Re: svn commit: lorikeet r59 - in trunk: . samba4-ad-thesis
On Thu, Sep 16, 2004 at 03:38:41AM +, [EMAIL PROTECTED] wrote: Author: abartlet Date: 2004-09-16 03:38:41 + (Thu, 16 Sep 2004) New Revision: 59 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunkrev=59nolog=1 Log: As residents on #samba-technical would be aware, I'm working on Samba4 for University credit - finally! This thesis describes the Samba4 work towards an Active Directory compatible DC. In any case, I figure the best backup procedure for this document is to simply put it in SVN, so I'm doing just that :-) That's perfectly reasonable. I used my cvs server to host my own thesis. There is a long way to go on this, but you have to start somehwere... If you wish to make changes to this, talk to me first, so I can ensure that appropriate credit is given, and my supervisor doesn't kill me ;-) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
svn commit: lorikeet r61 - in trunk/samba4-ad-thesis: .
Author: abartlet Date: 2004-09-16 11:59:44 + (Thu, 16 Sep 2004) New Revision: 61 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=61nolog=1 Log: Quote CRH on what CIFS is (seeing as he wrote the book...). Add references. Andrew Bartett Modified: trunk/samba4-ad-thesis/chapters.lyx trunk/samba4-ad-thesis/thesis.bib Changeset: Modified: trunk/samba4-ad-thesis/chapters.lyx === --- trunk/samba4-ad-thesis/chapters.lyx 2004-09-16 04:20:34 UTC (rev 60) +++ trunk/samba4-ad-thesis/chapters.lyx 2004-09-16 11:59:44 UTC (rev 61) @@ -195,7 +195,7 @@ , a descendant of the X.500 directory standard from the ITU (and part of the full OSI networking stack) -\begin_inset LatexCommand \citet{X.500-LDAP} +\begin_inset LatexCommand \citet{X.500-LDAP,Understand-X.500} \end_inset @@ -241,8 +241,14 @@ make. \layout Standard -Much of the challenge of Samba4 is the continued task of 'network protocol - analysis' - discussed in detail in section +Much of the challenge of Samba4 is the continued task of `network protocol + analysis' - the art of determining the operation of a proprietory network + protocol, discussed in detail in chapter +\begin_inset LatexCommand \vref{cha:Network-Protocol-analysis} + +\end_inset + +. \layout Subsection Simple directory server @@ -267,12 +273,85 @@ CIFS \layout Standard - +Perhaps the most important protocol in the Micrsoft networking landscape, + CIFS \begin_inset LatexCommand \citep{mind,hertel} \end_inset + dominates the connections made between almost all clients and servers on + a windows network. + Much of the legwork of Active Directory is carried over CIFS at some point + or other. + Chris Hertel gives this description of CIFS in his book, Implemeting CIFS: +\layout Subsection +What is CIFS? +\layout Quote + +CIFS is a network filesystem plus a set of auxiliary services supported + by a bunch of underlying protocols. + Any and all of these various bits have been called CIFS, which leaves us + with a somewhat muddy definition. + To make things easier, we'll start by saying that CIFS is Microsoft's + way of doing network file sharing, and work out the details as we go on. +\layout Quote + +The name CIFS, of course, is an acronym. + It stands for Common Internet File System, a title which deserves a bit + of dissection: +\layout Subsubsection* + +Common +\layout Quote + +The term has a variety of connotations, but we will assume that Microsoft + was thinking of common in the sense of commonly available or commonly used. + All MS operating systems have had some form of CIFS networking available + or built in, and there are implementations of CIFS for most major non-MS + operating systems as well. +\layout Quote + +Unfortunately, there is not yet a specification for CIFS that is complete, + correct, authoritative, and freely available. + Microsoft defines CIFS by their implementations and, as we shall see, their + attempts at documenting the complete suite have been somewhat random. + This has an adverse impact on the commonality of the system. + +\layout Subsubsection* + +Internet +\layout Quote + +At the time that the CIFS name was coined many people felt that Microsoft + was late to the table regarding the exploitation of the Internet. + As will be described further on, the naming scheme they used back then + (based on a piece of older LAN technology known as NetBIOS) doesn't scale + to large networks--certainly not the Internet. + The idea that CIFS would become an Internet standard probably came out + of the work that was being done to redesign Microsoft's networking products + for Windows NT5 (now known as Windows2000 or W2K). + Under W2K, CIFS can use the Domain Name System (DNS) for name