IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I updated the vfs version in 3.0.24 from 16 to 17, beacuse 16 was the
latest released code, but on SAMBA_3_0, I reverted my earlier change
back from 19 to 18, because we've not had any released code with 18.
This is related to the kernel_flock call addition.
(This used to be commit fb8e43fb49)
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284)
the DN must be rid,domain and not domain,rid
Also use member and not memberOf for group members
following conventions.
(This used to be commit 7c0ea791d2)
-lgssapi_krb5. With that change I could sucessfully verify that Heimdal
support is still working nicely after the changes from jpeach.
Guenther
(This used to be commit 53d09487a0)
Add configure option --enable-fam so that FAM support can explicitly
be controlled at build time. Default behaviour is to autodetect.
(This used to be commit 066951bc48)
tdb. This includes:
- the new tdb_lockall and tdb_lockall_read code, which will be needed
for the ldb speedups
- the tdb logging changes. This is an intermediate step to keep the
differences between the two branches small. The plan is still to
move to a tdb_init()/tdb_set_logging_function()/tdb_attach() style
of open which will make things much cleaner.
- the updated test suites and standalone tdb build code
- use libreplace headers
There are still some small differences I haven't merged. I'll discuss
those on the list.
(This used to be commit 48903c75ed)
is completely useless (and in fact harmful :-) in
that it causes a winbindd error where there should
be none.
Jeremy.
(This used to be commit acf5419d62)
That one was hard to find: when coming from offline mode and switching
to online, a refresh sequence number call (using the default MS-RPC
mechanism) may reset domain->backend to NULL (by the set_domain_online
event). We need to make sure to reidentify the remote domain in that
case.
Guenther
(This used to be commit 4d6503d137)
descriptors. Both databases are long-lived and not frequently written, so I
think storing it deserves a tdb transaction.
Volker
(This used to be commit 2d4b5f5727)
this shold be a strong dependency. If stuff from Fink is an optional
extra, there should be a --with-stuff-from-fink argument. It's just
too easy to unexpectedly end up with binaries that depend on
/sw/{lib,include}.
(This used to be commit d0166e1172)
Jerry.
If "enum users" is set to false, and the group being looked
up is the Domain Users SID: S-1-5-domain-513, then for the
list of members check if the querying user is in that group,
and if so only return that user as the gr_mem array.
We can change this to a different parameter than "enum users"
if neccessaey, or parameterize the group list we do this for.
Jeremy.
(This used to be commit 91b40e25cc)
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc)
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5)
- "The problem is, with a fresh system, we don't know our sitename,
therefor we do a stupid DNS query for all DCs. The reply we get is a
round-robin list of all 21 DCs, we just pick the first, contact that
and safe that INET.COM#1C query in the name cache for later use...
What we need to do if we don't yet know our sitename, is to contact to
any DC, get the CLDAP reply to tell us in which site we are, then flush
the namecache and requery DNS including the sitename"
Implement the flushing of the #1C entries for a given NetBIOS name/realm
when looking up the site value.
Jeremy.
(This used to be commit b2d1e44f59)
we need to make sure
HAVE_GSSAPI
HAVE_KRB5_H
HAVE_GSSAPI_H
HAVE_GSSAPI_GSSAPI_GENERIC_H
HAVE_GSSAPI_GSSAPI_H
are not in config.h
this adds 2 new macros to libreplace
AC_REMOVE_DEFINE(), AC_REMOVE_INCLUDE()
metze
(This used to be commit eb1f0b49cf)
are missing! Bailing out at compile time is ugly.
Hopefully this fixes the Mac OS 10 boxes in the build-farm
there're some missing function. Fixing that is a different
problem...
metze
(This used to be commit e00a83a0b6)
fix configure test for net/if.h on some platforms
AC_LANG_SOURCE() adds the content of confdefs.h in front
of the compiled file
metze
(This used to be commit 7cbdc06ad9)
workgroup, decided periodically to stop sending recognized responses to a
NetServerEnum2 request for the workgroup. Instead of returning the list of
servers (only itself; nothing else in the workgroup), it returns a status code
of 8 which is unsupported by samba3, samba4, and ethereal.
The code for this request assumed that if an unexpected status code was
received, the connection had a problem, i.e. that cli_errno() would show a
problem. That turns out not to be the case.
