IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
is the same way AC_CHECK_LIB works. Fix for bug 508.
This may have to go a few rounds on the build farm to ensure it works
everywhere.
(This used to be commit afe8c708f1)
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
This is not the case. Count it after conversion.
Jeremy.
(This used to be commit f82c273a42)
>Fix return of result. Patch from Yasuma Takeda <yasuma@miraclelinux.com>
>Jeremy.
>Applied Monyo's patch for bug #412 which allows \n characters to
>appear in msg strings.
>Put in some DEBUGs for swat language selection. Part of bug 456.
(This used to be commit 0105b72db8)
afs share -- this is an AFS share, do AFS magic things
afs username map -- We need a way to specify the cell and possibly
weird username codings for several windows domains
in the afs cell
Volker
(This used to be commit 4a3f7a9356)
me to expose a type arguement to make_sec_desc(). We weren't copying
the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on
auto inherited checks.
Jeremy.
(This used to be commit 546b2271c0)
me to expose a type arguement to make_sec_desc(). We weren't copying
the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on
auto inherited checks.
Jeremy.
(This used to be commit 28b315a750)
>Fix warnings on Sun cc Workshop Compilers 5.0. Reported by "Richard
>Bollinger" <rabollinger@comcast.net>. Also fixed script/gaptab.awk to
>produce compatible tables.
>Fix CP437 and CP850 syntax for old compilers removing ANSI C99-specifics
(This used to be commit a9f34d9fde)
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit 71ecd10181)
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit cd7bd8c2da)
>Fix OOPS when dealing with mangled names reported by several users.
>This was my bug when removing a redundant strlen.
>Jerry - last showstopper I knew about.
>Jeremy.
(This used to be commit 3266777acb)
Fix OOPS when dealing with mangled names reported by several users.
This was my bug when removing a redundant strlen.
Jeremy.
(This used to be commit 3b3e19f66f)
by default ! This is code that really needs to be able to be looked at
on a customer system if it's misbehaving !
Jeremy
(This used to be commit d512650340)
The RAP NetShareEnum() call has a length limit of 12 characters (not 8, as
previously tested). Took DaveCB's suggested and added a note listing some
of the client systems that might be affected.
(This used to be commit cdfc0fc383)
The RAP NetShareEnum() call has a length limit of 12 characters (not 8, as
previously tested). Took DaveCB's suggested and added a note listing some
of the client systems that might be affected.
(This used to be commit be06e52ce0)
>Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting
>to/from utf8 for some calls. The libads code gets this right. Wonder why
>the passdb code doesn't use it ?
>Jeremy.
(This used to be commit 9b6328bcfd)
>remove getpwnam() calls from init_sam_from_xxx().
>This means that %u & %g will no longer expand, but %U
>and %G still do. The payback is that winbindd local
>accounts for users work with 'wbinfo -u' when winbind
>is running on a PDC.
>Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting
>to/from utf8 for some calls. The libads code gets this right. Wonder why
>the passdb code doesn't use it ?
>Jeremy.
(This used to be commit 1e60bbff70)
>remove getpwnam() calls from init_sam_from_xxx().
>This means that %u & %g will no longer expand, but %U
>and %G still do. The payback is that winbindd local
>accounts for users work with 'wbinfo -u' when winbind
>is running on a PDC.
(This used to be commit f047e24561)
>Fix for typo in darwin detection.
>Jeremy.
>Fix for MacOS/X which uses STUPID BROKEN UNICODE COMPOSE CHARACTERS !
>(rant off :-). Inspired by work from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>.
>Also add MacOSX/Darwin configure fixes.
>Jerry - can we put this in 3.0 release ? :-).
>Jeremy.
(This used to be commit 7951dee600)
>Patch from Gregory Hinton Nietsky <gregory@networksentry.co.za>,
>ensure the desired access is read from the incoming RPC request.
>Jeremy.
(This used to be commit a556637d0b)
>Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting
>to/from utf8 for some calls. The libads code gets this right. Wonder why
>the passdb code doesn't use it ?
>Jeremy.
(This used to be commit 258c106e22)
>Fix for MacOS/X which uses STUPID BROKEN UNICODE COMPOSE CHARACTERS !
>(rant off :-). Inspired by work from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>.
