IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.
(This used to be commit 1b828f051d0782201f697de15ff973bd6b097d5b)
this already has to be right. This makes the
signed+sealed area the same as it will be with
gss calls. Now to go implement them.
Jeremy.
(This used to be commit 80810af7d1137b3ddd3073581d5ec99fadaa81a5)
the 4 byte length isn't included in the length :-).
We now have working NTLMSSP transport encryption
with sign+seal. W00t!
Jeremy.
(This used to be commit d34584cb5c53c194693ce7236020ab83f60cd235)
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
(This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
for the server side enc. (doesn't break anything).
I'll keep updating this until I've got NTLM seal working
on both client and server, then add in the gss level
seal.
Jeremy.
(This used to be commit 530ac29abf23e920baa549e7cec55199edd8bd74)
these out as I implement. Don't add to SAMBA_3_0_25, this
is experimental code.
NFSv4 you're now officially on notice... :-).
Jeremy.
(This used to be commit 5bfe638f2172e272741997100ee5ae8ff280494d)
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.
(This used to be commit c426340fc79a6b446033433b8de599130adffe28)
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.
(This used to be commit 7a7862c01d07796ef206b255c676ad7dc2cc42fc)
calling convention in the latest MIT changes. Apparantly Heimdal
is also changing to this calling convention.
(This used to be commit c29c69d2df377fabb88a78e6f5237de106d5c2c5)
mode_t in posix_open/posix_mkdir -> 8 bytes to match
the SET_UNIX_INFO_BASIC call. Steve is updating the
Wikki.
Jeremy.
(This used to be commit 2f1c95ac7718c1d2a75367ba712edd6b57069432)
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
(This used to be commit 1c9e10569cd97ee41de39f9f012bea4e4c932b5d)
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adce51cec06df0e993534064b20666a8e)
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff345fa9e427c9579183f4380004bf3dd7)
DFS referrals. This doesn't appear to break anything in the non-DFS case,
but I don't have an environment to test DFS referrals. Need confirmation
from OP that this solves the problem.
(This used to be commit e479a9c094fa42354aad7aa76a712bf67d3d4d45)
- Should fix bug 4115 (but needs confirmation from OP). If the kerberos use
flag is set in the context, then also pass it to smbc_attr_server for use by
cli_full_connection()
- Should fix bug 4309 (but needs confirmation from OP). We no longer send a
keepalive packet unconditionally. Instead, we assume (yes, possibly
incorrectly, but it's the best guess we can make) that if the connection is
on port 139, it's netbios and otherwise, it isn't. If netbios is in use, we
send a keepalive packet. Otherwise, we check that the connection is alive
using getpeername().
(This used to be commit 2f9be59c10ef991a51cc858ab594187b5ca61382)
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181da0c356c8ffbdb5b380ccab3645a972)
