IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
code. I'm afraid this is needed by irix 6.4 which silently truncates
names in unix domain sockets in recvfrom() to 16 chars. My apologies
for having to move to such short names :-(
(This used to be commit f9693e313d)
ldb, as it can't build without the NDR and GUID code.
Also make it properly use the NDR encoding for the GUID (I forgot last
time, and used a string), as well as set the dependencies on the
module correctly.
Andrew Bartlett
(This used to be commit 8054abc76e)
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()
- fixed provisioning to work with completely pristine install,
creating an initial smb.conf is none is present
- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef712)
avoid the horrors of posix locking, but it was preventing us having an
ldb open twice with different options. Now each ldb open of the same
file shares the same underlying tdb, but uses a different ldb
structure
(This used to be commit 4e090c66df)
better pares filters
Approx is currently only a stub need to dig more info to
understand what it really means and how it works exactly
(This used to be commit a9e8cd0bad)
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b385)
on a content level not ona form level, his means that the 2 DNs:
a) cn= user, dc=this, dc = is,dc=test
b) cn=user,dc=this,dc=is,dc=test
are now identical even if the string form differ (spaces)
(This used to be commit 76d496c308)
means we don't pollute the name space, and also makes for faster
startup times as we only create variables for the pipes that we use,
not all pipes
(This used to be commit 57d7a585e8)
%Ld, which is an invalid format code.
This will probably cause problems on systems that don't have %lld, but
do have a working snprintf otherwise. We will need to expand the
snprintf configure test to make sure we replace snprintf on those
platforms
(This used to be commit ccc87eb8aa)
- undefine anything in the win32 api or PSDK headers that Samba already defines
- map BSD error codes to Winsock Error codes
(This used to be commit d2ea619125)
some of our torture code does its own timeout processing, which means
there is no event timer in the event context. To fix this gererically
I have added a 30 second timout to all select/epoll calls so the
callers timeout loop is guaranteed to run eventually
(This used to be commit 01e5aa1464)
error, but sometimes a socket option may then happen on the NULL
socket. This has been handled by the individual libraries up to now,
but its cleaner to centralise it here
(This used to be commit d9864e1f9a)
upstream sources. This makes it much easier to keep it up to date.
I will separate out the mpr code into lib/appweb/mpr next
(This used to be commit 52db7a052b)
This code applies correct ldap standard wildcard matching code
removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently
adds some more tests for wildcard matching
fixes dn comparison code in ldb_match
(This used to be commit 4eb5863042)
- added code to send multiple irpc calls in parallel, to all servers
that have registered the given name, with output going in
io.results[i]. This allows you to make rpc calls to multiple servers
at once, which is needed for clients like smbstatus
(This used to be commit 061e20e509)
file_load() to use talloc, which impacted quite a few bits of code,
including our smb.conf processing.
took the opportunity to remove the gloabls in params.c while doing this
(This used to be commit b220756cb4)
actually a uint16 * without the [string] attribute, a la the the
system_name argument to samr_Connect().
Initialising the pointer to NULL is sufficient and we still pass the
RPC-WINREG test against win2k3.
(This used to be commit 407d962dac)
report from robert collins.
- updated talloc guide to reflect the fact that over the last few
months talloc overhead compared to malloc has dropped, probably due
to a bunch of small changes. It now costs about 4% more than malloc
on my box
(This used to be commit 689a9ccf91)
- we do not support multpiple attribute components anymore, makes code a lot easier
they will be readded later if we found out they are really used, so far my tests
show w2k3 do not handle them as well
- fix escaping issues, move component value to be in an ldb_val structure
still need to handle binary values case
- make cononicalize functions leak less memory by giving a specific memory context
- fix tests scripts so that test-ldap can start
- make test not delete databases on completion so that I can inspect them
(This used to be commit 624a73148d)
- added support for recognising the S- form of objectsid in search
expressions. I thought this could be done with just a comparison
modified comparison function, but it turns out it also needs a
canonicalisation function so that indexing can work
(This used to be commit 7d2bee2c56)
- moved the knowledge of attribute types out of ldb_tdb and into the
generic ldb code. This allows the ldb_match() message match logic
to be generic, so it can be used by other backend
- added the generic ability to load attribute handlers, for
canonicalisation, compare, ldif read and ldif write. In the future
this will be used by the schema module to allow us to correctly
obey the attributetype schema elements
- added attribute handlers for some of the core ldap attribute types,
Integer, DirectoryString, DN, ObjectClass etc
- added automatic registration of attribute handlers for well-known
attribute names 'cn', 'dc', 'dn', 'ou' and 'objectClass'
- converted the objectSid special handlers for Samba to the new system
- added more correct handling of indexing in tdb backend based on the
attribute canonicalisation function
- added generic support for subclasses, moving it out of the tdb
backend. This will be used in future by the schema module
- fixed several bugs in the dn_explode code. It still needs more
work, but doesn't corrupt ldb dbs any more.
