IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
$SHLD and $LDSHFLAGS instead of $CC, $CPPFLAGS and $CFLAGS as this is
more likely to actually work. Bugzilla #1731.
I'm checking this in to 3.0 so it can hit the build farm and flush out
any problems with other architectures. With a bit of luck this should
go in to Samba 3.0.8.
(This used to be commit a754f29ef8)
using our own implementation of krb5_lookup_kdc with heimdal. Also,
heimdals krb5_krbhst_next() obviously does not retrieve the struct
addrinfo in the krb5_krbhst_info-struct, using
krb5_krbhst_get_addrinfo() instead.
Guenther
(This used to be commit cca660e109)
client changes. With this, storing home directories on a Samba
share that require unix domain socket entries should work.
Jeremy.
(This used to be commit da943b5b72)
Split off the non-crypto related parts of lib/afs.c into
lib/afs_settoken.c. This makes wbinfo link without -lcrypto.
Commit vfs_afsacl.c, display & set AFS acls via the NT security editor.
Volker
(This used to be commit 43870a3fc1)
Implement vfs_full_audit.c that can log every vfs.h operation. So if you
change vfs.h, from now on you also have to change full_audit :-)
Volker
(This used to be commit 9cb9c5f7c9)
the failure of our LFS test caused the _GNU_SOURCE define not to be
added, causeing strndup() not to be defined...
I'll into when we really should define _GNU_SOURCE shortly, but the
fix is correct anyway.
Andrew Bartlett
(This used to be commit aca07f33a2)
it, on machines that actually have a working cracklib, for which we have
the correct path to the dictionary.
Andrew Bartlett
(This used to be commit 17518018c0)
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
(This used to be commit 7c34de8096)
:-).
"here's a patch which ports the samba 2.2 samba_linux_quota.h stuff to 3_0.
This is needed because of so many broken quota files outthere.
Please, test this with old, new kernels
(strucr dqblk, struct mem_dqblk, and struct if_dqblk)
, quota.user, aquota.user formats
what is when a user is over soft quota and over hard quotas..."
Jeremy.
(This used to be commit 4350aa6ce6)
- Add pgSQL backend (based on patch by Hamish Friedlander)
- Use query generate functions from pdb_mysql and pdb_pgsql
- Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change
(This used to be commit 65ad2c02fd)
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP
to configure.in (this took a *long* time to track down) to make autoconf
work correctly on Fedora Core 1.
Jeremy.
(This used to be commit c51d974b18)
to LDFLAGS. One of the problems with configure/autoconf is that there seems
to be no separation of LDLFAGS etc in configure from the LDFLAGS it is
building for the Makefile.
(This used to be commit 63d7698208)
the trouble of detecting what the PIC suffix should actually be.
Change PICFLAG in configure.in to PICFLAGS for consistency.
Patches from Joachim Schmitz <schmitz@hp.com> for bug 574.
(This used to be commit ecfbc5f529)
macro get recompiled after configure has ran.
This was done by touching the source file. This patch changes it to removing
the object file, so that you don't need write-access to the source directory.
(This used to be commit 1a95f5c9a9)
this (HPUX 11). Currently it's initialised to 'ar' but this may have
to be changed if any systems pop up that have archivers that aren't
named 'ar'. Closes bug #552.
(This used to be commit 6aada3bd3e)
(rant off :-). Inspired by work from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>.
Also add MacOSX/Darwin configure fixes.
Jerry - can we put this in 3.0 release ? :-).
Jeremy.
(This used to be commit f23acb4ca5)
to build on systems with fixed getgrouplist() in GNU libc < 2.3.2.
Unfortunately, we can't detect correctness of getgrouplist() functioning in
portable way so this is left up to developer/packager.
This patch adds --with-good-getgrouplist[=no] switch to configure which packagers
on Linux platforms could use to specify in their own builds if they now that glibc
on their platform is fixed w.r.t CAN-2003-0689. By default we still think that glibc
is vulnerable and perform our version check.
