IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adc)
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b722)
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5)
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
(This used to be commit af85d8ec02)
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d2)
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
(This used to be commit bd3e06a0e4)
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
(This used to be commit 8059d0ae39)
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
spoolss backchannel connection by rewriting
spoolss_connect_to_client(). Ensure that we
save the cli_state* in the rpc_pipe_client struct.
* fix typo in debug message in cli_start_connection"
(This used to be commit 18400f9662)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
cd up and down the tree and get directory listings.
Still have to figure out how to get a directory listing on a
2k dfs root. Also have to work out some issues with relative paths
that cross dfs mount points.
We're protected from the new code paths when connecting to
a non-dfs root share ( the flag from the tcon&X is stored
in the struct cli_state* )
(This used to be commit e57fd2c5f0)
and SMBsplclose commands (BUG 2010)
* clarify some debug messages in smbspool (also from Mike)
my changes:
* start adding msdfs client routines
* enable smbclient to maintain multiple connections
* set the CAP_DFS flag for our internal clienht routines.
I actualy have a dfs referral working in do_cd() but that code
is too ugly to live so I'm not checking it in just yet.
Further work is to merge with vl's changes in trunk to support multiple
TIDs per cli_state *.
(This used to be commit 0449756309)
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
(This used to be commit 7565019286)
with more correct NTLMSSP support in client and server, but it will do
for now.
Also implement LANMAN password only in the classical session setup code, but
#ifdef'ed out. In Samba4, I'll make this run-time so we can torture it.
Lanman passwords over 14 dos characters long could be considered
'invalid' (they are truncated) - so SMBencrypt now returns 'False' if
it generates such a password.
Andrew Bartlett
(This used to be commit 565305f7bb)
another NTLMv2 combination.
We should allow the NTLMv2 response to be calculated with either the domain
as supplied, or the domain in UPPER case (as we always did in the past).
As a client, we always UPPER case it (as per the spec), but we also
make sure to UPPER case the domain, when we send it. This should give
us maximum compatability.
Andrew Bartlett
(This used to be commit 1e91cd0cf8)
