[Samba] samba ldap / password (smbpasswd)
hi i have set up samba as a pdc with ldap but i am having problems with passwords they do not seem to be taken from ldap instead i have to run smbpasswd username to allow a user to login. this directory will have around 800 users when complete and the ldap is also used for other authentication like to websites and other resources like jabber they all work fine it is only the windows login that needs smbpasswd. i have two accounts working the root and nobody accounts but none of the others do they have the samba scheme on ll accounts but this does not help. any ideas as to why or how i can find where the problem is the failed logins do not seem to be logged any where and the failure message for winodws is invalid username or password. -- View this message in context: http://www.nabble.com/samba-ldap---password-%28smbpasswd%29-tf1987486.html#a5454321 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 43, Issue 31
Hello: I'm away on holidays right now! If this is an Urgent ticket please submit a repair ticket herehttp://ts.sd57.bc.ca I will be checking my mail still every few days Or Page #613-4732 Thanks Benny.nerd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23 + RFC2307 problems with Microsoft DFS referrals.
I am running a Samba 3.0.23 installation using RFC2307 bound to a W2K3 AD. I have a working environment and can access and use shares on my Samba servers if I go direct. However, if I go through a Microsoft DFS referral I get access denied messages and the following logged in the log for the accessing machines. [2006/07/23 14:59:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username COHERENT+ZEBRA$ is invalid on this system Zebra is the accessing machine. I have tried to allocate RFC2307 attributes to the computer object but of course it does not get returned as a user. wbinfo -u does not show the computer object and it does not get listed in the getent passwd output. However, this works under 3.0.21c with the RFC2307 patches I supplied - so something has been broken? ANy body got any ideas where I start looking? I use nss_ldap not nss_winbind. -- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 London, United Kingdom, EC1V 0HL Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [SOLVED] getent group does not list newly added NT Security groups
Hi all, I have solved that problem as given below link. Thanks to Micheal Parker. http://lists.samba.org/archive/samba/2006-February/117893.html I have deleted /var/cache/samba and restarted samba deamon. It works fine and I can get new groups with getent group _ Spam filtresi ile virüslere karsi en güvenilir koruma, MSN PC Koruma'dan geçer. http://www.msn.com.tr/security/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Errors compiling samba 3.0.23a
Hello to all: When I compile samba 3.0.23a it shows me errors, some of these they are: auth/auth_script.po(.text+0x21b): undefined reference to `safe_strcat_fn' auth/auth_script.po(.text+0x240): undefined reference to `safe_strcat_fn' auth/auth_script.po(.text+0x2aa): more undefined references to `safe_strcat_fn' follow auth/auth_script.po: In function `script_check_user_credentials': auth/auth_script.po(.text+0x37a): undefined reference to `DEBUGLEVEL_CLASS' auth/auth_script.po(.text+0x388): undefined reference to `DEBUGLEVEL_CLASS_ISSET ' auth/auth_script.po(.text+0x3bd): undefined reference to `dbghdr' auth/auth_script.po(.text+0x3dd): undefined reference to `dbgtext' auth/auth_script.po(.text+0x3ef): undefined reference to `smbrunsecret' auth/auth_script.po(.text+0x40c): undefined reference to `DEBUGLEVEL_CLASS' auth/auth_script.po(.text+0x41a): undefined reference to `DEBUGLEVEL_CLASS_ISSET ' auth/auth_script.po(.text+0x44f): undefined reference to `dbghdr' auth/auth_script.po(.text+0x472): undefined reference to `dbgtext' auth/auth_script.po: In function `auth_init_script': auth/auth_script.po(.text+0x4c2): undefined reference to `make_auth_methods' auth/auth_script.po(.text+0x50d): undefined reference to `load_auth_module' auth/auth_script.po: In function `init_module': auth/auth_script.po(.text+0x56e): undefined reference to `smb_register_auth' [EMAIL PROTECTED] source]# uname -a Linux mail.copiservice.com.pe 2.4.9-34enterprise #1 SMP Sat Jun 1 06:05:54 EDT 2002 i686 unknown My server: Linux Red Hat 7.2 Is this normal? Thanx Luis Lima-Peru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [SOLVED] profile question
Geating Eric, Return of this conversation on the mailing list :-) and in english. I'm sure that will not work that's way. When a Domain Admins member will modify a file or directory, this file will be owned by the member and not by the user of this profile. Windows client will be generate an error during profile transfert. Like I have say in PV, you need to execute setfacl -R -m u:profile_user::r-x /share/profiles/profile_user. The root postexec parameter will use server ressources unnessarely. With the way I say in PV, just apply these lines at the creation of profile user: setfacl -R -m u:profile_user::r-x /share/profiles/profile_user setfacl -R -d -m u:profile_user::r-x /share/profiles/profile_user setfacl -R -m g:Domain Admins:rwx /share/profiles/profile_user setfacl -R -d -m g:Domain Admins:rwx /share/profiles/profile_user No root postexec is need, and you can surely make some mod to include it in the idealix script or create your own script. Robert hello i solved my problem. i wanted a manager to be able to modify files in the users' profiles from his windows workstation. The solution i found is with adding this lige to the profiles share bloc in smb.conf : root postexec = setfacl -R -m g:Domain Admins:rwx /share/profiles/%U regards ELH Message original Sujet: profile question Date: Tue, 18 Jul 2006 18:52:07 +0200 De: éric le hénaff [EMAIL PROTECTED] Forums de discussion: gmane.network.samba.general hello, i have a profile question here under is my profile definition. it's nothing more than the one from the idealx samba howto. profiles just work fine on my box BUT i want more ... i want a manager to have read/write acces on every users' profile subdirectory for troubleshooting from his windows workstation with invoking \\server\profiles. he's in the domain admins. How to do that Thank you for any help, i tried different scenarios (samba tweaking, acls inheritance and so on) for an afternoon and didnt find one working. ELH [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap / password (smbpasswd)