** This patch does not change default behaviour in Samba 3.0 -- by default we are not
vulnerable on glibc as we are not using getgrouplist()
See http://www.securityfocus.com/bid/8477 for vulnerability description.
Right now there are following Linux vendors released glibc updates for CAN-2003-0689:
RedHat -- https://rhn.redhat.com/errata/RHSA-2003-249.html
ALTLinux -- http://www.altlinux.com/index.php?module=sisyphus&package=glibc
(This used to be commit e53622c114)
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8)
find libpam or security/pam_appl.h
Also change the warnings when we can't do --with-pam_smbpass when
is was requested to errors.
(This used to be commit fe3fb58623)
to a very recent snapshot) has arcfour-hmac code that doesn't work with
windows. Love suggested detecting it via the existence of KEYTYPE_ARCFOUR_56
which only exists in working versions.
(This used to be commit e039a61e51)
work properly. MIT does not support them, so this check will be used to
decide whether to use them. First part of fixing bug #372.
(This used to be commit 85737fc937)
Now all 8-bit charsets with gaps (not all symbols defined) could be produced through
one macro -- SMB_GENERATE_CHARSET_MODULE_8_BIT_GAP(CHARSETNAME) within source file
with three charset tables. Full source code for such modules can be generated by
source/script/gen-8bit-gap.sh script which was taken from GNU libc and changed slightly
to follow our data types and structure.
(This used to be commit 37042c7bc0)
pam_smbpass.so will load ok. Had to move some functions around to work
around dependency problems (hence the new passdb/lookup_sid.c)
Also make sure that libsmbclient.a is built and installed when
we support shared libraries.
(This used to be commit 780055f442)
in heimdal it is an enum. Thanks to Guenther Deschner (gd@suse.de).
With this join will work, but without a keytab, cifs connections will still
fail with heimdal. Fix to come later.
(This used to be commit d30bef4c37)
vendor supplied lp printing (bug #355).
For some reason this is not being set in Samba 3. In Samba 2.2 the
SYSV define was only set from include/includes.h in a haphazard
fashion. It's probably better to explicitly define it on a per-operating
system basis anyway.
(This used to be commit e653e13f45)
We now fallback to Samba-provided CP850 charset module if CP850 or IBM850 does not exist on target system at runtime.
1. Introduce CP850 charset module based on charmaps table from GNU libc 2.2.5
2. Make CP850 charset module shared and build it by default
Should fix Solaris run-time
(This used to be commit e855dc8c91)
smbadduser must obeys the paths from configure options
* Try to get libsmbclient files installed during 'make install'
Still one outstanding problem with static lib. INSTALLCLIENTCMD_A
is not getting set correctly.
(This used to be commit 50ab28bd25)
Now we are:
1. Try to find correct name for default character sets for the platform
2. Use DEFAULT_{DOS|DISPLAY|UNIX}_CHARSET defines set during configure phase as defaults
This should fix CP850 problem on Solaris (at least) because it actually has IBM850 which
is the same but under different name
(This used to be commit 836b9fffa0)
There is a workaround documented in the bug report.
This patch does:
* add server support for the LSA_DS UUID on the lsarpc pipe
* store a list of context_ids/api_structs in the pipe_struct
so that we don't have to lookup the function table for a pipe.
We just match the context_id. Note that a dce/rpc alter_context
does not destroy the previous context so it is possible to
have multiple bindings active on the same pipe. Observed from
standalone win2k sp4 client.
* added server code for DsROleGetPrimaryDOmainInfo() but disabled it
since it causes problems enumerating users and groups from a 2ksp4
domain member in a Samba domain.
(This used to be commit 96bc2abfcb)
of LIBS where we don't need to change them, and to ensure that if
--with-iconv was specified we only search the list of locations specified.
