Re: svn commit: lorikeet r59 - in trunk: . samba4-ad-thesis
On Thu, Sep 16, 2004 at 03:38:41AM +, [EMAIL PROTECTED] wrote: Author: abartlet Date: 2004-09-16 03:38:41 + (Thu, 16 Sep 2004) New Revision: 59 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunkrev=59nolog=1 Log: As residents on #samba-technical would be aware, I'm working on Samba4 for University credit - finally! This thesis describes the Samba4 work towards an Active Directory compatible DC. In any case, I figure the best backup procedure for this document is to simply put it in SVN, so I'm doing just that :-) That's perfectly reasonable. I used my cvs server to host my own thesis. There is a long way to go on this, but you have to start somehwere... If you wish to make changes to this, talk to me first, so I can ensure that appropriate credit is given, and my supervisor doesn't kill me ;-) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
svn commit: lorikeet r61 - in trunk/samba4-ad-thesis: .
Author: abartlet
Date: 2004-09-16 11:59:44 + (Thu, 16 Sep 2004)
New Revision: 61
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=61nolog=1
Log:
Quote CRH on what CIFS is (seeing as he wrote the book...).
Add references.
Andrew Bartett
Modified:
trunk/samba4-ad-thesis/chapters.lyx
trunk/samba4-ad-thesis/thesis.bib
Changeset:
Modified: trunk/samba4-ad-thesis/chapters.lyx
===
--- trunk/samba4-ad-thesis/chapters.lyx 2004-09-16 04:20:34 UTC (rev 60)
+++ trunk/samba4-ad-thesis/chapters.lyx 2004-09-16 11:59:44 UTC (rev 61)
@@ -195,7 +195,7 @@
, a descendant of the X.500 directory standard from the ITU (and part of
the full OSI networking stack)
-\begin_inset LatexCommand \citet{X.500-LDAP}
+\begin_inset LatexCommand \citet{X.500-LDAP,Understand-X.500}
\end_inset
@@ -241,8 +241,14 @@
make.
\layout Standard
-Much of the challenge of Samba4 is the continued task of 'network protocol
- analysis' - discussed in detail in section
+Much of the challenge of Samba4 is the continued task of `network protocol
+ analysis' - the art of determining the operation of a proprietory network
+ protocol, discussed in detail in chapter
+\begin_inset LatexCommand \vref{cha:Network-Protocol-analysis}
+
+\end_inset
+
+.
\layout Subsection
Simple directory server
@@ -267,12 +273,85 @@
CIFS
\layout Standard
-
+Perhaps the most important protocol in the Micrsoft networking landscape,
+ CIFS
\begin_inset LatexCommand \citep{mind,hertel}
\end_inset
+ dominates the connections made between almost all clients and servers on
+ a windows network.
+ Much of the legwork of Active Directory is carried over CIFS at some point
+ or other.
+ Chris Hertel gives this description of CIFS in his book, Implemeting CIFS:
+\layout Subsection
+What is CIFS?
+\layout Quote
+
+CIFS is a network filesystem plus a set of auxiliary services supported
+ by a bunch of underlying protocols.
+ Any and all of these various bits have been called CIFS, which leaves us
+ with a somewhat muddy definition.
+ To make things easier, we'll start by saying that CIFS is Microsoft's
+ way of doing network file sharing, and work out the details as we go on.
+\layout Quote
+
+The name CIFS, of course, is an acronym.
+ It stands for Common Internet File System, a title which deserves a bit
+ of dissection:
+\layout Subsubsection*
+
+Common
+\layout Quote
+
+The term has a variety of connotations, but we will assume that Microsoft
+ was thinking of common in the sense of commonly available or commonly used.
+ All MS operating systems have had some form of CIFS networking available
+ or built in, and there are implementations of CIFS for most major non-MS
+ operating systems as well.
+\layout Quote
+
+Unfortunately, there is not yet a specification for CIFS that is complete,
+ correct, authoritative, and freely available.
+ Microsoft defines CIFS by their implementations and, as we shall see, their
+ attempts at documenting the complete suite have been somewhat random.
+ This has an adverse impact on the commonality of the system.
+
+\layout Subsubsection*
+
+Internet
+\layout Quote
+
+At the time that the CIFS name was coined many people felt that Microsoft
+ was late to the table regarding the exploitation of the Internet.