>Also add MacOSX/Darwin configure fixes.
>Jerry - can we put this in 3.0 release ? :-).
>Jeremy.
(This used to be commit 67acde75d3)
>For some reason testparm runs at debug level 2 which causes the module probe functions to
>display verbose debugs. Increase the probe debugs to level 3.
(This used to be commit be91bbd570)
(rant off :-). Inspired by work from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>.
Also add MacOSX/Darwin configure fixes.
Jerry - can we put this in 3.0 release ? :-).
Jeremy.
(This used to be commit f23acb4ca5)
This means that %u & %g will no longer expand, but %U
and %G still do. The payback is that winbindd local
accounts for users work with 'wbinfo -u' when winbind
is running on a PDC.
(This used to be commit eb02fcf3c2)
>Fix for bug #273 - smbd crash on machine account change.
>Someone only half changed the code to use dc_name
>instead of remote machine... Found via back trace from Dariush Forouher
><dariush@forouher.de>.
>Jeremy.
(This used to be commit 1956478dde)
>Revision 1.8.2.33
>Fix error return path memory leaks in vampire code for creating users.
>
>Display an error if we can't create a posix account for the user
>(e.g no add user/machine script was specified; bug #323).
>Revision 1.8.2.32:
>Use opt_target_workgroup instead of lp_workgroup() in vampire code so
>we can override the value in smb.conf with the -w option.
>
>Migrating accounts from another domain can now be done like:
>
># bin/net join bdc -w nt4dom -Uadministrator%password
># bin/net rpc vampire -w nt4dom -U administrator%password
(This used to be commit 36f7d88edd)
Someone only half changed the code to use dc_name
instead of remote machine... Found via back trace from Dariush Forouher
<dariush@forouher.de>.
Jeremy.
(This used to be commit 963b24ac1a)
to build on systems with fixed getgrouplist() in GNU libc < 2.3.2.
Unfortunately, we can't detect correctness of getgrouplist() functioning in
portable way so this is left up to developer/packager.
This patch adds --with-good-getgrouplist[=no] switch to configure which packagers
on Linux platforms could use to specify in their own builds if they now that glibc
on their platform is fixed w.r.t CAN-2003-0689. By default we still think that glibc
is vulnerable and perform our version check.
** This patch does not change default behaviour in Samba 3.0 -- by default we are not
vulnerable on glibc as we are not using getgrouplist()
See http://www.securityfocus.com/bid/8477 for vulnerability description.
Right now there are following Linux vendors released glibc updates for CAN-2003-0689:
RedHat -- https://rhn.redhat.com/errata/RHSA-2003-249.html
ALTLinux -- http://www.altlinux.com/index.php?module=sisyphus&package=glibc
(This used to be commit e53622c114)
Display an error if we can't create a posix account for the user
(e.g no add user/machine script was specified; bug #323).
(This used to be commit 0c35ba2cd6)
we can override the value in smb.conf with the -w option.
Migrating accounts from another domain can now be done like:
# bin/net join bdc -w nt4dom -Uadministrator%password
# bin/net rpc vampire -w nt4dom -U administrator%password
(This used to be commit d7bd3c1efb)
not number of bytes. Reproduce this by trying to rename the file named :
sibrseau -> sibrseaU
from Windows 2000 explorer.
Jeremy.
(This used to be commit 035f595995)
There was some confusion over dynamically allocated lists of pointers
(i.e you have to make space for the list of pointers and what they are
pointing too) in the memory buffer passed in from libc.
Valgrind is much happer now and as a bonus there is no segfault.
(This used to be commit 7907c44414)
info delta correctly and thus crash when doing a net rpc samdump.
The easiest thing at the moment it to comment out these functions as
they seriously don't correspond with reality (netmon/ethereal) and the
data in the containers aren't used anyway.
(This used to be commit 695aa39c5d)
relying on lp_servicename(n) to return an empty string for invalid
service numbers. For some reason it is returning NULL now.
Fixes bug 403.
(This used to be commit cebb2abd2e)
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8)
portion of NTLMv2 key exchange. Also revert the default for
'client ntlmv2 auth' to no. This caused no ends of grief in
different cases.
And based on abartlet's mail....
