IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
share_access support). This is enough for us to pass the BASE-DENY2
test, but is a long way from fully correct share modes.
(This used to be commit b5a6dd3cbf)
pvfs_open, and handle the various race conditions that are inherent in
cifs on unix, so we do the best we can when the race happens.
the ntcreatex code is really starting to take shape now
(This used to be commit 395c3815b4)
want to expose the brl context structure outside the brlock.c
code. Instead, I now use "struct brl_context *" and rely on C being
happy to pass around pointers to unknown structures as long as they
are not dereferenced. I will be interested to see how the build farm
likes this.
(This used to be commit cb155c8ad8)
can never be perfect, as openx can do things that ntcreatex can't, but
with this tweak we get close (the BASE-DENY1 test passes completely,
for example)
(This used to be commit 88112b9677)
the ntvfs_generic mapping functions rather than sending the exact
function asked for. This allows the generic mapping functions to be
tested by comparing the behaviour of smbtorture against two cifs
backend shares, one using "cifs:mapgeneric = true" and the other
"cifs:mapgeneric = False"
(This used to be commit c240c6bca5)
preparation for the full share modes and ntcreatex code that I am
working on.
highlights include:
- changed the way a backend determines if it is allowed to process a
request asynchronously. The previous method of looking at the
send_fn caused problems when an intermediate ntvfs module disabled
it, and the caller then wanted to finished processing using this
function. The new method is a REQ_CONTROL_MAY_ASYNC flag in
req->control_flags, which is also a bit easier to read
- fixed 2 bugs in the readbraw server code. One related to trying to
answer a readbraw with smb signing (which can't work, and crashed
our signing code), the second related to error handling, which
attempted to send a normal SMB error packet, when readbraw must
send a 0 read reply (as it has no header)
- added several more ntvfs_generic.c generic mapping functions. This
means that backends no longer need to implement such esoteric
functions as SMBwriteunlock() if they don't want to. The backend
can just request the mapping layer turn it into a write followed by
an unlock. This makes the backends considerably simpler as they
only need to implement one style of each function for lock, read,
write, open etc, rather than the full host of functions that SMB
provides. A backend can still choose to implement them
individually, of course, and the CIFS backend does that.
- simplified the generic structures to make them identical to the
principal call for several common SMB calls (such as
RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX).
- started rewriting the pvfs_open() code in preparation for the full
ntcreatex semantics.
- in pvfs_open and ipc_open, initially allocate the open file
structure as a child of the request, so on error we don't need to
clean up. Then when we are going to succeed the open steal the
pointer into the long term backend context. This makes for much
simpler error handling (and fixes some bugs)
- use a destructor in the ipc backend to make sure that everthing is
cleaned up on receive error conditions.
- switched the ipc backend to using idtree for fnum allocation
- in the ntvfs_generic mapping routines, use a allocated secondary
structure not a stack structure to ensure the request pointer
remains valid even if the backend replies async.
(This used to be commit 3457c1836c)
an extremely efficient way of mapping from an integer handle (such as
an open file handle) to a pointer (such as the structure containing
the open file information). The code is taken from lib/idr.c in the
2.6 Linux kernel, and is very fast and space efficient. By using
talloc it even has auto cleanup.
This commit converts the handling of open file handles and open
directory search handles to use the idtree routines. In combination
with talloc destructors, this simplifies the structure handling in the
pvfs backend a lot. For example, we no longer need to keep a linked
list of open directory searches at all, and we no longer need to do
linear scans of the list of open files on most operations.
The end result is that the pvfs code is now extremely scalable. You
can have 10s of thousands of open files and open searches and the code
still runs very fast.
I have also added a small optimisation into the file close path, to
avoid looking in the byte range locking database if we know that there
are no locks outstanding.
(This used to be commit 16835a0ef9)
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The
default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]",
where ifacename is the name of the interface.
Examples:
[
uuid(60a15ec5-4de8-11d7-a637-005056a20182),
endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:")
]
interface rpcecho
{
void dummy();
}
dcerpc_binding is now converted to ep_description in the server, but I hope to
completely eliminate ep_description later on.
