### Example LDIF File Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/ldap_server/devdocs/rfc2849.txt A practical example demonstrating the structure of an LDIF file with multiple entries. ```APIDOC ## Example LDIF File ### Description This example illustrates a simple LDIF file containing two LDAP entries, showcasing the `version`, `dn`, `objectclass`, and attribute fields. ### Request Example ```ldif version: 1 dn: cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com objectclass: top objectclass: person objectclass: organizationalPerson cn: Barbara Jensen cn: Barbara J Jensen cn: Babs Jensen sn: Jensen uid: bjensen telephonenumber: +1 408 555 1212 description: A big sailing fan. dn: cn=Bjorn Jensen, ou=Accounting, dc=airius, dc=com objectclass: top objectclass: person objectclass: organizationalPerson cn: Bjorn Jensen sn: Jensen telephonenumber: +1 408 555 1212 ``` ### Response LDIF files are data representations and do not have a direct success/error response in the typical API sense. The interpretation of this file by an LDAP client or server would yield the described entries. ``` -------------------------------- ### LDAP URL Examples Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/ldap_server/devdocs/rfc4516.txt Illustrative examples of LDAP URLs demonstrating various configurations and features. ```APIDOC ## LDAP URL Examples ### Example 1: Base object search with all attributes - URL: `ldap:///o=University%20of%20Michigan,c=US` - Description: Refers to the University of Michigan entry, assuming the client knows the LDAP server. Corresponds to a base object search with a filter of `(objectclass=*)` and requests all attributes. ### Example 2: Base object search with all attributes on a specific server - URL: `ldap://ldap1.example.net/o=University%20of%20Michigan,c=US` - Description: Similar to Example 1, but specifies the LDAP server `ldap1.example.net`. ### Example 3: Requesting a specific attribute - URL: `ldap://ldap1.example.net/o=University%20of%20Michigan, c=US?postalAddress` - Description: Requests only the `postalAddress` attribute for the specified entry on `ldap1.example.net`. ### Example 4: Subtree search with specific filter and port - URL: `ldap://ldap1.example.net:6666/o=University%20of%20Michigan, c=US??sub?(cn=Babs%20Jensen)` - Description: Performs a subtree search on port 6666 of `ldap1.example.net` for entries with `cn=Babs Jensen`, retrieving all attributes. ### Example 5: Requesting objectClass with ONE scope - URL: `LDAP://ldap1.example.com/c=GB?objectClass?ONE` - Description: Retrieves entries under `c=GB`, requests the `objectClass` attribute, and uses a scope of `ONE` (one level below the base). ### Example 6: URL encoding of special characters in DN - URL: `ldap://ldap2.example.com/o=Question%3f,c=US?mail` - Description: Retrieves the `mail` attribute for the entry `o=Question?,c=US`. The `?` in the DN is percent-encoded as `%3f`. ### Example 7: Interaction of URL and filter quoting - URL: `ldap://ldap3.example.com/o=Babsco,c=US ???(four-octet=%5c00%5c00%5c00%5c04)` - Description: Illustrates URL encoding (`%5c` for ` ecursive`) within an LDAP filter. The filter `(four-octet=\00\00\00\04)` is encoded. ### Example 8: Interaction of URL and DN quoting - URL: `ldap://ldap.example.com/o=An%20Example%5C2C%20Inc.,c=US` - Description: Shows URL encoding of a comma within a DN. The DN is `o=An Example\2C Inc.,c=US`, where `\2C` decodes to `,`. ### Example 9: Root DSE - URLs: `ldap://ldap.example.net`, `ldap://ldap.example.net/`, `ldap://ldap.example.net/?