oly wrote: hi i have set up samba as a pdc with ldap but i am having problems with passwords they do not seem to be taken from ldap instead i have to run smbpasswd username to allow a user to login. this directory will have around 800 users when complete and the ldap is also used for other authentication like to websites and other resources like jabber they all work fine it is only the windows login that needs smbpasswd. i have two accounts working the root and nobody accounts but none of the others do they have the samba scheme on ll accounts but this does not help. any ideas as to why or how i can find where the problem is the failed logins do not seem to be logged any where and the failure message for winodws is invalid username or password. Have you set passdb backend in smb.conf? Might help to let the list know what version samba you're running, what your smb.conf is, etc. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23a RPM packages for all SUSE Linux products (was: Samba 3.0.23a Available for Download)
On Fri, Jul 21, 2006 at 09:21:28PM -0500, Gerald Carter wrote: [ 8 ] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.23a for all SUSE Linux products are available at ftp://ftp.suse.com/pub/projects/samba/3.0/ or http://ftp.suse.com/pub/projects/samba/3.0/ Supported SUSE Linux based products are at the moment SUSE Linux 9.1, 9.2, 9.3, 10.0, 10.1, UnitedLinux 1/ SUSE Linux Enterprise Server (SLES) 8, SLES 9 and 10, and factory (= the currently developed product). For some architectures - like ia64, ppc, s390(x) - you find a limited releases subset. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SUSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to samba-maintainers at suse dot de. Or use http://bugzilla.Novell.com with the same assignee instead. For additional information - how to report bugs and which log files are required - see http://en.openSUSE.org/Samba Our customers, our products, our responsibility. Have a lot of fun... Lars - for the Novell Samba Team -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany pgpNfnnASjibG.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.23-1.fc4 upgrade
Hi, I upgraded samba to samba-3.0.23-1.fc4 and now I get authentication errors trying to connect to any shares explicitly defined in smb.conf. Iam using PAM for authentication. /etc/samba/smb.conf: [global] encrypt passwords = no debug level = 10 workgroup = MYGROUP server string = Samba Server security = user hosts allow = 129.180. load printers = yes cups options = raw log file = /usr/local/samba/var/%m.log max log size = 500 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /usr/spool/samba browseable = no guest ok = no writable = no printable = yes [mkovacs3] path = %H volume = %u read only = no force user = mkovacs3 valid users = mkovacs3 t create mask = 0755 directory mask = 0755 samba-3.0.23-1.fc4 samba-common-3.0.23-1.fc4 system-config-samba-1.2.31-1 samba-client-3.0.23-1.fc4 Fedora Core release 4 (Stentz) Linux isg-5 2.6.15-1.1831_FC4 #1 Tue Feb 7 13:37:42 EST 2006 i686 i686 i386 GNU/Linux The following command fails: smbclient //isg-5/mkovacs3 -Ut Password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.23-1.fc4] tree connect failed: NT_STATUS_ACCESS_DENIED Debug follows: [2006/07/24 14:24:59, 10] lib/util.c:dump_data(2237) [000] 00 5C 00 5C 00 49 00 53 00 47 00 2D 00 35 00 5C .\.\.I.S .G.-.5.\ [010] 00 4D 00 4B 00 4F 00 56 00 41 00 43 00 53 00 33 .M.K.O.V .A.C.S.3 [020] 00 00 00 3F 3F 3F 3F 3F 00 ...? . [2006/07/24 14:24:59, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 3146) conn 0x0 [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/07/24 14:24:59, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/07/24 14:24:59, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/07/24 14:24:59, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/07/24 14:24:59, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?] for share [MKOVACS3] [2006/07/24 14:24:59, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service mkovacs3 [2006/07/24 14:24:59, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2006/07/24 14:24:59, 2] lib/access.c:check_access(324) Allowed connection from (129.180.8.5) [2006/07/24 14:24:59, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid mkovacs3 does not start with 'S-'. [2006/07/24 14:24:59, 10] passdb/util_wellknown.c:lookup_wellknown_name(154) map_name_to_wellknown_sid: looking up mkovacs3 [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/07/24 14:24:59, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/07/24 14:24:59, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/07/24 14:24:59, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/07/24 14:24:59, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: mkovacs3 [2006/07/24 14:24:59, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /etc/samba/smbpasswd [2006/07/24 14:24:59, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/07/24 14:24:59, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/07/24 14:24:59, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/07/24 14:24:59, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/07/24 14:24:59, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/07/24 14:24:59, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid t does not start with 'S-'. [2006/07/24 14:24:59, 10] passdb/util_wellknown.c:lookup_wellknown_name(154) map_name_to_wellknown_sid: looking up t [2006/07/24 14:24:59, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/07/24 14:24:59, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx =
Re: [Samba] SAMBA-3.0.23 IN RED HAT 5.2
I have a i486 running Red Hat 5.2 this what I get after ./configure samba-3.0.23a [EMAIL PROTECTED] source]# make Using FLAGS = -O -D_SAMBA_BUILD_ -I/root/samba-3.0.23a/source/iniparser/src -Iinclude -I/root/samba-3.0.23a/source/include -I/root/samba-3.0.23a/source/tdb -I. -DHAVE_CONFIG_H -I/root/samba-3.0.23a/source -D_SAMBA_BUILD_ LIBS = -lcrypt -lresolv -lnsl -ldl LDSHFLAGS = -shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined LDFLAGS = PIE_CFLAGS = PIE_LDFLAGS = Generating smbd/build_options.c Building include/proto.h creating /root/samba-3.0.23a/source/include/proto.h Building include/build_env.h creating /root/samba-3.0.23a/source/nsswitch/winbindd_proto.h creating /root/samba-3.0.23a/source/web/swat_proto.h creating /root/samba-3.0.23a/source/client/client_proto.h creating /root/samba-3.0.23a/source/utils/net_proto.h creating /root/samba-3.0.23a/source/utils/ntlm_auth_proto.h Compiling dynconfig.c In file included from include/includes.h:1059, from /root/samba-3.0.23a/source/dynconfig.c:21: include/proto.h:1083: parse error before `secs' include/proto.h:1088: parse error before `uint32_t' include/proto.h:1091: parse error before `secs' include/proto.h:3579: parse error before `uint32_t' include/proto.h:4328: parse error before `uint32_t' include/proto.h:5474: parse error before `uint32_t' make: *** [dynconfig.o] Error 1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Can anyone tell me how to install samba-3.0.23 in Red Hat 5.2 box ? What problems are you having ? I don't test on RH 5.2 anymore but we should be ok. cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17199 - in branches/SAMBA_3_0/source/rpc_server: .