The eventual goal of all these changes is to make it easier to add
transports as I'm going to add support for
ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets).
(This used to be commit f3da7c8b44)
in the right state when called. For example, when we use the unixuid
handler in the chain of handlers, and a backend decides to continue a
call asynchronously then we need to ensure that the continuation
happens with the right security context.
The solution is to add a new ntvfs operation ntvfs_async_setup(),
which calls all the way down through the layers, setting up anything
that is required, and takes a private pointer. The backend wanting to
make a async calls can use ntvfs_async_setup() to ensure that the
modules above it are called when doing async processing.
(This used to be commit a256e71029)
- added a pvfs_lock_close_pending() hook to remove pending locks on file close
- fixed the private ptr argument to messaging_deregister() in pvfs_wait
- fixed a bug in continuing lock requests after a lock that is blocking a pending lock is removed
- removed bogus brl_unlock() call in lock continue
- corrected error code for LOCKING_ANDX_CHANGE_LOCKTYPE
- expanded the lock cancel test suite to test lock cancel by unlock and by close
- added a testsuite for LOCKING_ANDX_CHANGE_LOCKTYPE
(This used to be commit 5ef80f034d)
This adds a pvfs_wait_message() routine which uses the new messaging
system, event timers and talloc destructors to give a nice generic
async event handling system with a easy to use interface. The
extensions to pvfs_lock.c are based on calls to pvfs_wait_message()
routines.
We now pass all of our smbtorture locking tests, although while
writing this code I have thought of some additonal tests that should
be added, particularly for lock cancel operations. I'll work on that
soon.
This commit also extends the smbtorture lock tests to test the rather
weird 0xEEFFFFFF locking semantics that I have discovered in
win2003. Win2003 treats the 0xEEFFFFFF boundary as special, and will
give different error codes on either side of it. Locks on both sides
are allowed, the only difference is which error code is given when a
lock is denied. Anyone like to hazard a guess as to why? It has
me stumped.
(This used to be commit 4395c0557a)
- added SID_WORLD and SID_NETWORK to the foreign sids in the
provisioning, as these are auto-added to the nt_user_token (why is
that done? Andrew?)
(This used to be commit 1dff12fba8)
doesn't actually leave us in the requested sec context between
requests yet, but it does prevent us from doing the samdb lookup on
every packet.
This change speeds up the BASE-MANGLE test against Samba4 with 5000
operations from 61 seconds to 16 seconds. For reference, Samba3 takes
27 seconds for the same test (the string and filename handling in
Samba4 is much more efficient than Samba3)
(This used to be commit da0481ac75)
- don't check for '.' specially in checking for legal names. Longhorn
doesn't do this any more, and its a real pain. Longhorn allows for
filenames ending in '.', and with as many '.' elements as you like.
(This used to be commit 0a475175c5)
conjunction with the posix backend this gives us a way to correctly
setup the unix security context in Samba4.
I chose the following method to determine the unix uid's and gid's to
use given the list of SIDs from the login process
- look for a "UnixID" field in the sam record. If present, then use it
(check if the record is of the right type as well)
- if UnixID is not present, then look for the "UnixName" sam
field. If it is present then use getpwnam() or getgrnam() to find
the unix id.
- if UnixID and UnixName are not present, then look for a unix
account of the right type called by the same name as the sAMAccountName field.
- if none of the above work then fail the operation with NT_STATUS_ACCESS_DENIED
obviously these steps only work well with a local SAM. It will need to
be more sophisticated in future.
I did not put any cache in place at all. That will need to be added
for decent performance.
(This used to be commit 78b67d19b9)
- the stacking of modules
- finding the modules private data
- hide the ntvfs details from the calling layer
- I set NTVFS_INTERFACE_VERSION 0 till we are closer to release
(because we need to solve some async problems with the module stacking)
metze
(This used to be commit 3ff03b5cb2)
taking a context (so when you pass a NULL pointer you end up with
memory in a top level context). Fixed it by changing the API to take a
context. The context is only used if the pointer you are reallocing is
NULL.