resolution. + +\layout Subsubsection* + +File System +\layout Quote + +CIFS allows the sharing of directories, files, printers, and other cool + computer stuff across a network. + That's the filesystem part. + To make use of these shared resources you need to be able to find identify + them, and you also need to control access so that unauthorized folk won't + fiddle where they shouldn't. + This means that there is a hefty amount of administrivia to be managed, + so CIFS file sharing comes surrounded by an entourage. + There are protocols for service announcement, naming, authentication, and + authorization. + These are separate, but intertwined. + Some are based on published standards, others are not, and most have changed + over the years. + \layout Section CLDAP @@ -445,27 +524,48 @@ Purpose \layout Standard -Securly settting up a shared-secret +The purpose of the `domain join' it to securely setup a password (shared + secret) between the workstation (or member server) and the domain controllers. + This is done by a privilaged user, who has the right to specify that a + new machine account be added to the domain. + At the
svn commit: lorikeet r62 - in trunk/samba4-ad-thesis: .
Author: abartlet Date: 2004-09-16 15:33:31 + (Thu, 16 Sep 2004) New Revision: 62 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=62nolog=1 Log: Thesis work: Add more to authentication, and spellcheck :-) Andrew Bartlett Modified: trunk/samba4-ad-thesis/chapters.lyx trunk/samba4-ad-thesis/thesis.bib Changeset: Sorry, the patch is too large (558 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/samba4-ad-thesisrev=62nolog=1
svn commit: samba-docs r218 - in trunk/Samba-HOWTO-Collection: .
Author: jelmer Date: 2004-09-16 20:33:45 + (Thu, 16 Sep 2004) New Revision: 218 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunk/Samba-HOWTO-Collectionrev=218nolog=1 Log: Add hitlist Added: trunk/Samba-HOWTO-Collection/hitlist-content Changeset: Added: trunk/Samba-HOWTO-Collection/hitlist-content === --- trunk/Samba-HOWTO-Collection/hitlist-content2004-09-08 15:25:28 UTC (rev 217) +++ trunk/Samba-HOWTO-Collection/hitlist-content2004-09-16 20:33:45 UTC (rev 218) @@ -0,0 +1,13 @@ +- Broadcast messaging +- Profile Recovery +- smbfs/cifsfs +- Anti-Virus +- Krb5 TGT usage +- Static WINS entries +- Disabling Roaming Profiles +- BAD SID issues +- VPN +- incorporation in apache and squid (ntlm_auth) +- smbldap-tools +- kinit issues (you need to have kerberos updated in order to run win2k3, etc) +- pam_smb and why not to use it
svn commit: samba r2368 - in trunk/source/rpc_server: .
Author: jra Date: 2004-09-16 22:08:21 + (Thu, 16 Sep 2004) New Revision: 2368 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/rpc_serverrev=2368nolog=1 Log: Fix from Richard Renard [EMAIL PROTECTED] to fix usermgr and trust relationships. Jeremy. Modified: trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2004-09-16 12:49:02 UTC (rev 2367) +++ trunk/source/rpc_server/srv_samr_nt.c 2004-09-16 22:08:21 UTC (rev 2368) @@ -750,7 +750,17 @@ for (i = 0; i num_entries; i++) { pwd = disp_user_info[i+start_idx]; temp_name = pdb_get_username(pwd); - init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE); + + /* +* usrmgr expects a non-NULL terminated string with +* trust relationships +*/ + if (pdb_get_acct_ctrl(pwd) ACB_DOMTRUST) { + init_unistr2(uni_temp_name, temp_name, UNI_FLAGS_NONE); + } else { + init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE); + } + user_sid = pdb_get_user_sid(pwd); if (!sid_peek_check_rid(domain_sid, user_sid, user_rid)) {
svn commit: samba r2369 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2004-09-16 22:08:26 + (Thu, 16 Sep 2004) New Revision: 2369 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/rpc_serverrev=2369nolog=1 Log: Fix from Richard Renard [EMAIL PROTECTED] to fix usermgr and trust relationships. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2004-09-16 22:08:21 UTC (rev 2368) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2004-09-16 22:08:26 UTC (rev 2369) @@ -728,7 +728,17 @@ for (i = 0; i num_entries; i++) { pwd = disp_user_info[i+start_idx]; temp_name = pdb_get_username(pwd); - init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE); + + /* +* usrmgr expects a non-NULL terminated string with +* trust relationships +*/ + if (pdb_get_acct_ctrl(pwd) ACB_DOMTRUST) { + init_unistr2(uni_temp_name, temp_name, UNI_FLAGS_NONE); + } else { + init_unistr2(uni_temp_name, temp_name, UNI_STR_TERMINATE); + } + user_sid = pdb_get_user_sid(pwd); if (!sid_peek_check_rid(domain_sid, user_sid, user_rid)) {
svn commit: samba r2370 - in trunk/source/libsmb: .
