IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This builds on the work tridge did to make -lcrypt conditional, rather
than globally linked. This was needed for Heimdal stuff, but then I
'fixed' heimdal, and we now reintroduce it here.
Andrew Bartlett
(This used to be commit 83d9d8f482)
in the ncacn_np trnaport
it's now supported to use the ip address in smbtorture for ncacn_np tests
that use dcerpc_server_name(),
and we can now pass the dns host name in the tree connect when we have the dns name
on the smbtorture command line
metze
(This used to be commit e29edbc7e6)
- make not finding smb.conf a level 1 message, not level 0. Most of our
tools handle no smb.conf, and those that don't should check for the
specific parameters they need, or use the defaults
(This used to be commit 8c17b61f8e)
sam database = sam.ldb
and it will know to put it in the private dir, but if you use
sam database = ldap://server
it knows to use it as-is
(This used to be commit c5bccbc366)
the individual services that need at least one known interface check for it anyway
this should fix provisioning on macosx
(This used to be commit 5ad0dc97d0)
they slightly changed the semantics of value() in pidl, which broke
a optimisation hack in some of our IDL files.
I've changed the idl files to remove the hack for now. Sometime we
need to find a better way to handle these :-)
(This used to be commit 765f75ea63)
I'm looking forward to deleting this file when we can add users using
the web intgerface (and maybe ejs scripts for the command line)
(This used to be commit 836e5782fd)
Some of these should probably be re-added again later when
we need them. They should then be added to the appropriate config.m4 file
in the source tree rather then in rewrite.m4.
(This used to be commit 4eca613470)
structure in ndr_push_*() and ndr_print_*(). The push and print
functions really should not modify the structure.
metze, to make this work I had to change your spoolss hand
marshaller. Can you please check it is OK? I think that the IN and OUT
sides of that function are not ever called on the same structure, so I
think that attempt at remembering the value by assigning to
r->in._offered was not doing anything anyway, but please correct me if
I have misunderstood it.
If you really do need to remember something on those structures I'd
suggest the ndr_token_store() and ndr_token_retrieve() functions,
which are used by pidl for just this sort of thing.
(This used to be commit eee528be97)
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8d)
(used in configure.in, but their output is never used) autoconf macros:
- AC_DEFINE
- AC_CHECK_FUNC
- AC_CHECK_FUNCS
- AC_CHECK_HEADER
- AC_CHECK_HEADERS
(This used to be commit 897d7b7d39)
Steven Edwards <steven_ed4153@yahoo.com>.
I've moved the Win32-specific tests to win32.m4 so it does not
make any of the POSIX configure stuff more complicated.
(This used to be commit bf85fdd015)
lifetime constraints, and works with the in-memory keytab.
Move initialize_krb5_error_table() into our kerberos startup code,
rather than in the GSSAPI code explitly. (Hmm, we probably don't need
this at all..)
Andrew Bartlett
(This used to be commit bedf92da5c)
(I just commit this to see how portable it is)
I have a patch that remove the need of the recursiv make
and also fixes the HEIMDAL_EXTERNAL stuff cleanly
metze
(This used to be commit 21d930cfc3)
ldapsearch. They look for an '=' in the first argument to see if it is
a search expression, and if not then it does an 'all records' search
(This used to be commit 91cc009fed)
in tests/test-sqlite3.sh (tests/test-generic.sh).
There are lots of optimizations still TBD, and some things are REALLY slow
right now (e.g. each add() operation takes 1/3 - 1/2 second) but it's ready for
interested parties to poke it and prod it and see how (un)reasonable it is.
Play away.
Still to be implemented or improved:
- tdb specials (@MODULES, @SUBCLASSES, etc.)
- all DNs are case-folded in their entirty right now (since doing otherwise
would require @ATTRIBUTES to be implemented)
- speed improvements and optimizations. I am quite confident that the
excessively slow add() operation can be much improved, and other areas
can be somewhat improved.
(This used to be commit 1dd8650055)
support in Heimdal.
This removes the 'ext_keytab' step from my Samba4/WinXP client howto.
In doing this work, I realised that the replay cache in Heimdal is
currently a no-op, so I have removed the calls to it, and therefore
the mutex calls from passdb/secrets.c.
This patch also includes a replacement 'magic' mechanism detection,
that does not issue extra error messages from deep inside the GSSAPI
code.