(This used to be commit 944c5844ab)
possible. This is needed because w2k3 will return bogus IPs in its
name resolution replies when it has an unplugged network interface.
(This used to be commit 2fafc23052)
sam database = sam.ldb
and it will know to put it in the private dir, but if you use
sam database = ldap://server
it knows to use it as-is
(This used to be commit c5bccbc366)
the individual services that need at least one known interface check for it anyway
this should fix provisioning on macosx
(This used to be commit 5ad0dc97d0)
Some of these should probably be re-added again later when
we need them. They should then be added to the appropriate config.m4 file
in the source tree rather then in rewrite.m4.
(This used to be commit 4eca613470)
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8d)
Steven Edwards <steven_ed4153@yahoo.com>.
I've moved the Win32-specific tests to win32.m4 so it does not
make any of the POSIX configure stuff more complicated.
(This used to be commit bf85fdd015)
ldapsearch. They look for an '=' in the first argument to see if it is
a search expression, and if not then it does an 'all records' search
(This used to be commit 91cc009fed)
in tests/test-sqlite3.sh (tests/test-generic.sh).
There are lots of optimizations still TBD, and some things are REALLY slow
right now (e.g. each add() operation takes 1/3 - 1/2 second) but it's ready for
interested parties to poke it and prod it and see how (un)reasonable it is.
Play away.
Still to be implemented or improved:
- tdb specials (@MODULES, @SUBCLASSES, etc.)
- all DNs are case-folded in their entirty right now (since doing otherwise
would require @ATTRIBUTES to be implemented)
- speed improvements and optimizations. I am quite confident that the
excessively slow add() operation can be much improved, and other areas
can be somewhat improved.
(This used to be commit 1dd8650055)
support in Heimdal.
This removes the 'ext_keytab' step from my Samba4/WinXP client howto.
In doing this work, I realised that the replay cache in Heimdal is
currently a no-op, so I have removed the calls to it, and therefore
the mutex calls from passdb/secrets.c.
This patch also includes a replacement 'magic' mechanism detection,
that does not issue extra error messages from deep inside the GSSAPI
code.
Andrew Bartlett
(This used to be commit c19d5706f4)
them just yet. I have tested them, and they work fine, but enabling
them will break code in rpc_server/ and samdb, so we need to fix that
first
(This used to be commit 07d459406b)
so that ldbedit, ldbsearch etc can display nice human readable ldif,
while storing the data as binary blobs. This will be used for storing
NDR encoded objectSid and similar attributes, while making the command
line interface sane
(This used to be commit 37e283089a)
bug was being silently ignored with the tdb backend because of this
bug. A case where the ldap backend was right, and the tdb backend was
wrong!
(This used to be commit ddb26db763)
tree nature of the data structure. I think I've finally got it right
also added talloc_show_parents() for debugging
(This used to be commit 5760ed20ee)
These provide a way to find a parent of a ptr that is of a given
type. I will be using this to find the event context in smbd, relying
on the fact that everything is a child of the top level event
context. I did look at the alternatives, and found that passing the
event context to just about every call in smbd was getting way too
complex (we need to get it to anything that can do a ldb operation, as
that can invoke ldap).
So this method avoids a global, and seems to work nicely
(This used to be commit bdb55c7a10)
- fixed some infinite loops in asn1.c
- ensure asn1 callers know if an error is end of buffer or bad data
- handle npending 0 in ldap server
(This used to be commit f22c3b84c8)
- got rid of the special cases for sasl buffers
- added a tls_socket_pending() call to determine how much data is waiting on a tls connection
- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
are sync.
(This used to be commit 73cb4aad22)
cmdline credentials code (which will be done soon)
- added a ldb_init() call, and changed ldb_connect() to take a ldb
context. This allows for much better error handling in
ldb_connect(), and also made the popt conversion easier
- fixed up all the existing backends with the new syntax
- improved error handling in *_connect()
- fixed a crash bug in the new case_fold_required() code
- ensured that ltdb_rename() and all ltdb_search() paths get the read lock
- added a ldb_oom() macro to make it easier to report out of memory
situations in ldb code
(This used to be commit f648fdf187)
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485b)
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
(This used to be commit 2e3c660b2f)
them in the ntlmssp code, which is the only place they are
used. Andrew, please remove them completely once you have some more
reliable way to get this info
they are bogus as gethostname() may give us a short hostname (and does
on lot of systems), so the calls often give totally the wrong result
anyway
(This used to be commit 35ec292f86)
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb
ldif code. To do that I have changed the ldap code to use 'struct
ldb_message_element' instead of 'struct ldap_attribute'. They are
essentially the same structure anyway, so by making them really the
same it will be much easier to use the ldb code in libcli/ldap/
I have also made 'struct ldb_val' the same as a DATA_BLOB, which will
simplify data handling in quite a few places (I haven't yet removed
all the code that maps between these two, that will come later)
(This used to be commit 87fc307339)
Old way was ugly and had a bug, you couldn't add an attribute named
dn or distinguishedName and search for it, tdb would change that search in a dn search.