(This used to be commit 8dc23821c9)
rather than manual reference counts
- properly support SMBexit in the cifs and posix backends
- added a logoff method to all backends
With these changes the RAW-CONTEXT test now passes against the posix backend
(This used to be commit c315d6ac1c)
server code. This fixes a number of memory leaks I found when testing
with valgrind and smbtorture, as the cascading effect of a
talloc_free() ensures that anything derived from the top level object
is destroyed on disconnect.
(This used to be commit 76d0b8206c)
on abnormal termination of a connection. As long as the top level
connection structure is freed then that should cascade down to the
file structure, and call this destructor which will close the open file descriptor.
In general I'd like to use this technique in any place in Samba4 where
we hold operating system resources that we need to make sure are
released on abnormal termination.
(This used to be commit ed87b7fcbd)
(recently Linux systems support this, allowing us to support the
full resolution in NTTIME)
- use nanosecond resolution in the posix backend if available
- moved the configure tests and list of object files for the posix
backend into ntvfs/posix/ to keep them more neatlly separated.
(This used to be commit d92ad9f307)
ntvfs handler = nbench posix
and the nbench pass-thru module will be called before the posix
module. The chaining logic is now much saner, and less racy, with each
level in the chain getting its own private pointer rather than relying
on save/restore logic in the pass-thru module.
The only pass-thru module we have at the moment is the nbench one
(which records all traffic in a nbench compatibe format), but I plan
on soon writing a "unixuid" pass-thru module that will implement the
setegid()/setgroups()/seteuid() logic for standard posix uid
handling. This separation of the posix backend from the uid handling
should simplify the code, and make development easier.
I also modified the nbench module so it can do multiple chaining, so
if you want to you can do:
ntvfs module = nbench nbench posix
and it will save 2 copies of the log file in /tmp. This is really only
useful for testing at the moment until we have more than one pass-thru
module.
(This used to be commit f84c0af35c)
The intial motivation for this commit was to merge in some of the
bugfixes present in Samba3's chrcnv and string handling code into
Samba4. However, along the way I found a lot of unused functions, and
decided to do a bit more...
The strlen_m code now does not use a fixed buffer, but more work is
needed to finish off other functions in str_util.c. These fixed
length buffers hav caused very nasty, hard to chase down bugs at some
sites.
The strupper_m() function has a strupper_talloc() to replace it (we
need to go around and fix more uses, but it's a start). Use of these
new functions will avoid bugs where the upper or lowercase version of
a string is a different length.
I have removed the push_*_allocate functions, which are replaced by
calls to push_*_talloc. Likewise, pstring and other 'fixed length'
wrappers are removed, where possible.
I have removed the first ('base pointer') argument, used by push_ucs2,
as the Samba4 way of doing things ensures that this is always on an
even boundary anyway. (It was used in only one place, in any case).
(This used to be commit dfecb01506)
original core level calls). The old code was completely wrong in many respects.
also fixed the EA_SIZE level in the server
extended the RAW-SEARCH test suite to test the new code properly
(This used to be commit 71480271ad)
this is still just a skeleton, and many of the functions are just
based on the simple vfs backend, they are there to allow me to run
smbtorture tests against the real parts of the posix backend.
(This used to be commit f2fa7fe565)
this is still very much a skeleton (with many limbs missing too!). I
am committing this early to get some feedback on the approach taken.
(This used to be commit 40d5cae5eb)
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c5)
Up to now the client code has had an async API, and operated
asynchronously at the packet level, but was not truly async in that it
assumed that it could always write to the socket and when a partial
packet came in that it could block waiting for the rest of the packet.
This change makes the SMB client library full async, by adding a
separate outgoing packet queue, using non-blocking socket IO and
having a input buffer that can fill asynchonously until the full
packet has arrived.
