IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
A leftover of stuff that cli_connect() does
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun May 29 15:47:17 CEST 2011 on sn-devel-104
This builds up a cli_state until after the netbios session setup. It makes use
of smbsock_connect, so it connects to 139 and 445 simultaneously. This improves
the connection to Windows 2008 which does not listen on *SMBSERVER anymore.
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat May 21 00:58:09 CEST 2011 on sn-devel-104
with client ntlmv2 auth = yes, there is a small difference between
using smbclient -U user\domain and smbclient -U user -W domain
if domain is provided in lowercase
using -W will uppercase the given parameter, while picking the
domain name from -U will not convert it to uppercase and this
leads to failing NTLMv2 authentication
with this patch, there is no difference between
smbclient -U domain\user and smbclient -U user -W domain any more
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Mon May 16 11:42:55 CEST 2011 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 27 00:25:35 CEST 2011 on sn-devel-104
(cherry picked from commit 69650a2aaa8649570261df7efccb35ad76d7cfc1)
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Apr 16 16:20:08 CEST 2011 on sn-devel-104
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
Jeremy.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.
Jeremy.
