IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Remove pstring from libsmb/clidfs.c except for a nasty
hack (that will be removed when pstrings are gone from
client/).
Jeremy.
(This used to be commit cc257b71d1)
one horror (pstring_clean_name()) which will have to
remain until I've removed all pstrings from the client code.
Jeremy.
(This used to be commit 1ea3ac8014)
zero_addr(&ss). All current uses were always of the
AF_INET form, so simplify the call. If in the future
we need to zero an addr to AF_INET6 this can be
done separately.
Jeremy.
(This used to be commit 2e92418a13)
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
new standard getifaddrs() and freeifaddrs() interfaces. Currently
we only return IPv4 af_families. Needs fixing for binds to IPv6
but this has to be careful work.
Jeremy.
(This used to be commit 327875182c)
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336)
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220d)
Not strictly in the SAM, but close enough. This command acts directly on
the local tdb, no running smbd required
This also changes the root-only check to a warning
(This used to be commit 0c5657b5ef)
So there is a new subcommand "smbcontrol winbindd validate-cache" now.
This change provides the infrastructure:
The function currently returns "true" unconditionally.
The call of a real cache validation function will be incorporated
in subsequent changes.
Michael
(This used to be commit ef92d505c0)
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7)
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
(This used to be commit 30d99d8ac3)
Samba's own registry, the access mask for opening the
registry for the write operations needs to be
SEC_RIGHTS_MAXIMUM_ALLOWED instead of REG_WRITE: we can
not open e.g. HKLM read write explicitly, since we can
not write to this virtual part of the registry, only
to the subkeys like 'HKLM\Software\Samba\smbconf' that
are stored on disk.
Note that MAXIMUM_ALLOWED is also what windows' regedit
passed to the open calls.
Michael
(This used to be commit 57c30f7319)
a parameter and value into the canonical paramter with the value
inverted if it was in invers boolean synonym.
Make net conf use this function when storing parameters.
Michael
(This used to be commit 3b762ab183)
When storing parameters in the smbconf portion of the registry,
up to now, synonyms could be misused to store a parameter twice.
Now this is prevented by canonicalizing the paramter name first.
Also, the value for a boolean parameter checked for validity
before storing the bool in registry.
(The canonicalization should finally go into the registry smbconf
code to also prevent e.g. "regedit" or "net rpc registry" from
storing synonyms. - This is in the making.)
Michael
(This used to be commit 95447dde86)
in the current registry and there is no global section in the input
file (or only global options with default values):
In that case the existing global section is now not touched. Before, it
would have been deleted and recreated empty. The new behaviour is how
other shares are treated too.
Note that since the input file is parsed by lp_load, there is currently
no way to distinguish between a section with only default parameters
and a non-existing section in net conf import.
Michael
PS: A couple of trailing white-spaces have been eliminated
and a line was broken to be not longer than 80 chars, too.
(This used to be commit ec21a0cf9f)
to a function of its own. (for storing it in registry),
Eliminate the valtype variable : store everything as "sz".
Eliminate some trailing white spaces on the way.
Michael
(This used to be commit 76f4f224aa)
This simplifies the usage of this command from
"net conf setparm <section> <param> <type> <value>"
to
"net conf setparm <section> <param> <value>".
Micheal
(This used to be commit 41a8f8ec5f)
activation of global registry options in loadparm.c, mainly to
extract functionality from net_conf.c to be made availabel elsewhere
and to minimize linker dependencies.
In detail:
* move functions registry_push/pull_value from lib/util_reg.c to new file
lib/util_reg_api.c
* create a fake user token consisting of builtin administrators sid and
se_disk_operators privilege by hand instead of using get_root_nt_token()
to minimize linker deps for bin/net.
+ new function registry_create_admin_token() in new lib/util_reg_smbconf.c
+ move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c
+ adapt net_conf.c and Makefile.in accordingly.
* split lib/profiles.c into two parts: new file lib/profiles_basic.c
takes all the low level mask manipulation and format conversion functions
(se_priv, privset, luid). the privs array is completely hidden from
profiles.c by adding some access-functions. some mask-functions are not
static anymore.
Generally, SID- and LUID-related stuff that has more dependencies
is kept in lib/profiles.c
* Move initialization of regdb from net_conf.c into a function
registry_init_regdb() in lib/util_reg_smbconf.c.
Michael
(This used to be commit efd3e2bfb7)
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f7)
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.
There should be no changes to the non-cluster case, it does survive make
test on my laptop.
It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.
Phew...
Volker
(This used to be commit 15553d6327)
the code to add a machine was different then the one used
to add a user, the old code led to the machine SID not being
built out correctly allocationg a new RID out of the passdb
but instead by using the old algorithmic method.
This may easily end up in creating duplicated SID when the
RID counter get close to the values built by the algorithmic method.
Simo.
(This used to be commit e077142aa3)
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
(This used to be commit 7e39d77c1f)
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5d)
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563)
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
(This used to be commit 4e1a0b2549)
smb4k uses 'net rap server domain' to list servers in domain.
Previously we just ignored all arguments in net_rap_server() but now we don't
as 'net rap server name' has added an explicit check on arguments.
Allow 'net rap server domain' to aid smb4k. Any other arguments will cause help message.
(This used to be commit 8f78b6ce3a)
Strip them out when referencing share_type[] entries.
Apparently, some Windows XP installs create shares set to STYPE_HIDDEN by default, found by
Damir Shayhutdinov <damir@altlinux.org>. This also fixes smb4k crashes as it does call 'net share -l'.
(This used to be commit c3f4fdd37e)
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit fb6ac8a5b2)
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit e43e94cda1)
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c)
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e59)
is moving functions around to fix some linker dependencies for the registry.
Michael, I've renamed your auth_utils2.c to token_utils.c.
Thanks!
Volker
(This used to be commit 9de16f25c1)
This means that smbpasswd -c user (which in htpasswd creates a new file)
and smbpasswd -c /not/my/smb.conf should give errors an admin will
think to chase down.
Andrew Bartlett
(This used to be commit 721375e14c)
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
(This used to be commit 5035778ae4)
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e)
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
(This used to be commit 1c9e10569c)
for utimes - change the call to ntimes. This preserves
nsec timestamps we get from stat (if the system supports
it) and only maps back down to usec or sec resolution
on time set. Looks bigger than it is as I had to move
lots of internal code from using time_t and struct utimebuf
to struct timespec.
Jeremy.
(This used to be commit 8f3d530c5a)
The background behind this patch is that we're using ntlm_auth with
Wine. Windows allows us to pass in a NULL domain and a username of the
form of "user@domain" and this is converted into an NTLMSSP_AUTH packet
with a NULL domain name and a username of the same form.
Jeremy.
(This used to be commit 32b040fe05)
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62a)
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b722)
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181d)
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65)
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89a)
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197)
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cf)
* Fix DNS updates for multi-homed hosts
* Child domains often don't have an NS record in
DNS so we have to fall back to looking up the the NS
records for the forest root.
* Fix compile warning caused by mismatched 'struct in_addr'
and 'in_addr_t' parameters called to DoDNSUpdate()
(This used to be commit 3486acd3c3)
Wnidows 2000 DNS which expects the TKEY payload to
be in the answer section and not in the additional
set of records (like Windows 2003 and the RFC).
(This used to be commit a3b6734fda)
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de)
other StringBufs, otherwise clicking on a key with this value being set leads
to regedit.exe on w2k3 chew all memory.
(This used to be commit b148cde7f3)