This patch changes the behavior so tha any time a response is received and
cli_errno() == 0, we continue processing the reply and base our response on
the returned count (zero). The pre-existing code then converts this count=0
into an ENOENT errno which can be properly handled by the application (whereas
an error return with errno=0 can't be).
This packet dump has only 2 frames. Sorry about the text version but it's
most easily attached to this log message. I also have it saved as .pcap if
anyone wants it.
Derrell
No. Time Source Destination Protocol Info
1 14:31:59.802668 192.168.1.106 192.168.1.100 LANMAN NetServerEnum2 Request, Server, SQL Server, Domain Controller, Backup Controller, Time Source, Apple Server, Novell Server, Domain Member Server, Print Queue Server, Dialin Server, Xenix Server, NT Workstation, Windows for Workgroups, Unknown server type:14, NT Server
Frame 1 (196 bytes on wire, 196 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.802668000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 196 bytes
Capture Length: 196 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: IntelCor_4a:47:bb (00:13:20:4a:47:bb), Dst: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Destination: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Source: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.106 (192.168.1.106), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 182
Identification: 0xb838 (47160)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfdea [correct]
Good: True
Bad : False
Source: 192.168.1.106 (192.168.1.106)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: 44932 (44932), Dst Port: netbios-ssn (139), Seq: 851982066, Ack: 1274726157, Len: 130
Source port: 44932 (44932)
Destination port: netbios-ssn (139)
Sequence number: 851982066
Next sequence number: 851982196
Acknowledgement number: 1274726157
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0xb4e0 [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1184074739, tsecr 11576161
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 126
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 2
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x08
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Request (0x25)
Word Count (WCT): 14
Total Parameter Count: 36
Total Data Count: 0
Max Parameter Count: 8
Max Data Count: 65535
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 36
Parameter Offset: 90
Data Count: 0
Data Offset: 126
Setup Count: 0
Reserved: 00
Byte Count (BCC): 63
Transaction Name: \PIPE\LANMAN
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Parameter Descriptor: WrLehDz
Return Descriptor: B16BBDz
Detail Level: 1
Receive Buffer Length: 65535
Server Type: 0x0000fffe
.... .... .... .... .... .... .... ...0 = Workstation: This is NOT a Workstation
.... .... .... .... .... .... .... ..1. = Server: This is a Server
.... .... .... .... .... .... .... .1.. = SQL: This is an SQL server
.... .... .... .... .... .... .... 1... = Domain Controller: This is a Domain Controller
.... .... .... .... .... .... ...1 .... = Backup Controller: This is a Backup Controller
.... .... .... .... .... .... ..1. .... = Time Source: This is a Time Source
.... .... .... .... .... .... .1.. .... = Apple: This is an Apple host
.... .... .... .... .... .... 1... .... = Novell: This is a Novell server
.... .... .... .... .... ...1 .... .... = Member: This is a Domain Member server
.... .... .... .... .... ..1. .... .... = Print: This is a Print Queue server
.... .... .... .... .... .1.. .... .... = Dialin: This is a Dialin server
.... .... .... .... .... 1... .... .... = Xenix: This is a Xenix server
.... .... .... .... ...1 .... .... .... = NT Workstation: This is an NT Workstation
.... .... .... .... ..1. .... .... .... = WfW: This is a WfW host
.... .... .... .... 1... .... .... .... = NT Server: This is an NT Server
.... .... .... ...0 .... .... .... .... = Potential Browser: This is NOT a Potential Browser
.... .... .... ..0. .... .... .... .... = Backup Browser: This is NOT a Backup Browser
.... .... .... .0.. .... .... .... .... = Master Browser: This is NOT a Master Browser
.... .... .... 0... .... .... .... .... = Domain Master Browser: This is NOT a Domain Master Browser
.... .... ...0 .... .... .... .... .... = OSF: This is NOT an OSF host
.... .... ..0. .... .... .... .... .... = VMS: This is NOT a VMS host
.... .... .0.. .... .... .... .... .... = Windows 95+: This is NOT a Windows 95 or above host
.0.. .... .... .... .... .... .... .... = Local: This is NOT a local list only request
0... .... .... .... .... .... .... .... = Domain Enum: This is NOT a Domain Enum request
Enumeration Domain: WORKGROUP
No. Time Source Destination Protocol Info
2 14:31:59.803918 192.168.1.100 192.168.1.106 LANMAN NetServerEnum2 Response
Frame 2 (134 bytes on wire, 134 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.803918000
Time delta from previous packet: 0.001250000 seconds
Time since reference or first frame: 0.001250000 seconds
Frame Number: 2
Packet Length: 134 bytes
Capture Length: 134 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: Micro-St_74:16:e7 (00:0c:76:74:16:e7), Dst: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Destination: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Source: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.106 (192.168.1.106)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 120
Identification: 0xea10 (59920)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8c50 [correct]
Good: True
Bad : False
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.106 (192.168.1.106)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 44932 (44932), Seq: 1274726157, Ack: 851982196, Len: 68
Source port: netbios-ssn (139)
Destination port: 44932 (44932)
Sequence number: 1274726157
Next sequence number: 1274726225
Acknowledgement number: 851982196
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64606
Checksum: 0x1e0d [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 11576161, tsecr 1184074739
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 64
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 1
Time from request: 0.001250000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 8
Total Data Count: 0
Reserved: 0000
Parameter Count: 8
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 0
Data Offset: 64
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 9
Padding: 00
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Status: Unknown (8)
Convert: 0
Entry Count: 0
Available Entries: 0
(This used to be commit 88fa5ac734)
Convert the low-hanging fruit of the LSA server. This provides a sample how
the server calls can be converted one by one, see the "proxy_lsa_call"
function.
