IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
-
We ran across a bug joining our Samba server to a Win2K domain with LDAP
signing turned on. Upon investigation I discovered that there is a bug
in Win2K server which returns a duplicated responseToken in the LDAP
bindResponse packet. This blob is placed in the optional mechListMIC
field which is unsupported in both Win2K and Win2K3. You can see RFC
2478 for the proper packet construction. I've worked with metze on this
to confirm all these finding.
This patch properly parses then discards the mechListMIC field if it
exists in the packet, so we don't produce a malformed packet error,
causing LDAP signed joins to fail. Also attached is a sniff of the
domain join, exposing Win2Ks bad behavior (packet 21).
-
(I've just changed the scope of the DATA_BLOB mechList)
metze
(This used to be commit 200b5bfb8180af09446762e915eac63d14c6c7b0)
rpccli_lsa_lookupsids_noalloc() returns an error for one hunk
of SIDs: free all allocated arrays and return the error code
returned by the hunk lookup.
Michael
(This used to be commit 2c68ebd6934206186dc6e635401f66c2fd1e1234)
allow overwritting the location of the WINBINDD_SOCKET_DIR
via an environment variable
metze
(This used to be commit 93bdd2724cc711005a5f2f223b499199394e78e7)
new name if unmangling succeeded, not if it
failed. Jerry - please re-test, this should
fix your bug.
Jeremy.
(This used to be commit c215d6e84929b70e4472e19f32ec4f1db7449d90)
REGISTRY_VALUE and struct registry_value formats for
registry values. Lacking better naming, I called them
regval_hilvl_to_lolvl and regval_lolvl_to_hilvl for a
start. The might be useful elsewhere, so might be put
into another place later on.
Michael
(This used to be commit 883fd7906165ca10413e4745b3beed59516adf34)
as this header has nothing todo with winbindd nor nss
and it contains the definitions for the struct based
protocol
metze
(This used to be commit e9e03aac2221c44eec89cc957b8bb3be721103bd)
This also corrects regval_ctr_copyvalue() in that it cannot create (invalid)
regval containers with dupliacte entries...
Michael
(This used to be commit 2daaaaa835078c543fa12cd1819e8a3d86cf6e5e)
appears to be a leftover. Should fix the build with profiling enabled.
Jeremy, please check.
Guenther
(This used to be commit 98f2e10e3f7a86b1b30619a25ee15a489ad10d43)
gss_import_name() needs to follow the same logic as in the LDAP sasl wrapping
(see -r25133).
Tested with MIT 1.2.7, 1.3.6, 1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0,
1.0.1.
Guenther
(This used to be commit 913fb138aa90a6627ee49b2e92d1bbc73e11f9ea)
The gss_import_name() broke as we switched from the internal MIT OID
"gss_nt_krb5_principal" to "GSS_KRB5_NT_PRINCIPAL_NAME" and didn't switch from
passing the krb5_principal (or better: a pointer to that, see MIT's "*HORRIBLE*
bug") to pass the string principal directly.
Jerry, Jeremy, neither I could figure out the need of passing in a
krb5_principal at all nor could I reproduce the crash you were seeing.
I sucessfully tested the code (now importing a string) with MIT 1.2.7, 1.3.6,
1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0, 1.0.1.
Guenther
(This used to be commit cb2dc715e33467c8b588161e816e72a948f6860c)
This script is useful for migrating OpenLDAP schema files to FDS/RHDS
lidf schema files.
License kindly updated to GPLv3+ at our request.
Simo.
(This used to be commit ab7770b34b3202a5836cfa098187eeed1bd16be3)