Author: vlendec
Date: 2006-07-23 08:18:31 + (Sun, 23 Jul 2006)
New Revision: 17199
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17199
Log:
Add comment to the RID/SID miracle
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-07-23 03:33:28 UTC
(rev 17198)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-07-23 08:18:31 UTC
(rev 17199)
@@ -873,7 +873,12 @@
if (name-type == SID_NAME_UNKNOWN) {
name-dom_idx = -1;
- /* unknown sids should return the string representation
of the SID */
+ /* Unknown sids should return the string
+* representation of the SID. Windows 2003 behaves
+* rather erratic here, in many cases it returns the
+* RID as 8 bytes hex, in others it returns the full
+* SID. We (Jerry/VL) could not figure out which the
+* hard cases are, so leave it with the SID. */
name-name = talloc_asprintf(p-mem_ctx, %s,
sid_string_static(sids[i]));
if (name-name == NULL) {
svn commit: samba r17200 - in branches/SOC/mkhl: ldb-map ldb-map/common ldb-map/include ldb-map/ldb_ildap ldb-map/ldb_ldap ldb-map/ldb_sqlite3 ldb-map/ldb_tdb ldb-map/modules ldb-map/samba ldb-map/too
Author: mkhl Date: 2006-07-23 09:50:04 + (Sun, 23 Jul 2006) New Revision: 17200 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17200 Log: Merge from mainline, r17199. Martin Modified: branches/SOC/mkhl/ldb-map/common/ldb.c branches/SOC/mkhl/ldb-map/common/ldb_dn.c branches/SOC/mkhl/ldb-map/common/ldb_modules.c branches/SOC/mkhl/ldb-map/configure.in branches/SOC/mkhl/ldb-map/include/ldb.h branches/SOC/mkhl/ldb-map/include/ldb_private.h branches/SOC/mkhl/ldb-map/ldb_ildap/ldb_ildap.c branches/SOC/mkhl/ldb-map/ldb_ldap/ldb_ldap.c branches/SOC/mkhl/ldb-map/ldb_sqlite3/ldb_sqlite3.c branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_index.c branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_search.c branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_tdb.c branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_tdb.h branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_tdb_wrap.c branches/SOC/mkhl/ldb-map/modules/asq.c branches/SOC/mkhl/ldb-map/modules/objectclass.c branches/SOC/mkhl/ldb-map/modules/operational.c branches/SOC/mkhl/ldb-map/modules/paged_results.c branches/SOC/mkhl/ldb-map/modules/rdn_name.c branches/SOC/mkhl/ldb-map/modules/sort.c branches/SOC/mkhl/ldb-map/samba/ldif_handlers.c branches/SOC/mkhl/ldb-map/tools/ldbsearch.c branches/SOC/mkhl/samdb-map/ldb_modules/extended_dn.c branches/SOC/mkhl/samdb-map/ldb_modules/kludge_acl.c branches/SOC/mkhl/samdb-map/ldb_modules/objectguid.c branches/SOC/mkhl/samdb-map/ldb_modules/partition.c branches/SOC/mkhl/samdb-map/ldb_modules/password_hash.c branches/SOC/mkhl/samdb-map/ldb_modules/rootdse.c branches/SOC/mkhl/samdb-map/ldb_modules/samldb.c Changeset: Sorry, the patch is too large (5238 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17200
svn commit: samba r17201 - in branches/SOC/mkhl/ldb-map: common include ldb_tdb modules
Author: mkhl
Date: 2006-07-23 10:54:06 + (Sun, 23 Jul 2006)
New Revision: 17201
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17201
Log:
Fetch missing updates from mainline (missed them while merging...).
Martin
Modified:
branches/SOC/mkhl/ldb-map/common/ldb.c
branches/SOC/mkhl/ldb-map/common/ldb_dn.c
branches/SOC/mkhl/ldb-map/common/ldb_msg.c
branches/SOC/mkhl/ldb-map/include/ldb.h
branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_tdb.c
branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_tdb.h
branches/SOC/mkhl/ldb-map/modules/objectclass.c
Changeset:
Modified: branches/SOC/mkhl/ldb-map/common/ldb.c
===
--- branches/SOC/mkhl/ldb-map/common/ldb.c 2006-07-23 09:50:04 UTC (rev
17200)
+++ branches/SOC/mkhl/ldb-map/common/ldb.c 2006-07-23 10:54:06 UTC (rev
17201)
@@ -296,7 +296,7 @@
return ldb_transaction_cancel_internal(ldb);
}
-int ldb_autotransaction_start(struct ldb_context *ldb)
+static int ldb_autotransaction_start(struct ldb_context *ldb)
{
/* explicit transaction active, ignore autotransaction request */
if (ldb-transaction_active)
@@ -305,7 +305,7 @@
return ldb_transaction_start_internal(ldb);
}
-int ldb_autotransaction_commit(struct ldb_context *ldb)
+static int ldb_autotransaction_commit(struct ldb_context *ldb)
{
/* explicit transaction active, ignore autotransaction request */
if (ldb-transaction_active)
@@ -314,7 +314,7 @@
return ldb_transaction_commit_internal(ldb);
}
-int ldb_autotransaction_cancel(struct ldb_context *ldb)
+static int ldb_autotransaction_cancel(struct ldb_context *ldb)
{
/* explicit transaction active, ignore autotransaction request */
if (ldb-transaction_active)
@@ -529,11 +529,8 @@
struct ldb_request *req;
int ret;
- *res = talloc_zero(ldb, struct ldb_result);
- if (! *res) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ *res = NULL;
+
req = talloc(ldb, struct ldb_request);
if (req == NULL) {
ldb_set_errstring(ldb, talloc_strdup(ldb, Out of memory!));
@@ -551,6 +548,12 @@
return LDB_ERR_OPERATIONS_ERROR;
}
+ *res = talloc_zero(ldb, struct ldb_result);
+ if (! *res) {
+ talloc_free(req);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
req-op.search.attrs = attrs;
req-controls = NULL;
req-context = res;
@@ -583,9 +586,11 @@
struct ldb_request *req;
int ret;
- ret = ldb_msg_sanity_check(message);
- if (ret != LDB_SUCCESS) return ret;
-
+ ret = ldb_msg_sanity_check(ldb, message);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
req = talloc(ldb, struct ldb_request);
if (req == NULL) {
ldb_set_errstring(ldb, talloc_strdup(ldb, Out of memory!));
@@ -615,7 +620,7 @@
struct ldb_request *req;
int ret;
- ret = ldb_msg_sanity_check(message);
+ ret = ldb_msg_sanity_check(ldb, message);
if (ret != LDB_SUCCESS) return ret;
req = talloc(ldb, struct ldb_request);
Modified: branches/SOC/mkhl/ldb-map/common/ldb_dn.c
===
--- branches/SOC/mkhl/ldb-map/common/ldb_dn.c 2006-07-23 09:50:04 UTC (rev
17200)
+++ branches/SOC/mkhl/ldb-map/common/ldb_dn.c 2006-07-23 10:54:06 UTC (rev
17201)
@@ -578,32 +578,37 @@
if (edn == NULL) return NULL;
cedn = ldb_dn_new(ldb);
- LDB_DN_NULL_FAILED(cedn);
+ if (!cedn) {
+ return NULL;
+ }
cedn-comp_num = edn-comp_num;
cedn-components = talloc_array(cedn, struct ldb_dn_component,
edn-comp_num);
- LDB_DN_NULL_FAILED(cedn-components);
+ if (!cedn-components) {
+ talloc_free(cedn);
+ return NULL;
+ }
for (i = 0; i edn-comp_num; i++) {
struct ldb_dn_component dc;
const struct ldb_attrib_handler *h;
dc.name = ldb_attr_casefold(cedn, edn-components[i].name);
- LDB_DN_NULL_FAILED(dc.name);
+ if (!dc.name) {
+ talloc_free(cedn);
+ return NULL;
+ }
h = ldb_attrib_handler(ldb, dc.name);
if (h-canonicalise_fn(ldb, cedn, (edn-components[i].value),
(dc.value)) != 0) {
- goto failed;
+ talloc_free(cedn);
+ return NULL;
}
cedn-components[i] = dc;
}
return cedn;
-
-failed:
- talloc_free(cedn);
- return NULL;
}
struct ldb_dn *ldb_dn_explode_casefold(struct ldb_context *ldb, const char *dn)
Modified: branches/SOC/mkhl/ldb-map/common/ldb_msg.c
svn commit: samba r17202 - in branches/SOC/mkhl/ldb-map/modules: .
Author: mkhl Date: 2006-07-23 10:58:05 + (Sun, 23 Jul 2006) New Revision: 17202 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17202 Log: Adapt ldb_map module to the new async naming. Martin Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c Changeset: Sorry, the patch is too large (605 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17202
svn commit: samba r17203 - in branches/SOC/mkhl/ldb-map/modules: .
