IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e77)
been working on for at least half a year now. Contains the following
improvements:
* proper layering (finally!) for the registry library. Distinction is
now made between 'real' backends (local, remote, wine, etc) and
the low-level hive backends (regf, creg, ldb, ...) that are only used
by the local registry backend
* tests for all important hive and registry operations
* re-enable RPC-WINREG tests (still needs more work though, as
some return values aren't checked yet)
* write support for REGF files
* dir backend now supports setting/reading values, creating keys
* support for storing security descriptors
* remove CREG backend as it was incomplete, didn't match the data model
and wasn't used at all anyway
* support for parsing ADM files as used by the policy editor (see lib/policy)
* support for parsing PREG files (format used by .POL files)
* new streaming interface for registry diffs (improves speed and memory usage
for regdiff/regpatch significantly)
... and fixes a large number of bugs in the registry code
(This used to be commit 7a1eec6358)
complete. This is needed because messaging setup with ctdb involve
events, and we don't want a SMB packet to be processed on this stream
until after the stream structure is fully setup
(This used to be commit 8e378051e5)
uint32_t server_id
to
struct server_id server_id;
which allows a server ID to have an node number. The node number will
be zero in non-clustered case. This is the most basic hook needed for
clustering, and ctdb.
(This used to be commit 2365abaa99)
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f17351)
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77)
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb)
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf)
"." for "..". These express the intention better that strcmp or strequal
and improve searchability via cscope/ctags.
(This used to be commit 7e4ad7e8e5)
I don't know why this causes problems on my laptop today...
anyway we have done this change in smbtorture month ago...
metze
(This used to be commit ad84a69db2)
- the process module subsystem should not know about smb_server.h
- the smb_server module should not know about process models
metze
(This used to be commit bac95bb8f4)
rebuilt when a header file is changed. It also means parallel builds work now.
It will take a minute or so to generate all the dependency information,
but there should be no need to rebuild that information later on, unless
a file changes.
This behaviour is only enabled when building in developer mode
(--enable-developer) and requires a GNU make (or compatible). In all other
cases, the file 'static_deps.mk' is included, which contains some basic
hardcoded dependency information.
(This used to be commit eb435386f0)
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections
metze
(This used to be commit 526f20bbec)
Applications that use LDB modules will now have to run ldb_global_init()
before they can use LDB.
The next step will be adding support for loading LDB modules from .so
files. This will also allow us to use one LDB without difference between the
standalone and the Samba-specific build
(This used to be commit 52a2356505)
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881)
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
We now use a different system for initializing the modules for a subsystem.
Most subsystems now have an init function that looks something like this:
init_module_fn static_init[] = STATIC_AUTH_MODULES;
init_module_fn *shared_init = load_samba_modules(NULL, "auth");
run_init_functions(static_init);
run_init_functions(shared_init);
talloc_free(shared_init);
I hope to eliminate the other init functions later on (the
init_programname_subsystems; defines).
(This used to be commit b6d2ad4ce0)
have easy access to the event context.
This stops Samba dead-locking against itself when the winbindd client
tries to contact the KDC.
Andrew Bartlett
(This used to be commit 57f811115e)
This is the start of a WINS-Replicaton server:
The design is to handle incoming and outgoing connections,
in one process, because it make thing much easier, and there's
no need to it otherwise.
The current code only parses incoming packets, and can reply
to them, but currently only a standard error packets STOP_ASSOCIATON
with reason == 4 (I think it means your are not configured as a wins partner of me)
(the server service is called "wrepl")
metze
(This used to be commit 55a2016ba3)
good, as it is probably a resource constraint, so if we just try again
we will spin (as the incoming socket will still be readable). Using a
sleep(1) solves this by throtting smbd until the resource constraint
goes away.
if the resource constraint doesn't go away, then at least smbd won't
be spinning chewing cpu
(This used to be commit 7a5a9da477)
destructors hanging off the stream connection don't trip more socket
events.
this should help with the problem volker described
(This used to be commit fd8eccd5bf)
Autogenerate list of binaries (rather then having them hardcoded in build/smb_build/makefile.pm)
Add INSTALLDIR keyword to .mk files
(This used to be commit ce0935112b)
There is now a new --debug-stderr option to enable debug to STDERR.
popt isn't perfect, but the callbacks are used in all the main Samba
binaries, and should be used in the rest. This avoids duplicated
code, and ensures every binary is setup correctly.
