IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
moved smb-agent over to a single-process model instead of fork()
in order to reuse client connections. except, of course, you
can't do a select() on the same socket connections! argh!
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
* Added SEC_CHAN_BDC
* Added -b switch to smbpasswd (for a BDC (server) trust account).
* Propagate sec_chan into the various functions which change trust account
passwords, so they can be used for domain control and inter-domain
trusts.
capabilities to Samba so that Samba could talk to the SGI PCP
(Performance Co-Pilot) apps.
This change adds a profiling shared memory area and uses it to count
two fairly trivial things, the number of uid switches and the number
of SMB packets processes. To add more just edit include/profile.h and
then increment it at the right place.
I've also added a -P switch to smbstatus to dump the profile area.
I've added debug2html to Makefile.in so that it compiles as part of the
normal build. Fixed a typo in debug2html.c as well.
One problem: I found it necessary to link with both $(PARAM_OBJ) and
$(LIB_OBJ). The result is an executable that is much larger
than it really needs to be.
better "fit" with other Samba code. This is a small first step toward
doing what (I think) we agreed to do.
I've moved the key function from ubiqx/debugparse.c into lib/debug.c. I
have also moved the enum from ubiqx/debugparse.h into the debug section in
smb.h.
The next thing to do is to get debug2html added into the Makefile.in so
that it is always produced when compiling the suite.
Chris -)-----
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions. thanks to mike black
for starting the ball rolling.
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
should allow us to call a function in swat rather than piping to
smbpasswd.
while doing this I also fixed quite a few "const char *" versus "char *" issues
that cropped up while using const to track down bugs in the code. This
led to changes in several generic functions.
The smbpasswd changes should be correct but they have not been
extensively tested. At least if I have introduced bugs then we should
be able to fix them more easily than before.
include/smb.h:
param/loadparm.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
printing/printing.c: Added J.F.'s latest fix.
rpc_parse/parse_misc.c:
parse_reg.c:
rpcclient/cmd_reg.c:
rpcclient/display.c: SGI compiler signed/unsigned issues.
smbd/reply.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
utils/testparm.c: Added extra test.
Jeremy.
I did this when I saw yet another bug report complaining about
smbclient intermittently missing files. Rather than applying more
patches to smbclient it was better to move to the more robust
clientgen.c code.
The conversion wasn't perfect, I probably lost some features of
smbclient while doing it, but at least smbclient should be consistent
now. It if fails it should _always_ fail rather than giving people the
false impression of a reliable utility.
the tar stuff seems to work, but hasn't had much testing as I never
use it myself. I'm sure someone will find bugs in my conversion of
smbtar.c. It was quite tricky as it did a lot of its own SMB calls. It
now uses clientgen.c exclusively.
smbclient is still quite messy, but at least it doesn't build its own
SMB packets.
I haven't touched smbmount as I never use it. Mike, do you want to
convert smbmount to use clientgen.c?
