Re: [Samba] Help cleaning up domain SID mess...
Phil Burrow wrote: Bjørn Tore Sund wrote: I have four SLES 10 servers working as Samba servers on the same domain with an LDAP account backend. Relevant smb.conf entries are: [global] workgroup = UNIX realm = UNIX.UIB.NO server string = ukl-samba netbios name = ukl-samba security = user allow trusted domains = yes domain master = yes local master = yes encrypt passwords = yes Only one of the servers is set as domain and local master, server string and netbios name obviously differ while workgroup and realm are set to the same. When I first set them up (smbpasswd -w, etc.) they created seperate sambaDomain entries in the LDAP root, with separate SIDs. the sambaDomain entries are named after each server. The user SIDs we simply set to be based on the SID of the first server we set up. effectively broken. On startup, every single user (all 35. of them...) would get a line in /var/log/messages: ukl-samba smbd[16336]: User SNIP with invalid SID SNIP in passdb Nobody could get at the Samba shares until I edited the LDAP tree to switch the SIDs between this server and the server with the SID the user SIDs were based on. start. I was hoping someone here had an answer which saved me the trouble of setting up a full test domain with LDAP and Samba-servers... Can I just set the same SID on all four domains? Or delete three of the four domains and rename the one with the correct SID to the _domain_ name in sted of the server name? Thanks, Bjørn Hi Bjørn, From what you mention here it sounds like you have four sambaDomainName=UNIX entries (objectClass: sambaDomain) with different sambaSID attributes. Effectively 4 different domains, on 4 different servers all with the same name. Thanks, but no: my sambaDomainnames are named after the servers, not the domain. So I have a sambaDomainname=ukl-samba for the server I quote from above, and similary for the other three. I gather this isn't what should have happened when the servers automatically registered themselves in the LDAP backend, but it did. Users have a sambaSID entry in their LDAP record, and the first portion of this needs to be the same as the sambaSID for the *domain* they are logging on to. If it's not then it wont work. It did work with 3.0.21. I found the fine new code snippet which means it won't work with 3.0.24, and I don't disagree with the principle as long as my mess can be sorted out despite of it. :) In answer to your point at the end, yes you can do this and it is what you are supposed to do, as far as I know. That was my assumption. Now for gathering up courage... If you do net getlocalsid on each of your SLES machines, the SID that is returned should be the same for all of them if you want them all to be controllers on your domain. If it's not, pick the SID you want - i.e. the sambaSID all your users have in their LDAP records - then net setlocalsid MYDOMAINSID on the servers you wish to change to that SID. (NB: On a domain, net getlocalsid and net getlocalsid MYDOMAIN should return the same.) Then go into your LDAP directory and delete all but one of the sambaDomainName=UNIX entries, and ensure the remaining one has sambaSID set to MYDOMAINSID. That is probably all you need to do. Thanks a lot. The last remaining quiestion is then what happens when I rename sambaDomainname=ukl-samba to sambaDomainname=unix and proceed from there? -BT -- Bjørn Tore Sund Phone: 555-84894 Email: [EMAIL PROTECTED] IT department VIP: 81724 Support: http://bs.uib.no Univ. of Bergen When in fear and when in doubt, run in circles, scream and shout. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help cleaning up domain SID mess...