+ As will be described further on, the naming scheme they used back then
+ (based on a piece of older LAN technology known as NetBIOS) doesn't scale
+ to large networks--certainly not the Internet.
+ The idea that CIFS would become an Internet standard probably came out
+ of the work that was being done to redesign Microsoft's networking products
+ for Windows NT5 (now known as Windows2000 or W2K).
+ Under W2K, CIFS can use the Domain Name System (DNS) for name resolution.
+
+\layout Subsubsection*
+
+File System
+\layout Quote
+
+CIFS allows the sharing of directories, files, printers, and other cool
+ computer stuff across a network.
+ That's the filesystem part.
+ To make use of these shared resources you need to be able to find identify
+ them, and you also need to control access so that unauthorized folk won't
+ fiddle where they shouldn't.
+ This means that there is a hefty amount of administrivia to be managed,
+ so CIFS file sharing comes surrounded by an entourage.
+ There are protocols for service announcement, naming, authentication, and
+ authorization.
+ These are separate, but intertwined.
+ Some are based on published standards, others are not, and most have changed
+ over the years.
+
\layout Section
CLDAP
@@ -445,27 +524,48 @@
Purpose
\layout Standard
-Securly settting up a shared-secret
+The purpose of the `domain join' it to securely setup a password (shared
+ secret) between the workstation (or member server) and the domain controllers.
+ This is done by a privilaged user, who has the right to specify that a
+ new machine account be added to the domain.
+ At the
svn commit: lorikeet r62 - in trunk/samba4-ad-thesis: .
Author: abartlet Date: 2004-09-16 15:33:31 + (Thu, 16 Sep 2004) New Revision: 62 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=62nolog=1 Log: Thesis work: Add more to authentication, and spellcheck :-) Andrew Bartlett Modified: trunk/samba4-ad-thesis/chapters.lyx trunk/samba4-ad-thesis/thesis.bib Changeset: Sorry, the patch is too large (558 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=62nolog=1
svn commit: samba-docs r218 - in trunk/Samba-HOWTO-Collection: .
Author: jelmer Date: 2004-09-16 20:33:45 + (Thu, 16 Sep 2004) New Revision: 218 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/Samba-HOWTO-Collectionrev=218nolog=1 Log: Add hitlist Added: trunk/Samba-HOWTO-Collection/hitlist-content Changeset: Added: trunk/Samba-HOWTO-Collection/hitlist-content === --- trunk/Samba-HOWTO-Collection/hitlist-content2004-09-08 15:25:28 UTC (rev 217) +++ trunk/Samba-HOWTO-Collection/hitlist-content2004-09-16 20:33:45 UTC (rev 218) @@ -0,0 +1,13 @@ +- Broadcast messaging +- Profile Recovery +- smbfs/cifsfs +- Anti-Virus +- Krb5 TGT usage +- Static WINS entries +- Disabling Roaming Profiles +- BAD SID issues +- VPN +- incorporation in apache and squid (ntlm_auth) +- smbldap-tools +- kinit issues (you need to have kerberos updated in order to run win2k3, etc) +- pam_smb and why not to use it
svn commit: samba r2368 - in trunk/source/rpc_server: .
Author: jra
Date: 2004-09-16 22:08:21 + (Thu, 16 Sep 2004)
New Revision: 2368
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/rpc_serverrev=2368nolog=1
Log:
Fix from Richard Renard [EMAIL PROTECTED] to fix usermgr and trust relationships.
Jeremy.
Modified:
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2004-09-16 12:49:02 UTC (rev 2367)
+++ trunk/source/rpc_server/srv_samr_nt.c 2004-09-16 22:08:21 UTC (rev 2368)
@@ -750,7 +750,17 @@
for (i = 0; i num_entries; i++) {
pwd = disp_user_info[i+start_idx];
temp_name = pdb_get_username(pwd);
- init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE);
+
+ /*
+* usrmgr expects a non-NULL terminated string with
+* trust relationships
+*/
+ if (pdb_get_acct_ctrl(pwd) ACB_DOMTRUST) {
+ init_unistr2(uni_temp_name, temp_name, UNI_FLAGS_NONE);
+ } else {
+ init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE);
+ }
+
user_sid = pdb_get_user_sid(pwd);
if (!sid_peek_check_rid(domain_sid, user_sid, user_rid)) {
svn commit: samba r2369 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra
Date: 2004-09-16 22:08:26 + (Thu, 16 Sep 2004)
New Revision: 2369
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/rpc_serverrev=2369nolog=1
Log:
Fix from Richard Renard [EMAIL PROTECTED] to fix usermgr and trust relationships.