The main complexity was in dealing with the events structure when
using the CIFS proxy backend. In that case the same events structure
needs to be used in both the client library and the main smbd server,
so that when the client library is waiting for a reply that the main
server keeps processing packets. This required some changes in the
events library code.
Next step is to make the generated rpc client code use these new
capabilities.
(This used to be commit 96bf4da3ed)
to a struct smbsrv_session that the same as cli_session for the client
we need a gensec_security pointer there
(spnego support will follow)
prefix some related functions with smbsrv_
metze
(This used to be commit f276378157)
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715)
Initial attempt at RAP server infrastructure. Look at rap_server.c for the
dummy functions that are supposed to implement the core functionality.
ipc_rap.c contains all the data shuffling. _rap_shareenum and _rap_serverenum2
in ipc_rap.c are (I think) regular enough to be auto-generated.
I did not test all the corner cases yet, but nevertheless I would like some
comments on the general style.
Volker
P.S: samba-3 smbclient now doesn't freak out anymore, although the results are
not entirely correct :-)
(This used to be commit 08140cc1a8)
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd4)
because this is the connection state per transport layer (tcp)
connection
I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions
metze
(This used to be commit 60f823f201)
the dce_conn->auth_state.session_info
( the ntlmssp one works fine, but the schannel one isn't implemented yet)
this is also set by the ntvfs_ipc backend on the endpoint connect.
metze
(This used to be commit ad3dd1789e)
goodness and light' struct ;-)
Break apart the auth subsystem's return strucutres, into the parts
that a netlogon call cares about, and the parts that are for a local
session. This is the 'struct session_info' and it will almost
completly replace the current information stored on a vuid, but be
generic to all login methods (RPC over TCP, for example).
Andrew Bartlett
(This used to be commit d199697014)
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c6)
and have to use the nonthreadsafe wrapper
- add pread/pwrite wrapper to ntvfs_simple
- fix const warning in ntvfs_simple
metze
(This used to be commit f0b2e42978)
and print out an error message to the debug log which say:
use 'cifs' or 'simple' as ntvfs handler
this also warns about 'root' fileaccess in the 'simple' module
the 'default' ntvfs handler is now registered by the posix backend
metze
(This used to be commit 84b3589daa)
added ldbedit, a _really_ useful command
added ldbadd, ldbdel, ldbsearch and ldbmodify to build
solved lots of timezone issues, we now pass the torture tests with
client and server in different zones
fixed several build issues
I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4d)
- Move sendfile check to ntvfs/config.m4
- Move comparison_fn_t check to build/m4/rewrite.m4
Please do not new tests to configure.in directly,
please add them to the subsystems config.m4 file where they belong to or
to build/m4/rewrite.m4 if you don't know where to put it for now
Thanks
I know samba4's build system is not completly rewritten.
I have a lot of updatest in my local tree, but it's not complete yet
when it's complete I'll write documentation for it:-)
metze
(This used to be commit 31c23f14d6)
that conn->ntvfs_private is set correctly, instead use our copy of the
private pointer in the fde callback. This allows the cifs backend to
be used on conjunction with a NTVFS filter module.
(This used to be commit 8047b806e7)
I plan to convert all objectfile group to use SMB_SUBSYSTEM
later I'll add a SMB_BINARY() and SMB_LIBRARY(), then there will be no more need
to touch Makefile.in, because all make rules will be autogenerated by configure
- convert the PROCESS_MODEL subsystem to this new scheme
and move the pthread test to smbd/process_model.m4
- convert the CHARSET subsystem to this new scheme
and move the iconv test to lib/iconv.m4
(This used to be commit 2e57ee884e)
lib/util_smbd.c is not used anymore
reorder the SMB_MODULE() parameters the goal is to autogenerate the
make rules for shared modules:
dnl SMB_MODULE(1:name,2:subsystem,3:default_build,
4:object_files,5:shared_object,6:libs
7:whatif-static,8:whatif-shared,9:whatif-not)
and generate <SUBSYSTEM>_LIBS and MODULE_<name>_LIBS with the SMB_MODULE() macro
metze
(This used to be commit 904ce91ed9)
(which were already removed in revision 1.37 and
readded by mistake in revision 1.39)
- change the SMB_MODULE() macro a bit
Now we have:
dnl Specify the default build method of this module
dnl SMB_MODULE_DEFAULT(name,default_build)
AC_DEFUN(SMB_MODULE_DEFAULT,...