Bjoern Tore Sund wrote: If you do net getlocalsid on each of your SLES machines, the SID that is returned should be the same for all of them if you want them all to be controllers on your domain. If it's not, pick the SID you want - i.e. the sambaSID all your users have in their LDAP records - then net setlocalsid MYDOMAINSID on the servers you wish to change to that SID. (NB: On a domain, net getlocalsid and net getlocalsid MYDOMAIN should return the same.) Then go into your LDAP directory and delete all but one of the sambaDomainName=UNIX entries, and ensure the remaining one has sambaSID set to MYDOMAINSID. That is probably all you need to do. Thanks a lot. The last remaining quiestion is then what happens when I rename sambaDomainname=ukl-samba to sambaDomainname=unix and proceed from there? This is why you need to test it before doing it ;) If your intention is to consolidate your 4 domains into one, with a PDC and some BDCs then provided the sambaSID in the user records is the same as the domain SID then your setup - with your 4 servers each having the same SID - should work correctly. You might need to re-add your client machines to the new domain. I dont know if Windows could handle the domain name changing but having the same SID. If you are using roaming profiles or things such as this you might encounter Windows complaining if the SID changes, but if you use the sambaSID you used already have then it shouldn't do. Cheers, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] prepare for vista
On Sun, 29 Jul 2007 12:47:11 -0500 linux [EMAIL PROTECTED] wrote: Am in testing phase with just a few lucky users to go live with samba. However, I just had a thought. What happens when we eventually do vista? Seems like I may need to add %a to my path = statement, but it did not work. No profile was created for the user under the windows version directory.. Here's my testing smb.conf. Please have a look and see what I may need to do to separate the profile according to the operating system the user is using. You don't need the %a (if it's only to separate Vista from other versions) Vista adds a .V2 to the profile path an user profile reside in \\PDC\Profiles\username.v2 for vista and in\\PDC\Profiles\usernamefor XP Vista seems to work satisfactorily with a samba PDC. the logon time is higher than with XP but everything we tested worked. (We don't use Vista in production and didn't discovered the probably numerous problems) relevant parts of our smb.conf: domain logons = yes logon drive = h: logon home = \\%L\%U logon path = \\%L\Profiles\%U [Profiles] path = /export/Profiles comment = Roaming Profile Share profile acls = Yes create mode = 0600 directory mode = 0700 read only = no browseable = no csc policy = disable hide files = /?esktop.ini/ -- Jean-Jacques Moulis Tel: (013) 281684 ISYFax: (013) 139282 Linköping UniversityE-mail: [EMAIL PROTECTED] 581 83 Linköping -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help cleaning up domain SID mess...
Phil Burrow wrote: Bjoern Tore Sund wrote: If you do net getlocalsid on each of your SLES machines, the SID that is returned should be the same for all of them if you want them all to be controllers on your domain. If it's not, pick the SID you want - i.e. the sambaSID all your users have in their LDAP records - then net setlocalsid MYDOMAINSID on the servers you wish to change to that SID. (NB: On a domain, net getlocalsid and net getlocalsid MYDOMAIN should return the same.) It seems clear that my Samba servers are rather opinionated about what a domain is and which one they are members of: ukl-felles:~ # net getlocalsid SID for domain UKL-FELLES is: S-1-5-21-1347351597-3932655379-226643757 ukl-felles:~ # net setlocalsid S-1-5-21-556026149-4105021892-2038178009 ukl-felles:~ # net getlocalsid SID for domain UKL-FELLES is: S-1-5-21-1347351597-3932655379-226643757 The sambasid entry in LDAP for sambadomainname=ukl-felles didn't change. This server also has, and always has had: [global] workgroup = UNIX realm = UNIX.UIB.NO server string = ukl-felles netbios name = ukl-felles os level = 30 security = user allow trusted domains = yes domain master = no local master = no encrypt passwords = yes The problem is security=user, I assume, on the other hand all docs I've looked at say this is the setting when running samba with an LDAP backend, as opposed to an AD backend. security=domain means the server stops responding to SMB connections. Then go into your LDAP directory and delete all but one of the sambaDomainName=UNIX entries, and ensure the remaining one has sambaSID set to MYDOMAINSID. That is probably all you need to do. Thanks a lot. The last remaining quiestion is then what happens when I rename sambaDomainname=ukl-samba to sambaDomainname=unix and proceed from there? This is why you need to test it before doing it ;) Yes, but ever so carefully, and based on as much of other people's pain as possible. :) If your intention is to consolidate your 4 domains into one, with a PDC and some BDCs then