IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
auth_winbind to work, and to therefore use the new ntlm_auth and
GENSEC in an otherwise Samba3 setup.
I'm not quite sure what fun-and games my svn cp caused as I merged
this from samba_3_0, but anyway...
Andrew Bartlett
(This used to be commit 5925b94a59)
The various interface that support ncalrpc work nicely when tested
with smbtorture and ncalrpc.
Running RPC-SAMR against local smbd here is slightly faster using ncalrpc:
ncalrpc: 1.8 sec
ncacn_ip_tcp: 1.9 sec
ncacn_np: 2.5 sec
(This used to be commit 2cfc8f24ce)
Examples of binding strings are :
ncalrpc:[EPMAPPER]
ncacn_unix_stream:[/tmp/epmapper]
N.B. The unix socket support in lib/socket/ appears to close and remove the
socket it is listening on after the first client disconnects so until
that has been fixed, it is only possible to do one ncalrpc: or ncacn_unix_stream: request per instance of smbd :-)
Support for looking up NCALRPC names via the endpoint mapper will be added later.
(This used to be commit 426f3e63ca)
share_access support). This is enough for us to pass the BASE-DENY2
test, but is a long way from fully correct share modes.
(This used to be commit b5a6dd3cbf)
pvfs_open, and handle the various race conditions that are inherent in
cifs on unix, so we do the best we can when the race happens.
the ntcreatex code is really starting to take shape now
(This used to be commit 395c3815b4)
- made idtree return a "struct idr_context *" instead of a void*
- more efficient idr_remove for ids that are not present (patch from Jim Houston)
(This used to be commit f8d12d4b4a)
want to expose the brl context structure outside the brlock.c
code. Instead, I now use "struct brl_context *" and rely on C being
happy to pass around pointers to unknown structures as long as they
are not dereferenced. I will be interested to see how the build farm
likes this.
(This used to be commit cb155c8ad8)
Add local test for testing the functions dcerpc_parse_binding(),
dcerpc_binding_string() and dcerpc_binding_build_tower()
(This used to be commit 7a07c2c769)
can never be perfect, as openx can do things that ntcreatex can't, but
with this tweak we get close (the BASE-DENY1 test passes completely,
for example)
(This used to be commit 88112b9677)
I'm not quite sure what's going on here, but adjust expected values
till I can find out how to reproduce this the other way...
Andrew Bartlett
(This used to be commit 3f0f6b38f2)
- add tests for ldbrename
- disable all tests which regenerate the index
(this is broken for me...the process hangs,
tridge we need to discuss that)
- link only the needed stuff to the ldb tools
- build ldbtest inside samba
metze
(This used to be commit 18552f4786)
the ntvfs_generic mapping functions rather than sending the exact
function asked for. This allows the generic mapping functions to be
tested by comparing the behaviour of smbtorture against two cifs
backend shares, one using "cifs:mapgeneric = true" and the other
"cifs:mapgeneric = False"
(This used to be commit c240c6bca5)
preparation for the full share modes and ntcreatex code that I am
working on.
highlights include:
- changed the way a backend determines if it is allowed to process a
request asynchronously. The previous method of looking at the
send_fn caused problems when an intermediate ntvfs module disabled
it, and the caller then wanted to finished processing using this
function. The new method is a REQ_CONTROL_MAY_ASYNC flag in
req->control_flags, which is also a bit easier to read
- fixed 2 bugs in the readbraw server code. One related to trying to
answer a readbraw with smb signing (which can't work, and crashed
our signing code), the second related to error handling, which
attempted to send a normal SMB error packet, when readbraw must
send a 0 read reply (as it has no header)
- added several more ntvfs_generic.c generic mapping functions. This
means that backends no longer need to implement such esoteric
functions as SMBwriteunlock() if they don't want to. The backend
can just request the mapping layer turn it into a write followed by
an unlock. This makes the backends considerably simpler as they
only need to implement one style of each function for lock, read,
write, open etc, rather than the full host of functions that SMB
provides. A backend can still choose to implement them
individually, of course, and the CIFS backend does that.
- simplified the generic structures to make them identical to the
principal call for several common SMB calls (such as
RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX).
