IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
status = unix_convert(conn, name, False, NULL, &sbuf);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
status = check_name(conn, name);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
Make sure that every access pattern (including the
wildcard generated paths from unlink, rename, and copy)
do the same. Tidy things up a bit....
Jeremy.
(This used to be commit b8327b21dd)
The background behind this patch is that we're using ntlm_auth with
Wine. Windows allows us to pass in a NULL domain and a username of the
form of "user@domain" and this is converted into an NTLMSSP_AUTH packet
with a NULL domain name and a username of the same form.
Jeremy.
(This used to be commit 32b040fe05)
moment. To use, use something like:
./bin/ndrdump -l bin/smbd winreg winreg_EnumValue in <filename>
or to see what functions are available:
./bin/ndrdump -l bin/smbd winreg
(This used to be commit 0db258c600)
needs testing with other clients as well. I'm afraid I'm visiting a conference
tomorrow and saturday, so I'd be happy to get support in this.
Thanks,
Volker
(This used to be commit 2186e276a0)
ads_cached_connection() does not call get_dc_name()
before ads_connect() and therefore does not setup
the environment to look at krb5.conf.DOMAIN file
before sending the TGT request. The failure I'm seeing
occurs ni a multi-DC domain where we get back preuath
failed after we just joined the domain.
(This used to be commit 256f36dce3)
LAM module does to work around a system that does not support
>8 character usernames. Without the change, pam_winbind tries
to authenticate _#uid in the domain.
(This used to be commit 7f0ba72e05)
su - DOM\user was unable to set the process crendentials
without listing the "id" and other attributes in the attrlist[].
More fixes to come, but I didn't want this to get lost.
(This used to be commit 4c53d300fa)
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62a)
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adc)
