IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
smbcontrol winbindd debug level would only set the debug level of the
parent winbindd process and not the child processes. This patch adds
the functionality of broadcasting the debug message to all winbindd
children. Now the debug level message is propagated to all the winbindd
processes that includes parent and children.
(This used to be commit cfbcfc3ffe)
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389. Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c)
Jeremy, setting "exists" to True in _dfs_Add prevented the initial creation of
a new symlink for me, because the SMB_VFS_UNLINK failed. This also exists in
3.2. I only check it into 3.3 as I would like you to look at it first.
Thanks,
Volker
(This used to be commit f58b098a41)
fsp_belongs_conn only used the vuid struct member anyway, and this is available
in the smb_request structure as well.
(This used to be commit 64e9372ab9)
This combined check has been replaced by is_dc_trusted_domain_situation()
which does not check for lp_allow_trusted_domains().
Michael
(This used to be commit 0a24c038b7)
Win2008 domain (merged from v3-0-test).
commit 8dc4e97977
Author: Steven Danneman <sdanneman@isilon.com>
Date: Wed May 7 13:34:26 2008 -0700
spnego SPN fix when contacting trusted domains
cli_session_setup_spnego() was not taking into consideration the situation
where we're connecting to a trusted domain, specifically one (like W2K8)
which doesn't return a SPN in the NegTokenInit.
This caused two problems:
1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we
were always using our default realm, not the realm of the domain we're
connecting to.
2) When falling back on NTLMSSP for authentication we were passing the name
of the domain we're connecting to for use in our credentials when we should be
passing our own workgroup name.
The fix for both was to split the single "domain" parameter into
"user_domain" and "dest_realm" parameters. We use the "user_domain"
parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN
if none was returned in the NegTokenInit2 packet. If no "dest_realm" is
provided we assume we're connecting to our own domain and use the credentials
cache to build the SPN.
Since we have a reasonable guess at the SPN, I removed the check that defaults
us directly to NTLM when negHint is empty.
(This used to be commit b78b14c88e)
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc5)
but the code suffered from bitrot and is not now reentrant. That means
we can get bizarre behaviour
i've fixed this by making next_token() reentrant and creating a
next_token_nr() that is a small non-reentrant wrapper for those lumps
of code (mostly smbclient) that have come to rely on the non-reentrant
behaviour
(This used to be commit 674ee2f1d1)
send unaligned unicode strings sometimes!
Fixed our handling of the workgroup name tacked on the end of the
NT1 negprot response (a unaligned unicode)
fixed a couple of places where we should be using the message_end fns instead
of pre-calculated buffer lengths
(This used to be commit 86613493a9)
it will avoid problems with lists being longer than 1024 bytes
just now only ip list parameters have been converted to the new type
(hosts allow, hosts deny, ssl hosts, ssl hosts resign)
(This used to be commit e1572f85d6)
