IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cf)
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de)
(http://www.centeris.com/) under my copyright.
* Rework error reporting to use DNS_ERROR instead
of int32
* Convert memory allocation to use talloc()
* Generalize the DNS request/response packet marshalling
* Fix the secure update requests
(This used to be commit c787983336)
Convert the low-hanging fruit of the LSA server. This provides a sample how
the server calls can be converted one by one, see the "proxy_lsa_call"
function.
Volker
(This used to be commit 99e54a213a)
we now don't compile mostly each .c file twice.
- we use PICFLAG for all object files
- PICFLAG defaults to PIE_CFLAGS and is then overwritten
if the system supports shared libraries
as we currently always use -fPIE if available
(and at least on linux -fPIE produces the same code as -fPIC)
it doesn't change anything in the resulting code.
"high performance" binaries can be build with
"--disable-pie --disable-shared" if someone really needs to...
metze
(This used to be commit 6db1f57f45)
but disable building of shared libs and modules whe enable_shared != yes
Also make it easier to track down the problem with lost LDFLAGS values
on AIX.
metze
(This used to be commit 3367e306e6)
like negative values in the generated code.
I'm not sure how we can solve that in samba3 as the generated code is commited
Maybe we need to alsways pass --uint-enums
metze
(This used to be commit 9468dcc5d5)
the first is to not enable the ldap ldb backend just yet. This will
need configure tests to conditionally include. We should be able to
use the m4 files from lib/ldb/
The 2nd is to fix libads/gpo.o not to publicly prototype a function
that needs ldap.h
(This used to be commit 1cf17edc14)
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399)
Many things work (OpenHKLM, etc...) but some still don't.
This shouldn't block anyone so I'm checking it in.
Will probably move to a bzr tree after this for
longer dev cycles between checkins.
(This used to be commit cf1404a0d7)
* Remove the old wkssvc server, client, & parsing code.
* Update srv_wkssvc_nt.c with stubs for the remaining
stubs
(This used to be commit 0cb79ee13f)
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
(This used to be commit 7db6ce295a)
- we now define the set of samba related include path in one place
so that we can't get it wrong in different places
metze
(This used to be commit 6bf0aad052)
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
initial work. I'm including the librpc/gen_ndr directory
in svn temporarily just to get some compile issues straightened
out.
(This used to be commit cf271aa433)
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.
It's still got some warts, but non-secure updates do
currently work. There are at least four things left to
really clean up.
1. Change the memory management to use talloc() rather than
malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
(and under the LGPL).
A few notes:
* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
issues.
(This used to be commit 36f04674ae)
we want to walk more printing code in the build farm I think doing that with a
customized printing backend is much easier than with a set of shell scripts.
Jerry, comments?
Volker
(This used to be commit 949cd6b992)
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a1)
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30)
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.
Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281)
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
(This used to be commit 52423e01dc)
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f)
stack tracing support. This provides an easy way for users to provide
stack traces (hopefully it will be implemented on something other than
ia64).
(This used to be commit 0b5e07e12d)
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508)
handling anymore when we remove $(LIBS) from pam_winbind again.
Also make sure to build our own copy of iniparser with -fPIC.
Guenther
(This used to be commit e32c4f6f6e)
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f)
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce673)
Samba3 - with some 64-bit macro madness. Attempt to fix
the broken directory handling in the *BSD-of-the-month
club.
Jeremy.
(This used to be commit fd98427f64)
for module in ; do ... ; done
leads to an error (true64, solaris 8).
We now use {,UN}INSTALL_PAM_MODULES to get replaced by configure.
Therfore we don't run into the {,un}installpammodules rule if no PAM
module is requested.
Thanks to Björn Jacke for pointing to this issue.
(This used to be commit 07a70f8f86)
I'll try to add some tests using samba3's smbtorture and smbclient
later.
can someone check if this would be save to run on the build-farm
without leaking child processes...
metze
(This used to be commit 899fd6808e)
Nothing happens if PAM_MODULES is empty which is our default.
The default destination dir is "${LIBDIR}/security". It's possible to
overwrite the default with --with-pammodulesdir while calling configure.
(This used to be commit 7163c68605)
- add configure tests --with-selftest-prefix=/tmp/samba-test
this is needed because the path name of unix socket can only be 108 chars long
- add configure test --with-smbtorture4-path=/home/foo/prefix/samba4/bin/smbtorture
this will be used to run samba4's smbtorture inside samba3's make test later
metze
(This used to be commit d9df1853b9)
called as part of the all rule (again only if pam modules are requested
by configure).
Add pam_winbind rule.
Ensure proto_exists before we build the pam modules.
Add test_pam_modules rule to test if the built pam modules have any
unresolved symbols. For test_pam_modules we use script/tests/dlopen.sh
which was written by Nalin Dahyabhai <nalin@redhat.com>. Thanks Nalin!
RedHat and SuSE use this script to test nss and pam modules since
several years.
(This used to be commit 71b2eb55ad)
The intention is to have the resulting binaries at one place. This is
also usefull for upcoming changes to provide a test_pammodules rule.
With these changes I even got aware of
testsuite/nsswitch/pam_winbind_syms.exp But this only covers
pam_winbind.
(This used to be commit 9883957b74)
* add support for %(DomainSID)
* replace standard_sub_XXX() functions with wrappers around their
alloc_sub_XXX() counterparts
* add support for using SIDs in read list, et. al. (anything that
is checked by nt_token_contains_name_in_list())
(This used to be commit 71d960250d)
to substitute rootsbindir in {,un}installbin.sh.in.