Author: jra Date: 2004-09-17 00:49:35 + (Fri, 17 Sep 2004) New Revision: 2370 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/libsmbrev=2370nolog=1 Log: Fix for talking to OS/2 clients (max_mux ignored) by Guenter Kukkukk [EMAIL PROTECTED]. Bugid #1590. Jeremy. Modified: trunk/source/libsmb/cliconnect.c trunk/source/libsmb/clireadwrite.c Changeset: Modified: trunk/source/libsmb/cliconnect.c === --- trunk/source/libsmb/cliconnect.c2004-09-16 22:08:26 UTC (rev 2369) +++ trunk/source/libsmb/cliconnect.c2004-09-17 00:49:35 UTC (rev 2370) @@ -1133,6 +1133,7 @@ cli-use_spnego = False; cli-sec_mode = SVAL(cli-inbuf,smb_vwv1); cli-max_xmit = SVAL(cli-inbuf,smb_vwv2); + cli-max_mux = SVAL(cli-inbuf, smb_vwv3); cli-sesskey = IVAL(cli-inbuf,smb_vwv6); cli-serverzone = SVALS(cli-inbuf,smb_vwv10); cli-serverzone *= 60; Modified: trunk/source/libsmb/clireadwrite.c === --- trunk/source/libsmb/clireadwrite.c 2004-09-16 22:08:26 UTC (rev 2369) +++ trunk/source/libsmb/clireadwrite.c 2004-09-17 00:49:35 UTC (rev 2370) @@ -325,10 +325,16 @@ int bwritten = 0; int issued = 0; int received = 0; - int mpx = MAX(cli-max_mux-1, 1); + int mpx = 1; int block = cli-max_xmit - (smb_size+32); int blocks = (size + (block-1)) / block; + if(cli-max_mux == 0) { + mpx = 1; + } else { + mpx = cli-max_mux-1; + } + while (received blocks) { while ((issued - received mpx) (issued blocks)) {
svn commit: samba r2371 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2004-09-17 00:49:41 + (Fri, 17 Sep 2004) New Revision: 2371 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/libsmbrev=2371nolog=1 Log: Fix for talking to OS/2 clients (max_mux ignored) by Guenter Kukkukk [EMAIL PROTECTED]. Bugid #1590. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clireadwrite.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c === --- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2004-09-17 00:49:35 UTC (rev 2370) +++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2004-09-17 00:49:41 UTC (rev 2371) @@ -1133,6 +1133,7 @@ cli-use_spnego = False; cli-sec_mode = SVAL(cli-inbuf,smb_vwv1); cli-max_xmit = SVAL(cli-inbuf,smb_vwv2); + cli-max_mux = SVAL(cli-inbuf, smb_vwv3); cli-sesskey = IVAL(cli-inbuf,smb_vwv6); cli-serverzone = SVALS(cli-inbuf,smb_vwv10); cli-serverzone *= 60; Modified: branches/SAMBA_3_0/source/libsmb/clireadwrite.c === --- branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:49:35 UTC (rev 2370) +++ branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:49:41 UTC (rev 2371) @@ -325,10 +325,16 @@ int bwritten = 0; int issued = 0; int received = 0; - int mpx = MAX(cli-max_mux-1, 1); + int mpx = 1; int block = cli-max_xmit - (smb_size+32); int blocks = (size + (block-1)) / block; + if(cli-max_mux == 0) { + mpx = 1; + } else { + mpx = cli-max_mux-1; + } + while (received blocks) { while ((issued - received mpx) (issued blocks)) {
svn commit: samba r2372 - in trunk/source/libsmb: .
