IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
the SDDL string has the sid strings embedded, so we need to create
a null terminated string...
metze
(This used to be commit 532395a18db84affa8a743b995e9fae2e3c312f2)
to be broken. The %lu modifies apparently can not cope with the high
bit==1. In dom_sid_string I added some printfs and got:
auth: 21
auth: 2666793276
auth: 679821296
auth: 2310223117
auth: 1206
sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206
The "auth:" values are direct printfs, the sid= is the resulting code from
dom_sid_string.
I could not reproduce it with a simple test program, and #ifdef'ing out
HAVE_SNPRINTF in config.h manually does not help either, probably because the
dynamic linker overwrites the symbol in lib/replace.
Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host
"sunx", I would like to see whether it also fixes IRIX and AIX.
Volker
(This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
(This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
Split of system/locale.h header from system/iconv.h
Previously, iconv wasn't being used on these systems
(This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
- remove sid_active_in_token() was the same as security_token_has_sid()
- rename some functions
metze
(This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
the problem was that we shift with <<= (privilege-1)
and we called the function with privilege=0
add some checks to catch invalid privilege values
and hide the mask representation in privilege.c
metze
(This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
displaying security descriptors in ldbsearch or ldbedit you can see
the SDDL version.
This also allows us to specify security descriptors in our
setup/*.ldif files in SDDL format, which is much more convenient than
the NDR binary format!
(This used to be commit 8185731c1846412c1b3366824cdb3d05b2d50b73)
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema)
- fixed 'mixed coded declarations' bug
(This used to be commit c30e7698e8e1d9991d35bf86c0d4041a1814ad92)
all flags are covered yet, and object aces aren't done yet.
This is needed for ACL support in ldb, as the default security
descriptor for each object class is given by the
defaultSecurityDescriptor attribute in the schema, which is stored in
SDDL format
(This used to be commit dbdeecea01a8b362a9a525a3689cb03662a86776)