(This used to be commit c2274274a6)
in an iconv_open to be more robust.
However, what we really want to do is find the name for something like CP850,
which can be IBM850 on Solaris, and we might want to also check for
ISO-8859-1.
So, this commit adds a macro to aclocal.m4 that can check for a specific
charset.
(This used to be commit 81dc28ca82)
loop that looks for iconv, because we might have more than one version
of iconv available and the first version might not work like we want, so
we have to keep looking.
We have yet to look for other character conversions as well, but for now,
let's see what the build farm makes of the changes.
(This used to be commit 13be2ca51a)
Tested on a large combination of operating systems and versions.
Hopefully the build farm will find any remaining nasties if they
exist.
(This used to be commit 2e42fa3d72)
This segfaults when you have to many group membership entries
in /etc/group.
Fixed in glibc CVS end of April 2003.
Volker
(This used to be commit 61bfdf0b12)
This has been tested on RedHat 9.0 with libiconv built in as well as
FreeBSD 4.6.2 with iconv-2.0.3 and biconv.g/libbiconv.
We should perhaps also check for other conversions that just ASCII<-->UCS-2LE
especially because those two names do not appear in charset.aliases for
iconv-2.0.3.
(This used to be commit 53d953da10)
This is the first part of the fix that at least allows configure to
walk the list of supplied locations where libiconv etc might be found.
aclocal.m4 also needs a fix, as does a later test.
(This used to be commit 2078654313)
- changed --enable-developer debug to use -gstabs as it makes the
samba binaries about 10x smaller and is still quite functional for
samba debugging
(This used to be commit 53bfcd478a)
object files for modules are in .po files, while object files for
static use are in .o files. Pointed out by metze.
This reduces the number of files that have to be recompiled after the Makefile
changes. Preventing unnecessary recompiling of the other few is high
on my todo list.
(This used to be commit b9b46d43c7)
I think the lesson to take away here is that refactoring configure.in
is a hazardous task and should only be attempted if you have a lot
of time and patience!
(This used to be commit 5ba121ac9d)
I think we are done with MIT Kerberos for the moment. The Heimdal detection
looks like it has been broken for ages so it's next on the list.
(This used to be commit 7690a722f9)
detection. On Solaris 9 extra libraries -lber and -lresolv are
required for Kerberos tests. We used to have an extra check for
-lresolv only but I think the correct solution is not to forget about it
in the first place.
This should fix bug #125 although I don't have access to a
system to test it out on.
(This used to be commit 4ddfab4a57)
configured using --with-ads then give an error, otherwise fall back to compiling
without ADS.
Tested on redhat 8.0 with and without MIT kerberos packages installed. Metze,
let me know if this is working OK for you now!
(This used to be commit 7ea81535b8)
this doesn't need to be done explicitly in the Kerberos checks.
Also there was a duplicate AC_CHECK_LIB(resolv, dn_expand) which is done
early on in the configure process.
(This used to be commit fa66e2e1e1)
There are lots of things wrong with this patch, including:
1) it overrides a user chosen configuration option
2) it adds lots of complexity inside a loop when a tiny piece of code
outside the loop would do the same thing
3) it does no error checking, and is sure to crash on some systems
If you want this functionality then try something like this at the end
of charset_name():
#ifdef HAVE_NL_LANGINFO
if (strcasecmp(ret, "LOCALE") == 0) {
const char *ln = nl_langinfo(CODESET);
if (ln) {
DEBUG(5,("Substituting charset '%s' for LOCALE\n", ln));
return ln;
}
}
#endif
then users can set 'display charset = LOCALE' to get the locale based
charset. You could even make that the default for systems that have
nl_langinfo().
(This used to be commit 382b9b806b)
Samba should preferentially use the locale information from the native system,
and only fall back on 'display charset' if this is unavailable or unsupported.