Author: mkhl
Date: 2006-07-23 12:53:33 + (Sun, 23 Jul 2006)
New Revision: 17203
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17203
Log:
Oops, forgot two ldb_replies.
Martin
Modified:
branches/SOC/mkhl/ldb-map/modules/ldb_map.c
Changeset:
Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c
===
--- branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-07-23 10:58:05 UTC (rev
17202)
+++ branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-07-23 12:53:33 UTC (rev
17203)
@@ -1799,14 +1799,14 @@
*/
-typedef int (*ldb_search_callback)(struct ldb_context *, void *, struct
ldb_async_result *);
+typedef int (*ldb_search_callback)(struct ldb_context *, void *, struct
ldb_reply *);
/* store single search result in async context */
static
int
search_self_callback(struct ldb_context *ldb,
void *context,
-struct ldb_async_result *ares)
+struct ldb_reply *ares)
{
struct map_async_context *ac;
const char *dn;
svn commit: samba r17204 - in branches/SOC/mkhl/samdb-map/ldb_modules: .
Author: mkhl
Date: 2006-07-23 13:30:25 + (Sun, 23 Jul 2006)
New Revision: 17204
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17204
Log:
Adapt samba3sam as well.
Martin
Modified:
branches/SOC/mkhl/samdb-map/ldb_modules/samba3sam.c
Changeset:
Modified: branches/SOC/mkhl/samdb-map/ldb_modules/samba3sam.c
===
--- branches/SOC/mkhl/samdb-map/ldb_modules/samba3sam.c 2006-07-23 12:53:33 UTC
(rev 17203)
+++ branches/SOC/mkhl/samdb-map/ldb_modules/samba3sam.c 2006-07-23 13:30:25 UTC
(rev 17204)
@@ -881,13 +881,13 @@
/* the init function */
int ldb_samba3sam_module_init(void)
{
-struct ldb_module_ops ops = ldb_map_get_ops();
- samba3sam_ops.add= ops.add;
- samba3sam_ops.modify = ops.modify;
- samba3sam_ops.del= ops.del;
- samba3sam_ops.rename = ops.rename;
- samba3sam_ops.search = ops.search;
- samba3sam_ops.async_wait = ops.async_wait;
+ struct ldb_module_ops ops = ldb_map_get_ops();
+ samba3sam_ops.add = ops.add;
+ samba3sam_ops.modify= ops.modify;
+ samba3sam_ops.del = ops.del;
+ samba3sam_ops.rename= ops.rename;
+ samba3sam_ops.search= ops.search;
+ samba3sam_ops.wait = ops.wait;
-return ldb_register_module(samba3sam_ops);
+ return ldb_register_module(samba3sam_ops);
}
svn commit: samba r17205 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec
Date: 2006-07-23 16:54:16 + (Sun, 23 Jul 2006)
New Revision: 17205
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17205
Log:
Even if this makes me look foolish, at least start to scratch on the surface
of spoolss. If snum is to be removed, then we should make at least the attempt
to walk parts of the code before and after the changes.
This walks GetPrinterInfo level 0-7.
Volker
Modified:
branches/SAMBA_4_0/source/torture/rpc/rpc.c
branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c
===
--- branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-07-23 13:30:25 UTC (rev
17204)
+++ branches/SAMBA_4_0/source/torture/rpc/rpc.c 2006-07-23 16:54:16 UTC (rev
17205)
@@ -135,6 +135,7 @@
register_torture_op(RPC-SAMBA3-GETUSERNAME,
torture_samba3_rpc_getusername);
register_torture_op(RPC-SAMBA3-LSA, torture_samba3_rpc_lsa);
+ register_torture_op(RPC-SAMBA3-SPOOLSS, torture_samba3_rpc_spoolss);
register_torture_op(RPC-DRSUAPI, torture_rpc_drsuapi);
register_torture_op(RPC-CRACKNAMES, torture_rpc_drsuapi_cracknames);
register_torture_op(RPC-ROT, torture_rpc_rot);
Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
===
--- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-07-23 13:30:25 UTC
(rev 17204)
+++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2006-07-23 16:54:16 UTC
(rev 17205)
@@ -32,6 +32,8 @@
#include librpc/gen_ndr/ndr_netlogon_c.h
#include librpc/gen_ndr/ndr_srvsvc.h
#include librpc/gen_ndr/ndr_srvsvc_c.h
+#include librpc/gen_ndr/ndr_spoolss.h
+#include librpc/gen_ndr/ndr_spoolss_c.h
#include lib/cmdline/popt_common.h
#include librpc/rpc/dcerpc.h
#include torture/rpc/rpc.h
@@ -1355,17 +1357,18 @@
* open pipe and bind, given an IPC$ context
*/
-static struct dcerpc_pipe *pipe_bind_smb(TALLOC_CTX *mem_ctx,
-struct smbcli_tree *tree,
-const char *pipe_name,
-const struct dcerpc_interface_table
*iface)
+static NTSTATUS pipe_bind_smb(TALLOC_CTX *mem_ctx,
+ struct smbcli_tree *tree,
+ const char *pipe_name,
+ const struct dcerpc_interface_table *iface,
+ struct dcerpc_pipe **p)
{
struct dcerpc_pipe *result;
NTSTATUS status;
if (!(result = dcerpc_pipe_init(
mem_ctx, tree-session-transport-socket-event.ctx))) {
- return NULL;
+ return NT_STATUS_NO_MEMORY;
}
status = dcerpc_pipe_open_smb(result-conn, tree, pipe_name);
@@ -1373,17 +1376,18 @@
d_printf(dcerpc_pipe_open_smb failed: %s\n,
nt_errstr(status));
talloc_free(result);
- return NULL;
+ return status;
}
status = dcerpc_bind_auth_none(result, iface);
if (!NT_STATUS_IS_OK(status)) {
d_printf(schannel bind failed: %s\n, nt_errstr(status));
talloc_free(result);
- return NULL;
+ return status;
}
- return result;
+ *p = result;
+ return NT_STATUS_OK;
}
/*
@@ -1486,9 +1490,11 @@
struct lsa_StringPointer authority_name_p;
struct dom_sid *result;
- if (!(lsa = pipe_bind_smb(mem_ctx, tree, \\pipe\\lsarpc,
- dcerpc_table_lsarpc))) {
- d_printf(Could not bind to LSA\n);
+ status = pipe_bind_smb(mem_ctx, tree, \\pipe\\lsarpc,
+ dcerpc_table_lsarpc, lsa);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf((%s) Could not bind to LSA: %s\n,
+__location__, nt_errstr(status));
return NULL;
}
@@ -1800,6 +1806,7 @@
BOOL ret = True;
const char *sharename = NULL;
struct smbcli_state *cli;
+ NTSTATUS status;
if (!(mem_ctx = talloc_new(torture))) {
return False;
@@ -1812,9 +1819,11 @@
return False;
}
- if (!(p = pipe_bind_smb(mem_ctx, cli-tree, \\pipe\\srvsvc,
- dcerpc_table_srvsvc))) {
- d_printf(could not bind to srvsvc pipe\n);
+ status = pipe_bind_smb(mem_ctx, cli-tree, \\pipe\\srvsvc,
+ dcerpc_table_srvsvc, p);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf((%s) could not bind to srvsvc pipe: %s\n,
+__location__, nt_errstr(status));
ret = False;
goto done;
}
@@ -1853,9 +1862,11 @@
svn commit: samba r17207 - in branches/SAMBA_4_0/source/param: .
