IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
this increases the sambapasswordhistory field length to 64 and
fixes a warning about a wrong booleanmatch setting
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
This corrects the issues reaised in bug #6129, and some others that were not
originally identified. It also accounts for some code that was in the original
bug report but appears to have since been made common between S3 and S4.
Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
This was a little messy because of all of the vfs modules I had to
touch. Most of them were pretty straight forward, but the streams
modules required a little attention to handle smb_filename. Since the
use of smb_filename enables the vfs modules to access the raw,
over-the-wire stream, a little bit of the handling that was being done
by split_ntfs_stream_name has now been shifted into the individual
stream modules. It may be a little more code, but overall it gives
more flexibility to the streams modules, while also allowing correct
stream handling.
objectclasses are case insensitive. we used to convert only LDAP objects with
the typical UpperLower case for sambaAccount and sambaGroupMapping and ignored
any other case writings
The statvfs struct isn't guaranteed to be portable across operating
systems. Since libsmbclient isn't actually calling statvfs and just
using the statvfs struct to store similar information, this patch adds
a new portable smbc_statvfs struct. This fixes a few of the failures
in the build farm introduced by:
ae259575c4
Derrell, please check.
1) Add in smb_file_time struct to clarify code and make room for createtime.
2) Get and set create time from SMB messages.
3) Fixup existing VFS modules + examples Some OS'es allow for the
setting of the birthtime through kernel interfaces. This value is
generically used for Windows createtime, but is not settable in the
code today.
There were some function mismatches in the various GET_NT_ACL modules (some places the fsp parameter has not been removed).
Jeremy.
(This used to be commit 221cc5e21e)
Here is a patch to allow many subsystems to be re-initialized. The only
functional change I made was to remove the null context tracking, as the memory
allocated here is designed to be left for the complete lifetime of the program.
Freeing this early (when all smb contexts are destroyed) could crash other
users of talloc.
Jeremy.
(This used to be commit 8c630efd25)
Signed-off-by: Andreas Schneider <anschneider@suse.de>
Signed-off-by: Derrell Lipman <derrell.lipman@unwireduniverse.com>
(This used to be commit 84b1ea39a4)
smbsh.c is located in the examples directory. It does not make sense
to install a man page without installing the tool itself.
This fixes bug #4724.
Karolin
(This used to be commit 797ed744b1)
this can only be done via fset_nt_acl() using an open
file/directory handle. I'd like to do the same with
get_nt_acl() but am concerned about efficiency
problems with "hide unreadable/hide unwritable" when
doing a directory listing (this would mean opening
every file in the dir on list).
Moving closer to rationalizing the ACL model and
maybe moving the POSIX calls into a posix_acl VFS
module rather than having them as first class citizens
of the VFS.
Jeremy.
(This used to be commit f487f742cb)
- James suggested using gcc's "deprecated" attribute to mark the context
structure fields to generate warnings. This creates a scenario with the
best of all worlds. I'm able to move to an organization that more easily
allows future enhancements, while avoiding any mandatory changes by
applications. Thanks, James!
- Updated WHATSNEW.txt so that it accurately reflects the current state of
affairs.
Derrell
(This used to be commit a67f96fbe9)
- Ensured that all public functions have documentation in libsmbclient.h
- Reformatted for "proper" indentation
- Re-added temporarily-disabled alternate authentication function capability
Derrell
(This used to be commit 64b7150d92)
The libsmbclient interface has suffered from difficulty of improvement and
feature enrichment without causing ABI breakage. Although there were a number
of issues, the primary ones were:
(a) the user of the library would manually manipulate the context structure
members, meaning that nothing in the context structure could change other
than adding stuff at the end;
(b) there were three methods of setting options: setting bits in a flags field
within the context structure, setting explicit options variables within an
options structure in the context structure, and by calling the
smbc_option_set() function;
(c) the authentication callback did not traditionally provide enough
information to the callee which required adding an option for a callback
with a different signature, and now there are requests for even more
information at the callback, requiring yet a third signature and option to
set it (if we implement that feature).
This commit provides a reorganization of the code which fixes (a) and (b).
The context structure is now entirely opaque, and there are setter and getter
functions for manipulating it. This makes maintaining ABI consistency much,
much easier.
Additionally, the options setting/getting has been unified into a single
mechanism using smbc_option_set() and smbc_option_get().
Yet to be completed is a refactoring of the authentication callback (c).
The test programs in examples/libsmbclient have been modified (if necessary;
some applications require no changes at all) for the new API and a few have
been minimally tested.
Derrell
(This used to be commit d4b4bae8de)
testwrite: create or truncate a file and write to it.
teststat3: compare the results from smbc_stat() and smbc_fstat()
Derrell
(This used to be commit 5a4a7aec76)
As discussed with Volker, it is better to calculate FS capabilities at
connection time. We already do this with help of VFS statvfs() call
which allows to fill-in system-specific attributes including FS
capabilities. So just re-use it if you want to represent additional
capabilities in your modules. The only caution is that you need to
call underlying statvfs() call to actually get system-specific
capabilities (and other fields) added. Then add module-specific ones.
