seconds, try with 500, 250
and then 125 users at a time.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
In order to support other bind methods, introduce a generic bind callback.
When smbldap_state.bind_callback is set, it means there is an alternative
way to perform LDAP bind to ldap_simple_bind_s() so call it instead.
The call is wrapped in become_root()/unbecome_root() to allow proper permissions
in smbd to access needed resources in the callback, for example, credential caches.
When run outside smbd, become_root()/unbecome_root() are no-op.
The API expectation is similar to ldap_simple_bind_s().
A caller of smbldap API can pass additional information to the callback by setting
smbldap_state.bind_callback_data pointer.
Both callback and the data pointer elements of smbldap_state structure get
cleaned up if someone sets proper credentials on smbldap_state with
smbldap_set_creds() so if you are interested in using smbldap_state.bind_dn
with the callback, make sure to set callback after credentials are set.
struct unixid is defined in idmap.idl and therefore to use it one
would need generated headers from librpc/gen_ndr. Not all of these
files are installed and available as public headers. Also, they
pull in some support headers which requires them to be available
via specific locations like <librpc/gen_ndr/*> or <libcli/util>.
Instead of pulling the headers to get structure and enum definitions,
introduce three simple helpers to fill in 'struct unixid' based on
the type of id. This is sufficient for PASSDB users and does not
require exposing generated headers or code.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104
This will make it easier to consistantly pass a struct unixid all the way up and
down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
This safely allocates the task_id so that when we have multiple event
contexts, they can each have their own messaging context, particularly
for the imessaging subsystem under source4.
Andrew Bartlett
This started per https://bugzilla.samba.org/show_bug.cgi?id=8872#c4
and avoids any possible collision with a different process.
We also need to ensure that across a Samba installation on a single
node that id.vnn is the same. Samba4 previously used 0, while Samba3
used NONCLUSTER_VNN. When a message is sent between these 'different'
nodes, the error NT_STATUS_INVALID_DEVICE_REQUEST is raised.
Andrew Bartlett
This was useful before the idmap cache was moved to gencache.
Nowadays it is available to smbd through gencache, so we
can remove the extra caching layer.
This simplifies the g_lock implementation. The new implementation tries to
acquire a lock. If that fails due to a lock conflict, wait for the g_lock
record to change. Upon change, just try again. The old logic had to cope with
pending records and an ugly hack into ctdb itself. As a bonus, we now get a
really clean async g_lock_lock_send/recv that can asynchronously wait for a
global lock. This would have been almost impossible to do without the
dbwrap_record_watch infrastructure.
There is no need to call pdb_set_pass_must_change_time() because
nothing ever consults that value. It is always calculated from the
domain policy.
Also, this means we no longer store the value in LDAP. The value
would only ever be set when migrating from tdbsam or smbpasswd, not on
password changes, so would become incorrect over time.
Andrew Bartlett
From notify_internal.c:
/*
* The notify database is split up into two databases: One
* relatively static index db and the real notify db with the
* volatile entries.
*/
This change is necessary to make notify scale better in a cluster
This is a void* that represents a signal handler attached to some
custom tevent_context. This is necessary to make the tdb based
messaging infrastructure trigger its business when we are sitting in
tevent_loop_once for an event context that is not the main one in the
messaging context.
Now that we always require a 64 bit off_t, we no longer need SMB_OFF_T.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 6 01:47:43 CEST 2012 on sn-devel-104
This removes a dependency on "struct notify_entry" and makes the nature of the
API more explicit. We depend upon the VFS module to mask out elements from
e->filter and e->subdir_filter that it took over to handle.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 26 17:45:44 CEST 2012 on sn-devel-104
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
We only need one notify_ctx per smbd. The notify_array can become quite large.
It's based on absolute paths, so there's no point in having a copy of the
complete array in memory multiple times.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Wed Mar 21 14:26:07 CET 2012 on sn-devel-104
This applies to all child processes making use of reinit_after_fork().
It is implemented by establishing a pipe between parent and child.
The child watches for EOF on the read end of the pipe, indidcating
an exited parent.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.
As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.
Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
This is used to enable async chained command sequences. A synchronous
reply_xxx command does not need to take are anymore about and_x
chaining. The async commands (pipe r/w at this moment) must do so
however. When finished, they must inform the main chain engine that
they are finished with a smb_request_done call.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 10 17:14:05 CET 2012 on sn-devel-104
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value. Make it easier to follow by
just calling the function directly.
Andrew Bartlett
Because revoking read-only copies of records is expensive, we only
want ctdbd to do it for high-turnover records. A basic heuristic is
that if we don't find a local copy of the record, don't ask for a
read-only copy.
The fetch itself will cause ctdbd to migrate the record, so eventually
we will have a local copy. Next time it gets migrated away, we'll
call ctdbd_fetch() with local_copy = true.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This adds an alisas to ensure that both our loadparm systems know all
the names.
I would like to move to the 'server ..' name as canonical, and this
will be raised on the list.
Andrew Bartlett
This will allow us to use the same layer that auth_ntlmssp does
in the non-SPNEGO session setup, which will in turn make the
authentication code more consistent in the AD server case.
Andrew Bartlett
Found by callcatcher.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 09:01:15 CET 2012 on sn-devel-104
Found by callcatcher.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Feb 17 13:48:05 CET 2012 on sn-devel-104
This is not honoured by the common SPNEGO code.
This matches mondern windows versions which do not send this value, as
it would be insecure for a client to rely on it. (See also the
depricated client use spnego principal directive).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
This fixes bug #8554, #8612 and #8748.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Feb 9 16:39:04 CET 2012 on sn-devel-104
This is causing circular depdnendcies that bring libpdb in all code and this is
BAD.
This change 'protects' the sid and guid of the domain by adding a special key
that makes them effectively read only.
Limit this temporarily to the samba 4 build, once it gets some good testing the
samba4 ifdefs can be dropped.
fix pdb dependencies
Signed-off-by: Andreas Schneider <asn@samba.org>
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason. In this case, we should not regard the LM hash being missing
as an error or a no-password situation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
This is possible because the s3 gensec modules are started as
normal gensec modules, so we do not need a wrapper any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
They really do not belong to smb.h.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 14 21:15:39 CET 2011 on sn-devel-104
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
This causes the backup_intent flags to be added to findfirst/findnext
and ntcreate/nttrans_create calls.
cli_set_backup_intent() sets the flag and returns the old value of
its state.
This should be a lot quicker than PROCESS_EXISTS followed by looking at
serverid.tdb
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Nov 30 12:47:27 CET 2011 on sn-devel-104
This will make it easier to convert locking.tdb to IDL, and I don't think there
will be enough entries to justify a linked list over an array.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Nov 23 09:02:12 CET 2011 on sn-devel-104
This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.
This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink,
but disallow all other operations.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 01:37:41 CEST 2011 on sn-devel-104