Author: idra
Date: 2006-07-23 18:47:56 + (Sun, 23 Jul 2006)
New Revision: 17207
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17207
Log:
Add the ldb based shares configuration module
Added:
branches/SAMBA_4_0/source/param/share_ldb.c
Modified:
branches/SAMBA_4_0/source/param/config.mk
Changeset:
Modified: branches/SAMBA_4_0/source/param/config.mk
===
--- branches/SAMBA_4_0/source/param/config.mk 2006-07-23 18:43:07 UTC (rev
17206)
+++ branches/SAMBA_4_0/source/param/config.mk 2006-07-23 18:47:56 UTC (rev
17207)
@@ -33,3 +33,13 @@
# End MODULE share_classic
+
+# Start MODULE share_ldb
+[MODULE::share_ldb]
+SUBSYSTEM = share
+INIT_FUNCTION = share_ldb_init
+OBJ_FILES = share_ldb.o
+PUBLIC_DEPENDENCIES = ldb
+# End MODULE share_ldb
+
+
Added: branches/SAMBA_4_0/source/param/share_ldb.c
===
--- branches/SAMBA_4_0/source/param/share_ldb.c 2006-07-23 18:43:07 UTC (rev
17206)
+++ branches/SAMBA_4_0/source/param/share_ldb.c 2006-07-23 18:47:56 UTC (rev
17207)
@@ -0,0 +1,281 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ LDB based services configuration
+
+ Copyright (C) Simo Sorce2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include includes.h
+#include ldb/include/ldb.h
+#include ldb/include/ldb_errors.h
+#include auth/auth.h
+#include db_wrap.h
+#include param/share.h
+
+static NTSTATUS sldb_init(TALLOC_CTX *mem_ctx, const struct share_ops *ops,
struct share_context **ctx)
+{
+ struct ldb_context *sdb;
+
+ *ctx = talloc(mem_ctx, struct share_context);
+ if (!*ctx) {
+ DEBUG(0, (ERROR: Out of memory!\n));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sdb = ldb_wrap_connect( *ctx,
+ private_path(*ctx, share.ldb),
+ system_session(*ctx),
+ NULL, 0, NULL);
+
+ if (!sdb) {
+ talloc_free(*ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ (*ctx)-ops = ops;
+ (*ctx)-priv_data = (void *)sdb;
+
+ return NT_STATUS_OK;
+}
+
+static const char *sldb_string_option(struct share_config *scfg, const char
*opt_name, const char *defval)
+{
+ struct ldb_message *msg;
+ struct ldb_message_element *el;
+
+ if (scfg == NULL) return defval;
+
+ msg = talloc_get_type(scfg-opaque, struct ldb_message);
+
+ if (strchr(opt_name, ':')) {
+ char *name, *p;
+
+ name = talloc_strdup(scfg, opt_name);
+ if (!name) {
+ return NULL;
+ }
+ p = strchr(name, ':');
+ *p = '-';
+
+ el = ldb_msg_find_element(msg, name);
+ } else {
+ el = ldb_msg_find_element(msg, opt_name);
+ }
+
+ if (el == NULL) {
+ return defval;
+ }
+
+ return (const char *)(el-values[0].data);
+}
+
+static int sldb_int_option(struct share_config *scfg, const char *opt_name,
int defval)
+{
+ const char *val;
+ int ret;
+
+ val = sldb_string_option(scfg, opt_name, NULL);
+ if (val == NULL) return defval;
+
+ errno = 0;
+ ret = (int)strtol(val, NULL, 10);
+ if (errno) return -1;
+
+ return ret;
+}
+
+static BOOL sldb_bool_option(struct share_config *scfg, const char *opt_name,
BOOL defval)
+{
+ const char *val;
+
+ val = sldb_string_option(scfg, opt_name, NULL);
+ if (val == NULL) return defval;
+
+ if (strcasecmp(val, true) == 0) return True;
+
+ return False;
+}
+
+static const char **sldb_string_list_option(TALLOC_CTX *mem_ctx, struct
share_config *scfg, const char *opt_name)
+{
+ struct ldb_message *msg;
+ struct ldb_message_element *el;
+ const char **list;
+ int i;
+
+ if (scfg == NULL) return NULL;
+
+ msg = talloc_get_type(scfg-opaque, struct ldb_message);
+
+ if (strchr(opt_name, ':')) {
+ char *name, *p;
+
+
svn commit: samba r17208 - in branches/SAMBA_4_0/source: script/tests setup
Author: idra
Date: 2006-07-23 18:49:07 + (Sun, 23 Jul 2006)
New Revision: 17208
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17208
Log:
Add a away to test the ldb module.
Actually you can't test both classic and ldb together, but you can replace the
standard
script/tests/mktestsetup.sh file with this one and run make test to see
share_ldb in action
Added:
branches/SAMBA_4_0/source/script/tests/mktestsetup.sh.share_ldb
branches/SAMBA_4_0/source/setup/share.ldif
Changeset:
Added: branches/SAMBA_4_0/source/script/tests/mktestsetup.sh.share_ldb
===
--- branches/SAMBA_4_0/source/script/tests/mktestsetup.sh.share_ldb
2006-07-23 18:47:56 UTC (rev 17207)
+++ branches/SAMBA_4_0/source/script/tests/mktestsetup.sh.share_ldb
2006-07-23 18:49:07 UTC (rev 17208)
@@ -0,0 +1,211 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]
+then
+ echo $0 PREFIX
+ exit 1
+fi
+
+PREFIX=$1
+
+if test -z $TLS_ENABLED; then
+ TLS_ENABLED=false
+fi
+
+DOMAIN=SAMBADOMAIN
+USERNAME=administrator
+REALM=SAMBA.EXAMPLE.COM
+PASSWORD=penguin
+SRCDIR=`pwd`
+ROOT=$USER
+SERVER=localhost
+NETBIOSNAME=localtest
+if test -z $ROOT; then
+ROOT=$LOGNAME
+fi
+if test -z $ROOT; then
+ROOT=`whoami`
+fi
+
+oldpwd=`pwd`
+srcdir=`dirname $0`/../..
+mkdir -p $PREFIX || exit $?
