IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
logic in smbd/process.c. All interested (Volker,
Jerry, James etc). PLEASE REVIEW THIS CHANGE.
The logic should be identical but *much* easier
to follow and change (and shouldn't confuse Klockwork :-).
Jeremy.
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
prevents a nasty failure condition in winbindd's pam_auth where a tgt
and a service ticket could have been succefully retrieved, but just not
validated.
Guenther
changing the token generation. I *hate* this code!
Jerry, you have been looking at this as well, can you double-check that I did
not screw it up?
Thanks,
Volker
fail and we would still return success in the SMBsesssetup reply :-(
* Make sure to create the local token for the server_fino struct
in reply_spnego_kerberos() so that register_vuid() does not fail.
(how did this ever work?)
setup comes in with the vc (virtual connection) field set to zero. This is
done by Windows, probably you can tweak that by some registry key.
This boolean option controls whether an incoming session setup
should kill other connections coming from the same IP. This matches
the default Windows 2003 behaviour.
Setting this parameter to yes becomes necessary when you have a flaky
network and windows decides to reconnect while the old connection
still has files with share modes open. These files become inaccessible
over the new connection.
The client sends a zero VC on the new connection, and Windows 2003
kills all other connections coming from the same IP. This way the
locked files are accessible again.
Please be aware that enabling this option will kill connections behind
a masquerading router.
Volker
* remove redundant call to sub_set_smb_name() in session setup code.
* Fix lockup when running 'wbinfo -t' on a Samba PDC. Cause
was new authenticated session setup from winbindd which
resulted in a mangled username (machine_) that was not found
in the local files and so was queiued up to nss_winbindd.
Deadlock....
So now make sure to keep the trailing '$' for machine account
names when calling sub_set_smb_name().
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
aruna.prabakar@hp.com).
This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
ago.
This patch re-adds support for 'optional' SMB signing. It also ensures that
we are much more careful about when we enable signing, particularly with
on-the-fly smb.conf reloads.
The client code will now attempt to use smb signing by default, and disable
it if the server doesn't correctly support it.
Andrew Bartlett
register_vuid correctly. We ended up with the local netbios name in
substitutions for %D later.
Volker
P.S: Tridge, I can *really* see why you want to get rid of global variables
:-)