- started rewriting the pvfs_open() code in preparation for the full
ntcreatex semantics.
- in pvfs_open and ipc_open, initially allocate the open file
structure as a child of the request, so on error we don't need to
clean up. Then when we are going to succeed the open steal the
pointer into the long term backend context. This makes for much
simpler error handling (and fixes some bugs)
- use a destructor in the ipc backend to make sure that everthing is
cleaned up on receive error conditions.
- switched the ipc backend to using idtree for fnum allocation
- in the ntvfs_generic mapping routines, use a allocated secondary
structure not a stack structure to ensure the request pointer
remains valid even if the backend replies async.
(This used to be commit 3457c1836c)
field. Add torture test for setting this feild - including all the
odd cases (not all the flags 'stick', and not others cannot be
removed).
Seperate the two 'password change' flags, and test them both in the
torture code.
Check that the password did change after every password set call.
Andrew Bartlett
(This used to be commit 3759128bd3)
an extremely efficient way of mapping from an integer handle (such as
an open file handle) to a pointer (such as the structure containing
the open file information). The code is taken from lib/idr.c in the
2.6 Linux kernel, and is very fast and space efficient. By using
talloc it even has auto cleanup.
This commit converts the handling of open file handles and open
directory search handles to use the idtree routines. In combination
with talloc destructors, this simplifies the structure handling in the
pvfs backend a lot. For example, we no longer need to keep a linked
list of open directory searches at all, and we no longer need to do
linear scans of the list of open files on most operations.
The end result is that the pvfs code is now extremely scalable. You
can have 10s of thousands of open files and open searches and the code
still runs very fast.
I have also added a small optimisation into the file close path, to
avoid looking in the byte range locking database if we know that there
are no locks outstanding.
(This used to be commit 16835a0ef9)
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The
default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]",
where ifacename is the name of the interface.
Examples:
[
uuid(60a15ec5-4de8-11d7-a637-005056a20182),
endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:")
]
interface rpcecho
{
void dummy();
}
dcerpc_binding is now converted to ep_description in the server, but I hope to
completely eliminate ep_description later on.
The eventual goal of all these changes is to make it easier to add
transports as I'm going to add support for
ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets).
(This used to be commit f3da7c8b44)
in the right state when called. For example, when we use the unixuid
handler in the chain of handlers, and a backend decides to continue a
call asynchronously then we need to ensure that the continuation
happens with the right security context.
The solution is to add a new ntvfs operation ntvfs_async_setup(),
which calls all the way down through the layers, setting up anything
that is required, and takes a private pointer. The backend wanting to
make a async calls can use ntvfs_async_setup() to ensure that the
modules above it are called when doing async processing.
(This used to be commit a256e71029)
- added a pvfs_lock_close_pending() hook to remove pending locks on file close
- fixed the private ptr argument to messaging_deregister() in pvfs_wait
- fixed a bug in continuing lock requests after a lock that is blocking a pending lock is removed
- removed bogus brl_unlock() call in lock continue
- corrected error code for LOCKING_ANDX_CHANGE_LOCKTYPE
- expanded the lock cancel test suite to test lock cancel by unlock and by close
- added a testsuite for LOCKING_ANDX_CHANGE_LOCKTYPE
(This used to be commit 5ef80f034d)
[] is now mandatory
: after the hostname is no longer allowed
examples of allowed binding strings:
ncacn_np:myhost[samr]
ncacn_ip_tcp:10.0.0.1[1045]
ncacn_ip_tcp:2001:7b8:37b:1:210:dcff:fecb:a9e3[1024,sign,seal]
ncacn_np:myhost
ncacn_ip_tcp:192.168.4.2
308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2
308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2[,print]
Note that the last two lines are not recognized by smbtorture as a binding
string yet. dcerpc_parse_binding() does accept them though.
(This used to be commit c15862e778)
This adds a pvfs_wait_message() routine which uses the new messaging
system, event timers and talloc destructors to give a nice generic
async event handling system with a easy to use interface. The
extensions to pvfs_lock.c are based on calls to pvfs_wait_message()
routines.