` - Description: These URLs point to the Root DSE on the `ldap.example.net` server, utilizing default values. ### Example 10: Experimental bind name extension - URLs: `ldap:///??sub??e-bindname=cn=Manager%2cdc=example%2cdc=com`, `ldap:///??sub??!e-bindname=cn=Manager%2cdc=example%2cdc=com` - Description: Demonstrates the use of a hypothetical `e-bindname` extension for specifying a bind DN. ``` -------------------------------- ### MLSD Command Examples Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-ietf-ftpext-mlst-08.txt Examples demonstrating the MLSD command to list directory contents with detailed information. ```APIDOC ## MLSD Command ### Description Lists the contents of a directory with detailed information about each entry. ### Method MLSD ### Endpoint N/A (Command-based) ### Parameters #### Query Parameters - **.** (string) - Optional - Specifies the current directory. - **linux** (string) - Optional - Specifies the 'linux' directory. - **linux/kernel** (string) - Optional - Specifies the 'kernel' subdirectory within 'linux'. ### Request Example ``` MLSD . MLSD linux MLSD linux/kernel ``` ### Response #### Success Response (150, 226) - **Type** (string) - The type of the entry (e.g., 'dir', 'file', 'cdir', 'pdir'). - **unique** (string) - A unique identifier for the entry (format may vary). - **Modify** (string) - The last modification timestamp in YYYYMMDDHHMMSS format. - **Size** (integer) - The size of the file in bytes. - **Path** (string) - The path of the entry. #### Response Example (MLSD .) ``` 150 Opening ASCII mode data connection for MLS. D> type=cdir;unique=AQkAAAAAAAABCAAA; / D> type=dir;unique=AQkAAAAAAAABEAAA; bin D> type=dir;unique=AQkAAAAAAAABGAAA; etc D> type=dir;unique=AQkAAAAAAAAB8AwA; halflife D> type=dir;unique=AQkAAAAAAAABoAAA; incoming D> type=dir;unique=AQkAAAAAAAABIAAA; lib D> type=dir;unique=AQkAAAAAAAABWAEA; linux D> type=dir;unique=AQkAAAAAAAABKAEA; ncftpd D> type=dir;unique=AQkAAAAAAAABGAEA; outbox D> type=dir;unique=AQkAAAAAAAABuAAA; quake2 D> type=dir;unique=AQkAAAAAAAABQAEA; winstuff 226 Listing completed. ``` #### Response Example (MLSD linux/kernel) ``` 150 Opening ASCII mode data connection for MLS. D> type=cdir;unique=AQkAAAAAAAABYAEA; /linux/kernel D> type=pdir;unique=AQkAAAAAAAABWAEA; /linux D> type=file;size=6704;unique=AQkAAAAAAAADYAEA; k.config D> type=file;size=7269221;unique=AQkAAAAAAAACYAEA; linux-2.0.36.tar.gz D> type=file;size=12514594;unique=AQkAAAAAAAAEYAEA; linux-2.1.130.tar.gz 226 Listing completed. ``` ``` -------------------------------- ### MLST Command Examples Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-ietf-ftpext-mlst-08.txt Examples demonstrating the MLST command to retrieve detailed information about a specific file. ```APIDOC ## MLST file1 ### Description Retrieves detailed information about the specified file. ### Method MLST ### Endpoint N/A (Command-based) ### Parameters #### Path Parameters - **file1** (string) - Required - The name of the file to query. ### Request Example ``` MLST file1 ``` ### Response #### Success Response (250) - **Type** (string) - The type of the entry (e.g., 'file'). - **Modify** (string) - The last modification timestamp in YYYYMMDDHHMMSS.fff format. - **file1** (string) - The name of the file. #### Response Example ``` 250- Listing file1 250 Type=file;Modify=19990929003355.237; file1 250 End ``` ``` -------------------------------- ### LDAP URL Examples for Search Operations Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/ldap_server/devdocs/rfc4516.txt A collection of LDAP URL examples demonstrating various search scopes, attribute filtering, and server connection parameters. ```text ldap:///o=University%20of%20Michigan,c=US ldap://ldap1.example.net/o=University%20of%20Michigan,c=US ldap://ldap1.example.net/o=University%20of%20Michigan,c=US?postalAddress ldap://ldap1.example.net:6666/o=University%20of%20Michigan,c=US??sub?(cn=Babs%20Jensen) LDAP://ldap1.example.com/c=GB?objectClass?ONE ``` -------------------------------- ### LDAP Search Filter Syntax Examples Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/ldap_server/devdocs/rfc4515.txt Basic examples of LDAP search filters demonstrating attribute matching, logical operators, and substring matching. ```LDAP (cn=Babs Jensen) (!