Jeremy.
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2004-09-16 22:08:21 UTC (rev
2368)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2004-09-16 22:08:26 UTC (rev
2369)
@@ -728,7 +728,17 @@
for (i = 0; i num_entries; i++) {
pwd = disp_user_info[i+start_idx];
temp_name = pdb_get_username(pwd);
- init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE);
+
+ /*
+* usrmgr expects a non-NULL terminated string with
+* trust relationships
+*/
+ if (pdb_get_acct_ctrl(pwd) ACB_DOMTRUST) {
+ init_unistr2(uni_temp_name, temp_name, UNI_FLAGS_NONE);
+ } else {
+ init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE);
+ }
+
user_sid = pdb_get_user_sid(pwd);
if (!sid_peek_check_rid(domain_sid, user_sid, user_rid)) {
svn commit: samba r2370 - in trunk/source/libsmb: .
Author: jra
Date: 2004-09-17 00:49:35 + (Fri, 17 Sep 2004)
New Revision: 2370
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/libsmbrev=2370nolog=1
Log:
Fix for talking to OS/2 clients (max_mux ignored) by Guenter Kukkukk [EMAIL
PROTECTED].
Bugid #1590.
Jeremy.
Modified:
trunk/source/libsmb/cliconnect.c
trunk/source/libsmb/clireadwrite.c
Changeset:
Modified: trunk/source/libsmb/cliconnect.c
===
--- trunk/source/libsmb/cliconnect.c2004-09-16 22:08:26 UTC (rev 2369)
+++ trunk/source/libsmb/cliconnect.c2004-09-17 00:49:35 UTC (rev 2370)
@@ -1133,6 +1133,7 @@
cli-use_spnego = False;
cli-sec_mode = SVAL(cli-inbuf,smb_vwv1);
cli-max_xmit = SVAL(cli-inbuf,smb_vwv2);
+ cli-max_mux = SVAL(cli-inbuf, smb_vwv3);
cli-sesskey = IVAL(cli-inbuf,smb_vwv6);
cli-serverzone = SVALS(cli-inbuf,smb_vwv10);
cli-serverzone *= 60;
Modified: trunk/source/libsmb/clireadwrite.c
===
--- trunk/source/libsmb/clireadwrite.c 2004-09-16 22:08:26 UTC (rev 2369)
+++ trunk/source/libsmb/clireadwrite.c 2004-09-17 00:49:35 UTC (rev 2370)
@@ -325,10 +325,16 @@
int bwritten = 0;
int issued = 0;
int received = 0;
- int mpx = MAX(cli-max_mux-1, 1);
+ int mpx = 1;
int block = cli-max_xmit - (smb_size+32);
int blocks = (size + (block-1)) / block;
+ if(cli-max_mux == 0) {
+ mpx = 1;
+ } else {
+ mpx = cli-max_mux-1;
+ }
+
while (received blocks) {
while ((issued - received mpx) (issued blocks)) {
svn commit: samba r2371 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra
Date: 2004-09-17 00:49:41 + (Fri, 17 Sep 2004)
New Revision: 2371
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/libsmbrev=2371nolog=1
Log:
Fix for talking to OS/2 clients (max_mux ignored) by Guenter Kukkukk [EMAIL
PROTECTED].
Bugid #1590.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/cliconnect.c
branches/SAMBA_3_0/source/libsmb/clireadwrite.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2004-09-17 00:49:35 UTC (rev
2370)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2004-09-17 00:49:41 UTC (rev
2371)
@@ -1133,6 +1133,7 @@
cli-use_spnego = False;
cli-sec_mode = SVAL(cli-inbuf,smb_vwv1);
cli-max_xmit = SVAL(cli-inbuf,smb_vwv2);
+ cli-max_mux = SVAL(cli-inbuf, smb_vwv3);
cli-sesskey = IVAL(cli-inbuf,smb_vwv6);
cli-serverzone = SVALS(cli-inbuf,smb_vwv10);
cli-serverzone *= 60;
Modified: branches/SAMBA_3_0/source/libsmb/clireadwrite.c
===
--- branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:49:35 UTC (rev
2370)
+++ branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:49:41 UTC (rev
2371)
@@ -325,10 +325,16 @@
int bwritten = 0;
int issued = 0;
int received = 0;
- int mpx = MAX(cli-max_mux-1, 1);
+ int mpx = 1;
int block = cli-max_xmit - (smb_size+32);
int blocks = (size + (block-1)) / block;
+ if(cli-max_mux == 0) {
+ mpx = 1;
+ } else {
+ mpx = cli-max_mux-1;
+ }
+
while (received blocks) {
while ((issued - received mpx) (issued blocks)) {
svn commit: samba r2372 - in trunk/source/libsmb: .