Andrew Bartlett
(This used to be commit c19d5706f4)
don't like to bother with netbios type names when looking for common
types: hosts (servers) and domain controllers. Also, apropriate tests
rafal
(This used to be commit 50cd94be0f)
them just yet. I have tested them, and they work fine, but enabling
them will break code in rpc_server/ and samdb, so we need to fix that
first
(This used to be commit 07d459406b)
so that ldbedit, ldbsearch etc can display nice human readable ldif,
while storing the data as binary blobs. This will be used for storing
NDR encoded objectSid and similar attributes, while making the command
line interface sane
(This used to be commit 37e283089a)
servers as I added to the smb server yesterday. This means rpc server
code can assume it runs serially unless it explicitly sets the async
flag on the request and returns
(This used to be commit 8546adb56a)
bug was being silently ignored with the tdb backend because of this
bug. A case where the ldap backend was right, and the tdb backend was
wrong!
(This used to be commit ddb26db763)
should not be handled here as well. I had to remove it from here as it
was buggy anyway (it wasn't setting the modify flags, this making an
invalid ldb_modify() request)
(This used to be commit f267e9d5b7)
set to the internal ldap server over loopback. The following happened:
- DCERPC_AUTH3 request
- auth requests calls ldb
- ldb calls ldap
- ldap calls our internal ldap server, triggering events
- samrConnect from client
- connect refused
- SMBclose from client
- causes dcerpc_pipe to be destroyed
- AUTH3 continues
- dies on freed pipe
I chose this solution as it provides a guarantee that backends only have to think about
async issues when they mark a request async. When they don't, this code guarantees that
a second request won't happen on the same connection while processing the first one
(This used to be commit 45487e8a14)
tree nature of the data structure. I think I've finally got it right
also added talloc_show_parents() for debugging
(This used to be commit 5760ed20ee)
These provide a way to find a parent of a ptr that is of a given
type. I will be using this to find the event context in smbd, relying
on the fact that everything is a child of the top level event
context. I did look at the alternatives, and found that passing the
event context to just about every call in smbd was getting way too
complex (we need to get it to anything that can do a ldb operation, as
that can invoke ldap).
So this method avoids a global, and seems to work nicely
(This used to be commit bdb55c7a10)
ldapsrv:samdb option. This allows the following:
sam database=ldap://localhost
ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb
which allows us to test putting the sam on an ldap server using our
own ldap server. This is a great stress test for the ldap code.
(This used to be commit 40948ba384)
I missed one spot in moving from hdb_ent_type to the
internal-to-hdb-ldb hdb_ldb_ent_type, which results in a
Kerberos: Server has invalid flag set -- krbtgt/....@....
on kinit.
Andrew Bartlett
(This used to be commit 2358e0c0e4)
Session Setup code.
Add a mem_ctx argument to a few of the NTLMv2 support functions, and
add smb.conf options to control client NTLMv2 behaviour.
Andrew Bartlett
(This used to be commit 3f35cdb218)
- fixed some infinite loops in asn1.c
- ensure asn1 callers know if an error is end of buffer or bad data
- handle npending 0 in ldap server
(This used to be commit f22c3b84c8)
- got rid of the special cases for sasl buffers
- added a tls_socket_pending() call to determine how much data is waiting on a tls connection
- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
are sync.
(This used to be commit 73cb4aad22)
- this involved changing the buffer handling in the ldap server quite a
lot, as it didn't handle partial packets at all
- removed completely bogus asn1_object_length() function. You can't
do that with BER/DER
(This used to be commit fed6f4cc6c)
that w2k does work. For example, w2k asks for sAMAccountType=805306369 which
will only match if we know its an integer
(This used to be commit 941509ee58)
cmdline credentials code (which will be done soon)
- added a ldb_init() call, and changed ldb_connect() to take a ldb
context. This allows for much better error handling in
ldb_connect(), and also made the popt conversion easier
- fixed up all the existing backends with the new syntax
- improved error handling in *_connect()
- fixed a crash bug in the new case_fold_required() code
- ensured that ltdb_rename() and all ltdb_search() paths get the read lock
- added a ldb_oom() macro to make it easier to report out of memory
situations in ldb code
(This used to be commit f648fdf187)
server as to the CIFS session key.
JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.
Andrew Bartlett
(This used to be commit 47f433708b)
(which gets included by heimdal, or shoudl be) into
auth/kerberos/kerberos.h (which is used by Samba, but not by the
Heimdal code).
Andrew Barteltt
(This used to be commit 3f473a9377)
replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.
This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).
Andrew Bartlett
(This used to be commit eb1d37c5a9)
interface is very similar to the traditional ldap interface, and will
be used as part of a ldb backend based on the current ldb_ldap backend
- fixed some allocation issues in ldb_msg.c
(This used to be commit b34a29dcf2)
