IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
Otherwise, -d10 would be overridden by 'debug level = 1', because
debug level is an alias of 'log level' which -d was setting.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Nov 27 01:02:40 CET 2010 on sn-devel-104
The previous code was buggy in that it did not honour the 'store'
argument to lp_set_cmdline_helper(), and would use the stored
parameter after freeing it when handling overwritten values.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 2 05:19:17 UTC 2010 on sn-devel-104
By removing this global variable, the API between the two different
debug systems is made more similar. Both s3 and s4 now have
lp_set_cmdline() which ensures that the smb.conf cannot overwrite
these the user-specified log level.
Andrew Bartlett
This change improves the setup_logging() API so that callers which
wish to set up logging to stderr can simply ask for it, rather than
directly modify the dbf global variable.
Andrew Bartlett
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.
This reverts commit a8b95686a7.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
to maintain compatibility with smb.conf manpage.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
that is called from many places, not just smb.conf processing. Only
clean parametric options when doing actual smb.conf reading (or
registry equivalent).
Michael Adams, Volker, Metze, please check.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 16 06:46:19 UTC 2010 on sn-devel-104
This parameter is used with the registry backend to
cause the globals table to be re-initialised.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
This will be used to be able to put the default idmap config
read only. This can make sense for instance with the tdb2
idmap backend and using the idmap script feature.
Fix cups encryption setting
I had the same problem and it's due to the fact that samba doesn't respect the
"cups encryption" setting since lp_cups_encrypt changes the value: if you set
"cups encryption=no", the first call will change it to HTTP_ENCRYPT_NEVER,
since that is 1 (i.e. true), the next call will change it to
HTTP_ENCRYPT_ALWAYS and after that it'll remain set as HTTP_ENCRYPT_ALWAYS.
This patch fixes this problem.
Don't mix up the HTTP_ENCRYPT_XXX constants up with the
enumeration constants (True, False, Auto) used in the
loadparm code.
Updates usershare files in a backwards compatible way.
I don't intend to back port this fix to 3.5.x as it
depends on a version upgrade in the share_info.tdb share security database.
Jeremy.
Fix this by moving canonicalization into lib/sharesec.c. Update the
db version to 3. Ensures we always find share names with security
descriptors attached.
Jeremy.
This boolean option controls whether at exit time the server dumps a list of
files with debug level 0 that were still open for write. This is an
administrative aid to find the files that were potentially corrupt if the
network connection died.