This also ensures the setup happens early enough to have -s function,
and have a correct impact on the credentials code. (Fixing a bug that
frustrated tridge earlier today).
The only 'subtle' aspect of all this is that I'm pretty sure that the
SAMBA_COMMON popt code must be above the CREDENTIALS code, in the
popt tables.
Andrew Bartlett
(This used to be commit 50f3c2b3a2)
- if you want kerberos now, you need to unpack a lorikeet heimdal
tree in source/heimdal/. If source/heimdal/ does not exist at
configure time then all kerberos features are disabled. You cannot
use an external kerberos library for now. That may change later.
- moved lib/replace/ config stuff to lib/replace/ and create a
lib/replace/replace.h. That allows the heimdal build to use our
portability layer, and prevenets duplicate definitions of functions
like strlcat()
- if you do enable heimdal, then you will need to do 'make
HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once
I explain the problem to jelmer (the problem is the inability to
set a depend without also dragging in the object list of the
dependency. We need this for building the heimdal asn1 compiler and
et compiler.
- disabled all of the m4 checks for external kerberos libraries. I
left them in place in auth/kerberos/, but disabled it in
configure.in
some of the heimdal_build/ code is still very rough, for example I
don't correctly detect the correct awk, flex, bison replacements for
heimdal_build/build_external.sh. I expect to fix that stuff up over
the next few days.
(This used to be commit d4648249b2)
btw: I use this for configuring heimdal
>>>
CONFIG="CFLAGS=\"-g -O -Wall -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement\" \
CC=gcc-4.0 \
./configure -C --prefix=$HOME/prefix/heimdal-test \
--sysconfdir=/etc \
--enable-shared=no \
--with-ldb=$HOME/prefix/ldb \
--without-openldap \
--without-openssl $@"
echo $CONFIG
eval $CONFIG
>>>
maybe you also want to use --disable-berkeley-db
metze
(This used to be commit 2aec140e00)
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.
It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.
The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
(This used to be commit 3d589a0995)
This includes an embedded server side scripting system called 'esp'
(see http://www.appwebserver.org/products/esp/esp.html) and javascript
based scripting language called 'esj' (see
http://www.appwebserver.org/products/ejs/ejs.html)
The justification for including this scripting language is that it
should make it much easier to write a high quality web interface for
Samba4. The scripting language can call into any Samba4 library code
(so for example it will be able to make ldb and loadparm calls), plus
it provides easy support for forms, cookies, sessions etc.
There is still quite a bit more work to do on the web server, but
there is enough here now for people to look at and comment. I will be
committing some sample web pages that test esp functionality shortly.
(This used to be commit 26f0ba92c0)
2. Also, don't try to delete directories.
I am not entirely happy with this patch, and the fact that there is a
define for HAVE_SYS_STAT_H suggests that there are some systems for which
stat will not be defined, which means that the patch is not entirely
portable.
(This used to be commit fe7ddad7d4)
- if we have no configured network interfaces, then don't start nbtd (when I add dynamic
interface loading this will change to a delay until a network interface comes up)
- choose the best interface by netmask for torture tests that need a
specific IP (such as the WINS test). Added iface_best_ip() for that.
- if specific interfaces are chosen in smb.conf, then keep that ordering, and
default to the first one listed
(This used to be commit 4d08c11407)
decide to reinstate the mutex code for the threads process model, I'd
like to do it a little differently. At least this gets it out of
includes.h for now.
(This used to be commit cfee0fb02e)
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e90)
- removed the u32 hack in events.c as I think this was only needed as
tdb.h defines u32. Metze, can you check that this hack is indeed no
longer needed on your suse system?