We now pass all of our smbtorture locking tests, although while
writing this code I have thought of some additonal tests that should
be added, particularly for lock cancel operations. I'll work on that
soon.
This commit also extends the smbtorture lock tests to test the rather
weird 0xEEFFFFFF locking semantics that I have discovered in
win2003. Win2003 treats the 0xEEFFFFFF boundary as special, and will
give different error codes on either side of it. Locks on both sides
are allowed, the only difference is which error code is given when a
lock is denied. Anyone like to hazard a guess as to why? It has
me stumped.
(This used to be commit 4395c0557a)
event_context_merge() code leaves the events as grandchildren of the
events context, not children, so talloc_unlink() will not work after
the merge
(This used to be commit 2d0dfe607d)
full. This means callers can just "send and forget" rather than
having to check for a temporary failure. The mechanism takes nice
advantage of the timed events handling is our events code. A message
will only fail now if we completely run out of some resource (such
as memory).
- changed the test code not to do retries itself, but only to warn on real failures
(This used to be commit 8cddc610a2)
- added the new messaging system, based on unix domain sockets. It
gets over 10k messages/second on my laptop without any socket
cacheing, which is better than I expected.
- added a LOCAL-MESSAGING torture test
(This used to be commit 3af06478da)
will shortly be using this for a rewrite of the intra-smbd messaging
library, which is needed to get lock timeouts working properly (and
share modes, oplocks etc)
(This used to be commit 6f4926d846)
caller doesn't have to worry about the constraint of only opening a
database a single time in a process. These wrappers will ensure that
only a single open is done, and will auto-close when the last instance
is gone.
When you are finished with a database pointer, use talloc_free() to
close it.
note that this code does not take account of the threads process
model, and does not yet take account of symlinks or hard links to tdb
files.
(This used to be commit 04e1171996)
idl. This allows us to pass a buffer of bytes returned from a spoolss
call and convert it to a Python dictionary. Works for enumprinters level
1!
(This used to be commit 4bc497a299)
from inside a swig %exception block and into the argout typemap. This
will allow us to wrap functions that don't require exception handling, and
also get rid of some ugly code in dcerpc.i
(This used to be commit 558076cc8d)
the [gensize] property to a struct or union will make pidl generate a
ndr_size_*() function.
(not all nasty bits of NDR are completely covered yet by the
ndr_size*() functions, support for those will be added when necessary)
I also have a local patch (not applied now) that simplifies the pidl output
and eliminates the number of functions required. It would, however, make
pidl more complex.
(This used to be commit 7c823f886a)
they have been broken for 4 years (ever since they were added) and
have been never used, which makes them prime candidates for
destruction.
(This used to be commit 0b53ab85aa)
manner. I'm hoping to get rid of DATA_BLOB's but for the moment they
make it easy to get some spoolss action happening quickly.
(This used to be commit 15f8f73f8b)
can correctly (and quickly!) handle unaligned little endian memory
accesses, just like i386. This should reduce code size and speeds
things up quite a lot on ppc, at the expense of some inline asm code
(whcih means it only works with gcc)
(This used to be commit 2a0c427c2b)
warnings, making real errors impossible to spot.
this fixes the warnings, and probably fixes some pidl/python bugs as
well.
(This used to be commit 2f1e9954e3)
range checking of any integer value, to help protect against denial of
service attacks (which could otherwise cause large memory allocations)
(This used to be commit dbe6430d78)
- added SID_WORLD and SID_NETWORK to the foreign sids in the
provisioning, as these are auto-added to the nt_user_token (why is
that done? Andrew?)
(This used to be commit 1dff12fba8)
(as it could cause a overflow). Print a message giving the character
values involved in the expansion so it can be debugged if it happens.
(This used to be commit 2a6f59f376)
doesn't actually leave us in the requested sec context between
requests yet, but it does prevent us from doing the samdb lookup on
every packet.
