IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
here's a small fix that fixes the new quota system on irix.
I need to reanable XFS quotas on irix for the new quota system
(Jerry do you want to wait for this for the release ?)
But the old system works and is the default on irix!
(This used to be commit 5d43e00a49)
:-).
"here's a patch which ports the samba 2.2 samba_linux_quota.h stuff to 3_0.
This is needed because of so many broken quota files outthere.
Please, test this with old, new kernels
(strucr dqblk, struct mem_dqblk, and struct if_dqblk)
, quota.user, aquota.user formats
what is when a user is over soft quota and over hard quotas..."
Jeremy.
(This used to be commit 4350aa6ce6)
test for a valid length to fail...
This should fix 'security=server' and hosts-equiv failures picked up by
the build farm.
Andrew Bartlett
(This used to be commit 39311495de)
would attempt to supply a password to the 'inside' NTLMSSP, which the
remote side naturally rejected.
Andrew Bartlett
(This used to be commit da408e0d5a)
DNS names (realms) from NetBIOS domain names.
Until now, we would experience delays as we broadcast lookups for DNS names
onto the local network segments.
Now if DNS comes back negative, we fall straight back to looking up the
short name.
Andrew Bartlett
(This used to be commit 32397c8b01)
could reproduce it, I would fix it, but for now just make sure we always
SAFE_FREE() and set our starting pointers to NULL.
Andrew Bartlett
(This used to be commit c279e178bc)
rpc_parse/parse_lsa.c:
nsswitch/winbindd_rpc.c:
nsswitch/winbindd.h:
- Add const
libads/ads_ldap.c:
- Cleanup function for use
nsswitch/winbindd_ads.c:
- Use new utility function ads_sid_to_dn
- Don't search for 'dn=', rather call the ads_search_retry_dn()
nsswitch/winbindd_ads.c:
include/rpc_ds.h:
rpc_client/cli_ds.c:
- Fixup braindamage in cli_ds_enum_domain_trusts():
- This function was returning a UNISTR2 up to the caller, and
was doing nasty (invalid, per valgrind) things with memcpy()
- Create a new structure that represents this informaiton in a useful way
and use talloc.
Andrew Bartlett
(This used to be commit 06c3f15aa1)
This introduces range retrieval of ADS attributes.
VL rewrote most of Gnther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.
I rewrote that patch, to ensure that we can keep an eye on the USN
(sequence number) of the entry - this allows us to ensure the read was
atomic.
In particular, the range retrieval is now generic, for strings. It
could easily be made generic for any attribute type, if need be.
Andrew Bartlett
(This used to be commit 131bb928f1)
- Add pgSQL backend (based on patch by Hamish Friedlander)
- Use query generate functions from pdb_mysql and pdb_pgsql
- Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change
(This used to be commit 65ad2c02fd)
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.
Jerry: This is a change in behaviour, but I think it is necessary.
Volker
(This used to be commit 3ce6c9f273)
it out onto the wire. Avoids valgrind warnings because the fstrcpy() causes
part of the wire buffer to be 'marked'.
Andrew Bartlett
(This used to be commit 53d802c72a)
it sent 'INVALID_PARAMETER', when it was us as the server that could not
come up with a session key. Instead, allow normal authentication to take
place, but do not setup a session key.
Andrew Bartlett
(This used to be commit e5abd93d79)
a double-free(), and the resultant malloc heap corruption.
This may be one of our lurking winbind segfaults.
Andrew Bartlett
(This used to be commit 903263a1bd)
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name->sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit f9e59f8bc0)
This introduces range retrieval of ADS attributes.
I've rewritten most of Gnther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.
Andrew, you told me that you would like to see a check whether the AD sequence
number is the same before and after the retrieval to achieve atomicity. This
would be trivial to add, but I'm not sure that we want this, as this adds two
roundtrips to every membership query. We can not know before the first query
whether we get additional range values, and at that point it's too late to ask
for the USN.
Tested with a group of 4000 members along with lots of small groups.
Volker
(This used to be commit 9d8235bf41)
domains (in particular, the domain of the current machine, if it is not a PDC)
By changing the error codes, we now return values that PAM can correctly
use for better stacking of PAM modules - in particular of the password change
module.