Volker
(This used to be commit 99e54a213a)
least with dummy routines. We need a way to indicate that we do not support a
call, so that srv_pipe_hnd.c can return the DCE level RNG_ERROR.
This flag can be set in the backend routines for this one. I'll change pidl to
generate code to "return False" in srv_lsa.c if this flag is set.
Volker
(This used to be commit 5260657664)
messages to internal domains, or to domains not being
serviced by a winbindd child. Ensure the child online
offline requests are domain specific.
Jeremy.
(This used to be commit 81a9dc4b9f)
NSS protocols auth, chauthtok, logoff, ccache_ntlm_auth.
That way we ensure winbindd only deals with fully
qualified names internally. The NSS protocols
auth_crap and chng_pswd_auth_crap should be fixed
to do the same thing.
Jeremy.
(This used to be commit dbd2454d33)
ensure that data values from ldap libs are null terminated, to allow
ldb_msg_find_attr_as_string() to work correctly.
Thanks to Jim Myers for spotting this!
metze
(This used to be commit a5ea82bb05)
this more portable and try to make use of ladebug on Tru64,
but that only works when the binary is passed as 2nd arg to gdb_backtrace
as Tru64 doesn't know /proc/${PID}/exe
we need to find a way to pass the progname in 'panic action'
in samba3
metze
(This used to be commit 2f55fd82ff)
gives just any DC), also make sure to set timeouts in rpcclient
accordingly so that we actually get the DC's reply.
Guenther
(This used to be commit 6091c8152a)
- passing mem_ctx as ldb_context is a bad idea!
- naming a static function talloc_ is also bad and misleading
metze
(This used to be commit 0523ad2493)
I have some problems resolving the last 3 ones in attrib_handlers.c. In line
251 the function ldb_dn_explode_casefold is called with mem_ctx as the first
argument. Looking at ldb_dn_explode_casefold I see that the first argument it
expects is a struct ldb_context. I could certainly add a cast to (struct
ldb_context *) to that call, but I would assume that this is the wrong fix. Is
it possible that attrib_handlers.c:251 and :254 should have ldb and not
mem_ctx as the first argument?
Can anybody from Samba4 clarify this for me and apply the correct fix?
Thanks a lot.
Volker
(This used to be commit 26f2cb71eb)
the moment) but winbindd isn't run in the build farm
so hopefully won't break anything too badly - I don't
want to lose this.
If winbindd starts offline then it falls back to using
MS-RPC backend. On going online it needs to reset the
backend and try and go to using the AD backend code if
possible, as the MS-RPC sequence number fetch just returns
1 as the sequence number if run against an AD DC.
In addition, the winbindd async child may end up
with the AD backend whilst the main winbindd - which
still contacts the DC for some non-async calls, is
left using MS-RPC. This can cause some trouble (as
you can imagine :-).
Attempt to ensure both main winbindd and async children
us AD backends on going online.
Jeremy.
(This used to be commit 5efd4b04b8)
The attached patch cleans up pam_winbind a tiny bit. Instead of making
exceptions for all pam implementations except for Linux' it's better
to make an exception for the only pam implementation which is
different from all the others. This is equivalent to what pam_smb_auth
does already.
