IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
REGISTRY_VALUE and struct registry_value formats for
registry values. Lacking better naming, I called them
regval_hilvl_to_lolvl and regval_lolvl_to_hilvl for a
start. The might be useful elsewhere, so might be put
into another place later on.
Michael
(This used to be commit 883fd79061)
as this header has nothing todo with winbindd nor nss
and it contains the definitions for the struct based
protocol
metze
(This used to be commit e9e03aac22)
This also corrects regval_ctr_copyvalue() in that it cannot create (invalid)
regval containers with dupliacte entries...
Michael
(This used to be commit 2daaaaa835)
gss_import_name() needs to follow the same logic as in the LDAP sasl wrapping
(see -r25133).
Tested with MIT 1.2.7, 1.3.6, 1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0,
1.0.1.
Guenther
(This used to be commit 913fb138aa)
The gss_import_name() broke as we switched from the internal MIT OID
"gss_nt_krb5_principal" to "GSS_KRB5_NT_PRINCIPAL_NAME" and didn't switch from
passing the krb5_principal (or better: a pointer to that, see MIT's "*HORRIBLE*
bug") to pass the string principal directly.
Jerry, Jeremy, neither I could figure out the need of passing in a
krb5_principal at all nor could I reproduce the crash you were seeing.
I sucessfully tested the code (now importing a string) with MIT 1.2.7, 1.3.6,
1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0, 1.0.1.
Guenther
(This used to be commit cb2dc715e3)
the main server code paths. We should now be able to cope with
paths up to PATH_MAX length now.
Final job will be to add the TALLOC_CTX * parameter to
unix_convert to make it explicit (for Volker).
Jeremy.
(This used to be commit 7f0db75fb0)
There are now ony 17 pstrings left in reply.c,
and these will be easy to remove (and I'll be
doing that shortly). Had to fix an interesting
bug in pull_ucs2_base_talloc() when a source
string is not null terminated :-).
Jeremy.
(This used to be commit 0c9a8c4dff)
and make valgrindtest. Final step will be to change srvstr_get_path()
to return talloced memory in the major codepaths.
Jeremy.
(This used to be commit cf6b6f9c3a)
passdb backend = ldapsam.
Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.
Michael
(This used to be commit 6c3c20e6c4)
Fix winbindd on a Samba DC talking to a trusted domain DC by
making it use the trusted domain password...
Michael
I hope this does not brake any other setup.
(This used to be commit 2322fe5cd7)
LSARPC_DS pipe, continue with no_lsarpc_ds mode here as well to get
domain->initialized set to True. This avoids permanent scanning of Samba3 DCs
in winbindd. Thanks Michael, for pointing this out.
Guenther
(This used to be commit 9b85f7ca43)
Not strictly in the SAM, but close enough. This command acts directly on
the local tdb, no running smbd required
This also changes the root-only check to a warning
(This used to be commit 0c5657b5ef)
The callers of get_domain_group_from_sid() with some justification
expected map->gid to be initialized when get_domain_group_from_sid
returned True.
(This used to be commit bc8b74dbfe)
input data. Use this function in a first step to refactor
the canonicalization code of smbconf_store_values().
Michael
(This used to be commit f4caa2d7d4)
to make this change for ages, but now with the issue of "open" requiring it,
this is the time to just do all of them.
Derrell
(This used to be commit e746aaaf4d)
Now the winbindd cache can be checked at runtime by
calling "smbcontrol winbindd validate-cache".
For the execution of the validation code, I fork a child
and in the child restore the default SIGCHLD handler in
order for the fork/waitpid mechanism of tdb_validate to work.
Michael
(This used to be commit f379a5c47d)
device. The device resets a NBT connection on port 139 when it receives a
NetBIOS keepalive request. That request should be supported when NetBIOS is
in use; Windows is behaving badly.
libsmbclient needs a way to determine if a connection is still alive, and
was using a NetBIOS keepalive request if port 139 was in use (on the
assumption that it was probably NBT), and getpeername() when port 139 was
not being used (assuming naked transport).
This patch simplifies the code by exclusively using getpeername() to check
whether a connection is still alive. The NetBIOS keepalive request is
optional anyway (with preference being given to using TCP mechanisms for the
same purpose), so this should be both simpler and more reliable.
Derrell
(This used to be commit 1f122352b0)
A new wrapper tdb_validate_open() takes a filename an opens and closes
the tdb before and after calling tdb_validate() respectively.
winbindd_validata_cache_nobackup() now dynamically calls one of
the above functions depending on whether the cache tdb has already
been opened or not.