(This used to be commit 6f79432fe6)
make it possible to add optimisations to the events code such as
keeping the next timed event in a sorted list, and using epoll for
file descriptor events.
I also removed the loop events code, as it wasn't being used anywhere,
and changed timed events to always be one-shot (as adding a new timed
event in the event handler is so easy to do if needed)
(This used to be commit d7b4b6de51)
the packets it receives, but it at least shows how the server
structure will work.
To implement it I extended the libcli/nbt/ library to allow for an
incoming packet handler to be registered. That allows the nbt client
library to be used for low level processing of the nbtd server packets.
Other changes:
- made the socket library always set SO_REUSEADDR when binding to an
interface, to ensure that restarts of a server don't have to wait
for a couple of minutes.
- made the nbt port configurable. Defaults to 137, but other ports
will be useful for testing.
(This used to be commit 2fedca6adf)
themselves are run as a single process, but run as a child of the
main process when smbd is run in the standard model, and run as part
of the main process when in the single mode.
- rewrote the winbind template code to use the new task services. Also
fixed the packet queueing
- got rid of event_context_merge() as it is no longer needed
(This used to be commit 339964a596)
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.
Major changes include:
- simplified the process model code a lot.
- got rid of the top level server and service structures
completely. The top level context is now the event_context. This
got rid of service.h and server.h completely (they were the most
confusing parts of the old code)
- added service_stream.[ch] for the helper functions that are
specific to stream type services (services that handle streams, and
use a logically separate process per connection)
- got rid of the builtin idle_handler code in the service logic, as
none of the servers were using it, and it can easily be handled by
a server in future by adding its own timed_event to the event
context.
- fixed some major memory leaks in the rpc server code.
- added registration of servers, rather than hard coding our list of
possible servers. This allows for servers as modules in the future.
- temporarily disabled the winbind code until I add the helper
functions for that type of server
- added error checking on service startup. If a configured server
fails to startup then smbd doesn't startup.
- cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cb)
control of the event, so instead build that into the function. If you
pass NULL as mem_ctx then it leaves it as a child of the events
structure.
(This used to be commit 7f981b9ed9)
complexity was that events didn't automatically cleanup
themselves. This was because the events code was written before we had
talloc destructors, so you needed to call event_remove_XX() to clean
the event out of the event lists from every piece of code that used
events. I have now added automatic event destructors, which in turn
allowed me to simplify a lot of the calling code.
The 2nd source of complexity was caused by the ref_count, which was
needed to cope with event handlers destroying events while handling
them, which meant the linked lists became invalid, so the ref_count ws
used to mark events for later destruction.
The new system is much simpler. I now have a ev->destruction_count,
which is incremented in all event destructors. The event dispatch code
checks for changes to this and handles it.
(This used to be commit a3c7417cfe)
because the version number was being auto-updated and included in all
C files. With this change it is only included where needed.
(This used to be commit 520cff73c6)
- this creates a new task and then starts a process_model "single"
with service "winbind_task"
- that means with -M single everything is in one process
with - M standard winbind is a seperate process but didn't fork for each connection
with -M thread winbind is a seperate thread but didn't thread for each connection
- the dummy server listen s on /tmp/.winbind/echo
and for better testing with telnet also on 127.0.255.1 port 55555
metze
(This used to be commit 5190f60ded)
- stream_socket services
the smb, ldap and rpc service which sets up a srtam socket end then
waits for connections
and
- task services
which this you can create a seperate task that do something
(this is also going through the process_model subsystem
so with -M standard a new process for this created
with -M thread a new thread ...
I'll add datagram services later when we whave support for datagram sockets in lib/socket/
see the next commit as an example for service_task's
metze
(This used to be commit d5fa02746c)
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f)
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
- Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834)
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761b)
- use #include <XXX.h> for operating system includes
- use includes relative to include/ for things like system/wait.h
also fixed the thread backend to work somewhat. To fix it properly we need to do this:
- add a configure test for support for thread local storage (the __thread keyword)
- refuse to do pthreads if tls doesn't work
- refuse to do pthreads if seteuid() affects process instead of thread
- defined THREAD_LOCAL as __thread when WITH_PTHREADS
- add THREAD_LOCAL to all the global data structures that should be
thread local (there are quite a few)
right now the thread backend falls over when you hit it with several
connections at once, due to the lack of __thread on some critical
structures.