dnl Mark specified module as shared
dnl SMB_MODULE(name,default_build,static_files,shared_files,subsystem,whatif-static,whatif-shared,whatif-not)
this let us specify the default build method inside of the included config.m4
files
metze
(This used to be commit 92a3eb83d4)
1.) We now register endpoint servers add startup via register_backend()
and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context
2.) each endpoint server can register at context creation time as much interfaces as it wants
(multiple interfaces on one endpoint are supported!)
(NOTE: there's a difference between 'endpoint server' and 'endpoint'!
for details look at rpc_server/dcesrv_server.h)
3.) one endpoint can have a security descriptor registered to it self
this will be checked in the future when a client wants to connect
to an smb pipe endpoint.
4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module
it takes this options in the [globals] section:
dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper
dcerpc remote:binding = ...
dcerpc remote:user = ...
dcerpc remote:password = ...
5.) we currently have tree endpoint servers: epmapper, rpcecho and remote
the default for the 'dcerpc endpiont servers = epmapper, rpcecho'
for testing you can also do
dcerpc endpoint servers = rpcecho, remote, epmapper
dcerpc remote:interfaces = srvsvc, samr, netlogon
6,) please notice the the epmapper now only returns NO_ENTRIES
(but I think we'll find a solution for this too:-)
7.) also there're some other stuff left, but step by step :-)
This patch also includes updates for the
register_subsystem() , ntvfs_init(), and some other funtions
to check for duplicate subsystem registration
metze
(hmmm, my first large commit...I hope it works as supposed :-)
(This used to be commit 917e45dafd)
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5)
needs quite a bit more work to get it finished. The biggest missing
feature is the lack of NTLMSSP which is needed for basic
authentication over tcp
(This used to be commit 9fb0f03693)
for some reason the epm_Lookup replies can't be parsed by ethereal,
although w2k parses then fine as does the Samba4 NDR code.
(This used to be commit 097e7ca99d)
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a35819)
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically
CVS:
CVS: Committing in .
CVS:
CVS: Modified Files:
CVS: Makefile.in configure.in include/includes.h include/ntvfs.h
CVS: include/smb.h lib/iconv.c lib/module.c ntvfs/ntvfs_base.c
CVS: ntvfs/cifs/vfs_cifs.c ntvfs/ipc/vfs_ipc.c
CVS: ntvfs/posix/vfs_posix.c ntvfs/print/vfs_print.c
CVS: ntvfs/reference/vfs_ref.c ntvfs/simple/vfs_simple.c
CVS: passdb/pdb_interface.c
CVS: Added Files:
CVS: include/module.h
CVS: ----------------------------------------------------------------------
Update to the modules system. Fixed:
- get rid of smb_probe_module
- merge older updates from 3.0
- introduced register_subsystem() and register_backend() functions
- adapt ntvfs and charset to use new register functions
- made smb_load_modules() work recursively (e.g. 'preload modules = /usr/lib/samba')
- got rid of some old remains
Things that still need work:
- Did I break tankFS? I don't think so, but I can't test it here :-(
- Add 'postload modules = ' (for modules that need to be loaded after fork() in smbd, if applicable)
- Convert RPC, auth, passdb, etc to use new register_{subsystem,backend}() functions
- Accept wildcards in 'preload modules' option, instead of loading recursively
(This used to be commit 7512b9ab1a)
fields in level 261 and level 262 of directory search are, plus the
names of the levels
the unknown fields are a 64bit unique file id, and match the 64 bit
number from the internal_information qfileinfo level
(This used to be commit b69f54eb02)
