IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
support cldap and other stuff in the future.
This temporarily disables wbinfo -t, but that will come back soon.
Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3
and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION
tgs-rep error.
Volker
(This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
credentials to be NULL, where the client is requesting a CIFS style
server-first negTokenInit.
Andrew Bartlett
(This used to be commit eba652ecc89766304fdad14463072dc311693701)
determining a mechanism to use.
Currently it doesn't to fallbacks like SPNEGO does, but this could be
added (to GENSEC, not to here).
This also adds a new function to GENSEC, which returns a list of SASL
names in our preference order (currently determined by the build
system of all things...).
Also make the similar function used for OIDs in SPNEGO do the same.
This is all a very long-winded way of moving from a hard-coded NTLM to
GSS-SPNEGO in our SASL client...
Andrew Bartlett
(This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
this only happens with socket_wrapper as socket_connect() returns NT_STATUS_OK
instead of NT_STATUS_MORE_PROCESSING_REQUIRED, and we missed to replace the
fde event handler...
metze
(This used to be commit f04001f28007ad6bbecdcdf0d1d5887e378d2467)
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
- Writes out pkg-config files when building shared libs
- Supports automatic fallback to MERGEDOBJ (which is the default) or
OBJ_LIST (if ld -r is not supported)
Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).
To build with shared libraries support enabled, run:
LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status
init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)
Once init functions are done, I'll look at support for loading shared
modules once again.
Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685674a2b19a28d77aae5b1136b5a4728)
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.
Volker
(This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
Support installing libraries.
Get rid of pkg-config file (will be autogenerated later on).
(This used to be commit b4745032a2c55752c527026feb221ccc3dce10c8)
composite_connect, so in io.in.dest_host I'm setting the IP address. Gensec
does not like that as a target hostname, so if a called name is present, use
that. So we can session setup using kerberos now.
Volker
(This used to be commit c26b432c27954c8dc6ac8e702bd5e34a351d15bd)
Tridge, if you have the time, you might want to look at a problem I'm having
with unix domain stream sockets. From a comment in this commit:
/* Using composite_trigger_error here causes problems with the client
* socket. Linux 2.6.8 gives me a ECONNRESET on the next read after
* writing the reply when I don't wait the 100 milliseconds. */
This is in winbind/wb_cmd_userdomgroups.c:93.
The problem I have is that I can not *immediately* send an error reply to the
client because the next receive fails. Waiting 100 milliseconds helps. It
might also be a problem with epoll(), I don't really know.
I'd appreciate if you took a brief look at this, maybe I'm doing something
wrong.
Thanks,
Volker
(This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae881c94be2c2d908a398838549942bb)
authentication out of the various callers and into the kitchen
sink.. err, credentials subsystem.
This should ensure consistant logic, as well as get us one step closer
to security=server operation in future.
Andrew Bartlett
(This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb)
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
* rename the composite helper functions from comp_* to composite_*
* Move the lsa initialization to wb_connect_lsa.c
* Equip smb_composite_connect with a fallback_to_anonymous
The latter two simplify wb_init_domain.c quite a bit.
Volker
(This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
used for WREPL_REPL_INFORM* messsages
- make it possible to close the connection after a request was send
used for WREPL_ASSOCIATION_STOP
- fix the torture test that tests the assoc context handling
between connections, you can issue a request and get the reply
on another connection, I think we should not implement that in our server
code, as I think it's a security hole, you can cause a windows server
to send the replies to someone another client, that doesn't wait for data,
and as there're no massage_id in the protocol the client would be confused
by a replies that doesn't belong to a query
metze
(This used to be commit dfc95de8fa7ded8ea92cafe58cf86efcc7920156)
first one that replies correctly.
Add a talloc context to smb_composite_connect()
Volker
(This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
directory now looks like the config.mk file but with different
punctuation.
The only weird bit is that it creates a proto.h file for each subsystem.
(This used to be commit 09d4abecb01fa9159243cfcb33051092f92cef3b)
of an existing socket, that is needed to handle WREPL_REPL_UPDATE
in the server, because we need to flig the connection and act as client on it
metze
(This used to be commit 131e5dfe695d427e992b840439743f880b14d82d)