> All I care about at this point is that we use NTLMv2
> in our client code when connecting to a server that
> supports it.
There is *no* way to tell this. The server can't tell us, because it
doesn't know what it's DC supports. The DC can't tell us, because it
doesn't know what the trusted DC supports. One DC might be Win2k, and
the PDC could be an older NT4.
(This used to be commit fe585d49cc)
already have ads_search_retry() for this. However, neither
domain_sid() nor sequence_nunber() used this function. So modify
them to us ads_do_search_retry() so we can specify the base search
DN and scope.
(This used to be commit 89f6adf830)
kerberos symbols unless I do the same as smbd does. It does not hurt
on my debian, so simply give a pointer to LDAPLIBS as well.
Volker
(This used to be commit 353d527291)
Ken Cross. Sometimes ads conenction get stale but we don't know
they are dead until we try them. This patch may need some optimization
after people bang on it for a while.
(This used to be commit 7021cf63a4)
relocatable form.
Added a comment about this in the hope that it won't happen again.
Renamed PAM_WINBIND_OBJ to PAM_WINBIND_PICOBJ to make it a bit clearer.
(This used to be commit 04797e12d8)
Also make sure thet ads_startup uses lp_realm instead of
just relying on the workgroup name. Fixes bug in net ads join
when the workgroup defaults to "WORKGROUP" and we ignore the
realm name.
(This used to be commit b1763ace4e)
the as_root parameter has bugger all to do with who you *currently*
are, and everything to do with who you run the script as. Doh !
Jeremy.
(This used to be commit 17a241d9f7)
find libpam or security/pam_appl.h
Also change the warnings when we can't do --with-pam_smbpass when
is was requested to errors.
(This used to be commit fe3fb58623)
Removed calls to clobber_region when not compiling with developer as
they were hiding speed problems.
Added fast path to convert_string() when dealing with ascii -> ascii,
ucs2-le to ascii and ascii to ucs2-le with values <= 0x7F. This
gives a speedup of 22% on my nbench tests.
Next I will do this on convert_string_allocate.
Jeremy.
(This used to be commit ef140d15ea)
keytab support code, but it won't be enabled until we add that to smb.conf.
Adapted from the work of Guenther Deschner (gd@suse.com).
Please hammer on this...
(This used to be commit a26fa5bee2)
to a very recent snapshot) has arcfour-hmac code that doesn't work with
windows. Love suggested detecting it via the existence of KEYTYPE_ARCFOUR_56
which only exists in working versions.
(This used to be commit e039a61e51)
work properly. MIT does not support them, so this check will be used to
decide whether to use them. First part of fixing bug #372.
(This used to be commit 85737fc937)
source code which allows to take gaps into account thus making unneccessary
extended [index] = value, syntax in to_ucs2 array
(This used to be commit 4ab08a4bb8)
restored on next valid packet if a logon fails. This has relevence
if people are using su.exe within logon scripts !
Jeremy.
(This used to be commit d405a93a9d)
Include patch to manually set the machine trust account
password (on request from jht) to mimic 2.2. behavior.
last changes before RC2 (not counting syncing the docs).
(This used to be commit ce09037144)
Now all 8-bit charsets with gaps (not all symbols defined) could be produced through
one macro -- SMB_GENERATE_CHARSET_MODULE_8_BIT_GAP(CHARSETNAME) within source file
with three charset tables. Full source code for such modules can be generated by
source/script/gen-8bit-gap.sh script which was taken from GNU libc and changed slightly
to follow our data types and structure.
(This used to be commit 37042c7bc0)
pam_smbpass.so will load ok. Had to move some functions around to work
around dependency problems (hence the new passdb/lookup_sid.c)
Also make sure that libsmbclient.a is built and installed when
we support shared libraries.
(This used to be commit 780055f442)
in heimdal it is an enum. Thanks to Guenther Deschner (gd@suse.de).
With this join will work, but without a keytab, cifs connections will still
fail with heimdal. Fix to come later.
(This used to be commit d30bef4c37)
vendor supplied lp printing (bug #355).
For some reason this is not being set in Samba 3. In Samba 2.2 the
SYSV define was only set from include/includes.h in a haphazard
fashion. It's probably better to explicitly define it on a per-operating
system basis anyway.
