IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
NetApp filers expect paths in Open AndX Request to have a leading slash.
Windows clients send the leading slash, so we should too.
(This used to be commit fc5b6e4bd8a67994b0c56d1223c74d064164420f)
Jeremy: requires your eyes...
If the remote connection timed out while cli_list() was retrieving its list of
files, the error was not returned to the user, e.g. via smbc_opendir(), so the
user didn't have a way to know to set the timeout longer and try again. This
problem would occur when a very large directory is being read with a too-small
timeout on the cli.
Jeremy, although there were a couple of areas that needed to be handled, I
needed to make one change that you should bless, in libsmb/clientgen.c. It
was setting
cli->smb_rw_error = smb_read_error;
but smb_read_error is zero, so this had no effect. I'm now doing
cli->smb_rw_error = READ_TIMEOUT;
instead, and according to the OP, these (cumulative) changes (in a slightly
different form) solve the problem.
Please confirm this smb_rw_error change will have no other adverse effects
that you can see.
Derrell
(This used to be commit fa664b24b829f973156486896575c1007b6d7b01)
This completes the work Jeremy began last week, disambiguating the meaning of
c_time. (In POSIX terminology, c_time means "status Change time", not "create
time".) All uses of c_time, a_time and m_time have now been replaced with
change_time, access_time, and write_time, and when creation time is intended,
create_time is used.
Additionally, the capability of setting and retrieving the create time have
been added to the smbc_setxattr() and smbc_getxattr() functions. An example
of setting all four times can be seen with the program
examples/libsmbclient/testacl
with the following command line similar to:
testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt'
The -f option turns on the new mode which uses full time names in the
attribute specification (e.g. ACCESS_TIME vs A_TIME).
(This used to be commit 8e119b64f1d92026dda855d904be09912a40601c)
worked in one test, no idea what memory I've overwritten that time. This time
it survives the unpatched w2k password change.
Volker
(This used to be commit bf7bf8e4e9a279fe3ef1e9ff655b12f65c3c3e67)
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
(This used to be commit 77fe2a3d7418012a8dbfb6aaeb2a8dd57c6e1a5d)
have been able to reproduce with smbtorture4 for bug number 4059. It's too
late here now to check with W2k native, I'll do that tomorrow or over the
weekend. I'll then also check in a samba4 torture test to walk this from now
on.
Abartlet, can you do me a favor and look over this? It is a 1:1 copy of the
corresponding Samba4 code.
Thanks,
Volker
(This used to be commit fb5ebab873ba5196f35a9801ab2e21811b0fa8a0)
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
(This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
the code to redo the CLDAP query to restrict DC
DNS lookups to the sitename. Jerry, please check
to stop me going insane :-).
Jeremy.
(This used to be commit 8d22cc111579c57aec65be8884b41564b79b133a)
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
return NTSTATUS.
If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.
Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?
Volker
(This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
error. Fix our DNS SRV lookup code to deal with multi-homed hosts.
We were noly remembering one IP address per host from the Additional
records section in the SRV response which could have been an unreachable
address.
(This used to be commit 899179d2b9fba13cc6f4dab6efc3c22e44e062bc)
a copy of the plaintext password, only the NT and LM
hashes (all it needs). Fix smbencrypt to expose hash
verions of plaintext function. Andrew Bartlett, you
might want to look at this for gensec.
This should make it easier for winbindd to store
cached credentials without having to store plaintext
passwords in an NTLM-only environment (non krb5).
Jeremy.
(This used to be commit 629faa530f0422755823644f1c23bea74830912f)
NTcancel doesn't send a reply, so in this case the signing
sequence number is only incremented by 1, not 2.
Jeremy.
(This used to be commit 85841a01987e653a085af00c7c437145686a332b)
calls introduced by signing code simplification.
Please test if you've seen signing problems with
3.0.23a.
Jeremy.
(This used to be commit f462daf02c12cfba634f92e681eb23a09e7d0acf)
turns out that EDQUOTA must map to NT_STATUS_DISK_FULL
for Windows apps to work correctly. My mistake.
Jeremy.
(This used to be commit de1e3f7a7ae9e8a41b45130e2cdfc22f43cf53b5)
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
(This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
DCs isn't resolvable in DNS. The fix is to leave that DC out of the
returned list of DCs. I think the original code intended that anyway,
just didn't quite get it right ('i' wasn't incremented in that code
path, so the loop didn't terminate)
(This used to be commit d7ec9f3cc0439e9e0f4c98988b14ae2155d931b9)