(cn=Tim Howes)) (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))) (o=univ*of*mich*) (seeAlso=) ``` -------------------------------- ### FTP MLST Command for Directory Details (Control Connection) Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-ietf-ftpext-mlst-08.txt This example shows the MLST command used to get information about a directory. The server provides details like type, modification time, and permissions for the specified directory. ```ftp-commands C> PWD S> 257 "/" is current directory. C> MLst tmp S> 250- Listing tmp S> Type=dir;Modify=19981107085215;Perm=el; /tmp S> 250 End ``` -------------------------------- ### C# GSSAPI Client Initialization Example Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt Provides an example of a C# GSSAPI client initializing a security context. It shows how to obtain credentials, create a GSSManager, define OIDs for mechanisms and name types, and configure context options before establishing the security context. ```csharp using ietf.org.gss; class GssapiClient { private static TcpClient client; private static NetworkStream stream; static void Main(string[] args) { Connect("127.0.0.1", "message from client"); try { GSSManager manager = GSSManager.getInstance(); Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2"); Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1"); // Optionally Identify who the client wishes to be // GSSName name = manager.createName("test@gsserver", GSSName.NT_USER_NAME); // Obtain default credential GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY); GSSName name = userCreds.getName(krb5PrincipalNameType); Console.WriteLine("Just acquired credentials for " + name.toString()); int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4")); int initLife = userCreds.getRemainingInitLifetime(new Oid("1..3.")); int remLife = userCreds.getRemainingLifetime(); int usage = userCreds.getUsage(); GSSName namea = userCreds.getName(); Oid[] oa = userCreds.getMechs(); // Instantiate and initialize a security context that will be // established with the server GSSContext context = manager.createContext(name, krb5Mechanism, userCreds, GSSContext.DEFAULT_LIFETIME); userCreds.dispose(); // Optionally Set Context Options, must be done before iniSecContext call context.requestMutualAuth(true); context.requestConf(true); context.requestInteg(true); context.requestSequenceDet(true); context.requestCredDeleg(true); MemoryStream ins = new MemoryStream(); MemoryStream outs = new MemoryStream(); // loop until context is setup and no more tokens to receive ``` -------------------------------- ### HTTP Negotiate Authentication Flow Example Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/rfc4559.txt Illustrates the client-server interaction for HTTP Negotiate authentication. It shows the sequence of GET requests and 401 Unauthorized responses with WWW-Authenticate headers containing gssapi-data, and the client's Authorization headers with the encoded tokens. This cycle continues until the security context is established. ```http C: GET dir/index.html S: HTTP/1.1 401 Unauthorized S: WWW-Authenticate: Negotiate C: GET dir/index.html C: Authorization: Negotiate a87421000492aa874209af8bc028 S: HTTP/1.1 401 Unauthorized S: WWW-Authenticate: Negotiate 749efa7b23409c20b92356 C: GET dir/index.html C: Authorization: Negotiate 89a8742aa8729a8b028 S: HTTP/1.1 200 Success S: WWW-Authenticate: Negotiate ade0234568a4209af8bc0280289eca ``` -------------------------------- ### Test Environment Setup and Execution Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/selftest/provisions/release-4-1-0rc3/steps-to-reproduce.txt Commands to set up the Samba test environment and then populate the domain with schema information using ldbadd. It requires MASTER_SRC to be set correctly. ```bash SELFTEST_TESTENV=promoted_dc:local make testenv # then in the