IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea
anyway (potential PDC/BDC applications).
Given all that, remove it...
Andrew Bartlett
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
future.
This moves us from fstrcpy() and global variables to 'get' and 'set' functions.
In particular, the 'set' function sainity-checks the input, in the same way as
we always have.
Andrew Bartlett
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
on both by default, and you can specify a list of ports to listen on
either with "smb ports = " in smb.conf or using the -p option to smbd.
this is needed for proper netbiosless operation.
there were 2 bugs:
1) we were sending a null challenge when we should have sent an empty
challenge
2) the password can be in unicode if unicode is negotiated. This means
our client code was wrong too :(
Finally the cascaded VFS patch is in.
Testing is very welcome, specially with layered multiple vfs modules.
A big thank to Alexander Bokovoy for his work and patience :)
Simo.
- That we never call winbind recursivly
- That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping
in either the passdb or the group mapping db.
Also, remove restrictions that say 'this domain only'. If we have a mapping
configured, allow it to be returned. If we later decide certian mappings are
invalid, then we sould put that in the code that actually does the map.
Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even
if they are not represented by Unix groups yet.
Andrew Bartlett
This gets my test code working, where we previously failed with files
above 20G in size.
I'm still not completely happy with this. There are just too many
fields in trans2.c that we don't fill in.
this one fixes swat not working with browsers that set more then one language.
along the way implemented language priority in web/neg_lang.c with bubble sort
also changet str_list_make to be able to use a different separator string
Simo.
Remove the n^2 search for valid 'tty' names from the sesion code when we
don't actually need it. Its main value is in getting 'well behaved'
numbers for use with utmp, so when we are not doing utmp we don't need
this to get in the way.
Andrew Bartlett
session setup, it would not correctly pick up the [homes] share on a subsequent
session setup.
The new rules are: If you want to connect to [homes], then it must have been
available at session setup time, or you must be in security=share. At each
session setup, the user's copy of [homes] is updated to ensure it has the right
path etc.
Andrew Bartlett
patches:
Andrew Bartlett
From his e-mail:
Below I attach the following patches as a result of my work
on trusted domains support:
1) srv_samr_nt.c.diff
This fixes a bug which caused to return null string as
the first entry of enumerated accounts list (no matter what
entry, it was always null string and rid) and possibly
spoiled further names, depeding on their length.
I found that while testing my 'net rpc trustdom list'
against nt servers and samba server.
2) libsmb.diff
Now, fallback to anonymous connection works correctly.
3) smbpasswd.c.diff
Just a little fix which actually allows one to create
a trusting domain account using smbpasswd
4) typos.diff
As the name suggests, it's just a few typos fix :)
I don't like the idea of muliple netprots - becouse I see potential problems
with people being able to maniplate internal samba variables.
This applies in particular to remote names, so don't allow muliple session
requests either.
Also remove a pstrcpy() from the tcon code, we really don't need it.
Andrew Bartlett
This is for two things: To allow panic actions etc to pump out backtraces to
stderr and to allow vangrind to put its stuff in a logfile - making it possible
to debug smbd when launched from inetd.
I've also cleaned up some of the duplicate names in procedures between smbd and
nmbd.
Andrew Bartlett
As noticed by Lev Iserovich <lev@ciprico.com> this seems to fix a problem
with oplock breaks and Win2k, and we are protected from problems by existing
code in trans2.c and nttrans.c
Jeremy.
