IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ntvfs handler = nbench posix
and the nbench pass-thru module will be called before the posix
module. The chaining logic is now much saner, and less racy, with each
level in the chain getting its own private pointer rather than relying
on save/restore logic in the pass-thru module.
The only pass-thru module we have at the moment is the nbench one
(which records all traffic in a nbench compatibe format), but I plan
on soon writing a "unixuid" pass-thru module that will implement the
setegid()/setgroups()/seteuid() logic for standard posix uid
handling. This separation of the posix backend from the uid handling
should simplify the code, and make development easier.
I also modified the nbench module so it can do multiple chaining, so
if you want to you can do:
ntvfs module = nbench nbench posix
and it will save 2 copies of the log file in /tmp. This is really only
useful for testing at the moment until we have more than one pass-thru
module.
to process init_globals(). This also allows all global options to be
set using lp_set_cmdline() or --option
a side effect is that init_globals() is slower. If this turns out to
be a problem we can try a different approach.
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
because this is the connection state per transport layer (tcp)
connection
I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions
metze
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
Samba4. I'm committing this now so I can get comments on the approach.
Note that you need to do something like this to initialise the SAM db:
edit script/provision.pl
script/provision.pl > provision.ldif.out
bin/ldbadd /path/to/private/sam.ldb provision.ldif.out
paramter, without special links to other variables.
When we get 'server role' ideas back into Samba4, we can fix this properly.
The default is:
guest, sam_ignoredomain
which is the expected behaviour for a stand-alone server.
Andrew Bartlett
1.) We now register endpoint servers add startup via register_backend()
and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context
2.) each endpoint server can register at context creation time as much interfaces as it wants
(multiple interfaces on one endpoint are supported!)
(NOTE: there's a difference between 'endpoint server' and 'endpoint'!
for details look at rpc_server/dcesrv_server.h)
3.) one endpoint can have a security descriptor registered to it self
this will be checked in the future when a client wants to connect
to an smb pipe endpoint.
4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module
it takes this options in the [globals] section:
dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper
dcerpc remote:binding = ...
dcerpc remote:user = ...
dcerpc remote:password = ...
5.) we currently have tree endpoint servers: epmapper, rpcecho and remote
the default for the 'dcerpc endpiont servers = epmapper, rpcecho'
for testing you can also do
dcerpc endpoint servers = rpcecho, remote, epmapper
dcerpc remote:interfaces = srvsvc, samr, netlogon
6,) please notice the the epmapper now only returns NO_ENTRIES
(but I think we'll find a solution for this too:-)
7.) also there're some other stuff left, but step by step :-)
This patch also includes updates for the
register_subsystem() , ntvfs_init(), and some other funtions
to check for duplicate subsystem registration
metze
(hmmm, my first large commit...I hope it works as supposed :-)
