IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
- speed up provisioning a bit using a ldb transaction (also means you
can't end up with a ldb being half done)
(This used to be commit 91dfe304cf688bb81b69ff3192ac84b78b34b311)
js arrays are a special type of object where the length property is
automatic, and cannot be modified manually. Our code was manually
setting length, which made it abort when someone passed in a real ejs
array. To fix this we need to create real arrays instead of objects,
and remove the code that manually sets the length
(This used to be commit ebdd1393fde44a0a35446d1a922d29a7c1769ba7)
problem is really caused by hklm not having objectclass attributes on
its records, but this is a workaround)
(This used to be commit 62d5253a033f47335ceefade9ad7d98ddfc19584)
so you can use them in search filters,
only for administration not used inside the winserver code
- fix the samba3 ugrade scripts to create a correct samba4 wins.ldb
metze
(This used to be commit 9f3b6746d86583c48097da48c28f50f075bbd3e3)
if we fail to erase a ldb during provision by traversing
and deleting records (an in-place erase) then just unlink it
and start it again. This makes provisioning much more robust
to changes in ldb that make it not backward compatible with
old DBs.
(This used to be commit 173655aec25c462b8b90b850df65ae6f95f44efb)
Write out new smb.conf file. Parameters that have disappeared
between Samba 3 and 4 will optionally be prefixed with 'samba3:'
(This used to be commit 27eefbd9059fe0a3daca15a71da7b4cb88ed22ec)
calls. The previous IDL was just a workaround for the limitations of
our older rpc infrastructure. Now that Jelmer has added much improved
string support using the charset keyword we can correctly implemenent
the unusual winreg string buffers.
Jelmer, note the little comment I put on winreg_StringBuf() about why
I couldn't use [value()] for the length field.
This also fixes EnumKey() and EnumValue() to use NTTIME fields for the
last_changed_time. I don't know why we were using a pair of uint32's,
as it is just a NTTIME.
(This used to be commit 8354b016122cc4f3cff042b3ada1de07e1614eb7)
