IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
to winbindd. idmap_allocate_rid wants information about whether this will be a
user or a group, I did not export this to the winbind interface.
The reason for idmap to get that info is to keep consistent with the
algorithmic convention to alloc only even rids for users and odd rids for
groups. I'm not fully convinced that this really gains us anything. Any real
good arguments?
Volker
much of your winbindd_passdb, users are currently not provided by that, only
aliases. Currently the code to maintain that stuff is not yet in, this will be
next, see my next posting to samba-technical.
Volker
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
This is an odd corner case having to do with <1C> group names (DC names).
<1C> group names are called (by MS) "Internet Special Groups", which means
that Microsoft's WINS servers will attempt to handle these names in
something approximating an RFC1001/1002 compliant manner.
The problem being reported here is this: If an initial registration sent
by one of the group members is lost (network error, whatever) then
subsequent refreshes from that particular machine will also fail. This
only happens if the name is already active (because of other group
members).
In most cases, we (and MS) handle refreshes as registrations if the name
is not in the database. In this situation, we missed the corner case.
Bert's fix adds an 'else if' that catches the situation in which a refresh
for an unlisted IP of an active <1C> group name is received. The refresh
is simply handled as a registration when this happens.
[Note: Committing in HEAD. I am writing some tools to do registrations
and refreshes so that I can test this. I don't have an NT Domain
for testing so I'm going to have to fudge. This fix is small (I
cleaned up some Debug messages and comments in addition to the fix)
and if you want to test it with 3.0.x you can just copy the HEAD
version into your 3.0.x tree and recompile.]
It appears that we pass filename through resolve_wildcards() as pstring and use fstring temporary buffer there.
As result, a long filename in unix charset (UTF-8 by default) can easily expand over 255 bytes while
Windows is able to send to us such names (e.g. Japanese name of ~190 mb chars) which we unable to process through
this small fstring buffer. Tested with W2K and smbclient, Japanese and Cyrillics.
what it was :-). Allow msdfs links to now look like UNC paths : eg.
sym_link -> msdfs://server/share/path/in/share
or :
sym_link -> msdfs:\\server\share\path\in\share
Jeremy.
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
character set. Because of the allowing of "broken conversions" for people
who have broken iconv libraries we can't rely on the return from convert_string()
to be valid - we must check errno instead. This is ripe for revisiting at
some stage. I prefer adding a bool parameter to all convert_string_XX varients
to specify if we will allow broken conversions or not. With "allow_broken_conversions"
set to false we could then rely on the return from convert_string rather than
checking errno.
Jeremy.
in 3.0.2a actually). We now send a correct referral back, but the client
refuses to follow it... Not sure why. Will do more tests.. Maybe unicode
character count is wrong (it looks it).
Jeremy.
settrustpwent, gettrustpwnam
2) Implementation of another couple of these functions in tdbsam:
settrustpwent, gettrustpwnam, gettrustpwsid
3) Testing (mostly for now) usage of the interface in pdbedit
which is soon to be offline tool back again.
This is quite a new code, so many changes will be put in soon.
rafal
This code implements 'opportunistic signing' in our client (when the
server supports it, we will use it), and correct downgrading on both
the client and server for the 'enabled' (rather than required) signing
level.
This means that we can actually set 'server signing = yes' and not
have the world fall apart. We had a number of bugs in that code, and
it certainly looks like most of the testing was with the 'requried'
setting.
While the changes are reasonable, I'm putting this into HEAD rather
than 3.0 for the timebeing. SMB signing, like NTLMSSP, tends to have
gotchas in it :-)
(I also need to give it a workout with more than smbclient before I
move it across).
Andrew Bartlett