provided the sambaSID in the user records is the same as the domain SID then your setup - with your 4 servers each having the same SID - should work correctly. The problem becomes one of how to convince all the servers that they are not their own domain, they want to go with the common one as their domain name. You might need to re-add your client machines to the new domain. I dont know if Windows could handle the domain name changing but having the same SID. If you are using roaming profiles or things such as this you might encounter Windows complaining if the SID changes, but if you use the sambaSID you used already have then it shouldn't do. No Windows here, this is the cifs disk server for 800 Linux clients. None of which are members of the domain in any meaningful way. I just want all the servers to authenticate against the same LDAP server, the domain is irrelevant for functionality. Hmmm. Which means that I might just get away with setting the same SID on all four domains and leave it at that... ? -BT -- Bjørn Tore Sund Phone: 555-84894 Email: [EMAIL PROTECTED] IT department VIP: 81724 Support: http://bs.uib.no Univ. of Bergen When in fear and when in doubt, run in circles, scream and shout. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SSO across multiple physical subnets
I assume the remote VPNs are full tunnels, and that you can ping any of the computers in any of the networks from any of the networks. You should create trust relationships among all of the domains, along with permissions that allow logons and file access cross-domain - an important omission in the documentation. Search google with - trust relationship site:samba.org -. You will also want wins running on all servers, and that each server calls the others and allows calls from the servers. This is also documented. The key with the laptop users is to logon first to the home domain. This caches the profile password, and as long as the password is not changed (in either side) while the home server is unavailable, everything will be OK. Assuming 2000, XP, and/or Vista clients, of course. (You might also want to consider an LDAP backend with master/slave relationships among them, but this is highly complex and error prone if you are not an LDAP expert.) I run similar complex setups without a problem, the key is to make sure the smb.conf has the wins and subneting info in place, that the trust relationships work, and that permissions are set correctly. It does require some planning, an quite an amount of rote work, but all the documentation is right there in samba.org. This is done pretty much in the same way it was done in NT4, so any docus/flowcharts you find for NT4 apply to samba. Samba howto/docs + NT4 charts = easiest way Thanks, Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of Thomas Smith Sent: Sun 7/29/2007 9:22 PM To: samba@lists.samba.org Subject: [Samba] SSO across multiple physical subnets Hi, I¹ve been reading up on SSO-based logins for the last couple of weeks. I¹ve found a lot of information about it, but nothing that matches my situation. Here¹s the gist of my situation... - I have a Samba 3 PDC in our corporate office as well as three remote offices. - Each remote office is in a different physical building and connected to the Corporate office either via Point-to-Point T-1 or a Cisco PIX on-demand VPN tunnel. Each office resides in a separate IP subnet. - Each office is a separate domain. Each server has it's own domain user and group accounts. - I have laptop users who travel between the various offices on a regular basis. I also have some desktop users who travel to remote offices to provide training and such. What I'd like to do is make this a fault tolerant, SSO environment. Fault tolerance is very important for us in case one of the VPN tunnels or T-1s goes down--each office would still need to be able to log in to their server(s) and work. Another challenge has been laptop users--if they're configured for the Corporate office domain, they cannot access the domains of remote offices while on-site at those locations. This has always been a manual workaround for them to get access to printers and network shares. Can anyone suggest a direction to go in here? I know this is a lot, I'm not looking for someone to do the work. I just need some help locating the appropriate technology or how-tos for configuring something of this scale. Thanks, in advance, for your help! ~ Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access share from client out of second domain
Nobody any idea? :-( Marc Muehlfeld schrieb: Hello, Felipe Augusto van de Wiel schrieb: Have you tried Interdomain Trusts? Yes. The problem is that I need to run winbind to get the accounts of each other domain. But I can't run winbind on a PDC. I allready tried and found the information from Gerald (Jerry) Carter: http://www.gatago.com/linux/samba/14515423.html winbindd on a PDC only alloocates Unix ids for users and groups from trusted domains. Not its own domain. Does anyone know if it's planned to be supported to run winbind on a PDC in a future release? Regards Marc -- Marc Muehlfeld (Leitung Systemadministration) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profiles