testenv, run: bin/ldbadd -H st/dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.ldif --option='dsdb:schema update allowed=yes' bin/ldbadd -H st/dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudo.schema.2.ldif --option='dsdb:schema update allowed=yes' bin/ldbadd -H st/dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudoers.ldif # (wait some time, retry until successful) ``` -------------------------------- ### Configure Samba Share to Use Audit VFS Module Source: https://context7.com/samba-team/samba/llms.txt An example configuration snippet for Samba's smb.conf file. This demonstrates how to load and enable the custom 'audit' VFS module for a specific share named 'audited_share'. It shows the basic setup and how to specify the VFS module in the 'vfs objects' parameter. ```ini [audited_share] path = /srv/samba/audited read only = no # Load audit VFS module vfs objects = audit # Multiple modules are processed in order # vfs objects = audit recycle ``` -------------------------------- ### Temporary Context and Pool Initialization (C) Source: https://gitlab.com/samba-team/samba/-/blob/master/lib/talloc/doc/tutorial_bestpractices.dox Illustrates the initialization of a temporary context and a structure 'foo' using conditional macros. The first example shows the initialization of a temporary context for debugging, while the second demonstrates the creation of a pool context for optimized performance in a release build. ```c int struct_foo_init(TALLOC_CTX *mem_ctx, struct foo **_foo) { int ret; struct foo *foo = NULL; TALLOC_CTX *tmp_ctx = CREATE_TMP_CTX(mem_ctx); /* ... */ } ``` ```c errno_t handle_request(TALLOC_CTX mem_ctx) { int ret; struct foo *foo = NULL; TALLOC_CTX *pool_ctx = CREATE_POOL_CTX(NULL, 1024); ret = struct_foo_init(mem_ctx, &foo); /* ... */ } ``` -------------------------------- ### Basic TDB Operations in C Source: https://context7.com/samba-team/samba/llms.txt This C code demonstrates fundamental operations on the TDB (Trivial Database) used by Samba. It covers opening/creating a TDB file, storing key-value pairs, fetching values by key, checking for key existence, and deleting keys. The example requires the TDB library to be installed and linked during compilation. ```c #include #include #include #include "tdb.h" int main(void) { struct tdb_context *tdb; TDB_DATA key, value, fetched; int ret; /* Open/create database */ tdb = tdb_open("mydata.tdb", 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0644); if (!tdb) { fprintf(stderr, "Failed to open database\n"); return 1; } /* Store a key-value pair */ key.dptr = (unsigned char *)"username"; key.dsize = strlen("username"); value.dptr = (unsigned char *)"admin"; value.dsize = strlen("admin"); ret = tdb_store(tdb, key, value, TDB_REPLACE); if (ret != 0) { fprintf(stderr, "Store failed: %s\n", tdb_errorstr(tdb)); tdb_close(tdb); return 1; } /* Fetch the value */ fetched = tdb_fetch(tdb, key); if (fetched.dptr) { printf("Value: %.*s\n", (int)fetched.dsize, fetched.dptr); free(fetched.dptr); } /* Check if key exists */ if (tdb_exists(tdb, key)) { printf("Key exists\n"); } /* Delete a key */ tdb_delete(tdb, key); tdb_close(tdb); return 0; } /* Compile: gcc -o tdbtest tdbtest.c -ltdb */ ``` -------------------------------- ### C: Add User using libnetapi Source: https://context7.com/samba-team/samba/llms.txt This C code demonstrates how to add a new user to a Windows system using the libnetapi library. It initializes the library, prepares a USER_INFO_1 structure with user details, and then calls NetUserAdd to create the user account. ```c #include #include int main(int argc, char *argv[]) { NET_API_STATUS status; struct libnetapi_ctx *ctx = NULL; struct USER_INFO_1 user_info; uint32_t parm_error = 0; if (argc < 4) { fprintf(stderr, "Usage: %s \n", argv[0]); return 1; } status = libnetapi_init(&ctx); if (status != 0) return status; /* Prepare user info structure */ user_info.usri1_name = argv[2]; user_info.usri1_password = argv[3]; user_info.usri1_password_age = 0; user_info.usri1_priv = USER_PRIV_USER; user_info.usri1_home_dir = NULL; user_info.usri1_comment = "Created via NetAPI"; user_info.usri1_flags = UF_SCRIPT | UF_NORMAL_ACCOUNT; user_info.usri1_script_path = NULL; /* Add the user */ status = NetUserAdd(argv[1], /* server name */ 1, /* info level */ (uint8_t *)&user_info, &parm_error); if (status == 0) { printf("User '%s' created successfully.