IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
latest Debian official packages for Debian unstable. Also fixes
patches that got out of date in the beta2->beta3 development process.
(This used to be commit 03871fd574bf9c0f6d88c96423f77e9ada7b16f7)
for me without this patch. I'm not sure if I interpreted your patch to
this code right.
Thanks,
Volker
(This used to be commit 46ec022f873416d2258fc8d84430b17319dce70f)
Needs to be rewritten to use a reference counter, but this
will work for now.
also the memory allocation in the printing code needs to be cleaned
up to use talloc exclusively.
(This used to be commit 3d293027563b36411b7f84ed9d8f47f926271c6f)
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).
Note: This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins. (NTLMv2 is better,
fortunetly).
Andrew Bartlett
(This used to be commit 95ec8317d4c6817d192bcd52eec44a22286e10ee)
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
we end up freeing a pointer we didn't mallocate.
Also, calling strdup() in a frequently called function just to clear up a
const compiler warning seems inelegant and inefficient.
(This used to be commit a0da5ae1198082d0cf18707ed2cf05f728b00d0b)
Still testing this, but I'm checking it in
so Volker can test it as well. Should be right.
(This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
location. These files are now in docs/Registry. For some reason only
the PlainPassword files are included in the packaging, not some of the
other useful Samba related registry mods such as sign or seal and
terminal server.
I also removed the reference to checkinstall as it doesn't seem to
exist on the Solaris system in the build farm and I can't figure out
what it is supposed to do (always a good reason to delete something).
docs.solaris.com says "The checkinstall script is only available with
the Solaris(TM) 2.5 and compatible releases" so maybe this file is
obsolete.
Part of fix for bug 218.
(This used to be commit 0699f362c524dc07b84ad23c57e559ec5e4681f8)
fix the confusion when we tdb_lock_bystring() but
we retrieve an entry using tdb_fetch_by_string.
It's now always tdb.*bystring()
(This used to be commit 66359531b89368939f0e8f584a45844b5f2f99e7)
This has been tested on RedHat 9.0 with libiconv built in as well as
FreeBSD 4.6.2 with iconv-2.0.3 and biconv.g/libbiconv.
We should perhaps also check for other conversions that just ASCII<-->UCS-2LE
especially because those two names do not appear in charset.aliases for
iconv-2.0.3.
(This used to be commit 53d953da10dbfaf778907f19115e127c5aac1da8)
