IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
much of your winbindd_passdb, users are currently not provided by that, only
aliases. Currently the code to maintain that stuff is not yet in, this will be
next, see my next posting to samba-technical.
Volker
(This used to be commit 9e0fb457ba77a55f8271b6acc91a07f0a8df3760)
enum_aliases to passdb. create and delete are not yet filled, you have to do
this with net groupmap and net idmap restore.
Volker
(This used to be commit f44bf63d1143ddf6a1a2fdc15a301e0dc0840d50)
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit 128dec9ae68fd357550de2649d54056ca4fc65cf)
fix up netbios names with mb strings. Includes reformat of libsmb/nmblib.c
so it's readable.
Jeremy.
(This used to be commit beca3829d1140bf7c2e394993a02dff1f2cf7bbd)
This is an odd corner case having to do with <1C> group names (DC names).
<1C> group names are called (by MS) "Internet Special Groups", which means
that Microsoft's WINS servers will attempt to handle these names in
something approximating an RFC1001/1002 compliant manner.
The problem being reported here is this: If an initial registration sent
by one of the group members is lost (network error, whatever) then
subsequent refreshes from that particular machine will also fail. This
only happens if the name is already active (because of other group
members).
In most cases, we (and MS) handle refreshes as registrations if the name
is not in the database. In this situation, we missed the corner case.
Bert's fix adds an 'else if' that catches the situation in which a refresh
for an unlisted IP of an active <1C> group name is received. The refresh
is simply handled as a registration when this happens.
[Note: Committing in HEAD. I am writing some tools to do registrations
and refreshes so that I can test this. I don't have an NT Domain
for testing so I'm going to have to fudge. This fix is small (I
cleaned up some Debug messages and comments in addition to the fix)
and if you want to test it with 3.0.x you can just copy the HEAD
version into your 3.0.x tree and recompile.]
(This used to be commit 8e52439f4ae9de84107e2d0e9f33f0d4e3c5945a)
It appears that we pass filename through resolve_wildcards() as pstring and use fstring temporary buffer there.
As result, a long filename in unix charset (UTF-8 by default) can easily expand over 255 bytes while
Windows is able to send to us such names (e.g. Japanese name of ~190 mb chars) which we unable to process through
this small fstring buffer. Tested with W2K and smbclient, Japanese and Cyrillics.
(This used to be commit cc70a548f3c48a9503fd54d01896cc2499f5bbcd)
what it was :-). Allow msdfs links to now look like UNC paths : eg.
sym_link -> msdfs://server/share/path/in/share
or :
sym_link -> msdfs:\\server\share\path\in\share
Jeremy.
(This used to be commit 3c89393e2907e4a3318fb3e94a911cd35f16b4c2)
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
(This used to be commit 3b4fca7b7f410cb0f11322e22c8f26a662eff941)
character set. Because of the allowing of "broken conversions" for people
who have broken iconv libraries we can't rely on the return from convert_string()
to be valid - we must check errno instead. This is ripe for revisiting at
some stage. I prefer adding a bool parameter to all convert_string_XX varients
to specify if we will allow broken conversions or not. With "allow_broken_conversions"
set to false we could then rely on the return from convert_string rather than
checking errno.
Jeremy.
(This used to be commit 30c30c5ac53ec8f32a44d0b1b39cc99fe9844467)
you should look at this.
Change behaviour from listing all groups to listing only BUILTIN\Administrator
Volker
(This used to be commit 32d196e9bbf203855832da16eff3dee495679928)
in 3.0.2a actually). We now send a correct referral back, but the client
refuses to follow it... Not sure why. Will do more tests.. Maybe unicode
character count is wrong (it looks it).
Jeremy.
(This used to be commit 859529aff348e66281d2ec4d54c5852121aae9e5)
settrustpwent, gettrustpwnam
2) Implementation of another couple of these functions in tdbsam:
settrustpwent, gettrustpwnam, gettrustpwsid
3) Testing (mostly for now) usage of the interface in pdbedit
which is soon to be offline tool back again.
This is quite a new code, so many changes will be put in soon.
rafal
(This used to be commit 2ed23fbce846f9710747d72aa98c20d54894d61e)
This code implements 'opportunistic signing' in our client (when the
server supports it, we will use it), and correct downgrading on both
the client and server for the 'enabled' (rather than required) signing
level.
This means that we can actually set 'server signing = yes' and not
have the world fall apart. We had a number of bugs in that code, and
it certainly looks like most of the testing was with the 'requried'
setting.
While the changes are reasonable, I'm putting this into HEAD rather
than 3.0 for the timebeing. SMB signing, like NTLMSSP, tends to have
gotchas in it :-)
(I also need to give it a workout with more than smbclient before I
move it across).
Andrew Bartlett
(This used to be commit 6bad895462cf076a7e917c909e2a461d1b360bf1)
need to try and convert 1 byte, then 2 bytes if that fails. Fixes bug
reported by Simo.
Jeremy.
(This used to be commit 0f84801ff3ed5acfcf8e0c4a825f90b9b4823da5)
A windows DC does not reply to DCNAME\\Administrator, only to
DOMAIN\\Administrator. Fix that.
Without winbind we are wrong as domain members, we should forward the request
DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that
nicely.
Volker
(This used to be commit c39f698dde98de9b6be40a6c81e669dcd7696b3a)
so breaks when substitution '/' and '\'). It's used by unix_clean_name(),
which is used by reduce_name, which is used by check_name() (phew!).
Now that we know all filenames passed to check_name() are in a "good"
format (no double slashes, all '\\' chars translated to '/' etc.) due
to the new check_path_syntax() we can avoid calling reduce_name unless
widelinks are denied. After this check-in I can fix all_string_sub() to
handle mb chars correctly as it won't be in the direct path in the
main path handling code.
Jeremy.
(This used to be commit bce0678331aa4746181389e0f91f11fb2a6dadcb)
original srvstr_pull_buf() function to get the pipename not srvstr_get_path().
Jeremy.
(This used to be commit ac5e0c4bb686e2aaccc9b70f240f79747fd48cd8)