(This used to be commit 0dc1deabd0)
deferred reply is short-circuited immediately when the file is
closed by another user, allowing it to be opened by the waiting user.
- added a sane set of timeval manipulation routines
- converted all the events code and code that uses it to use struct
timeval instead of time_t, which allows for microsecond resolution
instead of 1 second resolution. This was needed for doing the pvfs
deferred open code, and is why the patch is so big.
(This used to be commit 0d51511d40)
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
We found a few months ago that TDB_CLEAR_IF_FIRST is extremely
inefficient for large numbers of connections, due to a fundamental
limitation in the way posix byte range locking is implemented. Rather
than the nasty workaround we had for Samba3, we now have a single
"cleanup tmp files" function that runs when smbd starts. That deletes
the tmp tdbs, so TDB_CLEAR_IF_FIRST is not needed at all.
(This used to be commit ffa285bc78)
listening sockets after the fork to prevent the child still listening
on incoming requests.
I have also added an optimisation where we use dup()/close() to lower
the file descriptor number of the new socket to the lowest possible
after closing our listening sockets. This keeps the max fd num passed
to select() low, which makes a difference to the speed of select().
(This used to be commit f2a9bbc317)
you set this option (either on the command line using --option or in
smb.conf) then every socket recv or send will return short by random
amounts. This allows you to test that the non-blocking socket logic in
your code works correctly.
I also removed the flags argument to socket_accept(), and instead made
the new socket inherit the flags of the old socket, which makes more
sense to me.
(This used to be commit 406d356e69)
- added the new messaging system, based on unix domain sockets. It
gets over 10k messages/second on my laptop without any socket
cacheing, which is better than I expected.
- added a LOCAL-MESSAGING torture test
(This used to be commit 3af06478da)
caller doesn't have to worry about the constraint of only opening a
database a single time in a process. These wrappers will ensure that
only a single open is done, and will auto-close when the last instance
is gone.
When you are finished with a database pointer, use talloc_free() to
close it.
note that this code does not take account of the threads process
model, and does not yet take account of symlinks or hard links to tdb
files.
(This used to be commit 04e1171996)
The motivation for this change was to avoid having to convert to/from
ucs2 strings for so many operations. Doing that was slow, used many
static buffers, and was also incorrect as it didn't cope properly with
unicode codepoints above 65536 (which could not be represented
correctly as smb_ucs2_t chars)
The two core functions that allowed this change are next_codepoint()
and push_codepoint(). These functions allow you to correctly walk a
arbitrary multi-byte string a character at a time without converting
the whole string to ucs2.
While doing this cleanup I also fixed several ucs2 string handling
bugs. See the commit for details.
The following code (which counts the number of occuraces of 'c' in a
string) shows how to use the new interface:
size_t count_chars(const char *s, char c)
{
size_t count = 0;
while (*s) {
size_t size;
codepoint_t c2 = next_codepoint(s, &size);
if (c2 == c) count++;
s += size;
}
return count;
}
(This used to be commit 814881f0e5)
connection termination cleanup, and to ensure that the event
contexts are properly removed for every process model
- gave auth_context the new talloc treatment, which removes another
source of memory leaks.
(This used to be commit 230e1cd777)
as my box keeps getting hit by viruses spreading on my companies
internal network, which screws up my debug log badly (sigh).
metze, I'm not sure if you think access.c should go in the socket
library or not. It is closely tied to the socket functions, but you
may prefer it separate.
The access.c code is a port from Samba3, but with some cleanups to
make it (slighly) less ugly.
(This used to be commit 058b2fd99e)
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2ef)
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715)
because this is the connection state per transport layer (tcp)
connection
I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions
metze
(This used to be commit 60f823f201)
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.
Andrew Bartlett
(This used to be commit 58da78a746)