IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
This function is a wrapper around waf's check_python_header.
It avoids searching more than once for the headers bringing a small
speed improvement and a better lisibility of the logs.
But it's mainly to avoid a nasty bug when python libraries are in path
pointed by python_LIBPL (ie. /usr/local/lib/python2.6/config/) instead
of python_LIBDIR (ie. /usr/local/lib).
On the first call waf will correctly find that in order to link with
python libs it needs to add -L$python_LIBPL.
But on the next calls of check_python_headers, waf will use both the
current library path value (ie. -L/usr/local/lib/python2.6/config) and
-L$python_LIBDIR (ie. /usr/local/lib/) which will make him beleive that
python libraries are in $python_LIBDIR which at the end will make the
final link test fails in check_python_headers as it will not use the
good directory.
So by avoiding calling check_python_headers more than once we avoid
making waf fooling itself.
This is particularly important before dcpromo, as the password will
otherwise be expired in the new domain.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 13:33:00 CET 2010 on sn-devel-104
we need the vnum for ABI checking for public libraries built as
private libraries when bundled
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 9 12:47:41 CET 2010 on sn-devel-104
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC. We should get
this from group policy, but for now it's parametric smb.conf options.
Andrew Bartlett
This changes our version-script generation to use the ABI files that
are saved in git with each version number change of our public
libraries.
We use these ABI files to generate a linker version script that gives
the exact version number that each symbol was introduced. This
provides us with automatic fine grained symbol versioning.
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
library iconv needs mbrtowc but some system didn't provide it (ie.
HP-UX 11.0)
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Dec 8 23:19:19 CET 2010 on sn-devel-104