-----------------
Jeremy
(This used to be commit 8e55964708)
including SOCKET_WRAPPER_PCAP_FILE support
but I just noticed that samba don't use recv()/send()
on the socket, so the capture only contain connect()/close()
metze
(This used to be commit b894e33023)
we now don't compile mostly each .c file twice.
- we use PICFLAG for all object files
- PICFLAG defaults to PIE_CFLAGS and is then overwritten
if the system supports shared libraries
as we currently always use -fPIE if available
(and at least on linux -fPIE produces the same code as -fPIC)
it doesn't change anything in the resulting code.
"high performance" binaries can be build with
"--disable-pie --disable-shared" if someone really needs to...
metze
(This used to be commit 6db1f57f45)
HAVE_KRB5. If WITH_ADS does not imply KRB5, we have to fix that.
Lets see what the build farm thinks about this.
Volker
(This used to be commit 27b063078d)
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
(This used to be commit af85d8ec02)
getprinter calls. Survives the RPC-SAMBA3-SPOOLSS test which I will activate
when the Samba4 build farm has picked it up.
Volker
(This used to be commit d7248b6cfa)
Jelmer, Jerry, in cmd_unixinfo.c:159 there is still the warning that "info" is
being used uninitialized which I don't really know how to fix.
Any hints?
Volker
(This used to be commit 4a5d11e194)
For those who are interested, try
net ads gpo refresh mybox$
to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache.
Detailed information about GPOs is currently only printed when setting a
higher debuglevel then 0.
Guenther
(This used to be commit d086babf9d)
- fix bug 4078
- talloc_free(talloc_autofree_context()); should not result
in a SIGABORT on exit
- add a test for this, but this test can also pass in the standalone build
and samba3, as samba4 uses talloc_autofree_context()
metze
(This used to be commit f5b0924f97)
items in cac_winreg.c
* Get 'net rpc registry enumerate' to list values again
* Fix winreg.idl QueryInfoKey(). The max_subkeysize is the
max_classlen (we previously had this correct in Samba3")
* fix valgrind error about uninitialized memory and use-before-set
on size value inmemset() call
* Fix key enumeration in 'net rpc registry enumerate'
* regenerate gen_dir files based on local pidl patches
Please note that the generated ndr files are from my local
copy of pidl. If you need to regenerate, please apply the
patch that I posted to the samba-technical list earlier today.
(This used to be commit 5d843612a1)
but disable building of shared libs and modules whe enable_shared != yes
Also make it easier to track down the problem with lost LDFLAGS values
on AIX.
metze
(This used to be commit 3367e306e6)
reported that Samba3 on Solaris Sparc with the native compiler can't
join Windows domains. If it worked we were just lucky. I suspect it
just didn't work.
(This used to be commit 9df1e7d989)
we need to include unistd.h in system/network.h because
it contains the ioctl() prototype on some systems
and we need to make sure it gets included before socket_wrapper
defines ioctl swrap_ioctl
metze
(This used to be commit d827534760)
Samba4 smbd force the umask to 0, which meant we ended up with ldb
being world writable.
This isn't really an ideal fix, as it means ldb no longer honors umask
(as it should do, like all good libraries).
Unfortunately the 'proper' fix is too complex for now
this also merges a tiny code style fix from s4 to s3
(This used to be commit dd8ec8725f)
in,out ref pointer
* Clarify variable names in EnumValue IDL
* Fix server code for _winreg_EnumValue() and _winreg_QueryInfoKe()
(This used to be commit f520a9d0fb)
string is zero length. This allows callers to not have to worry about
creating an invalid ldap attribute.
See extensive discussion on samba-technical list :-)
(This used to be commit 9e66df05a4)
2 separate CPPFLAGS variables. So just cleanup the SAMBA_CPPFLAGS
for out of tree builds. This has been tested locally and works.
Maybe metze can find a better way tomorrow.
(This used to be commit 8aa681df99)
like negative values in the generated code.
I'm not sure how we can solve that in samba3 as the generated code is commited
Maybe we need to alsways pass --uint-enums
metze
(This used to be commit 9468dcc5d5)
the first is to not enable the ldap ldb backend just yet. This will
need configure tests to conditionally include. We should be able to
use the m4 files from lib/ldb/
The 2nd is to fix libads/gpo.o not to publicly prototype a function
that needs ldap.h
(This used to be commit 1cf17edc14)
rename to group_mapping.tdb.upgraded rather than an unlink when
upgrading. So if we absolutely have to go back to the tdb, we can
change mapping_ldb.o to mapping_tdb.o in Makefile.in and recover
peoples group mappings.
