IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
(disabled by default, set parametric option: gensec:gssapi=yes to enable).
This module backs directly onto GSSAPI, and allows us to sign and seal
GSSAPI/Krb5 connections in particular. This avoids me reinventing the
entire GSSAPI wheel.
Currently a lot of things are left as default - we will soon start
specifiying OIDs as well as passwords (it uses the keytab only at the
moment). Tested with our LDAP-* torture tests against Win2k3.
My hope is to use this module to access the new SPNEGO implementation
in Heimdal, to avoid having to standards-verify our own.
Andrew Bartlett
(This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
provision.pl suggests hklm.ldb be put)
- fix the globals init not to wipe parametic values after initialising
them (this bug prevented default values for parametric parameters)
(This used to be commit 6a360c52c1723b4c3485a97ebcfeb907f840a051)
- don't use static const strings in the server_info
- fix segfault when auth_sam gets "" as username
metze
(This used to be commit 7fcbd483d4977cf6483f34ddd28e6c0182897ba2)
use:
gensec:krb5=yes
gensec:ms_krb5=yes
to enable it
or -k on the client tools on the command line
metze
(This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
setting of "server signing = auto", which means to offer signing
only if we have domain logons enabled (ie. we are a DC). This is a
better match for what windows clients want, as unfortunately windows
clients always use signing if it is offered, and when they use signing
they not only go slower because of the signing itself, they also
disable large readx/writex support, so they end up sending very small
IOs for.
- changed the default max xmit again, this time matching longhorn,
which uses 12288. That seems to be a fairly good compromise value.
(This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
return WERR_NOT_SUPPORTED for now.
Hive backends can be set like this:
registry:HKEY_LOCAL_MACHINE = ldb:tdb://registry.tdb
registry:HKEY_CURRENT_USER = gconf
registry:HKEY_USERS = dir:/tmp/registry
registry:HKEY_CLASSES_ROOT = nt4:/path/to/NTUSER.DAT
registry:HKEY_PERFORMANCE_DATA = w95:/path/to/USER.DAT
(This used to be commit 42844a4e3422bbbe891ba944c0e97861db7763ec)
backend that the underlying filesystem is case insensitive, so it can
bypass the directory search if the name is not found.
(This used to be commit d84ade90ce7e03ec749d6ae8dcdcb41de85d836e)
- switch the fallback case tables to use talloc
- moved the used-once octal_string() inline in loadparm.c
(This used to be commit b04202eaacc87d264d463f75673ee0e68cd54f94)
ntvfs handler = nbench posix
and the nbench pass-thru module will be called before the posix
module. The chaining logic is now much saner, and less racy, with each
level in the chain getting its own private pointer rather than relying
on save/restore logic in the pass-thru module.
The only pass-thru module we have at the moment is the nbench one
(which records all traffic in a nbench compatibe format), but I plan
on soon writing a "unixuid" pass-thru module that will implement the
setegid()/setgroups()/seteuid() logic for standard posix uid
handling. This separation of the posix backend from the uid handling
should simplify the code, and make development easier.
I also modified the nbench module so it can do multiple chaining, so
if you want to you can do:
ntvfs module = nbench nbench posix
and it will save 2 copies of the log file in /tmp. This is really only
useful for testing at the moment until we have more than one pass-thru
module.
(This used to be commit f84c0af35cb54c8fdc4933afefc18fa4c062aae4)
to process init_globals(). This also allows all global options to be
set using lp_set_cmdline() or --option
a side effect is that init_globals() is slower. If this turns out to
be a problem we can try a different approach.
(This used to be commit ccfc2106a03bd5143d28e6fdedab773cf7abbe5a)
smb.conf to be set on the command line. For example, you can use:
smbtorture --option 'unicode=false'
or
smbtorture --option 'netbios name=myname'
(This used to be commit 360a6b530e2295976ddefc138d1333411a94484d)
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