hey, Im trying to avoid the roaming with the profiles, i found something in te list about that, but it doesn't works, I changed in the registry the parameters... [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] AppData=%USERPROFILE%\Datos de programa Cookies=%USERPROFILE%\Cookies ... .. to [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] AppData=P:\Profile\Datos de programa Cookies=P:\Profile\Cookies but as i said it doesn work...it still download and upload the profile folder... can someone help me? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SSO across multiple physical subnets
Hi Tom, Sounds like a chapter 6 samba 3 by example scenario. http://us1.samba.org/samba/docs/man/Samba-Guide/2000users.html Cheers, Adrian Sender. From: Thomas Smith [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] SSO across multiple physical subnets Date: Sun, 29 Jul 2007 18:22:04 -0700 Hi, I¹ve been reading up on SSO-based logins for the last couple of weeks. I¹ve found a lot of information about it, but nothing that matches my situation. Here¹s the gist of my situation... - I have a Samba 3 PDC in our corporate office as well as three remote offices. - Each remote office is in a different physical building and connected to the Corporate office either via Point-to-Point T-1 or a Cisco PIX on-demand VPN tunnel. Each office resides in a separate IP subnet. - Each office is a separate domain. Each server has it's own domain user and group accounts. - I have laptop users who travel between the various offices on a regular basis. I also have some desktop users who travel to remote offices to provide training and such. What I'd like to do is make this a fault tolerant, SSO environment. Fault tolerance is very important for us in case one of the VPN tunnels or T-1s goes down--each office would still need to be able to log in to their server(s) and work. Another challenge has been laptop users--if they're configured for the Corporate office domain, they cannot access the domains of remote offices while on-site at those locations. This has always been a manual workaround for them to get access to printers and network shares. Can anyone suggest a direction to go in here? I know this is a lot, I'm not looking for someone to do the work. I just need some help locating the appropriate technology or how-tos for configuring something of this scale. Thanks, in advance, for your help! ~ Tom _ Advertisement: Search for local singles online at Lavalife http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3Den%5FAU%26a%3D29555_t=764581033_r=email_taglines_Search_m=EXT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with ldap configuration please
Adam DiCaprio wrote: This is on RHE4, I am getting an invalid DN error. Is there a good resource site for this type of configuration issue? There is a lot of info that comes up through google but I am having no luck finding anything relevant (or that seems relevant to me). Thank you in advance and sorry about the newbie question. ldap_connect_system: succesful connection to the LDAP server smbldap_search_domain_info: Got no domain info entries for domain add_new_domain_info: Adding new domain add_new_domain_info: failed to add domain dn= sambaDomainName=HFC,dc=hfc,dc=com with: Invalid DN syntax invalid DN smbldap_search_domain_info: Adding domain info for HFC failed with NT_STATUS_UNSUCCESSFUL Hi Adam, Do you have a root entry in your LDAP directory for: dc=hfc,dc=com? If not, you need to add one because Samba wont add it for you. For example, this LDIF: dn:dc=hfc,dc=com objectClass: dcObject objectClass: organization o: hfc dc: hfc I would assume that not having this would cause Samba to complain that it can't add your domain to the LDAP directory, because you can't add an entry below a root that does not exist. You can't just install OpenLDAP, install Samba, run them both and expect it to work. You need to prepare your OpenLDAP setup first! There is a script called smbldap-populate which can put a bunch of default entries into your LDAP directory. Have a look at: /usr/share/doc/samba-3.0.X/LDAP/smbldap-tools-0.X/smbldap-populate (obviously replace the X with your version) And make sure you read the README and INSTALL and doc/ stuff in that directory too. If you don't have the smbldap-tools stuff in your Samba directory you can always get the latest version from https://gna.org/projects/smbldap-tools/ HTH, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] errors in messages log
