IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.
Volker
(This used to be commit 2df6750a07)
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
(This used to be commit 8cc10a6c05)
another NTLMv2 combination.
We should allow the NTLMv2 response to be calculated with either the domain
as supplied, or the domain in UPPER case (as we always did in the past).
As a client, we always UPPER case it (as per the spec), but we also
make sure to UPPER case the domain, when we send it. This should give
us maximum compatability.
Andrew Bartlett
(This used to be commit 1e91cd0cf8)
ago.
This patch re-adds support for 'optional' SMB signing. It also ensures that
we are much more careful about when we enable signing, particularly with
on-the-fly smb.conf reloads.
The client code will now attempt to use smb signing by default, and disable
it if the server doesn't correctly support it.
Andrew Bartlett
(This used to be commit e27b5cbe75)
patch removes the 'unicode' smb.conf option.
Clients are as always free not to negotiate unicode, but Samba will always
accept unicode in smbd.
Setting 'unicode = no' caused me more client BSODs than any other option
I have seen, and I really want to protect some of our more silly users, who
will, no matter what, select and change every option...
Andrew Bartlett
(This used to be commit 3f9177bd5d)
error after select() returns true. (See accept man page on Linux). Patch from
rabies@meep.org (Richard Garnish).
Jeremy.
(This used to be commit 6ca158291c)
Redirect clients to shares based on the the client's IP address. The msdfs
link has the following form:
temp1 -> msdfs:@/data/tmp/redir@\temp
The file /data/tmp/redir has the contents:
192.168.234.128 closest
192.168.234 close
default
Everything in between the @-signs in the link target is replaced by the
substituion in the file.
Jerry, errors in the filename expansion are now answered with
NT_STATUS_OBJECT_NAME_NOT_FOUND
Volker
(This used to be commit 8e237d533e)
some platforms (FreeBSD in this case) don't define timezone according to
posix. This is what I wanted to do anyway.
Spotted by Andrzej Tobola <san@iem.pw.edu.pl>
(This used to be commit bc13e35db0)
* force the PRINTER_ATTRIBUTE_LOCAL (nor PRINTER_ATTRIBUTE_NETWORK)
* ensure that we return the sec_desc in smb_io_printer_info_2
(allows prnui.dll to restore security descriptors from a data file).
(This used to be commit c335cb80d2)
Winbind tickets expired. We now check the expiration time, and acquire
new tickets. We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them. Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway. Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
(This used to be commit c2436c433a)
bad time locally, updating the directory only for hitting the policy limit
or resetting.
This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit. It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.
The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends. tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87)
net rpc did not inform you if no smbd is running.
I never liked the error message (!) Success! when we established a trust.
Volker
(This used to be commit 4191a434d4)
to make it generic. Remove the mb-codepage "blacklist". Alexander, please
check this fix as it reverts your blacklist changes, but I'm hoping it
fixes the problem in a more generic way for all charsets. I'm not trying
to trample on your (excellent!) work here, just make things more generic
without special cases.
Jeremy.
(This used to be commit 5a9324525a)
bytes in the mb character at a pointer. Will be useful in fixing check_path_syntax()
to not use a "blacklist". Also re-added my (C) to reply.c. I mean, really - I've
been adding code to the file for over 10 years and I recognise many of the
fuctions as mine ! :-).
Jeremy.
(This used to be commit d2b2a39fd2)
This is intermediate fix as discussed with Jeremy until we move check_path_syntax() to UCS2 internally where all
ambiguity is resolved. Please add other encodings into charcnv.c with such property.'
'
(This used to be commit 2c404f6ba9)
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599)
there are multiple "."'s in the name.
This code is protected with an #ifdef TRUNCATE_NETBIOS_NAME and this
is #define'd to 1 directly above. Should we also get rid of the #ifdef?
(This used to be commit 0375dace24)
It appears that we pass filename through resolve_wildcards() as pstring and use fstring temporary buffer there.