\n", argv[2]); } else { fprintf(stderr, "NetUserAdd failed: %s (parm_error: %u)\n", libnetapi_get_error_string(ctx, status), parm_error); } libnetapi_free(ctx); return status; } ``` -------------------------------- ### Install ngtcp2 header files via CMake Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/ngtcp2/crypto/includes/CMakeLists.txt This snippet demonstrates how to conditionally install ngtcp2 header files based on the detected cryptographic backend. It uses CMake's install command to map specific header files to the installation include directory. ```cmake install(FILES ngtcp2/ngtcp2_crypto.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") if(HAVE_QUICTLS) install(FILES ngtcp2/ngtcp2_crypto_quictls.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") endif() if(HAVE_GNUTLS) install(FILES ngtcp2/ngtcp2_crypto_gnutls.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") endif() if(HAVE_BORINGSSL) install(FILES ngtcp2/ngtcp2_crypto_boringssl.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") endif() if(HAVE_PICOTLS) install(FILES ngtcp2/ngtcp2_crypto_picotls.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") endif() if(HAVE_WOLFSSL) install(FILES ngtcp2/ngtcp2_crypto_wolfssl.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") endif() if(HAVE_OSSL) install(FILES ngtcp2/ngtcp2_crypto_ossl.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") endif() ``` -------------------------------- ### SPAPI_E_DEVICE_INSTALLER_NOT_READY Source: https://gitlab.com/samba-team/samba/-/blob/master/libcli/util/hresult_err_table.txt One of the installers for this device is currently unable to perform the installation. ```APIDOC ## SPAPI_E_DEVICE_INSTALLER_NOT_READY ### Description One of the installers for this device cannot perform the installation at this time. ### Error Code 0x800F0247 ``` -------------------------------- ### Set up Visual Studio Build Environment Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/windows/README.md Uses the vcvarsall.bat script to set up a Visual Studio build environment for a specified architecture and Windows version. The Debug/Release configuration is handled during the nmake command. ```batch vcvarsall.bat x64 10.0.19041.0 -vcvars_ver=14.29 -vcvars_spectre_libs=spectre ``` -------------------------------- ### Samba KDC Authentication Exchange - Example 2 Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-02.txt Illustrates the client-KDC exchange sequence for obtaining a private key when the user principal does not need to be recovered. This example details the AS_REQ with preauthentication and the subsequent AS_REP with preauthentication data, including encryption and key derivation using Diffie-Hellman. ```Pseudocode Client -> AS_REQ with preauth: algID, {DH public parameter}K1 -> KDC The KDC replies with the AS_REP message with a preauthentication data field: Client <-- AS_REP with preauth: kdcCert, {encUserKey, <-- KDC nonce}DH symmetric key, [nonce, algID, DH public parameter, kdcSalt]KDC privateKey ``` -------------------------------- ### SPAPI_E_DI_DONT_INSTALL Source: https://gitlab.com/samba-team/samba/-/blob/master/libcli/util/hresult_err_table.txt The class installer has refused the request to install or upgrade the device. ```APIDOC ## SPAPI_E_DI_DONT_INSTALL ### Description The class installer has denied the request to install or upgrade this device. ### Error Code 0x800F022C ``` -------------------------------- ### Install CMake Export Files (CMake) Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/ngtcp2/lib/CMakeLists.txt This CMake command installs the targets export file, which is used by CMake to find and link against the ngtcp2 library when it's installed. The NAMESPACE ensures proper scoping of targets. ```cmake install( EXPORT "${NGTCP2_TARGETS_EXPORT_NAME}" NAMESPACE "${NGTCP2_NAMESPACE}" DESTINATION "${NGTCP2_CONFIG_INSTALL_DIR}") ``` -------------------------------- ### POST /krb/as_req (Initial Authentication) Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-richards-otp-kerberos-00.txt Initiates the Kerberos authentication process. If OTP is required, the KDC responds with a challenge. ```APIDOC ## POST /krb/as_req ### Description Initiates the Kerberos authentication request. If the KDC requires OTP, it returns an error with a challenge. ### Method POST ### Endpoint /krb/as_req ### Parameters #### Request Body - **KRB_AS_REQ** (object) - Required - The initial Kerberos authentication request containing client credentials. ### Response #### Success Response (200) - **KRB_AS_REP** (object) - The TGT issued upon successful validation. #### Error Response (KDC_ERR_PREAUTH_REQUIRED) - **PA-OTP-CHALLENGE** (object) - Contains the OTP type and token information required for the next step. ``` -------------------------------- ### Implementing Tevent Data Retrieval Example Source: https://gitlab.com/samba-team/samba/-/blob/master/lib/tevent/doc/tevent_data.dox A complete C example demonstrating how to store state in a tevent request and retrieve it within a callback using both type-specific and void pointer methods. ```c #include #include #include struct foo_state { int x; }; struct testA { int y; }; static void foo_done(struct tevent_req *req) { struct foo_state *a = tevent_req_data(req, struct foo_state); struct testA *b = tevent_req_callback_data(req, struct testA); struct testA *c = (struct testA *)tevent_req_callback_data_void(req); printf("a->x: %d\n", a->x); printf("b->y: %d\n", b->y); printf("c->y: %d\n", c->y); } struct tevent_req * foo_send(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx) { struct tevent_req *req; struct foo_state *state; req = tevent_req_create(event_ctx, &state, struct foo_state); state->x = 10; return req; } static void run(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct tevent_req *req; struct testA *tmp = talloc(ev, struct testA); tmp->y = 9; req = foo_send(ev, ev); tevent_req_set_callback(req, foo_done, tmp); tevent_req_done(req); } int main (int argc, char **argv) { struct tevent_context *event_ctx; struct testA *data; TALLOC_CTX *mem_ctx; struct tevent_timer *time_event; mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) return EXIT_FAILURE; event_ctx = tevent_context_init(mem_ctx); if (event_ctx == NULL) return EXIT_FAILURE; data = talloc(mem_ctx, struct testA); data->y = 11; time_event = tevent_add_timer(event_ctx, mem_ctx, tevent_timeval_current(), run, data); if (time_event == NULL) return EXIT_FAILURE; tevent_loop_once(event_ctx); talloc_free(mem_ctx); printf("Quit\n"); return EXIT_SUCCESS; } ``` -------------------------------- ### Install UI Level Attribute Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt Details for the 'installUiLevel' attribute, indicating the installation UI level. ```APIDOC ## installUiLevel Attribute ### Description Indicates the level of the installation user interface. ### Method N/A (Schema Definition) ### Endpoint N/A (Schema Definition) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) None #### Response Example None ``` -------------------------------- ### Sample 40-bit Key Derivation Steps Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/rfc3079.txt Illustrates the step-by-step process for deriving a 40-bit MPPE session key, including intermediate hexadecimal values for