+cd $PREFIX
+PREFIX_ABS=`pwd`
+export PREFIX_ABS
+cd $oldpwd
+
+TEST_DATA_PREFIX=$PREFIX_ABS
+export TEST_DATA_PREFIX
+
+TMPDIR=$PREFIX_ABS/tmp
+ETCDIR=$PREFIX_ABS/etc
+PIDDIR=$PREFIX_ABS/pid
+CONFFILE=$ETCDIR/smb.conf
+KRB5_CONFIG=$ETCDIR/krb5.conf
+PRIVATEDIR=$PREFIX_ABS/private
+NCALRPCDIR=$PREFIX_ABS/ncalrpc
+LOCKDIR=$PREFIX_ABS/lockdir
+TLSDIR=$PRIVATEDIR/tls
+WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
+CONFIGURATION=--configfile=$CONFFILE
+export CONFIGURATION
+export CONFFILE
+
+rm -rf $PREFIX/*
+mkdir -p $PRIVATEDIR $ETCDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR $TLSDIR
+
+cat $CONFFILEEOF
+[global]
+ netbios name = $NETBIOSNAME
+netbios aliases = $SERVER
+ workgroup = $DOMAIN
+ realm = $REALM
+ private dir = $PRIVATEDIR
+ pid directory = $PIDDIR
+ ncalrpc dir = $NCALRPCDIR
+ lock dir = $LOCKDIR
+ setup directory = $SRCDIR/setup
+ js include = $SRCDIR/scripting/libjs
+ share backend = ldb
+winbindd socket directory = $WINBINDD_SOCKET_DIR
+ name resolve order = bcast
+ interfaces = 127.0.0.1/8
+ tls enabled = $TLS_ENABLED
+ panic action = $SRCDIR/script/gdb_backtrace %PID% %PROG%
+ wins support = yes
+ server role = pdc
+ max xmit = 32K
+ server max protocol = SMB2
+
+[tmp]
+ path = $TMPDIR
+ read only = no
+ ntvfs handler = posix
+ posix:sharedelay = 10
+ posix:eadb = $LOCKDIR/eadb.tdb
+
+[cifs]
+ read only = no
+ ntvfs handler = cifs
+ cifs:server = $SERVER
+ cifs:user = $USERNAME
+ cifs:password = $PASSWORD
+ cifs:domain = $DOMAIN
+ cifs:share = tmp
+EOF
+
+## Override default srahes_config.ldb file
+rm -f $PRIVATEDIR/share.ldb
+cat $PRIVATEDIR/share.ldifEOF
+### Shares basedn
+dn: @INDEXLIST
[EMAIL PROTECTED]: name
+
+dn: @ATTRIBUTES
+cn: CASE_INSENSITIVE
+dc: CASE_INSENSITIVE
+name: CASE_INSENSITIVE
+dn: CASE_INSENSITIVE
+objectClass: CASE_INSENSITIVE
+
+dn: CN=Shares
+objectClass: top
+objectClass: organizationalUnit
+cn: Shares
+
+### Default IPC$ Share
+dn: CN=IPC$,CN=Shares
+objectClass: top
+objectClass: share
+cn: IPC$
+name: IPC$
+type: IPC
+path: /tmp
+comment: Remote IPC
+max-connections: -1
+available: True
+readonly: True
+browseable: False
+ntvfs-handler: default
+
+### Default ADMIN$ Share
+dn: CN=ADMIN$,CN=Shares
+objectClass: top
+objectClass: share
+cn: ADMIN$
+name: ADMIN$
+type: DISK
+path: /tmp
+comment: Remote Admin
+max-connections: -1
+available: True
+readonly: True
+browseable: False
+ntvfs-handler: default
+
+dn: CN=tmp,CN=Shares
+objectClass: top
+objectClass: share
+cn: tmp
+name: tmp
+type: DISK
+path: $TMPDIR
+comment: Temp Dir for Tests
+readonly: False
+ntvfs-handler: posix
+posix-sharedelay: 10
+posix-eadb: $LOCKDIR/eadb.tdb
+
+dn: CN=cifs,CN=Shares
+objectClass: top
+objectClass: share
+cn: cifs
+name: cifs
+type: DISK
+readonly: False
+ntvfs-handler: cifs
+cifs-server: $SERVER
+cifs-user: $USERNAME
+cifs-password: $PASSWORD
+cifs-domain: $DOMAIN
+cifs-share: tmp
+EOF
+
+$srcdir/bin/ldbadd -H $PRIVATEDIR/share.ldb $PRIVATEDIR/share.ldif
/dev/null || exit 1
+
+cat $KRB5_CONFIGEOF
+[libdefaults]
+ default_realm = SAMBA.EXAMPLE.COM
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ forwardable = yes
+
+[realms]
+ SAMBA.EXAMPLE.COM = {
+ kdc = 127.0.0.1
+ admin_server = 127.0.0.1
+ default_domain = samba.example.com
+ }
+[domain_realm]
+ .samba.example.com = SAMBA.EXAMPLE.COM
+EOF
+
+export KRB5_CONFIG
+
+$srcdir/bin/smbscript $srcdir/setup/provision $CONFIGURATION
svn commit: samba r17209 - in branches/SAMBA_4_0/source/smbd: .
Author: idra Date: 2006-07-23 19:54:11 + (Sun, 23 Jul 2006) New Revision: 17209 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17209 Log: Add dependency over the new share configuration module into smbd Should fix some build farm machine Modified: branches/SAMBA_4_0/source/smbd/config.mk Changeset: Modified: branches/SAMBA_4_0/source/smbd/config.mk === --- branches/SAMBA_4_0/source/smbd/config.mk2006-07-23 18:49:07 UTC (rev 17208) +++ branches/SAMBA_4_0/source/smbd/config.mk2006-07-23 19:54:11 UTC (rev 17209) @@ -41,6 +41,7 @@ gensec \ registry \ ntptr \ - ntvfs + ntvfs \ + share # End BINARY smbd #
Rev 9144: Use standard POSIX signal utility functions rather than Samba's existing ones. in file:///home/jelmer/bzr.samba/4.0-signalreplace/
revno: 9144 revision-id: [EMAIL PROTECTED] parent: svn-v1:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: signalreplace timestamp: Sun 2006-07-23 22:24:24 +0200 message: Use standard POSIX signal utility functions rather than Samba's existing ones. Provides replacements for systems that don't have them. added: source/lib/replace/signal.csignal.c-20060723202319-wrtrofpo6fhyy9q1-1 modified: source/lib/replace/README svn-v1:[EMAIL PROTECTED] source/lib/replace/replace.h svn-v1:[EMAIL PROTECTED] source/lib/util/signal.c svn-v1:[EMAIL PROTECTED]
svn commit: samba r17211 - in branches/SOC/mkhl/ldb-map/modules: .
Author: mkhl
Date: 2006-07-23 21:27:44 + (Sun, 23 Jul 2006)
New Revision: 17211
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17211
Log:
More const declarations for map_context structures.
