IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Now smbclient, net, and swat use their own proto files - now the global
proto.h
The change to libads/kerberos.c was to break up the dependency on secrets.c -
we want to be able to write an ADS client that doesn't need local secrets.
I have other breakups in the works - I will remove the dependency of
rpc_parse on passdb (and therefore secrets.c) shortly.
(NOTE: This patch does *not* break up includes.h, or other such forbidden
actions).
Andrew Bartlett
(This used to be commit edb41dad2df0ae3db364dbc3896cc75956262edf)
here because HEAD does it differently, someone let me know. This looks ok
and compiles fine from what I can tell.
(This used to be commit 68841ae76289369c0b2e9e964bad1746e6e2cc8b)
a file that is linked with the passdb.
This is to avoid linking insanity when this global becomes a self-initing
function.
(This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651)
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
the DATA_BLOB code into its own file.
It would be nice to go over some of the other util.c functions, and check
that we still use them all, and that we use them in more than one place.
Andrew Bartlett
(This used to be commit d0ea70fce55df9a5b5878f50fce7bc115ffb37c2)
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
so that at least "make clean; make all" doesn't fail.
It's still not safe for parallel builds, i.e. "make clean; make -j3
all" will probably crash, but "make clean; make proto && make -j3 all"
seems OK. I'm not sure if it is possible to solve that and still
support ancient non-GNU versions of Make.
(This used to be commit 4d202c19997d4219e7f607a725123d5606b9bd8a)
because it wasn't killed by delheaders; and there was a race in
delheaders with make -j.
(This used to be commit a615811f57f2827dd1b9cd23ad3e34e5a9fb22da)
this mode improves the response time of winbindd by having a
background process update the cache while the forground process
responds to queries from cache.
You can enable this mode using the -B command line option. It is quite
experimental, which is why it is not the default.
(This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)
the hash for this scheme is *much* larger (approximately 31 bits) and
the code is written to be very fast, correctly handling multibyte
while not doing any actual multi-byte conversions in the vast majority
of cases
you can select this scheme using "mangling method = hash2", although I
may make it the default if it works out well.
(This used to be commit bb173c1a7e2408ced967ebac40b5e3f852ccd3a1)
mangling implementation, selectable using "mangling method = " in smb.conf
It also tidies the interface a little, although it is still nasty.
(This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
directory so we don't keep getting these stupid error messages about
incorrect size for valid.dat upcase.dat and lowcase.dat
(This used to be commit 4af0c7a93f626dde33fd737618c2b786f83046c7)
does not imply that all source will be rebuilt when prototypes change,
merely that the prototypes will be updated.
make proto, clean, delheaders, headers, etc all behave equivalently to
before.
Intended new behaviour for proto.h, whenever source is being
compiled:
If proto.h does not exist, it is built.
If any source files have changed since proto.h was last checked
(.proto.check), then proto.h is checked. If there are no actual
changes since last time, its mtime is not changed, but we do
remember the time at which it was checked.
Whenever we try to build a .o, we need to check the headers are up
to date. However, rebuilding the prototypes does not imply
rebuilding all object files.
Also to allow people to build on machines without Awk, we never try
to use it unless a source file has changed. I guess if we wanted,
we could have lack of Awk only cause a warning, not failure.
The point of all of this is to be easier on people who don't
understand or forget to type "make proto", and to reduce the chance of
build breakage by having prototypes out of sync.
I also rolled back JF's changes to put proto.h into builddir rather
than srcdir. There are good arguments in both directions, but since
we keep proto.h in CVS, it seems important that the up-to-date copy by
in srcdir where it can be checked back in. If people are fussed about
having srcdir be readonly you could change this -- but since proto.h
is only rebuilt when there are changes, it's not a big deal.
I also fixed an apparent race condition in "make headers" that would
make it unsafe if you did 'make -j2', and made 'make clean' not kill
proto.h, since people may not be able to rebuild it.
I reckon there's nothing gnumake-specific here but we shall see.
I also have this great idea about rewriting libtool in C++...
(This used to be commit 8a61a810e5a29050b0cf242d317c7cc00329517b)
into its own. The 'installdirs' makefile entry didn't do anything on my laptop,
so it has been replaced with the section from installbin.sh.
This also fixes the bug that we ignored the setting of $(PRIVATEDIR) when
making the directories.
Finally, link pam_winbind with .po objects only, not a mix of .o and .po
(as per Don Mccall's request).
Andrew Bartlett
(This used to be commit c7a883df28da9dd6fb88198df22c4d78bf8acd8b)
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts
thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
when complete, this will be used to backup critical tdbs at samba
startup and possibly periodically while Samba is running so that if
tdb corruption is caused by a power failure Samba can restore from the
backup.
(This used to be commit f619330082712cab72ec2d2ab76d67b8e9f3194c)
This allow the user to select
'passdb backend = plugin : /path/to/plugin.so : pluging args'
And load any arbitary plugin. Apparently Jelmer has a mysql plugin in the
works - hence this patch.
We probably need to rework the interface a bit before 3.0 (add versioning of
some kind) but this is a good start.
Andrew Bartlett
(This used to be commit d6d18b70f0c377344b0b3d9df5a11d209793bfe0)
