IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb
ldif code. To do that I have changed the ldap code to use 'struct
ldb_message_element' instead of 'struct ldap_attribute'. They are
essentially the same structure anyway, so by making them really the
same it will be much easier to use the ldb code in libcli/ldap/
I have also made 'struct ldb_val' the same as a DATA_BLOB, which will
simplify data handling in quite a few places (I haven't yet removed
all the code that maps between these two, that will come later)
files don't need to match the type names in the generated headers
- with this type mapping we no longer need definitions for the
deprecated "int32", "uint8" etc form of types. We can now force
everyone to use the standard types int32_t, uint8_t etc.
- fixed all the code that used the deprecated types
- converted the IDL types "int64" and "uint64" to "dlong" and
"udlong". These are the 4 byte aligned 64 bit integers that
Microsoft internally define as two 32 bit integers in a
structure. After discussions with Ronnie Sahlberg we decided that
calling these "int64" was confusing, as it implied a true 8 byte
aligned type
- fixed all the cases where we incorrectly used things like
"NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
those. The fact that it is hyper-aligned on the wire is not relevant
to the API, and should remain just a IDL property
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
setting of "server signing = auto", which means to offer signing
only if we have domain logons enabled (ie. we are a DC). This is a
better match for what windows clients want, as unfortunately windows
clients always use signing if it is offered, and when they use signing
they not only go slower because of the signing itself, they also
disable large readx/writex support, so they end up sending very small
IOs for.
- changed the default max xmit again, this time matching longhorn,
which uses 12288. That seems to be a fairly good compromise value.
the idea is that a passthru module can use ntvfs_async_state_push() before
calling ntvfs_next_*() and in the _send function it calls
ntvfs_async_state_pop() and then call the upper layer send_fn itself
- ntvfs_nbench is now fully async
- the ntvfs_map_*() functions and the trans(2) mapping functions are not converted yet
metze
signed integer values for enum), and it is also very confusing to read.
Also, please align defines nicely. The value of SV_TYPE_DOMAIN_ENUM
was defined incorrectly, which became obvious when you align the
defines, but wasn't at all obvious in the original code.
- removed redundent defines in smb.h
preparation for the full share modes and ntcreatex code that I am
working on.
highlights include:
- changed the way a backend determines if it is allowed to process a
request asynchronously. The previous method of looking at the
send_fn caused problems when an intermediate ntvfs module disabled
it, and the caller then wanted to finished processing using this
function. The new method is a REQ_CONTROL_MAY_ASYNC flag in
req->control_flags, which is also a bit easier to read
- fixed 2 bugs in the readbraw server code. One related to trying to
answer a readbraw with smb signing (which can't work, and crashed
our signing code), the second related to error handling, which
attempted to send a normal SMB error packet, when readbraw must
send a 0 read reply (as it has no header)
- added several more ntvfs_generic.c generic mapping functions. This
means that backends no longer need to implement such esoteric
functions as SMBwriteunlock() if they don't want to. The backend
can just request the mapping layer turn it into a write followed by
an unlock. This makes the backends considerably simpler as they
only need to implement one style of each function for lock, read,
write, open etc, rather than the full host of functions that SMB
provides. A backend can still choose to implement them
individually, of course, and the CIFS backend does that.
- simplified the generic structures to make them identical to the
principal call for several common SMB calls (such as
RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX).
- started rewriting the pvfs_open() code in preparation for the full
ntcreatex semantics.
- in pvfs_open and ipc_open, initially allocate the open file
structure as a child of the request, so on error we don't need to
clean up. Then when we are going to succeed the open steal the
pointer into the long term backend context. This makes for much
simpler error handling (and fixes some bugs)
- use a destructor in the ipc backend to make sure that everthing is
cleaned up on receive error conditions.
- switched the ipc backend to using idtree for fnum allocation
- in the ntvfs_generic mapping routines, use a allocated secondary
structure not a stack structure to ensure the request pointer
remains valid even if the backend replies async.
This adds a pvfs_wait_message() routine which uses the new messaging
system, event timers and talloc destructors to give a nice generic
async event handling system with a easy to use interface. The
extensions to pvfs_lock.c are based on calls to pvfs_wait_message()
routines.
We now pass all of our smbtorture locking tests, although while
writing this code I have thought of some additonal tests that should
be added, particularly for lock cancel operations. I'll work on that
soon.
This commit also extends the smbtorture lock tests to test the rather
weird 0xEEFFFFFF locking semantics that I have discovered in
win2003. Win2003 treats the 0xEEFFFFFF boundary as special, and will
give different error codes on either side of it. Locks on both sides
are allowed, the only difference is which error code is given when a
lock is denied. Anyone like to hazard a guess as to why? It has
me stumped.
server side request structure to prevent a structing being freed in
some circumstances. This change replaces this with the much more
robust mechanism of talloc_increase_ref_count().
goodness and light' struct ;-)
Break apart the auth subsystem's return strucutres, into the parts
that a netlogon call cares about, and the parts that are for a local
session. This is the 'struct session_info' and it will almost
completly replace the current information stored on a vuid, but be
generic to all login methods (RPC over TCP, for example).
Andrew Bartlett
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
This removes the code that tried to lookup posix groups, as well as
the code that was tied to the SAM_ACCOUNT.
This should make auth_ldb much easier to write :-)
Andrew Bartlett
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