username, password, challenges, and responses. ```text Initial Values UserName = "User" = 55 73 65 72 Password = "clientPass" = 63 00 6C 00 69 00 65 00 6E 00 74 00 50 00 61 00 73 00 73 00 AuthenticatorChallenge = 5B 5D 7C 7D 7B 3F 2F 3E 3C 2C 60 21 32 26 26 28 PeerChallenge = 21 40 23 24 25 5E 26 2A 28 29 5F 2B 3A 33 7C 7E Challenge = D0 2E 43 86 BC E9 12 26 NT-Response = 82 30 9E CD 8D 70 8B 5E A0 8F AA 39 81 CD 83 54 42 33 11 4A 3D 85 D6 DF Step 1: NtPasswordHash(Password, PasswordHash) PasswordHash = 44 EB BA 8D 53 12 B8 D6 11 47 44 11 F5 69 89 AE Step 2: PasswordHashHash = MD4(PasswordHash) PasswordHashHash = 41 C0 0C 58 4B D2 D9 1C 40 17 A2 A1 2F A5 9F 3F Step 3: Derive the master key (GetMasterKey()) MasterKey = FD EC E3 71 7A 8C 83 8C B3 88 E5 27 AE 3C DD 31 Step 4: Derive the master send session key (GetAsymmetricStartKey()) SendStartKey40 = 8B 7C DC 14 9B 99 3A 1B ``` -------------------------------- ### Talloc Memory Pool Allocation Example (C) Source: https://gitlab.com/samba-team/samba/-/blob/master/lib/talloc/doc/tutorial_pools.dox Demonstrates the basic usage of talloc memory pools. It shows how to create a pool, allocate memory from it, and how the pool handles allocations that exceed available space. It also illustrates freeing memory and how it affects the pool's available space. ```c /* allocate 1KiB in a pool */ TALLOC_CTX *pool_ctx = talloc_pool(NULL, 1024); /* Take 512B from the pool, 512B is left there */ void *ptr = talloc_size(pool_ctx, 512); /* 1024B > 512B, this will create new talloc chunk outside the pool */ void *ptr2 = talloc_size(ptr, 1024); /* The pool still contains 512 free bytes * this will take 200B from them. */ void *ptr3 = talloc_size(ptr, 200); /* This will destroy context 'ptr3' but the memory * is not freed, the available space in the pool * will increase to 512B. */ talloc_free(ptr3); /* This will free memory taken by 'pool_ctx' * and 'ptr2' as well. */ talloc_free(pool_ctx); ``` -------------------------------- ### Enhanced Guide Syntax Source: https://gitlab.com/samba-team/samba/-/blob/master/source4/ldap_server/devdocs/rfc4517.txt Defines the structure and ABNF for the Enhanced Guide syntax used in LDAP. ```APIDOC ## Enhanced Guide Syntax ### Description The Enhanced Guide syntax is used to represent search criteria in LDAP. It corresponds to the EnhancedGuide ASN.1 type. ### OID 1.3.6.1.4.1.1466.115.121.1.21 ### ABNF Definition attributetype DOLLAR match-type / LPAREN criteria RPAREN / true / false match-type = "EQ" / "SUBSTR" / "GE" / "LE" / "APPROX" true = "?true" false = "?false" ``` -------------------------------- ### Install CMake Config Files (CMake) Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/ngtcp2/lib/CMakeLists.txt This CMake command installs the generated package configuration files to the appropriate directory within the installation prefix. These files allow CMake-aware projects to locate and link against the ngtcp2 library. ```cmake install( FILES "${NGTCP2_PROJECT_CONFIG}" "${NGTCP2_VERSION_CONFIG}" DESTINATION "${NGTCP2_CONFIG_INSTALL_DIR}") ``` -------------------------------- ### GSS_Init_sec_context Call Example Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/rfc2478.txt Illustrates the invocation of GSS_Init_sec_context by an initiator, specifying input parameters and expected outputs for initiating a security context negotiation. The output token 'negTokenInit' contains the offered security mechanisms. ```pseudocode Input mech_type = OID for negotiation mechanism or NULL, if the negotiation mechanism is the default mechanism. Output major_status = GSS_S_CONTINUE_NEEDED output_token = negTokenInit ``` -------------------------------- ### DES3string_to_key Examples Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/draft-ietf-krb-wg-crypto-06.txt Examples of keys generated using the DES3string_to_key function with different salt and password inputs. ```APIDOC ## DES3string_to_key