This change speeds up the BASE-MANGLE test against Samba4 with 5000
operations from 61 seconds to 16 seconds. For reference, Samba3 takes
27 seconds for the same test (the string and filename handling in
Samba4 is much more efficient than Samba3)
(This used to be commit da0481ac75)
excellent, as it means we don't lose any compatibility by also not
giving sorted listings. I was very much afraid that applications had
begun to rely on this (as its guaranteed by w2k NTFS).
no longer mark a non-sorting server as an error
(This used to be commit 1d21c9a9d1)
- don't check for '.' specially in checking for legal names. Longhorn
doesn't do this any more, and its a real pain. Longhorn allows for
filenames ending in '.', and with as many '.' elements as you like.
(This used to be commit 0a475175c5)
the current ones. It took me three hours to realise that the DCOM standard
contains false protocol numbers (apparently someone converted the protocol
numbers to hex twice, i.e. 13 -> 0c and 14 to 0d). There are no longer
duplicates in the list with protocol numbers now.
(This used to be commit f355cd4264)
string conversion. For RPC, all string conversions are supposed to be
done by the NDR layer, using string flags set in the IDL. The reason
this wasn't working is that I had been too lazy to do the STR_ASCII
string types properly at the NDR layer when initially writing
ndr_basic.c.
This commit fixes the ndr_basic code properly to do all ASCII
varients, by re-using the non-ascii code and a "byte_mul" local
variable. I have also removed the manual string conversion in the SAMR
torture test code.
(This used to be commit aad0e7e9d8)
convert_string_talloc() implementation.
the previous version used a minimum of 512 bytes, which is way above the average
of what is needed.
(This used to be commit abcd841a85)
on systems that have the intptr_t type, and for systems that don't
have it, they also almost certainly won't have -Wcast-qual, so we can use a
void* cast.
(This used to be commit 2132d38f9c)
- don't say that we provide the same functionality as w2k3
- netbiosname is always upper case hostname
- minor fixes rootdse.pl
metze
(This used to be commit 0b30ec593f)
The motivation for this change was to avoid having to convert to/from
ucs2 strings for so many operations. Doing that was slow, used many
static buffers, and was also incorrect as it didn't cope properly with
unicode codepoints above 65536 (which could not be represented
correctly as smb_ucs2_t chars)
The two core functions that allowed this change are next_codepoint()
and push_codepoint(). These functions allow you to correctly walk a
arbitrary multi-byte string a character at a time without converting
the whole string to ucs2.
While doing this cleanup I also fixed several ucs2 string handling
bugs. See the commit for details.
The following code (which counts the number of occuraces of 'c' in a
string) shows how to use the new interface:
size_t count_chars(const char *s, char c)
{
size_t count = 0;
while (*s) {
size_t size;
codepoint_t c2 = next_codepoint(s, &size);
if (c2 == c) count++;
s += size;
}
return count;
}
(This used to be commit 814881f0e5)
IDL so this works (the previous IDL was bogus)
- changed a hyper to uint64 after looking at output on cascade on sparc
(This used to be commit db1ed5675a)
conjunction with the posix backend this gives us a way to correctly
setup the unix security context in Samba4.
I chose the following method to determine the unix uid's and gid's to
use given the list of SIDs from the login process
- look for a "UnixID" field in the sam record. If present, then use it
(check if the record is of the right type as well)
- if UnixID is not present, then look for the "UnixName" sam
field. If it is present then use getpwnam() or getgrnam() to find
the unix id.
- if UnixID and UnixName are not present, then look for a unix
account of the right type called by the same name as the sAMAccountName field.
- if none of the above work then fail the operation with NT_STATUS_ACCESS_DENIED
obviously these steps only work well with a local SAM. It will need to
be more sophisticated in future.
I did not put any cache in place at all. That will need to be added
for decent performance.
(This used to be commit 78b67d19b9)
the first was it didn't pass primaryGroupID as an attributed it
wanted, the second was it didn't cope with primaryGroupID not being
present.
(This used to be commit 8373bfcdec)
so talloc now doesn't contain any ldb specific functions.
allow NULL to be passed to a couple more talloc() functions
(This used to be commit 1246f80d80)
which is much clearer and simpler to use. It removes a specific parent
from a pointer, no matter whether that parent is a "reference" or a
direct parent. This gives complete control over the free process.
(This used to be commit 6c563887f1)