Pass $prefix as third arg to installbin/ uninstallbin as rootsbindir by
default is $prefix/sbin.
(This used to be commit 7773b8c9e0)
I suggest to stay with ^BASEDIR= @prefix@$ for at least the next release
to give external projects - like samba-vscan project - time to adopt
this change.
BASEDIR is non of the default autoconf variables. prefix is.
Jerry1: If possible please announce this with the next release. I'll
self reply to technical.
Jerry2: This does not break your makepkg stuff as you set BASEDIR
_not_ from the Makefile.
(This used to be commit 730d5ec229)
unmount.cifs. This is controlled via CIFSMOUNT_PROGS which is set by
configure by default to yes on linux systems only. It's possible to
disable with --without-cifsmount anyhow.
Added ROOTSBINDIR to the Makefile to allow us an install to /sbin and
not $prefix/sbin. Configurable with --with-rootsbindir.
(This used to be commit a2ab4cc824)
Instead check for *.dat and *.msg files as done before. Then added
files are installed and removed as soon as we have some in the
filesystem. It's simpler and less error prone.
(This used to be commit 5119472cdc)
with the new rules: uninstallservers uninstalldat, uninstallswat (calles
uninstallmsg), uninstallmodules, uninstallclientlib, and
uninstalllibmsrpc.
We still leave directories. We might try to remove the dirs we created
in reverse order.
The new uninstall scripts are sym links to the respective install
scripts. Inside we set mode to install or uninstall.
installservers is now used to install the servers. These are no longer
installed with installbin.
(This used to be commit 43549301b9)
Always pass the INSTALLPERMS and DESTDIR as first and second arg to the
scripts.
No longer prepend DESTDIR to the remaining args.
To fix bug #3282 it is important _not_ to prepend DESTDIR to the source
of the sym link pointing to smbmount.
(This used to be commit c38adf7131)
This fixes bug #1386.
The initial changes had been made by Carsten Höger <choeger at
open-xhange dot com> for Samba 2.2 while being at SuSE. *sigh*
To not duplicate code from smbpasswd in pdbedit stdin_new_passwd() and
get_pass() are moved from smbpasswd to utils/passwd_util.c.
(This used to be commit dbdc5ba497)
the build on Solaris, AIX and S390. The fundamental problem is
that macros like AX_CFLAGS_IRIX_OPTION can spuriously succeed.
(This used to be commit 30122f61c3)
Implement 'net rpc shell account' -- An editor for account policies
nt_time_to_unix_abs changed its argument which to me seems wrong, and I could
not find a caller that depends on this. So I changed it. Applied some more
const in time.c.
Volker
(This used to be commit fc73690a70)
Finally cleanup the way idmap modules are build and loaded, idmap_rid
now will have to be loaded without prefix, just "rid".
Guenther
(This used to be commit a77e02177d)
oplocks across the cluster. Adapt Samba to it.
The gpfs API is called via libgpfs.so. This code is written with dlopen(), so
that you can compile on a system with gpfs installed and later on run on
systems without gpfs available.
So to actually make Samba call gpfs share mode calls you need to compile with
gpfs.h and libgpfs.so around and set 'gpfs share = yes' on the shares you
export from GPFS.
Volker
(This used to be commit 2253b17a1a)
revving the minor version number for libsmbsharemodes (we
now have a new _ex interface that takes the share path
as well as the filename). Needed for #3303. Some code written
by SATOH Fumiyasu <fumiya@samba.gr.jp> included in the changes
to locking/locking.c. The smbstatus output is a bit of a mess
and needs overhauling...
Jeremy.
(This used to be commit 9d93af713f)
use it as though it were an in-memory db and dump out to
a flat file every 2 mins, but that can now change.
Jeremy.
(This used to be commit a342681792)
installlibmsrpc. This works the same way as we're already doing it for
libsmbclient. Default is to build it.
Add a soname to libmsrpc as we do it for libsmbclient. We already had
the MAJOR and MINOR variable in the Makefile.
(This used to be commit 6794d44099)
talloc_describe_all() function. Fix smbcontrol <pid> pool-usage
as we desparately need it working in the field to track down
memory leaks. Seriously, when new functionality like the
Samba4 talloc is added, don't just disable working functionality
like "pool-usage", fix the damn thing first !
Jeremy.
(This used to be commit 2e262a75cc)
around failed query_user calls. This fixes
logons to a member of a Samba domain as a user from a
trusted AD domain.
As per comments on samba-technical, I still need to add
(a) cache the PAC info as werll as NTLM net_user_info_3
(b) expire the cache when the SMB session goes away
Both Jeremy and Guenther have signed off on the idea.
(This used to be commit 0c2bb5ba7b)
Fixed "clean" target -- bin/libmsrpc.a was not being deleted.
Jerry, the shared version of libmsrpc is not using a version number. For consistency, I added LIBMSRPC_MAJOR and LIBMSRPC_MINOR definitions but they are not
currently being used. I don't know if the non-use of version is intentional
or not.
(This used to be commit b4871a5525)
rewrite. His comments:
I've gotten the libmsrpc code to work with TRUNK.
I've put the patch at:
www.uoguelph.ca/~cnicholl/libmsrpc_trunk_v1.patch.gz
It is from revision 11093.
I also fixed a minor bug in the svcctl code, the timeout
parameter for all the control functions was working
in milliseconds instead of seconds.
Also fixed bug in Makefile when building libmsrpc.a
(This used to be commit d3a52900ec)