Examples ### Description These are the keys generated for some of the above input strings for triple-DES with key derivation as defined in section 6.3.1. ### Key Generation Examples - **salt**: `"ATHENA.MIT.EDUraeburn"` - **passwd**: `"password"` - **key**: `850bb51358548cd05e86768c313e3bfef7511937dcf72c3e` - **salt**: `"WHITEHOUSE.GOVdanny"` - **passwd**: `"potatoe"` - **key**: `dfcd233dd0a43204ea6dc437fb15e061b02979c1f74f377a` - **salt**: `"EXAMPLE.COMbuckaroo"` - **passwd**: `"penny"` - **key**: `6d2fcdf2d6fbbc3ddcadb5da5710a23489b0d3b69d5d9d4a` - **salt**: `"ATHENA.MIT.EDUJuri" + s-caron + "i" + c-acute` - **passwd**: `eszett` - **key**: `16d5a40e1ce3bacb61b9dce00470324c831973a7b952feb0` - **salt**: `"EXAMPLE.COMpianist"` - **passwd**: `g-clef` - **key**: `85763726585dbc1cce6ec43e1f751f07f1c4cbb098f40b19` ``` -------------------------------- ### GSS-API Context Establishment Example Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/rfc1508.txt Illustrates the data flow for establishing a security context between a client and server using GSS-API, including mutual authentication. ```APIDOC ## GSS-API Context Establishment Example ### Description This example demonstrates the mechanism-independent data flow for establishing a security context and transferring a protected message between a client and server using GSS-API. It assumes credential acquisition is complete and the underlying authentication technology supports single-token authentication. ### Client Initiates Context 1. **Client Call**: `GSS_Init_sec_context()` is called by the client with `targ_name` and `mutual_req_flag` set for mutual authentication. 2. **Client Output**: `GSS_Init_sec_context()` returns an `output_token` and `GSS_CONTINUE_NEEDED` status. 3. **Token Transfer**: The client sends the `output_token` to the server. ### Server Processes Token 1. **Server Call**: The server calls `GSS_Accept_sec_context()` with the received token as `input_token`. 2. **Server Output**: `GSS_Accept_sec_context()` returns `GSS_COMPLETE` status, the client's authenticated identity in `src_name`, and an `output_token`. 3. **Token Transfer**: The server sends the `output_token` back to the client. ### Client Completes Context 1. **Client Call**: The client calls `GSS_Init_sec_context()` again with the received token as `input_token`. 2. **Client Status**: This call returns `GSS_COMPLETE` status, indicating successful mutual authentication and context establishment. ### Message Protection 1. **Client Seals Message**: The client calls `GSS_Seal()` with a data message. `GSS_Seal()` performs authentication, integrity, and optional confidentiality, returning an `output_message` and `GSS_COMPLETE` status. 2. **Message Transfer**: The client sends the `output_message` to the server. 3. **Server Unseals Message**: The server calls `GSS_Unseal()` with the received `output_message`. `GSS_Unseal()` reverses the `GSS_Seal()` operations, decrypts if necessary, and validates integrity. ``` -------------------------------- ### Context Establishment and Optional Services Source: https://gitlab.com/samba-team/samba/-/blob/master/third_party/heimdal/doc/standardisation/rfc2743.txt Guidelines for using GSS_Init_sec_context and GSS_Accept_sec_context, including the use of continuation calls and optional service flags. ```APIDOC ## Context Establishment ### Description Context establishment involves sequences of calls to GSS_Init_sec_context and GSS_Accept_sec_context. Applications should handle GSS_S_CONTINUE_NEEDED to support multi-message authentication sequences. ### Optional Services Services are requested via the `req_flags` parameter in `GSS_Init_sec_context`: - **Delegation**: Transfer of rights from initiator to acceptor. - **Mutual Authentication**: Ensures the acceptor also authenticates to the initiator. - **Replay Detection**: Provides protection against replayed messages. ```