This allows pam_winbind to co-exist with other pam modules for password changes.
Andrew Bartlett
(This used to be commit 6a8cc7f012)
our primary domain - new domains are added to the front of the list. :-(
Use a much more reliable 'flag test' instead. (note: changes winbind structures, make clean).
Andrew Bartlett
(This used to be commit cc050e0137)
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This
doesn't seem to occour in reality, hence why we missed the typo.
lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
- all the callers to pull_utf8_allocate() pass a char ** as the first
parammeter, so don't make them all cast it to a void **
nsswitch/winbind_util.c:
- Allow for a more 'correct' view of when usernames should be qualified
in winbindd. If we are a PDC, or have 'winbind trusted domains only',
then for the authentication returns stip the domain portion.
- Fix valgrind warning about use of free()ed name when looking up our
local domain. lp_workgroup() is maniplated inside a procedure that
uses it's former value. Instead, use the fact that our local domain is
always the first in the list.
Andrew Bartlett
(This used to be commit 494781f628)
objects from the print handle cache. Fixes bug that
caused smbd to consume large amounts of RAM when
(a) a printer handle was kept open over an extended
period of time, and
(b) the client issued frequent requests that resulted
in a call to get_a_printer()
(This used to be commit 10b9976e0a)
is not significant in windows user names we should not lose information by
lower-casing the name before handing it to AFS.
Volker
(This used to be commit 6d2285b6d1)
Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.
This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.
Andrew Bartlett
(This used to be commit 7a3a5a6361)
subsystem into a seperate file - ntlm_check.c.
This allows us to call these routines from ntlm_auth. The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind. This should allow for easier debugging.
ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's
work)
Andrew Bartlett
(This used to be commit 48315e8fd2)
The next move will be to remove our password checking code from the SAM
authentication backend, and into a file where other parts of samba can use
it.
The ntlm_auth changes provide for better use of common code.
Andrew Bartlett
(This used to be commit 2375abfa00)
solves the problem for me here, I can still successfully set up signing using
NTLMSSP against w2k3 and it does not show a signing error anymoe when the
password was wrong.
Jeremy, you might want to take a further look at it as this is not
particularly elegant.
Volker
(This used to be commit f5afaafd61)
This adds the ability to specify the new user password for 'net ads password'
on the command line. As this needs the admin password on the command line, the
information leak is minimally more.
Patch from gd@suse.de
Volker
(This used to be commit e6b4b956f6)
This patch will change order how attributes are modified
from: add, delete
to: delete, add
This is needed to update single valued attributes in Novell NDS and
should not harm anyone else.
(This used to be commit fabf801690)
When smb.conf tells us to write to a read-only LDAP replica and we are
redirected by the LDAP server, the replication might take some seconds,
especially over slow links. This patch delays the next read after a rebind for
'ldap rebind sleep' milliseconds.
Metze, thanks for your patience.
Volker
(This used to be commit 63ffa770b6)
actually used.... 'afs username map' should not show up in the swat basic
view. :-)
Maybe I should use swat from time to time....
Volker
(This used to be commit d4e071d14b)
This fixes a problem joining a Samba domain from a
vanilla win2k client that doesn't set the
NTLMSSP_NEGOTIATE_NTLM2 flag.
Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit ef4ab8d7c4)
broken by my NTLM2 commit. This should correctly cause the NTLM2 case
not to be negotiated when 'security=server' is in effect.
Andrew Bartlett
(This used to be commit 19bb4b582f)
* don't fall back to unmapped UNIX group for
get_local_group_from_sid()
* remove an extra become/unbecome_root() pair
from group enumeration
(This used to be commit da12bbdb0d)
packet is the one that matters for checking the signing replies. Need to
check the server code does this correctly too....
Bug #832 reported by Volker.
Jeremy.
(This used to be commit 6750dc33b4)
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP
to configure.in (this took a *long* time to track down) to make autoconf
work correctly on Fedora Core 1.
Jeremy.
(This used to be commit c51d974b18)
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP
to configure.in (this took a *long* time to track down) to make autoconf
work correctly on Fedora Core 1.
Jeremy.
(This used to be commit a571194342)