As result, a long filename in unix charset (UTF-8 by default) can easily expand over 255 bytes while
Windows is able to send to us such names (e.g. Japanese name of ~190 mb chars) which we unable to process through
this small fstring buffer. Tested with W2K and smbclient, Japanese and Cyrillics.
(This used to be commit 83dac6571f)
what it was :-). Allow msdfs links to now look like UNC paths : eg.
sym_link -> msdfs://server/share/path/in/share
or :
sym_link -> msdfs:\\server\share\path\in\share
Jeremy.
(This used to be commit 2979c3e388)
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
(This used to be commit 7b96765c23)
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring. There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384)
character set. Because of the allowing of "broken conversions" for people
who have broken iconv libraries we can't rely on the return from convert_string()
to be valid - we must check errno instead. This is ripe for revisiting at
some stage. I prefer adding a bool parameter to all convert_string_XX varients
to specify if we will allow broken conversions or not. With "allow_broken_conversions"
set to false we could then rely on the return from convert_string rather than
checking errno.
Jeremy.
(This used to be commit 74722f2865)
in 3.0.2a actually). We now send a correct referral back, but the client
refuses to follow it... Not sure why. Will do more tests.. Maybe unicode
character count is wrong (it looks it).
Jeremy.
(This used to be commit e2709f99fc)
Big thanks to tpot and mbp for showing how easy it can be to write a simple
unit test, and for providing the STF.
This also changes the strstr_m() code to use strstr_w() (avoiding
duplication) and fixes it so that it passes the STF.
(We now always restart before doing the unicode run, until sombody can
show me why the testsuite is wrong).
Andrew Bartlett
(This used to be commit a893a324f3)
For example:
strstr_m("%v foo bar", "%v") would fail...
only strstr_m("foo %v", "%v") could work.
I wonder what else this broke...
Fix is to move to using strncmp() inside the strstr_m function.
Tested on ASCII only.
Andrew Bartlett
(This used to be commit 44d304f84c)
A windows DC does not reply to DCNAME\\Administrator, only to
DOMAIN\\Administrator. Fix that.
Without winbind we are wrong as domain members, we should forward the request
DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that
nicely.
Volker
(This used to be commit 7ed61edbbe)
so breaks when substitution '/' and '\'). It's used by unix_clean_name(),
which is used by reduce_name, which is used by check_name() (phew!).
Now that we know all filenames passed to check_name() are in a "good"
format (no double slashes, all '\\' chars translated to '/' etc.) due
to the new check_path_syntax() we can avoid calling reduce_name unless
widelinks are denied. After this check-in I can fix all_string_sub() to
handle mb chars correctly as it won't be in the direct path in the
main path handling code.
Jeremy.
(This used to be commit 6080186fc4)
on setuserinfo levels which include this field, unless the corresponding
bit (defined in passdb.h) is turned on. Without this, newer versions
of usrmgr break us pretty bad.
(This used to be commit 840340bd96)
The problem was that the current_printif struct was set during
print_backend_init() based on the 'printcap name'. So you could
not use cups and then override the setting for a specific printer
by setting 'printing = bsd' (a common setup for pdf generation
print services.
There is a subtle change in behavior in that the print
interface functions are selecting on the basis of lp_printing()
and not lp_printcap_name(), but the new behavior seems more
intuitive IMHO.
(This used to be commit 14de9c0657)
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect. I'd like to have some feedback on the usability
of this.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
(This used to be commit eb4d4faff8)
Even if it's our own lock context, we need to wait here as
there may be an unlock on the way.
So I removed a "&& !my_lock_ctx" from the following
if statement.
if ((lock_timeout != 0) && lp_blocking_locks(SNUM(conn)) && ERROR_WAS_LOCK_DENIED(status)) {
Jeremy.
(This used to be commit 3f35e3975f)
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit 191b43159e)
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit 86ad04d26d)
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 76c75bb8a7)
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.
For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.
Andrew Bartlett
(This used to be commit 9ffc490fce)
on an initial open the desired_access field *must* contain DELETE_ACCESS,
simply having it map from a GENERIC_ALL won't do. Fixes delete on close test.
Jeremy.
(This used to be commit 5c6f8b1053)