Author: jra Date: 2004-09-17 00:53:08 + (Fri, 17 Sep 2004) New Revision: 2372 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/libsmbrev=2372nolog=1 Log: Fix typo.. Jeremy. Modified: trunk/source/libsmb/clireadwrite.c Changeset: Modified: trunk/source/libsmb/clireadwrite.c === --- trunk/source/libsmb/clireadwrite.c 2004-09-17 00:49:41 UTC (rev 2371) +++ trunk/source/libsmb/clireadwrite.c 2004-09-17 00:53:08 UTC (rev 2372) @@ -329,10 +329,10 @@ int block = cli-max_xmit - (smb_size+32); int blocks = (size + (block-1)) / block; - if(cli-max_mux == 0) { + if(cli-max_mux 1) { + mpx = cli-max_mux-1; + } else { mpx = 1; - } else { - mpx = cli-max_mux-1; } while (received blocks) {
svn commit: samba r2373 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2004-09-17 00:53:17 + (Fri, 17 Sep 2004) New Revision: 2373 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/libsmbrev=2373nolog=1 Log: Fix typo. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clireadwrite.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clireadwrite.c === --- branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:53:08 UTC (rev 2372) +++ branches/SAMBA_3_0/source/libsmb/clireadwrite.c 2004-09-17 00:53:17 UTC (rev 2373) @@ -329,10 +329,10 @@ int block = cli-max_xmit - (smb_size+32); int blocks = (size + (block-1)) / block; - if(cli-max_mux == 0) { + if(cli-max_mux 1) { + mpx = cli-max_mux-1; + } else { mpx = 1; - } else { - mpx = cli-max_mux-1; } while (received blocks) {
svn commit: samba r2374 - in branches/SAMBA_3_0/source/passdb: .
Author: jra Date: 2004-09-17 01:13:47 + (Fri, 17 Sep 2004) New Revision: 2374 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/passdbrev=2374nolog=1 Log: Fix from Vince Brimhall [EMAIL PROTECTED] for ldapsam_compat. Be robust against NULL attributes. Jeremy. Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2004-09-17 00:53:17 UTC (rev 2373) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2004-09-17 01:13:47 UTC (rev 2374) @@ -1229,8 +1229,13 @@ { int i; - for (i=0; (*attr_list)[i] != NULL; i++) + if (new_attr == NULL) { + return; + } + + for (i=0; (*attr_list)[i] != NULL; i++) { ; + } (*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2)); SMB_ASSERT((*attr_list) != NULL);
svn commit: samba r2375 - in trunk/source/passdb: .
Author: jra Date: 2004-09-17 01:13:54 + (Fri, 17 Sep 2004) New Revision: 2375 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/passdbrev=2375nolog=1 Log: Fix from Vince Brimhall [EMAIL PROTECTED] for ldapsam_compat. Be robust against NULL attributes. Jeremy. Modified: trunk/source/passdb/pdb_ldap.c Changeset: Modified: trunk/source/passdb/pdb_ldap.c === --- trunk/source/passdb/pdb_ldap.c 2004-09-17 01:13:47 UTC (rev 2374) +++ trunk/source/passdb/pdb_ldap.c 2004-09-17 01:13:54 UTC (rev 2375) @@ -1258,8 +1258,13 @@ { int i; - for (i=0; (*attr_list)[i] != NULL; i++) + if (new_attr == NULL) { + return; + } + + for (i=0; (*attr_list)[i] != NULL; i++) { ; + } (*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2)); SMB_ASSERT((*attr_list) != NULL);