I'm getting a lot of errors in the messages log. Here is a snipet of the log. I can't tell if its an OS problem or a Samba problem. Has anyone seen these before? I'm on samba-3.0.24-7.fc5 and is a recent install. smbd[2377]: read_data: read failure for 4 bytes to client 198.213.6.149. Error = Connection reset by peer smbd[2381]: [2007/07/30 08:54:52, 0] lib/util_sock.c:write_data(562) smbd[2381]: write_data: write failure in writing to client 198.213.6.133. Error Connection reset by peer smbd[2381]: [2007/07/30 08:54:52, 0] lib/util_sock.c:send_smb(769) smbd[2381]: Error writing 4 bytes to client. -1. (Connection reset by peer) thanks Dean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] multiple mounts for a smbfs on the same mount point
Hi all, I'm just wondering why smbmount allows the same mount point to mount several times the same share while a normal mount operation (with a non-smbfs) returns a busy mount point error. [EMAIL PROTECTED]:~]$ mount ... //server/sys on /mnt/target type smbfs (rw) [EMAIL PROTECTED]:~]$ smbmount //server/sys /mnt/target/ -o ip=192.168.4.1,guest [EMAIL PROTECTED]:~]$ mount ... //server/sys on /mnt/target type smbfs (rw) //server/sys on /mnt/target type smbfs (rw) Any explaination? Is there a way to force smbmount to check about the current use of the mount point? Thanks, Luca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with groups containing other groups in AD in winbind
Hi there, I have winbind running on Linux machines to do all user authentication and group info. It is working mostly fine but groups in AD that have other AD groups as members are not expanded. For instance in AD I define group A to contain users X and Y. Then I add group B of which A is a member (but X and Y are not directly members of B). If I do 'getent group A' on the Linux machine it returns users X and Y as expected, but if I do 'getent group B' I get no members. Is this expected to work? I have winbind related stuff configured as follows: password server = my.server.com idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 idmap backend = rid:MYDONAIN=16777216-33554431 template shell = /bin/bash winbind use default domain = yes winbind enum users = true winbind enum groups = true template homedir = /home/%D/%U allow trusted domains = false use kerberos keytab = yes winbind nested groups = yes I am running samba 3.0.24. Thanks in advance, Diego -- -- Diego Santa Cruz, PhD Software Architect, SpinetiX S.A. PSE-C, CH-1015, Lausanne, Switzerland Tel:+41 (0) 21 693 89 81 Mail: [EMAIL PROTECTED] Get Information : www.spinetix.com -- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Adding Mac OS X 10.4.8 Clients to a Samba AD Domain
I currently have a server running Debian Linux which is running samba and acting as the Domain Controller. I am currently using Active Directory with the Windows XP and Windows Server 2003 clients. We just got 4 iMacs running Mac OS X 10.4.8 and I would like to connect them to the domain and use the same domain users as the Windows clients. I have tried using the built-in AD settings and they fail to find the domain controller. Then I tried ADmitMac V3 which finds and connects to the domain controller, however I can't login in using a user from the domain. Here is a link to my smb.conf: http://rafb.net/p/XdSsxH18.html Thanks, Kevin Harriss -- - specialKevin - Kevin Harriss - http://www.specialkevin.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Roaming Profiles
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chechu Sent: Monday, July 30, 2007 5:55 AM To: Samba Subject: [Samba] Roaming Profiles hey, Im trying to avoid the roaming with the profiles, i found something in te list about that, but it doesn't works, I changed in the registry the parameters... [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] AppData=%USERPROFILE%\Datos de programa Cookies=%USERPROFILE%\Cookies ... .. to [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] AppData=P:\Profile\Datos de programa Cookies=P:\Profile\Cookies but as i said it doesn work...it still download and upload the profile folder... can someone help me? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba On XP: Start, Run, type gpedit.msc, hit enter. Expand Computer Configuration Expand Administrative Templates Expand System Highlight User Profiles Change Prevent Roaming Profiles from propagating to the server to Enabled. Change Allow only local profiles to Enabled. Logout and back in (or reboot.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles
Im trying to avoid the roaming with the profiles, i found something in te list about that, but it doesn't works, I changed in the registry the parameters... [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User This is entirely 100% a Windows administration issue and has nothing to do with Samba. Look at either POLEDIT or GPO edit and you can disable roaming profiles. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Checking the trust account password returned NT_STATUS_INVALID_HANDLE