(This used to be commit 1e445fb422)
* remove 'winbind uid' and 'winbind gid' parameters (replaced
by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
(parameters are passed to idmap init() function
(This used to be commit 1665926281)
Includes sambaUnixIdPool objectclass
Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
- Use absolute directories for $builddir and $srcdir in the Makefile
- Don't try and combine source files in $builddir and $srcdir to build
proto.h. It's just too hard to get it right across all targets we
wish to compile on. Use a hand created prototype for the single
function in smbd/build_options.c that we need. This allows us to ditch
all the extra sed work that was causing problems: \t not portable - hah!
- Fix bogus delheaders target to remove the correct files
This appears to work quite nicely now. Let's see how it goes on the
buildfarm machines.
(This used to be commit 456184463d)
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978)
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab
2. Disabled by default and when requested, will be probed and enabled only on Linux where it works
3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far
Documentation to follow
(This used to be commit 4bf022ce9e)
Now the IRIX and non-irix cases for one of these switch statements is the same,
eliminate the statement...
We now use autoconf > 2.50, so we can use some of it's features.
We also need to correctly include the magic for building vfs_fake_perms.
(This used to be commit a4ec8a6151)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee)
as we don't need it for autoconf 2.53. Remove it from CVS, and assert the
newer autotools in configure.in
Andrew Bartlett
(This used to be commit c51065e607)
detect for now, I still have vague hopes of hiding the differences
between MIT and Heimdal with a compatibility layer....
Jeremy.
(This used to be commit 54d83de8a2)
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
>Defaulting python breaks the clean target it python isn't installed.
Merge from HEAD, Revision 1.378:
>Fixes for EXEEXT - must use \$ signs when you want an actual $ sign to
>be used.
(This used to be commit 008c572ab7)
- Target selection cleanup
- Some formatting merges
- Merged some Pythong bits&pieces that were missed previously
Original commit message for target selection cleanup:
>Here's a bit of a cleanup of the {configure,Makefile}.in files. I've
>now combined all the ad-hoc AC_SUBST variables into three generalised
>ones:
>
> EXTRA_BIN_PROGS Additional programs to install in ${prefix}/sbin
> EXTRA_SBIN_PROGS Additional programs to install in ${prefix}/bin
> EXTRA_ALL_TARGETS Additional targets to build by default
> SHLIB_PROGS Shared library objects (pam, winbind) to build
>
>We also build some extra stuff by default: the python extensions (if
>--with-python specified), smbmount related binaries (if
>--with-smbmount specified), and the samba torture suite.
>
>The idea behind this is to have everything that is configured built by
>default to detect breakage as soon as possible when people make low
>level changes.
(This used to be commit 6000caf5da)
* updating Makefile & configure script to use CONFIGDIR & VFSLIBDIR
* set LIBDIR to ${prefix}/lib/samba when --with-fhs is enabled
* make installdirs take an arbitrary number of arguements
(This used to be commit f0d09cf676)
- const for PACKS() in lanman.c
- change auth to 'account before password'
- add help to net rpc {vampire,samsync}
- configure updates for sun workshop cc
- become_root() around pdb_ calls in auth_util for guest login.
Andrew Bartlett
(This used to be commit 43e90eb6e3)
- heimdal updates to configure
- make DEBUG() const
- add testsuite for:
- preexec
- preexec close
- valid users
- fix testsuite for 'invalid users'
Andrew Bartlett
(This used to be commit aa41fb8703)
- Fix segfaults in the 'net ads' commands when no password is provided
- Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the
old options, but the actual code is available on all ldap systems.
- Fix shadow passwords (as per work with vl)
- Fix sending plaintext passwords to unicode servers (again vl)
- Add a bit of const to secrets.c functions
- Fix some spelling and grammer by vance.
- Document the -r option in smbgroupedit.
There are more changes in HEAD, I'm only merging the changes I've been involved
with.
Andrew Bartlett
(This used to be commit 83973c3893)