We could go one step futher and make the backend configurable. Any
opinions on that?
(This used to be commit 203fc0b03c)
code. Yay!
This first commit copies lib/ldb/ from Samba4. A huge congratulations
should go to Simo on this - he has put an enormous amount of work into
ldb, and it's great to see it go into the Samba3 tree.
(This used to be commit bbedf2e343)
still doesn't compile with immediate structures and the
NTSTATUS/WERROR separation, as there are still several places where
the two error types are mixed up. I haven't fixed those as they
require decisions about the rpcclient code that I really don't want to
get into (the error handling there is a mess)
So samba3 compiles now, but only becaise HAVE_IMMEDIATE_STRUCTURES is
not used (look for HAVE_IMMEDIATE_STRUCTURES_XX_DISABLED)
(This used to be commit 8438a6a7d4)
test with gcc 4.1.0. As the build farm is not in the best state right now,
this should not matter.
Stefan, is there any chance we get the IMMEDIATE_STRUCTURES back and have
libreplace at the same time?
Volker
(This used to be commit 776bd5e36d)
revision is now an enum that might be represented as anything, in particular
as an int. It's definitely not a uint16 :-)
Volker
(This used to be commit 7c5d66c971)
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399)
Many things work (OpenHKLM, etc...) but some still don't.
This shouldn't block anyone so I'm checking it in.
Will probably move to a bzr tree after this for
longer dev cycles between checkins.
(This used to be commit cf1404a0d7)
anymore, we don't have to truncate the length to 255 anymore.
The test I did for this: I sent 50 times the NTLMSSP oid. With truncating
Vista said Access Denied, without truncating it liked the response.
Volker
(This used to be commit f1512cb43c)
key length in the case of extended security. It does make sense because with
SPNEGO our beloved ASN1 structure gives us the length.
Next test I did to verify this: I modified the server to put in random
garbage, and W2kwks, XP, Vista and W2k3srv still talked to us.
Volker
(This used to be commit f19bd479ce)
* Remove the old wkssvc server, client, & parsing code.
* Update srv_wkssvc_nt.c with stubs for the remaining
stubs
(This used to be commit 0cb79ee13f)
calculated based on the last change time, policies, and acb flags.
Next step will be to not bother storing them. Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e5)
* rpccli_reg_abort_shutdown()
* rpccli_reg_flush_key()
Remove the cmd_reg.c from rpcclient since the entire file
was unused
(This used to be commit c4788f0c13)
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
(This used to be commit 7db6ce295a)
SASL/Steve/Andrew I can't right now ask why the aio.h is needed for the
timespec test.
Might have to revert that soon.
Volker
(This used to be commit fa53ad6571)
for anonymous bound connections.
When doing anonymous bind you can never use paged LDAP control for
RootDSE searches on AD.
Guenther
(This used to be commit dc1d92faab)
- we now define the set of samba related include path in one place
so that we can't get it wrong in different places
metze
(This used to be commit 6bf0aad052)
* as openlog() is non-reentrant and pam_winbind thereby overrides the
syslog settings of the calling application, directly call syslog (or
pam_vsyslog if available)
* support the PAM_SILENT flag to avoid any log messages beeing created
Guenther
(This used to be commit 0f7e37ffc4)
strtoull. This is a copy of the stuff in samba4 libreplace, which is GPL. I
hope it is ok to copy&paste it into a GPL file. Tridge, we could also create a
replace_lpgl.c if needed.
Volker
(This used to be commit f8346687d9)
the flags determines what kind of share is this.
I suppose 0x80000000 means something like (legacy) as it will
fail for any share name longer then 13 chars (same size accepted
for old RAP calls that come from pre NT OSs.
Jerry,
let me know if you want me to commit this to 3_0_23
Simo.
(This used to be commit f09f8b2d82)
make rpccli_lsa_close() a real one line wrapper for
rpccli_lsa_Close().
I'm still keeping the wrapper for now because I'm not sure
what we will do about a usable client API. I don't think
calling the autogenerated client code directly is a good idea
as the IDL is still evolving.
(This used to be commit 47f0c71218)
password blob, it seems that pw_len is just a uint8 instead of uint16.