Michael
(This used to be commit dc0b08e659)
So there is a new subcommand "smbcontrol winbindd validate-cache" now.
This change provides the infrastructure:
The function currently returns "true" unconditionally.
The call of a real cache validation function will be incorporated
in subsequent changes.
Michael
(This used to be commit ef92d505c0)
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7)
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.
Guenther
(This used to be commit f5b3de4d30)
Ronnie. If a lock timeout expires, we must check we can get the
lock before responding with failure. Volker is writing a torture test.
Jeremy.
(This used to be commit 45380f356b)
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
(This used to be commit 30d99d8ac3)
The lockup could happen when packet_read_sync() gets two packets in a row, the
first one being an async message, and the second one being the response to a
ctdb request.
Also add some debug msg to ctdb_conn.c, and cut off the "locking key" messages
to only dump 20 hex chars at debug level 10. >10 will dump everything.
(This used to be commit 0a55880a24)
into a tiny winbindd DsGetDcName client. This still does not solve the case of
using the locator from within winbindd itself but at least gencache.tdb and
others are no longer corrupted.
Guenther
(This used to be commit 908e7963b8)
specfic and generic flags in a winbindd_request.
It turns out that the WBFLAG_RECURSE flag is the only non-PAM specific flag we
put into the "flags" field of a winbind request anyway. Now each request
command can use the entire space of the "flags" field.
Guenther
(This used to be commit 18b29763d1)
commit fb52f971986dd298abbcd9745ddf702820ce0184
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:50:26 2007 -0500
Check correct return type for pam_winbind_request_log() wnibind_upn_to_username
which is an int and not NSS_STATUS.
commit 7382edf6fc0fe555df89d5b2a94d12b35049b279
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:30:26 2007 -0500
Allow wbinfo -n to convert a UPN to a SID
commit 8266c0fe1ccf2141e5a983f3213356419e626dda
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 09:53:16 2007 -0500
Merge some of Guenther UPN work for pam_winbind.c (check the winbind separator
and better pam logging when converting a upn to a username).
commit 15156c17bc81dbcadf32757015c4e5158823bf3f
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 08:52:50 2007 -0500
Include Universal groups from the cached PAC/SamLogon info when
generating the list of domain group SIDs for a user's token.
commit 979053c0307b051954261d539445102c55f309c7
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Thu Aug 2 17:35:41 2007 -0500
merge upnlogon patch from my tree
(This used to be commit 98fb5bcd57)
Swat has not been built by default for a while, so I did not notice that
the _ macro is actually used. Re-add the lang_msg_rotate function, this
time only to swat so that this is the only binary that has to take the
16k penalty.
(This used to be commit 191e1ef840)
Jeremy, there are two remaining diffs in sesssetup.c which I don't really
know which one is right. Can you take a look?
Thanks,
Volker
(This used to be commit d82f354487)
Samba's own registry, the access mask for opening the
registry for the write operations needs to be
SEC_RIGHTS_MAXIMUM_ALLOWED instead of REG_WRITE: we can
not open e.g. HKLM read write explicitly, since we can
not write to this virtual part of the registry, only
to the subkeys like 'HKLM\Software\Samba\smbconf' that
are stored on disk.
Note that MAXIMUM_ALLOWED is also what windows' regedit
passed to the open calls.
Michael
(This used to be commit 57c30f7319)
This prevents creation of problematic configurations from registry editors
like regedit or "net rpc registry".
I will refactor the code to be somewhat more concise,
but I wanted to have this in the tree, now I got it working... :-)
Michael
(This used to be commit 4424a03032)
as TALLOC_ABORT() is defined to abort() by default
wrap it into a function so that the function name
in the backtrace shows what happens.
metze
(This used to be commit ddbe971030)
TODO: don't allow '-i -D' and '-D -i' on all
server binaries in the SAMBA_3_2 branch!
The &server_mode patch makes this difficult to check...
metze
(This used to be commit 102bb0fc17)
if parsing of the boolean string was successful.
Also, initialize the local result variable
(although not strictly necessary anymore, now.)
(This used to be commit bf0daa74fa)
instead of a 2-byte zero character. I can't recall what
rode me when I put that "2" there. But now I think I
have got it right... :-)
Michael
(This used to be commit fa010bef11)
contains a correct representation of a boolean value (in the
understanding of loadparm.c).
Make set_boolean() catch passing NULL for the boolean target.
