IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
From here we can add tests to Samba for kerberos, forcing it on and
off. In the process, I also remove the dependency of credentials on
GENSEC.
This also picks up on the idea of bringing 'set_boolean' into general
code from jpeach's cifsdd patch.
Andrew Bartlett
lookups in load_interfaces(). The reason was my eth0 interface was
down, and it was being interpreted as a DNS name.
This patch changes load_interfaces() to happening automatically when
interfaces are first needed instead of on the startup of every samba
binary. This means that (for example) ldbadd doesn't call
load_interfaces(), which means no slow DNS lookups.
I also reduced the number of static globals in interface.c to 1, and
changed from malloc to talloc
When you want to force a reload of the interfaces list, you now call
unload_interfaces(), which means the next call that needs the
interfaces list will reload it
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
-Udomain\\user.
This will probably break in a few configurations, so please let me
know. I'll also work to have a way to inhibit kerberos/ntlmssp, as
this removes -k.
Andrew Bartlett
function interface used in the credentials code.
Fix bug in ntlm_auth, where we would overwrite the PW specified as a
first input. (Reported and chased by Kai Blin <blin@gmx.net>, bug
#3040)
Andrew Bartlett
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()
- fixed provisioning to work with completely pristine install,
creating an initial smb.conf is none is present
- added lp.set() and lp.reload() to loadparm ejs object interface
There is now a new --debug-stderr option to enable debug to STDERR.
popt isn't perfect, but the callbacks are used in all the main Samba
binaries, and should be used in the rest. This avoids duplicated
code, and ensures every binary is setup correctly.
This also ensures the setup happens early enough to have -s function,
and have a correct impact on the credentials code. (Fixing a bug that
frustrated tridge earlier today).
The only 'subtle' aspect of all this is that I'm pretty sure that the
SAMBA_COMMON popt code must be above the CREDENTIALS code, in the
popt tables.
Andrew Bartlett
painful, so don't call lp_*() functions until the post stage (rather
than in the cli_credentails_init(), which is called in the pre stage),
and don't open the secrets.ldb looking for the machine account details
until we actually need them (well after popt is done, and we know we have the other things right).
Set the domain and realm, as well as the account and password for -P
(fetch machine password) operation.
Allow NETLOGON credentials to be stored in this structure - will allow
SCHANNEL to be made more generic.
Clarify why we don't do special checks for NULL pointers, particularly
in the anonymous check (it indicates a programmer error, not a
run-time condition).
Also make lib/credentials.c a little more consistant.
Andrew Bartlett
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