This makes it also possible to search by dn against an ldap server as the old method was
not supported by ldap syntaxes.
sss
(This used to be commit a614466dec)
using to perform such things as bitop tests on integers.
So far I have only added support for the 1.2.840.113556.1.4.803 and
1.2.840.113556.1.4.804 rules, which are for bitwise and/or
(This used to be commit 5f773b065f)
instead of a search expression. This allows our ldap server to pass
its ASN.1 parsed search expressions straight to ldb, instead of going
via strings.
- updated all the ldb modules code to handle the new interface
- got rid of the separate ldb_parse.h now that the ldb_parse
structures are exposed externally
- moved to C99 structure initialisation in ldb
- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee)
There is now a new --debug-stderr option to enable debug to STDERR.
popt isn't perfect, but the callbacks are used in all the main Samba
binaries, and should be used in the rest. This avoids duplicated
code, and ensures every binary is setup correctly.
This also ensures the setup happens early enough to have -s function,
and have a correct impact on the credentials code. (Fixing a bug that
frustrated tridge earlier today).
The only 'subtle' aspect of all this is that I'm pretty sure that the
SAMBA_COMMON popt code must be above the CREDENTIALS code, in the
popt tables.
Andrew Bartlett
(This used to be commit 50f3c2b3a2)
and forms a ldab search filter expression. Next step is to make our
ldap server code go from ASN.1 to a ldb_parse_tree, instead of trying
to construct string filters, then add a ldb_search_tree() call to
allow for searches using parse trees.
all of this is being done as I am hitting bitwise '&' ldap search
expressions from w2k, and want to handle them cleanly.
(This used to be commit 04356c1b1e)
to change this later but that will be pretty easy.
We can use this type to pass around pointers to handles in C. Talloc
allows us to do type checking too.
(This used to be commit b95c0bc9b0)
I still think this URI syntax for a 'protocol' which has no network component
is stupid; it should just be
sqlite:local_file
or
sqlite:/full/path/to/file
but there is enough precedent to warrant the behavior that Simo wants that it
is not worth arguing.
(This used to be commit 61dcb462f3)
- if you want kerberos now, you need to unpack a lorikeet heimdal
tree in source/heimdal/. If source/heimdal/ does not exist at
configure time then all kerberos features are disabled. You cannot
use an external kerberos library for now. That may change later.
- moved lib/replace/ config stuff to lib/replace/ and create a
lib/replace/replace.h. That allows the heimdal build to use our
portability layer, and prevenets duplicate definitions of functions
like strlcat()
- if you do enable heimdal, then you will need to do 'make
HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once
I explain the problem to jelmer (the problem is the inability to
set a depend without also dragging in the object list of the
dependency. We need this for building the heimdal asn1 compiler and
et compiler.
- disabled all of the m4 checks for external kerberos libraries. I
left them in place in auth/kerberos/, but disabled it in
configure.in
some of the heimdal_build/ code is still very rough, for example I
don't correctly detect the correct awk, flex, bison replacements for
heimdal_build/build_external.sh. I expect to fix that stuff up over
the next few days.
(This used to be commit d4648249b2)
rate from 20k/sec to 55k/sec. The irpc rate goes from 16k/sec to
34k/sec.
I should have run strace -T on this a long time ago.
(This used to be commit b9281668bb)
compared to about 20k messages/sec for the raw messaging layer. I
think that is quite acceptable given the extra functionality.
(This used to be commit a05d38d1d9)
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.
It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.
The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
(This used to be commit 3d589a0995)
It is on by default, so I've also fixed a build issue in it. I'll
show how to make it off be default in the next commit.
Andrew Bartlett
(This used to be commit 5a1ef88810)
called from multiple backends. (ldb_sqlite3 needs it too.) Added parameter
for a callback function that determines whether an attribute needs case
folding.
- begin to prepare for sqlite3 in build process
- work-in-progress updates, on ldb_sqlite3
(This used to be commit a80bced0b9)
Jelmer, can you give me a hint as to why you changed this? It
completely broke smbclient, and the change now makes d_printf() almost
equivalent to printf() as you removed the language translation
code. See your commit 7166.
Did you intend to reenable language handling by some other method? Or
do you just mean to remove it completely?
(This used to be commit 2e293ab06f)
