IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This stores the mappings found in the idmap cache (which lives
inside gencache). This cache is already read in sid_to_Xid()
and Xid_to_sid() for ldapsam:trusted, this fills the opposite
direction, massively reducing the number of ldap roundtrips
across smbd restarts.
Michael
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
It doesn't really matter if the entries
have invalid context in it. Older versions of samba
refuse to open the file if the version doesn't match.
If we can't parse individual records, we'll fail schannel binds,
but the clients are supposed to reestablish the netlogon secure channel
by doing ServerReqChallenge/ServerAuthenticate* again. This
will just overwrite the old record.
metze
Ok, that's a very long-standing one. I finally got around to install a recent
OpenLDAP and test the different variants of setting a NULL password etc.
Thanks all for your patience!
Volker
The search function retries once, the modifying call that hits a dead smbd
returns an error. The next try will reconnect. This was simple to implement and
provides a good compromise against Samba4 idling our connection. Most of the
modifying calls are quickly after a search (like OpenUser) anyway.
We will have arrays of controls passed to tldap.c. Follow a mantra from the
classic book "Thinking Forth" by Leo Brodie: Favor counts over terminators :-)
This makes the parameter lists to tldap pretty long, but everyone will have
wrapper routines anyway, see for example tldap_search_fmt. And the OpenLDAP
manpages call the non-_ext routines deprecated, probably for a reason.
The samba4 password_hash module does not allow changing the password fields via
the "delete oldval" -> "add newval" set of modify operations, it requires a
single "replace with newval" operation.
Andrew, Samba3 by default uses that delete/add pair to detect if between
fetching the old value and storing the new one the old value has changed. This
is lost by using the "replace" operation.
Would it make sense to add this to the password_hash module?
Volker
when _samr_LookupRids is called with no rids, it needs to return
NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY).
Found by RPC-SAMR torture test.
Guenther
The purpose of this module is to connect to a locally running samba4 ldap
server for an alternative "Franky" setup. Right now it contains a couple of
gross hacks: For example it just takes the s4-chosed RID directly as uid/gid...
Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a
start...
This patch changes the way smbpasswd behaves when adding/deleting users.
smbpasswd now calls pdb_create_user/pdb_delete_user, this means that if
add/delete user scripts are configured then they are used to create or
delete unix users as well. If the scripts are not defined the behavioris
unchanged.
This also allow to use smbpasswd -a/-x with ldapsam:editposix to allow
automatic creation/deletion of users.
Signed-off-by: Günther Deschner <gd@samba.org>
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
This removes calls to push_*_allocate() and pull_*_allocate(), as well
as convert_string_allocate, as they are not in the common API
To allow transition to a common charcnv in future, provide Samba4-like
strupper functions in source3/lib/charcnv.c
(the actual implementation remains distinct, but the API is now shared)
Andrew Bartlett