Author: jra
Date: 2004-09-17 00:53:08 + (Fri, 17 Sep 2004)
New Revision: 2372
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/libsmbrev=2372nolog=1
Log:
Fix typo..
Jeremy.
Modified:
trunk/source/libsmb/clireadwrite.c
Changeset:
Modified: trunk/source/libsmb/clireadwrite.c
===
--- trunk/source/libsmb/clireadwrite.c 2004-09-17 00:49:41 UTC (rev 2371)
+++ trunk/source/libsmb/clireadwrite.c 2004-09-17 00:53:08 UTC (rev 2372)
@@ -329,10 +329,10 @@
int block = cli-max_xmit - (smb_size+32);
int blocks = (size + (block-1)) / block;
- if(cli-max_mux == 0) {
+ if(cli-max_mux 1) {
+ mpx = cli-max_mux-1;
+ } else {
mpx = 1;
- } else {
- mpx = cli-max_mux-1;
}
while (received blocks) {
svn commit: samba r2373 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra
Date: 2004-09-17 00:53:17 + (Fri, 17 Sep 2004)
New Revision: 2373
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/libsmbrev=2373nolog=1
Log:
Fix typo.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/clireadwrite.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clireadwrite.c
===
--- branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:53:08 UTC (rev
2372)
+++ branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:53:17 UTC (rev
2373)
@@ -329,10 +329,10 @@
int block = cli-max_xmit - (smb_size+32);
int blocks = (size + (block-1)) / block;
- if(cli-max_mux == 0) {
+ if(cli-max_mux 1) {
+ mpx = cli-max_mux-1;
+ } else {
mpx = 1;
- } else {
- mpx = cli-max_mux-1;
}
while (received blocks) {
svn commit: samba r2374 - in branches/SAMBA_3_0/source/passdb: .
Author: jra
Date: 2004-09-17 01:13:47 + (Fri, 17 Sep 2004)
New Revision: 2374
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/passdbrev=2374nolog=1
Log:
Fix from Vince Brimhall [EMAIL PROTECTED] for
ldapsam_compat. Be robust against NULL attributes.
Jeremy.
Modified:
branches/SAMBA_3_0/source/passdb/pdb_ldap.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2004-09-17 00:53:17 UTC (rev 2373)
+++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2004-09-17 01:13:47 UTC (rev 2374)
@@ -1229,8 +1229,13 @@
{
int i;
- for (i=0; (*attr_list)[i] != NULL; i++)
+ if (new_attr == NULL) {
+ return;
+ }
+
+ for (i=0; (*attr_list)[i] != NULL; i++) {
;
+ }
(*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2));
SMB_ASSERT((*attr_list) != NULL);
svn commit: samba r2375 - in trunk/source/passdb: .
Author: jra
Date: 2004-09-17 01:13:54 + (Fri, 17 Sep 2004)
New Revision: 2375
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/passdbrev=2375nolog=1
Log:
Fix from Vince Brimhall [EMAIL PROTECTED] for
ldapsam_compat. Be robust against NULL attributes.
Jeremy.
Modified:
trunk/source/passdb/pdb_ldap.c
Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===
--- trunk/source/passdb/pdb_ldap.c 2004-09-17 01:13:47 UTC (rev 2374)
+++ trunk/source/passdb/pdb_ldap.c 2004-09-17 01:13:54 UTC (rev 2375)
@@ -1258,8 +1258,13 @@
{
int i;
- for (i=0; (*attr_list)[i] != NULL; i++)
+ if (new_attr == NULL) {
+ return;
+ }
+
+ for (i=0; (*attr_list)[i] != NULL; i++) {
;
+ }
(*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2));
SMB_ASSERT((*attr_list) != NULL);
