IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
logic in smbd/process.c. All interested (Volker,
Jerry, James etc). PLEASE REVIEW THIS CHANGE.
The logic should be identical but *much* easier
to follow and change (and shouldn't confuse Klockwork :-).
Jeremy.
(This used to be commit d357f8b335)
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
(This used to be commit 8059d0ae39)
prevents a nasty failure condition in winbindd's pam_auth where a tgt
and a service ticket could have been succefully retrieved, but just not
validated.
Guenther
(This used to be commit a75dd80c62)
changing the token generation. I *hate* this code!
Jerry, you have been looking at this as well, can you double-check that I did
not screw it up?
Thanks,
Volker
(This used to be commit 2765c4ff8d)
fail and we would still return success in the SMBsesssetup reply :-(
* Make sure to create the local token for the server_fino struct
in reply_spnego_kerberos() so that register_vuid() does not fail.
(how did this ever work?)
(This used to be commit 8dafa45b97)
setup comes in with the vc (virtual connection) field set to zero. This is
done by Windows, probably you can tweak that by some registry key.
This boolean option controls whether an incoming session setup
should kill other connections coming from the same IP. This matches
the default Windows 2003 behaviour.
Setting this parameter to yes becomes necessary when you have a flaky
network and windows decides to reconnect while the old connection
still has files with share modes open. These files become inaccessible
over the new connection.
The client sends a zero VC on the new connection, and Windows 2003
kills all other connections coming from the same IP. This way the
locked files are accessible again.
Please be aware that enabling this option will kill connections behind
a masquerading router.
Volker
(This used to be commit 5629ca1623)
Also remove the mem_ctx from the netsamlogon_cache_store() API.
Guenther, what should we be doing with the other fields in
the PAC_LOGON_INFO?
(This used to be commit 8bead2d282)
* remove redundant call to sub_set_smb_name() in session setup code.
* Fix lockup when running 'wbinfo -t' on a Samba PDC. Cause
was new authenticated session setup from winbindd which
resulted in a mangled username (machine_) that was not found
in the local files and so was queiued up to nss_winbindd.
Deadlock....
So now make sure to keep the trailing '$' for machine account
names when calling sub_set_smb_name().
(This used to be commit b0a2d43b60)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
NTLMSSP (not wrapped in SPNEGO). We really should have supported this
anyway, but we got away with it for a while...
Andrew Bartlett
(This used to be commit 78f0640a4b)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
aruna.prabakar@hp.com).
This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
(This used to be commit b7455fbf81)
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f2)
