IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f)
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d644)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
"rename user script" to do the rename of the posix machine account (this
might be changed later). Fixes#2331.
Guenther
(This used to be commit b2eac2e6eb)
code relied upon file permissions alone. Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
(This used to be commit 117d9fd9e1)
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
only tell at parse time from the wire if an incoming name
has wildcards or not. If it's a mangled name and we demangle
the demangled name may contain wildcard characters. Ensure
these are ignored.
Jeremy.
(This used to be commit 4cd8e2a96b)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
the new talloc() features:
Note that the REGSUB_CTR and REGVAL_CTR objects *must* be talloc()'d
since the methods use the object pointer as the talloc context for
internal private data.
There is no longer a regXXX_ctr_intit() and regXXX_ctr_destroy()
pair of functions. Simply TALLOC_ZERO_P() and TALLOC_FREE() the
object.
Also had to convert the printer_info_2->NT_PRINTER_DATA field
to be talloc()'d as well. This is just a stop on the road to
cleaning up the printer memory management.
(This used to be commit ef721333ab)
the wire
* fix dup_a_regval() when size is 0
* ensure we pass a pstring to unlink_internals (fixes delete_driver
code)
(This used to be commit 353e63ff42)
not on the server.
We now preserve this windows variable (important for vampired setups)
and correctly substitute only the "%L"s in strings like:
"%LOGONSERVER% %L %lOgOnSeRvEr% %L".
Guenther
(This used to be commit dccf777f42)
for NT4 clients enumerating printer data on slow CPUs)
* fix pinter and secdesc record upgrade to normalize the key
(rev'd printer tdb version)
* fixed problem that was normalizing the printername name field
in general, this should fix the issues upgrading print servers
from 3.0.14a to 3.0.20
(This used to be commit d07179de2f)
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
when packing values. It is a compatible change though and will
not require a tdb version upgrade
* Can successfully create new printer subkeys via winreg that
are immediately available via spoolss calls. Still cannot delete
keys yet though. That comes next.
(This used to be commit 00bce2b3bb)
nver normalized the string used for printer and
sec_desc key lookups ?????
normalized sharename to lower case before storing/fetching
from tdb.
Need to look at drivers and forms tdb as well (perhaps).
(This used to be commit 4aec5dce5c)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8)
(not move) to the W32X86/{2,3}/ directory. Printmig.exe
copies the driver files for all drivers to print$/W32X86
and the calls AddPrinterDriver() for each driver. If we
move the file, then adding a driver which shares a file with
a previous driver will fail.
I can now restore drivers in bulk to a Samba 3 server.
(This used to be commit 46cd95c9b4)
some issues in the printer security descriptors.
Ensure that each printer sd has an oaner and group SID
(BUILTIN\Administrators) and that we utilize more than
the generic bits assigned in <= 3.0.14a.
(This used to be commit c72182c1e2)
where large print jobs can have out-of-order offsets. Bug found
by Arcady Chernyak <Arcady.Chernyak@efi.com>
Jeremy.
(This used to be commit 482f7e0e37)