This might also be interesting for Samba4's samr.idl.
Volker
(This used to be commit 68ded4ba07)
Remove the account_policy_migrated() thingy, and make cache_account_policy_set
use gencache. Account policies are now handled like groups and users are with
respect to "passdb backend".
Volker
(This used to be commit fa8b2e2a58)
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
this at the moment as I'm working on this area. Thanks
a lot Guenther.
Add the capability to get krb5 tickets even if we
log on in the offline state and have to cache
the credentials. Once we go online we should
start getting krb5 tickets again. Currently
this code waits until lp_winbind_cache_time()
seconds (5 minutes by default) before getting
tickets. This is correct in the DC down case,
but not in the global offline -> online case.
I'll later add a trigger to force an immediate refresh
on the offline -> online state transition.
Jeremy.
(This used to be commit 04fe034f4a)
initial work. I'm including the librpc/gen_ndr directory
in svn temporarily just to get some compile issues straightened
out.
(This used to be commit cf271aa433)
Instead of trying to do this in the winbindd_cache
entries, add a timed even handler to probe every
5 mins when disconnected.
Fix events to run all pending events, rather than
only one.
Jeremy.
(This used to be commit 7bfbe1b4fb)
But I wonder why it is so slow on my laptop and takes only 1 second on
the 'opi' build farm host.
I got only 2-3 opens per second...
metze
(This used to be commit d5c55e731a)
cache the SAF name under both the domain name
and the realm name, as we could be looking up
under both. Jerry please check.
Jeremy.
(This used to be commit 9d954d2deb)
name that will be returned by winbindd. This
(should) fix the bug where the user logs in
with DOMAIN\user but winbindd returns only
"user" for the username due to 'winbind use
default domain' being set.
Jeremy.
(This used to be commit 1b2aa17354)
are not compatible. I am aware that this would be a huge change in Samba4, but
I would like to see it in the code that is shared.
Stefan, when you do merge work, can you get this across to Samba4?
Thanks,
Volker
(This used to be commit 959ea2c7dc)
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680eb)
set_dc_type_and_flags().
Fix problem when DC is down in ads_connect, where
we fall back to NetBIOS and try exactly the same
IP addresses we just put in the negative connection
cache.... We can never succeed, so don't try lookups
a second time.
Jeremy.
(This used to be commit 2d28f3e94a)
NetApp filers expect paths in Open AndX Request to have a leading slash.
Windows clients send the leading slash, so we should too.
(This used to be commit fc5b6e4bd8)
Jeremy: requires your eyes...
If the remote connection timed out while cli_list() was retrieving its list of
files, the error was not returned to the user, e.g. via smbc_opendir(), so the
user didn't have a way to know to set the timeout longer and try again. This
problem would occur when a very large directory is being read with a too-small
timeout on the cli.
Jeremy, although there were a couple of areas that needed to be handled, I
needed to make one change that you should bless, in libsmb/clientgen.c. It
was setting
cli->smb_rw_error = smb_read_error;
but smb_read_error is zero, so this had no effect. I'm now doing
cli->smb_rw_error = READ_TIMEOUT;
instead, and according to the OP, these (cumulative) changes (in a slightly
different form) solve the problem.
Please confirm this smb_rw_error change will have no other adverse effects
that you can see.
Derrell
(This used to be commit fa664b24b8)
server in winbindd when it's down and listed
in the -ve connection cache. Fix memory leak,
reduce timeout for cldap calls - minimum 3 secs.
Jeremy.
(This used to be commit 10b32cb6de)
This completes the work Jeremy began last week, disambiguating the meaning of
c_time. (In POSIX terminology, c_time means "status Change time", not "create
time".) All uses of c_time, a_time and m_time have now been replaced with
change_time, access_time, and write_time, and when creation time is intended,
create_time is used.
Additionally, the capability of setting and retrieving the create time have
been added to the smbc_setxattr() and smbc_getxattr() functions. An example
of setting all four times can be seen with the program
examples/libsmbclient/testacl
with the following command line similar to:
testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt'
The -f option turns on the new mode which uses full time names in the
attribute specification (e.g. ACCESS_TIME vs A_TIME).
(This used to be commit 8e119b64f1)
worked in one test, no idea what memory I've overwritten that time. This time
it survives the unpatched w2k password change.
Volker
(This used to be commit bf7bf8e4e9)
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
(This used to be commit 77fe2a3d74)
