IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5d)
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563)
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
(This used to be commit 4e1a0b2549)
smb4k uses 'net rap server domain' to list servers in domain.
Previously we just ignored all arguments in net_rap_server() but now we don't
as 'net rap server name' has added an explicit check on arguments.
Allow 'net rap server domain' to aid smb4k. Any other arguments will cause help message.
(This used to be commit 8f78b6ce3a)
Strip them out when referencing share_type[] entries.
Apparently, some Windows XP installs create shares set to STYPE_HIDDEN by default, found by
Damir Shayhutdinov <damir@altlinux.org>. This also fixes smb4k crashes as it does call 'net share -l'.
(This used to be commit c3f4fdd37e)
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit fb6ac8a5b2)
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit e43e94cda1)
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c)
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e59)
is moving functions around to fix some linker dependencies for the registry.
Michael, I've renamed your auth_utils2.c to token_utils.c.
Thanks!
Volker
(This used to be commit 9de16f25c1)
This means that smbpasswd -c user (which in htpasswd creates a new file)
and smbpasswd -c /not/my/smb.conf should give errors an admin will
think to chase down.
Andrew Bartlett
(This used to be commit 721375e14c)
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
(This used to be commit 5035778ae4)
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e)
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
(This used to be commit 1c9e10569c)
for utimes - change the call to ntimes. This preserves
nsec timestamps we get from stat (if the system supports
it) and only maps back down to usec or sec resolution
on time set. Looks bigger than it is as I had to move
lots of internal code from using time_t and struct utimebuf
to struct timespec.
Jeremy.
(This used to be commit 8f3d530c5a)
The background behind this patch is that we're using ntlm_auth with
Wine. Windows allows us to pass in a NULL domain and a username of the
form of "user@domain" and this is converted into an NTLMSSP_AUTH packet
with a NULL domain name and a username of the same form.
Jeremy.
(This used to be commit 32b040fe05)
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62a)
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b722)
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181d)
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65)
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89a)
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197)
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cf)
* Fix DNS updates for multi-homed hosts
* Child domains often don't have an NS record in
DNS so we have to fall back to looking up the the NS
records for the forest root.
* Fix compile warning caused by mismatched 'struct in_addr'
and 'in_addr_t' parameters called to DoDNSUpdate()
(This used to be commit 3486acd3c3)
Wnidows 2000 DNS which expects the TKEY payload to
be in the answer section and not in the additional
set of records (like Windows 2003 and the RFC).
(This used to be commit a3b6734fda)
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de)
other StringBufs, otherwise clicking on a key with this value being set leads
to regedit.exe on w2k3 chew all memory.
(This used to be commit b148cde7f3)
waiting for comments. This is what version control is for, and it does fix a
segfault I ran into ;-)
Nevertheless, Jelmer & Jerry, please take a look!
Thanks,
Volker
(This used to be commit 95c14a822c)
(http://www.centeris.com/) under my copyright.
* Rework error reporting to use DNS_ERROR instead
of int32
* Convert memory allocation to use talloc()
* Generalize the DNS request/response packet marshalling
* Fix the secure update requests
(This used to be commit c787983336)
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f20)
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284)
For those who are interested, try
net ads gpo refresh mybox$
to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache.
Detailed information about GPOs is currently only printed when setting a
higher debuglevel then 0.
Guenther
(This used to be commit d086babf9d)
items in cac_winreg.c
* Get 'net rpc registry enumerate' to list values again
* Fix winreg.idl QueryInfoKey(). The max_subkeysize is the
max_classlen (we previously had this correct in Samba3")
* fix valgrind error about uninitialized memory and use-before-set
on size value inmemset() call
* Fix key enumeration in 'net rpc registry enumerate'
* regenerate gen_dir files based on local pidl patches
Please note that the generated ndr files are from my local
copy of pidl. If you need to regenerate, please apply the
patch that I posted to the samba-technical list earlier today.
(This used to be commit 5d843612a1)
still doesn't compile with immediate structures and the
NTSTATUS/WERROR separation, as there are still several places where
the two error types are mixed up. I haven't fixed those as they
require decisions about the rpcclient code that I really don't want to
get into (the error handling there is a mess)
So samba3 compiles now, but only becaise HAVE_IMMEDIATE_STRUCTURES is
not used (look for HAVE_IMMEDIATE_STRUCTURES_XX_DISABLED)
(This used to be commit 8438a6a7d4)
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399)
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
(This used to be commit 7db6ce295a)
Remove the account_policy_migrated() thingy, and make cache_account_policy_set
use gencache. Account policies are now handled like groups and users are with
respect to "passdb backend".
Volker
(This used to be commit fa8b2e2a58)
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680eb)
domain and user args. if only given a parameter of the
form --username DOMAIN\user. When called by firefox
or other user apps they may not know what the domain
is (and they don't care). They just want to pass the
contents of $USERNAME without having to parse it
or guess a domain.
Jeremy.
(This used to be commit 5f51417916)
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e)
return NTSTATUS.
If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.
Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?
Volker
(This used to be commit 60a166f034)
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.
It's still got some warts, but non-secure updates do
currently work. There are at least four things left to
really clean up.
1. Change the memory management to use talloc() rather than
malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
(and under the LGPL).
A few notes:
* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
issues.
(This used to be commit 36f04674ae)
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a1)
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490)
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
(This used to be commit bd3e06a0e4)