(This used to be commit e342ca0d93)
This makes sense as upper levels are only taking returned result of 0
(no error) into consideration when deciding whether to mark file
offline/online as returned from is_offline.
That means that we simply can move the decision down to VFS module and
clean up upper levels so that they always see only file status. If there
is an error when trying to identify file status, then VFS module could
decide what to return (offline or online) by itself -- after all, it
ought to have system-specific knowledge anyway.
(This used to be commit 75cc086614)
There's been a problem seen where open/read/close a number of times causes
open failures eventually. This program has been modified to create the
context once and then loop requesting file names to open/read/close.
This program also demonstrates the current error in cli_read() where it
returns an error instead of length 0 upon end of file.
Derrell
(This used to be commit 9d75ea577b)
When the capability of using full names for DOS attributes was added, a bug
was introduced which caused the wrong number of bytes to be returned. This
patch to smbc_listxattr_ctx() fixes the problem.
Thanks to Jack Schmidt for this patch.
Derrell
(This used to be commit 913c335d21)
to lists of groups (or aliases). Useful for creating large test
scenarios.
Michael
(cherry picked from commit b3e5082e10)
(This used to be commit 78a2344fe7)
This is done via rpc client. The main purpose is to
be able to fill a domain controller with a large number
of users / groups easily. A the object names are
built as <prefix><num> where number ranges from a given
start number counting up until a given number of objects
has been created.
In a next step, I will submit scripts to add (many) users to
a group and to add a user to (many) groups.
Michael
(cherry picked from commit 8b81fbb7d9)
(This used to be commit 79414f8bfa)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
This script is useful for migrating OpenLDAP schema files to FDS/RHDS
lidf schema files.
License kindly updated to GPLv3+ at our request.
Simo.
(This used to be commit ab7770b34b)
have the current and possibly the previous trust password
stored as clear text passwords. (Previous use of NTPassword
was a mistake - this is a hash value.)
Michael
(This used to be commit 0beae52ff4)
incremented too far in some circumstances. In these cases, only the first
of multiple concatenated strings would be seen.
- Working on bug 4649 pertaining to delete an ACL, this fixes the reported
crash. It appears to have been an incomplete switchover from malloc to
talloc, as the memory was still being freed with SAFE_FREE.
Deleting ACLs still doesn't work. Although a valid request is sent to the
server and a SUCCESS response is returned, the method that's used in
libsmbclient for deleting ACLs seems to be incorrect. In looking at the
samba4 torture tests, it appears that we should be turning on the INHERIT
flag if we want to delete the ACL. (I could use some assistance on the
proper flags to send, from anyone familiar with this stuff.)
- Apply patch from SATOH Fumiyasu to fix bug 4750. smbc_telldir_ctx() was not
returning a value useful to smbc_lseekdir_ctx().
Derrell
(This used to be commit 2ac502e29b)
This script allows for adding lists of users (or other objects)
to lists of groups (or aliases). Useful for creating large test
scenarios.
Michael
(This used to be commit b3e5082e10)
This is done via rpc client. The main purpose is to
be able to fill a domain controller with a large number
of users / groups easily. A the object names are
built as <prefix><num> where number ranges from a given
start number counting up until a given number of objects
has been created.
In a next step, I will submit scripts to add (many) users to
a group and to add a user to (many) groups.
Michael
(This used to be commit 8b81fbb7d9)
This is a slightly modified version to set warn_pwd_expire to the
default value if 0, no, or a broken value is set.
This version also has one if statement less in get_config_item_int().
Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature!
(This used to be commit d26914c978)
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a550)
attempts to set attributes to fail.
- I also noticed that missing attributes were setting an invalid return string
by getxattr(), e.g. if there was not group, the return string had "GROUP:;"
instead of excluding the GROUP attribute entirely as it should. The big
problem with the way it was, is that the string could not then be passed to
setxattr() and parsed.
(This used to be commit 7213b5ebec)
for utimes - change the call to ntimes. This preserves
nsec timestamps we get from stat (if the system supports
it) and only maps back down to usec or sec resolution
on time set. Looks bigger than it is as I had to move
lots of internal code from using time_t and struct utimebuf
to struct timespec.
Jeremy.
(This used to be commit 8f3d530c5a)
* chase referrals
* use paged search control
when using the LDAP change notify control for monitoring changes.
Guenther
(This used to be commit d6849a83c0)
NetApp filers expect paths in Open AndX Request to have a leading slash.
Windows clients send the leading slash, so we should too.
(This used to be commit fc5b6e4bd8)
Jeremy: requires your eyes...
If the remote connection timed out while cli_list() was retrieving its list of
files, the error was not returned to the user, e.g. via smbc_opendir(), so the
user didn't have a way to know to set the timeout longer and try again. This
problem would occur when a very large directory is being read with a too-small
timeout on the cli.