Quoting Turbo Fredriksson [EMAIL PROTECTED]: I'm trying to setup a FreeRADIUS (version 1.1.6 w/ LDAP support) server on our new server here at home, which in turn should authenticate against the Samba server (also on the same host - version 3.0.25) which in turn uses an OpenLDAP server (CVS version HEAD as of 20070719). This works with 2.0.14a and 2.0.24. But in both, I get this after a couple minutes (about half an hour) of restart (a restart solves the problem for another half hour): - s n i p - [2007/07/30 16:23:25, 0, pid=7295, effective(0, 0), real(0, 0)] passdb/pdb_get_set.c:pdb_get_group_sid(164) pdb_get_group_sid: Failed to find Unix account for turbo [2007/07/30 16:23:25, 1, pid=7295, effective(0, 0), real(0, 0)] auth/auth_util.c:make_server_info_sam(572) User turbo in passdb, but getpwnam() fails! [2007/07/30 16:23:25, 0, pid=7295, effective(0, 0), real(0, 0)] auth/auth_sam.c:check_sam_security(352) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' - s n i p - The command 'pdbedit -L' still works perfectly, but 'wbinfo -u' never worked. PS. It doesn't seem to matter if I have WinBind running or not... It's currently off. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tracking file activity
On Mon, Jul 30, 2007 at 01:00:18PM -0400, Ryan Steele wrote: I appreciate your advice. I am experimenting with an implementation of the extd_audit module now on a test cluster - thanks for pointing me in the direction of the HOWTO, I should have looked there before bumping the list. Thanks again. Just FYI: audit and ext_audit have been superseded by full_audit lately. Volker pgpyZmQWtm5xo.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba performance metrics
Hi, I am attempting to write a monitor to gather Samba Server performance metrics. I would like to get raw metrics directly from the server itself rather than a 3rd party tool. Could anyone point me to docs or enlighten me on how to accomplish this? I am looking to determine the availability of the server (up or down), the number of files requested, any caching information available and anything else which would be relevant to determining the overall health of the server. thanks. Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tar with smbclient
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bo Lynch wrote: Just created a new backup server using CentOS 5.0. I am using a auth file to access windows shares for backups. When connecting like this smbclient //server/share -A=/auth/file it works. When I try to tar with smbclient like this smbclinet //server/share -A=/auth/file -Tc /backup/tarfile.tar I get the following message. session_setup_failed : NT_STATUS_LOGON_FAILURE Am I doing something wrong? This worked just find with the older versions of Fedora and CentOS. Works fine with Version 3.0.25b-1.1.72-1411-SUSE-SL10.2 Try -d 3 and redirect error output to a file. Should be able to see what's failing then. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGrk7sFqWysr/jOHMRAozMAJ9meN2kbdADkyAEbgzwnHRLzsCvGQCgxH65 tKvGaD+fMvn/tDeXLj5w0WE= =HL9M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Performance problem with utime() on Solaris 8
To all: While updating our Samba installation from 2.2.5 to 3.0.25b, I found that Samba's performance was severely degraded. A 1 gig test file with random text in it would take about 2:15 to copy using the old 2.2.5 smbd, but the same file would take 5-6 minutes to copy with a freshly compiled version. I ran truss on smbd while the file copy was taking place, and found that the utime() call was taking up most of the system time. I then ran truss on the 2.2.5 smbd, and found that there were no utime() calls at all. I went to the archives, downloaded and built version 2.2.12, and found that the performance was the same as 2.2.5. Same with version 3.0.0, and version 3.0.10. However, version 3.0.11 is where the performance problems begin. So something related to utime() changed between versions 3.0.10 and 3.0.11, and this change has a major impact on the Solaris 8 build, GCC 2.95.3. Here's the truss results for each version. First, 3.0.11, which takes about 6 minutes to run (Note: Calls with zero total seconds are snipped): syscall seconds calls read 17.89 392497 time .36 17632 utime 179.76 17479 getgid .01 96 fcntl 2.43 52505 poll .55 17523 pwrite646.48 17477 send .95 17524 In this run, 85% of the system calls are the utime() call. And here's the same 1G file copy using version 3.0.10: syscall seconds calls read 15.03 390972 close.20 9 time .31 17603 utime.01 1 fcntl 1.99 52483 poll .52 17507 stat64 .24 36 fstat64 .11 19 pwrite645.83 17477 open64 .02 10 send .53 17507 Notice that the utime() call is almost nonexistent (1 call). This balance of reads and writes is more of what I'd expect out of a Samba transfer. I looked through the WHATSNEW.txt file in the 3.0.11 distribution, but couldn't find an obvious answer to this problem (if it *is* a problem). So I'm throwing this out to the group: What changed in version 3.0.11 that caused Samba to spend 85% of its time in a utime() system call? -- # Scott Cokely # The Internet interprets censorship # (949)231-3742# as damage, and routes AROUND it. # include std_disclaimer.pl; # # Quidquid latine dictum sit, altum viditur. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help cleaning up domain SID mess...