Martin
Modified:
branches/SOC/mkhl/ldb-map/modules/ldb_map.c
Changeset:
Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c
===
--- branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-07-23 20:04:42 UTC (rev
17210)
+++ branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-07-23 21:27:44 UTC (rev
17211)
@@ -237,7 +237,7 @@
ldb_next_remote_request(struct ldb_module *module,
struct ldb_request *request)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
struct ldb_message *msg;
switch (request-operation) {
@@ -281,7 +281,7 @@
/* Find an objectClass by the local name. */
static
const struct ldb_map_objectclass *
-find_local_oc(struct ldb_map_context *data,
+find_local_oc(const struct ldb_map_context *data,
const char *name)
{
int i;
@@ -296,7 +296,7 @@
static
const struct ldb_map_objectclass *
-find_remote_oc(struct ldb_map_context *data,
+find_remote_oc(const struct ldb_map_context *data,
const char *name)
{
int i;
@@ -312,7 +312,7 @@
/* Find an attribute by the local name. */
static
const struct ldb_map_attribute *
-find_local_attr(struct ldb_map_context *data,
+find_local_attr(const struct ldb_map_context *data,
const char *name)
{
int i;
@@ -328,7 +328,7 @@
/* Find an attribute by the remote name. */
static
const struct ldb_map_attribute *
-find_remote_attr(struct ldb_map_context *data,
+find_remote_attr(const struct ldb_map_context *data,
const char *name)
{
int i, j;
@@ -369,7 +369,7 @@
check_dn_local(struct ldb_module *module,
const struct ldb_dn *dn)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
return ldb_dn_compare_base(module-ldb, data-local_base_dn, dn) == 0;
}
@@ -377,7 +377,7 @@
/* True if attr has an associated mapping that does not ignore it */
static
BOOL
-check_attr_mapped(struct ldb_map_context *data,
+check_attr_mapped(const struct ldb_map_context *data,
const char* attr)
{
const struct ldb_map_attribute *map;
@@ -396,7 +396,7 @@
check_attrs_mapped(struct ldb_module *module,
const char * const *attrs)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
BOOL ret;
int i;
@@ -415,7 +415,7 @@
check_msg_mapped(struct ldb_module *module,
const struct ldb_message *msg)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
BOOL ret;
int i;
@@ -435,7 +435,7 @@
const struct ldb_message *msg,
const char *attr)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
const struct ldb_map_attribute *map;
map = find_remote_attr(data, attr);
@@ -459,7 +459,7 @@
void *mem_ctx,
const char * const *attrs)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
const char **result;
int i, last;
@@ -501,7 +501,7 @@
void *mem_ctx,
const char * const *attrs)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
const struct ldb_map_attribute *map;
const char *name;
const char **result;
@@ -578,7 +578,7 @@
void *mem_ctx,
const struct ldb_message *msg)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct ldb_map_context *data = map_get_context(module);
const struct ldb_map_attribute *map;
const char **result;
int i, j, last;
@@ -665,7 +665,7 @@
const struct ldb_message *msg,
const char *name)
{
- struct ldb_map_context *map = map_get_context(module);
+ const struct ldb_map_context *map = map_get_context(module);
const struct ldb_message_element *oc;
const struct ldb_map_objectclass *class;
int i, j;
@@ -794,7 +794,7 @@
void *mem_ctx,
const struct ldb_dn *dn)
{
- struct ldb_map_context *data = map_get_context(module);
+ const struct
svn commit: samba r17212 - in branches/SOC/mkhl/ldb-map/modules: .
Author: mkhl
Date: 2006-07-23 21:51:59 + (Sun, 23 Jul 2006)
New Revision: 17212
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17212
Log:
Comment out a few unused functions.
Martin
Modified:
branches/SOC/mkhl/ldb-map/modules/ldb_map.c
Changeset:
Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c
===
--- branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-07-23 21:27:44 UTC (rev
17211)
+++ branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-07-23 21:51:59 UTC (rev
17212)
@@ -391,6 +391,7 @@
}
/* True if any of attrs is mapped */
+/*
static
BOOL
check_attrs_mapped(struct ldb_module *module,
@@ -408,8 +409,10 @@
return False;
}
+*/
/* True if any of the message elements is mapped */
+/*
static
BOOL
check_msg_mapped(struct ldb_module *module,
@@ -427,8 +430,10 @@
return False;
}
+*/
/* True if remote attribute attr can be created from msg */
+/*
static
BOOL
check_msg_can_map_attr(struct ldb_module *module,
@@ -445,12 +450,13 @@
if (ldb_msg_find_element(msg, map-local_name) == NULL)
return False;
- /* TODO: if this attr requires context:
+ /\* TODO: if this attr requires context:
make sure all context attrs are mappable from msg
- prevent unsolvable attr chases ... somehow */
+ prevent unsolvable attr chases ... somehow *\/
return True;
}
+*/
/* select only attrs that are not mapped */
static
@@ -572,6 +578,7 @@
}
/* select only local attrs that can be unmapped from msg */
+/*
static
const char **
select_unmappable_msg_attrs(struct ldb_module *module,
@@ -592,9 +599,9 @@
return NULL;
result[0] = NULL;
- /* for each mapping, check if all remote attributes are present
- if they are, add the local one to the result */
- /* TODO: Alternatively, walk over msg-elements and use
find_remote_attr. */
+ /\* for each mapping, check if all remote attributes are present
+ if they are, add the local one to the result *\/
+ /\* TODO: Alternatively, walk over msg-elements and use
find_remote_attr. *\/
for (i = 0; data-attribute_maps[i].local_name; i++) {
BOOL avail = False;
map = data-attribute_maps[i];
@@ -613,7 +620,7 @@
break;
case MAP_GENERATE:
- /* look for *all* remote names */
+ /\* look for *all* remote names *\/
avail = True;
for (j = 0; map-u.generate.remote_names[j]; j++)
avail = (ldb_msg_find_element(msg,
map-u.generate.remote_names[j]) != NULL);
@@ -631,8 +638,8 @@
return result;
}
+*/
-
/* Check whether the given objectClass is contained in the specified
* message */
/*
svn commit: samba r17213 - in branches/SOC/mkhl/ldb-map/modules: .
Author: mkhl Date: 2006-07-23 23:59:31 + (Sun, 23 Jul 2006) New Revision: 17213 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17213 Log: Imcomplete stab at fetching data from the remote partition first. Add/Modify/Rename/Delete work okay for basic cases, need to test complex ones. Search is currently restricted to remote data only. Still uses DNs for record identification. Martin Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c Changeset: Sorry, the patch is too large (1171 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17213
Build status as of Mon Jul 24 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-07-23 00:00:26.0 + +++ /home/build/master/cache/broken_results.txt 2006-07-24 00:00:35.0 + @@ -1,4 +1,4 @@ -Build status as of Sun Jul 23 00:00:02 2006 +Build status as of Mon Jul 24 00:00:02 2006 Build counts: Tree Total Broken Panic @@ -10,9 +10,9 @@ rsync33 2 0 samba0 0 0 samba-docs 0 0 0 -samba4 38 25 4 -samba_3_037 10 1 -smb-build24 24 0 +samba4 38 26 4 +samba_3_037 8 1 +smb-build23 23 0 talloc 31 11 0 -tdb 20 8 0 +tdb 19 7 0
svn commit: samba r17215 - in branches/SAMBA_4_0/source/ldap_server: .