Jeremy, although there were a couple of areas that needed to be handled, I
needed to make one change that you should bless, in libsmb/clientgen.c. It
was setting
cli->smb_rw_error = smb_read_error;
but smb_read_error is zero, so this had no effect. I'm now doing
cli->smb_rw_error = READ_TIMEOUT;
instead, and according to the OP, these (cumulative) changes (in a slightly
different form) solve the problem.
Please confirm this smb_rw_error change will have no other adverse effects
that you can see.
Derrell
(This used to be commit fa664b24b8)
This completes the work Jeremy began last week, disambiguating the meaning of
c_time. (In POSIX terminology, c_time means "status Change time", not "create
time".) All uses of c_time, a_time and m_time have now been replaced with
change_time, access_time, and write_time, and when creation time is intended,
create_time is used.
Additionally, the capability of setting and retrieving the create time have
been added to the smbc_setxattr() and smbc_getxattr() functions. An example
of setting all four times can be seen with the program
examples/libsmbclient/testacl
with the following command line similar to:
testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt'
The -f option turns on the new mode which uses full time names in the
attribute specification (e.g. ACCESS_TIME vs A_TIME).
(This used to be commit 8e119b64f1)
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30)
Although I've never met a computer or compiler that produced pointers to
functions which are a different size than pointers to data, I suppose they
probably exist. Assigning a pointer to a function is technically illegal in C
anyway.
Change casts of the option_value based on the option_name to use of variable
argument lists.
For binary compatibility, I've maintained but deprecated the old behavior of
debug_stderr (which expected to be passed a NULL or non-NULL pointer) and
added a new option debug_to_stderr which properly expects a boolean (int)
parameter.
Derrell
(This used to be commit c1b4c51053)
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
Implement enhancement request 3505. Two additional features are added here.
There is now a method of saving an opaque user data handle in the smbc_
context, and there is now a way to request that the context be passed to the
authentication function. See examples/libsmbclient/testbrowse.c for an example
of using these features.
(This used to be commit 203b4911c1)
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.
* add substr matching rule to OpenLDAP schema
(we need to update the other schema as will since this
is a pretty important change). Sites will need to
- install the new schema
- add 'indea sambaSID sub' to slapd.conf
- run slapindex
* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
(This used to be commit 2c0a46d731)
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24)
use that, but includes.h fails in environments where there's no system popt
around. As the modules don't need that anyway, porting the check whether to
use the system one or our own seems a bit overkill.
Thanks to Michael Adam <ma@SerNet.DE>.
Volker
(This used to be commit 04cbde5956)
Although RTLD_NEXT was not working properly a number of years ago, it seems to be now. Replace dlopen(/lib/libc...) with direct use of RTLD_NEXT
(This used to be commit 2b48665006)
schema.
Maybe "Base64 encoded user parameter string" is not much clearer then
"munged dial" - anyone got a better description ?
Guenther
(This used to be commit 02ccde5f47)
1. Fix a crash bug which should have reared its ugly head ages ago, but for
some reason, remained dormant until recently. The bug pertained to
libsmbclient doing a structure assignment of a cli after having opened a
pipe. The pipe open code makes a copy of the cli pointer that was passed
to it. If the cli is later copied (and that cli pointer that was saved
is no longer valid), the pipe code will cause a crash during shutdown or
when the copied cli is closed.
2. The 'type' field in enumerated shares was not being set correctly with
the new RPC-based mechanism for enumerating shares.
(This used to be commit 62a02b8f2a)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
(by allowing to store more then 1 password history entry in LDAP...)
Thanks to Bernhard Borgmann @ Novell for showing me how to debug
eDirecory.
Guenther
(This used to be commit a6e8de5c3c)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
the function that was being used to set attributes is a core protocol
function (SMBsetatr = 0x09), it does not appear to work on win98. As a
temporary measure, when file times are to be set, this version opens the
file and uses SMBsetattrE = 0x22 instead. (The other advantage of this
function over the original one is that it supports setting access time as
well as modification time.)
The next step, the proper solution if it can be made to work, is to write
functions that use TRANS2_SET_PATH_INFO instead.
(This used to be commit bab0bf7f4f)
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f2)
Sharpe.
Users my run this script after they have vampired a windows domain
controller to verify their system has no double sids, double uids, etc.
Guenther
(This used to be commit 31bd709a41)
Added to samba3 due to some header and machine-account dependencies,
although it's possibly of more interest to samba4 developers.
adssearch.pl is a kind of ldapsearch + dump-filters for various
ADS-attributes. It can also register asynchronous change notifications.
./adssearch.pl -h w2k3host -D administrator@MY.REALM.NET -x -w mypass -n
and *any* change in your entire DIT will show up immediately (after a
second change of an object even as object diff). It's very interesting
to see the interaction of GPOs, the various steps of account
modification with dsa.msc, etc.
Gracefully ignore some parts of adssearch.pl that are rather immature...
Guenther
(This used to be commit fd947b5ee0)
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit 75af83dfcd)