IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
code relied upon file permissions alone. Now we check that
the user is a printer administrator and that the share has not been
marked read only for that user.
(This used to be commit 117d9fd9e1)
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
only tell at parse time from the wire if an incoming name
has wildcards or not. If it's a mangled name and we demangle
the demangled name may contain wildcard characters. Ensure
these are ignored.
Jeremy.
(This used to be commit 4cd8e2a96b)
the new talloc() features:
Note that the REGSUB_CTR and REGVAL_CTR objects *must* be talloc()'d
since the methods use the object pointer as the talloc context for
internal private data.
There is no longer a regXXX_ctr_intit() and regXXX_ctr_destroy()
pair of functions. Simply TALLOC_ZERO_P() and TALLOC_FREE() the
object.
Also had to convert the printer_info_2->NT_PRINTER_DATA field
to be talloc()'d as well. This is just a stop on the road to
cleaning up the printer memory management.
(This used to be commit ef721333ab)
the wire
* fix dup_a_regval() when size is 0
* ensure we pass a pstring to unlink_internals (fixes delete_driver
code)
(This used to be commit 353e63ff42)
for NT4 clients enumerating printer data on slow CPUs)
* fix pinter and secdesc record upgrade to normalize the key
(rev'd printer tdb version)
* fixed problem that was normalizing the printername name field
in general, this should fix the issues upgrading print servers
from 3.0.14a to 3.0.20
(This used to be commit d07179de2f)
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
when packing values. It is a compatible change though and will
not require a tdb version upgrade
* Can successfully create new printer subkeys via winreg that
are immediately available via spoolss calls. Still cannot delete
keys yet though. That comes next.
(This used to be commit 00bce2b3bb)
nver normalized the string used for printer and
sec_desc key lookups ?????
normalized sharename to lower case before storing/fetching
from tdb.
Need to look at drivers and forms tdb as well (perhaps).
(This used to be commit 4aec5dce5c)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
* start adding write support to the Samba registry
Flesh out the server implementations of
RegCreateKey(), RegSetValue(), RegDeleteKey() and RegDeleteValue()
I can create a new key using regedit.exe now but the 'New Key #1'
key cannot be deleted yet.
(This used to be commit e188fdbef8)
(not move) to the W32X86/{2,3}/ directory. Printmig.exe
copies the driver files for all drivers to print$/W32X86
and the calls AddPrinterDriver() for each driver. If we
move the file, then adding a driver which shares a file with
a previous driver will fail.
I can now restore drivers in bulk to a Samba 3 server.
(This used to be commit 46cd95c9b4)
some issues in the printer security descriptors.
Ensure that each printer sd has an oaner and group SID
(BUILTIN\Administrators) and that we utilize more than
the generic bits assigned in <= 3.0.14a.
(This used to be commit c72182c1e2)
will be owned by the same uid as the containing directory. Doing this for directories
in a race-free mannor has only been tested on Linux (it depends on being able to open
a directory and then do a fchown on that file descriptor). If this functionality is
not available then the code silently downgrades to not changing the ownership of a
new directory. This new parameter (docs to follow) finally makes it possible to create
"drop boxes" on Samba, which requires all files within a directory to be commonly owned.
A HOWTO on how to use this will follow.
Jeremy.
(This used to be commit 2e1f727184)
as the longname in the published printer information since this
is what we will have used when we joined the domain.
More testing on this tomorrow.
(This used to be commit d64fd1116d)
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
(This used to be commit 41dc7f7573)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
Try modifying printer before adding it,since add logic appends ObjectClass to mods, which caused a contraint violation when modifying an already published printer.
Also cleanup the check_published_printers() logic when verifying published status on startup.
(This used to be commit 82eb168c82)