(This used to be commit e653e13f45)
iconv wasn't re-initialised on reading of "charset" parameters. This
caused workgroup name to be set incorrectly if it contained an
extended character.
Jeremy.
(This used to be commit 84ae44678a)
We now fallback to Samba-provided CP850 charset module if CP850 or IBM850 does not exist on target system at runtime.
1. Introduce CP850 charset module based on charmaps table from GNU libc 2.2.5
2. Make CP850 charset module shared and build it by default
Should fix Solaris run-time
(This used to be commit e855dc8c91)
spooler. :-(
When installing the Adobe PS driver onto a Samba printer via cupsaddsmb,
I noticed a WIN2k client sending DeletePrinterData("DependentFiles")
pver and over. I also noticed that we never checked to see if the
value was valid. No now we do and return WERR_BADFILE which I think
is correct.
Next, I noticed that we never wrote the updated printer out to disk
after a succesfully DeletePrinterData[Ex]().
Finally, I found a driver (Canon BJC 1000 using the Adobe PS drivers
and foomatic PPD file) that was destroying the device name string
in the devmode. So now get_a_printer_2() always writes out the
device name in \\server\share form.
I think these changes might fix bug 294.
(This used to be commit deb2578087)
converted to pull/push_ascii. This will not work right at the moment for non
English codepages, but compiles - I will finish the work over the weekend.
Then nmbd should be completely codepage correct.
Jeremy.
(This used to be commit 236d6adadf)
smbadduser must obeys the paths from configure options
* Try to get libsmbclient files installed during 'make install'
Still one outstanding problem with static lib. INSTALLCLIENTCMD_A
is not getting set correctly.
(This used to be commit 50ab28bd25)
- Make winbindd try to use kerberos for connections to DCs, so that it can
access RA=2 servers, particularly for netlogon.
- Make rpcclient follow the new flags for the NETLOGON pipe
- Make all the code that uses schannel use the centralised functions for doing so.
Andrew Bartlett
(This used to be commit 96b4187963)
- When connecting to the NETOGON pipe, we make a call to auth2, in order
to verify our identity. This call was being made with negotiation flags
of 0x1ff. This caused our account to be downgraded. If we instead make
the call with flags > 1ff (such as 0x701ff), then this does not occour.
- This is *not* related to the use of kerberos for the CIFS-level connection
My theory is that Win2k has a test to see if we are sending *exactly* what
NT4 sent - setting any other flags seems to cause us to remain intact.
Also ensure that we only have 'setup schannel' code in a few places, not
scattered around cmd_netlogon too.
Andrew Bartlett
(This used to be commit e10f0529fe)
elsewhere in the code. This will allow us to try kerberos, then another user
then guest in the winbindd code.
Also, re-introduce the seperate, NT1 'guest' session setup code, as I found
some problems with doing guest under NTLMSSP.
Andrew Bartlett
(This used to be commit 33109fefe7)
up some of the false positives in "rpcclient -c getdriver".
Also make sure that we ask for version2 and 3 drivers on x86.
(This used to be commit 5be5151568)
(also fixed the call to return the real groups and not a mocked
up list)
Fixed simple compiler warning in srv_lsa_ds.c
(This used to be commit 6b0e38e01a)
Now we are:
1. Try to find correct name for default character sets for the platform
2. Use DEFAULT_{DOS|DISPLAY|UNIX}_CHARSET defines set during configure phase as defaults
This should fix CP850 problem on Solaris (at least) because it actually has IBM850 which
is the same but under different name
(This used to be commit 836b9fffa0)
same ads_verify_ticket routine that smbd uses, so in the current state
we have to be have the host password in secrets.tdb instead of the
keytab. This means we have to be an ADS member, but it's a start.
Volker
(This used to be commit dc2d2ad467)
from a samba log file and view it in ethereal, including the DCE/RPC, RAP, etc
calls that are contained in a packet, just like you would with a real
network sniff!
(This used to be commit 6a76750dc4)
Currently I'm compiling against MIT Kerberos 1.2.8.
Anthony, you said you have a heimdal installation available. Could you
please compile this stuff with krb and check it with valgrind?
Thanks,
Volker
(This used to be commit d8ab446859)