Author: abartlet
Date: 2006-07-24 00:45:21 + (Mon, 24 Jul 2006)
New Revision: 17215
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17215
Log:
Prepare the SASL socket before actually settting it. This allows
errors to be reported corectly, rather than just dropping the socket.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2006-07-24 00:05:58 UTC
(rev 17214)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2006-07-24 00:45:21 UTC
(rev 17215)
@@ -90,21 +90,17 @@
return NT_STATUS_OK;
}
+struct ldapsrv_sasl_context {
+ struct ldapsrv_connection *conn;
+ struct socket_context *sasl_socket;
+};
+
static void ldapsrv_set_sasl(void *private)
{
- struct ldapsrv_connection *conn = talloc_get_type(private, struct
ldapsrv_connection);
- struct socket_context *socket = gensec_socket_init(conn-gensec,
-
conn-connection-socket,
-
conn-connection-event.ctx,
-
stream_io_handler_callback,
- conn-connection);
- if (socket) {
- conn-connection-socket = socket;
- talloc_steal(conn-connection-socket, socket);
- packet_set_socket(conn-packet, socket);
- } else {
- ldapsrv_terminate_connection(conn, Failed to setup SASL
wrapping on socket);
- }
+ struct ldapsrv_sasl_context *ctx = talloc_get_type(private, struct
ldapsrv_sasl_context);
+ ctx-conn-connection-socket = ctx-sasl_socket;
+ talloc_steal(ctx-conn-connection-socket, ctx-sasl_socket);
+ packet_set_socket(ctx-conn-packet, ctx-sasl_socket);
}
static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
@@ -190,32 +186,58 @@
errstr = NULL;
} else if (NT_STATUS_IS_OK(status)) {
struct auth_session_info *old_session_info;
+ struct ldapsrv_sasl_context *ctx;
result = LDAP_SUCCESS;
errstr = NULL;
- call-send_callback = ldapsrv_set_sasl;
- call-send_private = conn;
-
- old_session_info = conn-session_info;
- conn-session_info = NULL;
- status = gensec_session_info(conn-gensec, conn-session_info);
- if (!NT_STATUS_IS_OK(status)) {
+ ctx = talloc(call, struct ldapsrv_sasl_context);
+
+ if (ctx) {
+ ctx-conn = conn;
+ ctx-sasl_socket = gensec_socket_init(conn-gensec,
+
conn-connection-socket,
+
conn-connection-event.ctx,
+
stream_io_handler_callback,
+ conn-connection);
+ }
+
+ if (!ctx || !ctx-sasl_socket) {
conn-session_info = old_session_info;
result = LDAP_OPERATIONS_ERROR;
- errstr = talloc_asprintf(reply, SASL:[%s]: Failed to
get session info: %s, req-creds.SASL.mechanism, nt_errstr(status));
+ errstr = talloc_asprintf(reply,
+SASL:[%s]: Failed to setup
SASL socket (out of memory),
+req-creds.SASL.mechanism);
} else {
- talloc_free(old_session_info);
- talloc_steal(conn, conn-session_info);
- /* don't leak the old LDB */
- talloc_free(conn-ldb);
-
- status = ldapsrv_backend_Init(conn);
-
+ call-send_callback = ldapsrv_set_sasl;
+ call-send_private = ctx;
+
+ old_session_info = conn-session_info;
+ conn-session_info = NULL;
+ status = gensec_session_info(conn-gensec,
conn-session_info);
if (!NT_STATUS_IS_OK(status)) {
+ conn-session_info = old_session_info;
result = LDAP_OPERATIONS_ERROR;
- errstr = talloc_asprintf(reply, SASL:[%s]:
Failed to advise samdb of new credentials: %s, req-creds.SASL.mechanism,
nt_errstr(status));
+ errstr = talloc_asprintf(reply,
+
svn commit: samba r17216 - in branches/SAMBA_3_0/source: include libsmb utils
Author: abartlet
Date: 2006-07-24 05:02:38 + (Mon, 24 Jul 2006)
New Revision: 17216
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17216
Log:
From Kai Blin [EMAIL PROTECTED]:
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF hex number
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF hex number
Description: Returns the negotiated flags.
Command: GK
Reply: GK base64 encoded session key
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
Modified:
branches/SAMBA_3_0/source/include/ntlmssp.h
branches/SAMBA_3_0/source/libsmb/cliconnect.c
branches/SAMBA_3_0/source/libsmb/ntlmssp.c
branches/SAMBA_3_0/source/utils/ntlm_auth.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/ntlmssp.h
===
--- branches/SAMBA_3_0/source/include/ntlmssp.h 2006-07-24 00:45:21 UTC (rev
17215)
+++ branches/SAMBA_3_0/source/include/ntlmssp.h 2006-07-24 05:02:38 UTC (rev
17216)
@@ -65,6 +65,10 @@
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x4000
#define NTLMSSP_NEGOTIATE_56 0x8000
+#define NTLMSSP_FEATURE_SESSION_KEY0x0001
+#define NTLMSSP_FEATURE_SIGN 0x0002
+#define NTLMSSP_FEATURE_SEAL 0x0004
+
#define NTLMSSP_NAME_TYPE_SERVER 0x01
#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2006-07-24 00:45:21 UTC
(rev 17215)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2006-07-24 05:02:38 UTC
(rev 17216)
@@ -599,6 +599,7 @@
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(ntlmssp_state)))
{
return nt_status;
}
+ ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state,
user))) {
return nt_status;
Modified: branches/SAMBA_3_0/source/libsmb/ntlmssp.c
===
--- branches/SAMBA_3_0/source/libsmb/ntlmssp.c 2006-07-24 00:45:21 UTC (rev
17215)
+++ branches/SAMBA_3_0/source/libsmb/ntlmssp.c 2006-07-24 05:02:38 UTC (rev
17216)
@@ -211,6 +211,50 @@
}
/**
+ * Request features for the NTLMSSP negotiation
+ *
+ * @param ntlmssp_state NTLMSSP state
+ * @param feature_list List of space seperated features requested from NTLMSSP.
+ */
+void ntlmssp_want_feature_list(NTLMSSP_STATE *ntlmssp_state, char
*feature_list)
+{
+ /*
+* We need to set this to allow a later SetPassword
+* via the SAMR pipe to succeed. Strange We could
+* also add NTLMSSP_NEGOTIATE_SEAL here. JRA.
+*/
+ if (in_list(NTLMSSP_FEATURE_SESSION_KEY, feature_list, True)) {
+ ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+ if (in_list(NTLMSSP_FEATURE_SIGN, feature_list, True)) {
+ ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+ if(in_list(NTLMSSP_FEATURE_SEAL, feature_list, True)) {
+ ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+ }
+}
+
+/**
+ * Request a feature for the NTLMSSP negotiation
+ *
+ * @param ntlmssp_state NTLMSSP state
+ * @param feature Bit flag specifying the requested feature
+ */
+void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature)
+{
+ /* As per JRA's comment above */
+ if (feature NTLMSSP_FEATURE_SESSION_KEY) {
+ ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+ if (feature NTLMSSP_FEATURE_SIGN) {
+ ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+ if (feature NTLMSSP_FEATURE_SEAL) {
+ ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+ }
+}
+
+/**
* Next state function for the NTLMSSP state machine
*
* @param ntlmssp_state NTLMSSP State
@@ -1163,12 +1207,6 @@
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_NTLM2 |
NTLMSSP_NEGOTIATE_KEY_EXCH |
- /*
-* We need to set this to allow a later SetPassword
-* via the SAMR pipe to succeed. Strange We could
-* also add NTLMSSP_NEGOTIATE_SEAL here. JRA.
-* */
- NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_REQUEST_TARGET;
