IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.
transaction id of packets it was requested to send via a client, and
only store replies that match these ids. On the client side change
clients to always attempt to ask nmbd first for name_query and
node_status calls, and then fall back to doing socket calls if
we can't talk to nmbd (either nmbd is not running, or we're not
root and cannot open the messaging tdb's). Fix readers of unexpected.tdb
to delete packets they've successfully read.
This should fix a long standing problem of unexpected.tdb
growing out of control in noisy NetBIOS envioronments with
lots of bradcasts, yet still allow unprivileged client apps
to work mostly as well as they already did (nmblookup for
example) in an environment when nmbd isn't running.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
The underlying problem is that the old code invoked by cli_write() increments
cli->mid directly when issuing outstanding writes. This should now be done only
in libsmb/clientgen.c to make metze's new signing engine works correctly. Just
deleting this code fixes the problem.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Nov 11 02:50:08 UTC 2010 on sn-devel-104
Following the review of this patch series by Derrell Lipman, remove
the seperate storage of the debug_stderr variable from the
libsmbclient SMBC_internal_data context.
Andrew Bartlett
This isn't quite what you would expect from this interface, but actually
avoids some really nasty situations if you ever have more than one
libsmbclient context in a process.
In the real world, if you have asked for DEBUG() to stderr in one part
of the code, you will want it globally, even in a different thread
(which in the past would have rest everything to stdout again, at
least while starting up).
Andrew Bartlett
All future assignments of the debug level should go via
lp_set_cmdline("log level", "x") because this will ensure the value is
not overwritten in an smb.conf load.
Andrew Bartlett
This change improves the setup_logging() API so that callers which
wish to set up logging to stderr can simply ask for it, rather than
directly modify the dbf global variable.
Andrew Bartlett
Based on an initial patch from H Hasegawa <hasegawa.hiroyuki@fujixerox.co.jp>.
Convert cli_list and associated functions to take calls that return NTSTATUS.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 29 19:40:16 UTC 2010 on sn-devel-104
Based on a fix from Sven Neumann <s.neumann@raumfeld.com>.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 27 22:02:11 UTC 2010 on sn-devel-104
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