Michael
(This used to be commit d13eaa60f5)
smbd, nmbd and winbindd can be started with invalid options currently.
The first patch attached would be a possible solution.
It contains an exit if an invalid option has been used. The main problem
is, that existing setups with wrong options or missing arguments in start
scripts will break (which is the right behaviour from my point of view).
metze
(This used to be commit 8532e3182a)
and make that the primary context for the request
which the implementations can also use.
- go via functions pointers in the ndr_interface_table
instead of calling functions directly.
metze
(This used to be commit 5c4d998300)
vuid that was allocated whilst the connection is
being constructed and after the connection has been set up.
This is what Windows does and at least one client
(and HP printer) depends on this behaviour. As it
depends on the req struct not yet ported to SAMBA_3_2_0
(Volker, hint hint.... :-) I am not yet adding this
to that branch, but will investigate that tomorrow.
Jeremy.
(This used to be commit a54f2805df)
be called with inverse == NULL.
Add a new function lp_parameter_is_canonical() to check whether a
parameter name is the canonical name (as apposed to an alias).
Michael
(This used to be commit 07dc0fecf5)
rename dcerpc_interface_table -> ndr_interface_table
rename dcerpc_interface_list -> ndr_interface_list
and move them to libndr.h
metze
(This used to be commit f57d23d0f1)
This API will change anyway when moving away from pstrings.
It took so long to fix, because that rename bug I just fixed gave make
test failures that had nothing to do with this one.
I have samba4 tests for both bugs, will check them in when the build
farm has caught up
(This used to be commit d4f442ed9b)
This was broken when I changed reply_mv to wrap in a open_file_ntcreate
call, unix_convert on the destination was called twice
(This used to be commit fddc9db911)
rename struct dcerpc_endpoint_list/struct dcerpc_authservice_list
into ndr_interface_string_array and move it to libndr.h
metze
(This used to be commit 9fec0d6c2c)
a parameter and value into the canonical paramter with the value
inverted if it was in invers boolean synonym.
Make net conf use this function when storing parameters.
Michael
(This used to be commit 3b762ab183)
Also simplify lp_canonicalize_parameter by making use of
the new function "is_synonym_of".
Michael
Note: If anything depends on the exact former output format of
show_parameter list, I would trigger the output of synonym information
by a boolean verbose switch (that could be passed to testparm
via the "-v" command line switch).
(This used to be commit fd2dbae825)
When storing parameters in the smbconf portion of the registry,
up to now, synonyms could be misused to store a parameter twice.
Now this is prevented by canonicalizing the paramter name first.
Also, the value for a boolean parameter checked for validity
before storing the bool in registry.
(The canonicalization should finally go into the registry smbconf
code to also prevent e.g. "regedit" or "net rpc registry" from
storing synonyms. - This is in the making.)
Michael
(This used to be commit 95447dde86)
and produces the "canonical" (or main) name of the parameter (the one
synonym that does not have the flag FLAG_HIDE). The function also sets
a flag as to whether the synonym is a reverse boolean synonym.
Add some functions for the handling of string representations of boolean
values: return the canonical string representation of a bool, invert
a bool given as a string, canonicalize a bool given as a string.
Michael
(This used to be commit 113ac07199)
the request, presumably due to the PROTECTED flag not being set. Setting
that flag (in make_sec_desc()) has much wider implications than just to
libsmbclient, so instead of modifying that, we'll remove security
descriptors by setting the number of ACEs to zero. At some point, we might
want to look into whether we should actually be setting the PROTECTED flag
in the DACL.
Reference http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsce_ctl_qxju.mspx?mfr=true
Derrell
(This used to be commit 319df380e5)
Jeremy, I really apologize for doing this, but I just wanted to enjoy
converting the last SMB call :-)
I've left one little task for you there, I'm not certain that checking
the inbuf length is correct here.
Volker
(This used to be commit 1e08fddafd)
Talked to both Tridge and Jeremy about this, Tridge said that there is a
special error message persuading OS/2 to fall back to other methods.
The calls now checked in always return the error message we used to
return when "read bmpx = False" was set (the default): ERRSRV, ERRuseSTD.
If someone has a reproducable test case where this is really needed, we
can always dig it up from version control and convert it to the new API.
But that time without that silly parameter, and with a torture test case
for "make test" please :-)
Volker
(This used to be commit d941aae2df)
length_is() isn't supported without size_is().
I assume what we need is an array of strings,
so the code isn't used and broken anyway without
a testsuite...just get rid of the pidl warning
metze
(This used to be commit a3fd68d485)