IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Thanks to Joachim Achtzehnter <joachima@netacquire.com> for pointing out this
flaw!
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 23:57:13 CEST 2016 on sn-devel-144
Guenther
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).
It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.
It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).
After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
Logon failure (0xc000006d)
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add documentation that ea support = yes is required and explain why all
shares for OS X clients should use fruit if one uses it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11690
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 3 21:25:54 CET 2016 on sn-devel-144
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 19 21:34:14 CET 2016 on sn-devel-144
This matches Windows' Active Directory maximum page size.
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Now there is only "realm" as a config option; it replaces "cn_realm" and
"ldap_realm".
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 14 15:43:55 CET 2015 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11641
Duplicate "acl map full control" entry in man vfs_gpfs
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Wolfgang Ocker <weo@recco.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Dec 5 01:24:56 CET 2015 on sn-devel-104
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Dec 4 22:09:09 CET 2015 on sn-devel-104
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Nov 30 06:54:11 CET 2015 on sn-devel-104
Useful to take in sync password from other repository.
(Modify MASK_USER_GOOD to include new flag BIT_PWSETNTHASH)
pdbedit -vw show also password hashes .
Split pdb_set_plaintext_passwd in two function:
pdb_set_plaintext_passwd and pdb_update_history.
pdb_update_history update password history and is call from
pdb_set_plaintext_passwd.
Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 24 23:47:19 CET 2015 on sn-devel-104
The changes enable the ant_glob declaration to be compatible with
more recent versions of Waf.
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Removes accessor functions as now this parameter is set
under user control in smb.conf. Default is 100.
Note that this doesn't limit the number of outstanding
aio requests, it just causes them to go onto the
pthreadpool queue.
Now we need to prioritize pthreadpool pipe replies
ahead of incoming SMB2 requests, but that's a patch
for another day.
Based on ideas from Volker.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
"idmap config DOMAIN : OPTION" is the pattern used.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov 13 19:55:33 CET 2015 on sn-devel-104
Holger Hetterich told me in a personal email that he does not have
time to care about this project anymore and that he is fine to
remove it from Samba.
Why the removal? It contains homegrown crypto that would need to
be thoroughly audited and/or fixed. And if it's neither maintained
nor widely used I'd rather have it removed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 6 06:26:34 CET 2015 on sn-devel-104
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 5 01:22:48 CET 2015 on sn-devel-104
Corrected mistakes, probably comming from a too fast
"copy and paste", in the smb.conf manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11584
Signed-off-by: YvanM <yvan.masson@openmailbox.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov 2 14:43:15 CET 2015 on sn-devel-104
The manpage says that the value for an AD DC is "ACTIVE DIRECTORY
DOMAIN CONTROLLER", not "DOMAIN CONTROLLER", like mentioned in
the example.
Additinally the correct value for BDC is "CLASSIC BACKUP DOMAIN CONTROLLER"
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 13 09:38:01 CEST 2015 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11459
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 21 07:17:35 CEST 2015 on sn-devel-104
This is to specify the storage place for this reverse boolean.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
this is to specify the storage place for this reverse boolean.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is to differentiate the variable/function name from
the parameter name, which is the non-standard "-valid".
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Move the special stuff of the hand-written lp_cups_encrypt()
function into a handler that is called once at load time.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is achieved by moving the special treatment from
the lp_smb2_max_credits() function in the the special
handler that is called only once upon lp_load().
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The documentation claims this is specified in seconds. However, it is
passed straight through to poll(2), which takes a timeout in
milliseconds.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 20 15:47:43 CEST 2015 on sn-devel-104
The new default is to disable SSLv3, as this is no longer considered
secure after CVE-2014-3566. Newer GnuTLS versions already disable SSLv3.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add clarification about the nature of "winbind max clients" parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11401
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104
Bring the list of supported socket options in smb.conf in sync
with the code
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 9 03:48:13 CEST 2015 on sn-devel-104
Available subcommands:
create - Create a domain or forest trust.
delete - Delete a domain trust.
list - List domain trusts.
namespaces - Manage forest trust namespaces.
show - Show trusted domain details.
validate - Validate a domain trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With a central notifyd, we can't do this per share anymore. Notifyd will
only look at absolute paths, not shares.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
With a central notifyd, we can't do this per share anymore. Notifyd will
only look at absolute paths, not shares.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Per share option: it reflects whether a share is indexed by Tracker or
not. The global switch that controls whether Spotlight is enabled or
not, are the mdsvc RPC switches.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Implement Apple's special copy_chunk ioctl that requests a copy of the
whole file along with all attached metadata.
These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Update the sharesec man page to reflect the output currently used, and
also add a note that the OWNER and GROUP fields are not used for share
ACLs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 17 13:36:23 CEST 2015 on sn-devel-104
vfs_fruit adds a wildcard path "._*" to the vetolist in order to prevent
client access to ._ AppleDouble files created internally by vfs_fruit
for storing the Mac resource fork stream.
Unfortunately there are legitimite use cases where an OS X client may
want to use such filenames, extracting ZIP archives (where the archive
contains ._ files) being one of them.
A possible simple solution to this problem would be to not veto ._ files
in the first place, even though that exposes internally created ._ files
which the client shouldn't be able to access.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11305
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 9 14:48:14 CEST 2015 on sn-devel-104