Bjoern Tore Sund wrote: No Windows here, this is the cifs disk server for 800 Linux clients. None of which are members of the domain in any meaningful way. I just want all the servers to authenticate against the same LDAP server, the domain is irrelevant for functionality. Hmmm. Which means that I might just get away with setting the same SID on all four domains and leave it at that... ? -BT Makes sense if thats all you need and theres no Windows stuff to break, yep :) Sorry for being presumptuous about your setup! You would need to remove three of the sambaDomainName entries if you only want a single domain though, and ensure that the only one present is sambaDomainName=UNIX. When you do net getlocalsid, it should be looking up the details for the domain you specified in smb.conf (UNIX) in your LDAP directory. Check your logs, see if it's happening and see what questions it's asking your LDAP server, that way you can see where it's getting its unusual SID information from and why it may not be setting the SID like it should. i.e. on one of my broken systems that I use for playing about with stuff, I just booted to test it and I can see that if I do net getlocalsid its looking for: smbldap_search_domain_info: Query was: dc=mydomain,dc=co,dc=uk, ((objectClass=sambaDomain)(sambaDomainName=MYDOMAINFROMSMB-CONF)) Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance problem with utime() on Solaris 8
On Mon, Jul 30, 2007 at 03:34:54PM -0700, Scott Cokely wrote: I ran truss on smbd while the file copy was taking place, and found that the utime() call was taking up most of the system time. I then ran truss on the 2.2.5 smbd, and found that there were no utime() calls at all. I went to the archives, downloaded and built version 2.2.12, and found that the performance was the same as 2.2.5. Same with version 3.0.0, and version 3.0.10. It might be possible that since then we implement some SMB call differently from what we did before. We'd need a debug level 10 log or a network trace to see what the client does. Volker pgpADhdtlAsOG.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r24071 - in branches: SAMBA_3_0_25/source/smbd SAMBA_3_2/source/smbd SAMBA_3_2_0/source/smbd
Author: vlendec Date: 2007-07-30 07:50:24 + (Mon, 30 Jul 2007) New Revision: 24071 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24071 Log: Fix a missing END_PROFILE call Modified: branches/SAMBA_3_0_25/source/smbd/reply.c branches/SAMBA_3_2/source/smbd/reply.c branches/SAMBA_3_2_0/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/reply.c === --- branches/SAMBA_3_0_25/source/smbd/reply.c 2007-07-29 16:40:45 UTC (rev 24070) +++ branches/SAMBA_3_0_25/source/smbd/reply.c 2007-07-30 07:50:24 UTC (rev 24071) @@ -2126,6 +2126,7 @@ status = unlink_internals(conn, dirtype, name, path_contains_wcard, True); if (!NT_STATUS_IS_OK(status)) { + END_PROFILE(SMBunlink); if (open_was_deferred(SVAL(inbuf,smb_mid))) { /* We have re-scheduled this call. */ return -1; Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-29 16:40:45 UTC (rev 24070) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 07:50:24 UTC (rev 24071) @@ -2255,6 +2255,7 @@ status = unlink_internals(conn, req, dirtype, name, path_contains_wcard); if (!NT_STATUS_IS_OK(status)) { + END_PROFILE(SMBunlink); if (open_was_deferred(SVAL(inbuf,smb_mid))) { /* We have re-scheduled this call. */ return -1; Modified: branches/SAMBA_3_2_0/source/smbd/reply.c === --- branches/SAMBA_3_2_0/source/smbd/reply.c2007-07-29 16:40:45 UTC (rev 24070) +++ branches/SAMBA_3_2_0/source/smbd/reply.c2007-07-30 07:50:24 UTC (rev 24071) @@ -2175,6 +2175,7 @@ status = unlink_internals(conn, req, dirtype, name, path_contains_wcard); if (!NT_STATUS_IS_OK(status)) { + END_PROFILE(SMBunlink); if (open_was_deferred(SVAL(inbuf,smb_mid))) { /* We have re-scheduled this call. */ return -1;
svn commit: samba r24072 - in branches/SAMBA_3_2/source: libads param
Author: metze Date: 2007-07-30 08:22:45 + (Mon, 30 Jul 2007) New Revision: 24072 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24072 Log: Add client ldap sasl wrapping parameter. Possible values are plain (default), sign or seal. metze Modified: branches/SAMBA_3_2/source/libads/ads_struct.c branches/SAMBA_3_2/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_2/source/libads/ads_struct.c === --- branches/SAMBA_3_2/source/libads/ads_struct.c 2007-07-30 07:50:24 UTC (rev 24071) +++ branches/SAMBA_3_2/source/libads/ads_struct.c 2007-07-30 08:22:45 UTC (rev 24072) @@ -109,6 +109,7 @@ const char *ldap_server) { ADS_STRUCT *ads; + int wrap_flags; ads = SMB_XMALLOC_P(ADS_STRUCT); ZERO_STRUCTP(ads); @@ -128,6 +129,13 @@ /* the caller will own the memory by default */ ads-is_mine = 1; + wrap_flags = lp_client_ldap_sasl_wrapping(); + if (wrap_flags == -1) { + wrap_flags = 0; + } + + ads-auth.flags = wrap_flags; + return ads; } Modified: branches/SAMBA_3_2/source/param/loadparm.c === --- branches/SAMBA_3_2/source/param/loadparm.c 2007-07-30 07:50:24 UTC (rev 24071) +++ branches/SAMBA_3_2/source/param/loadparm.c 2007-07-30 08:22:45 UTC (rev 24072) @@ -324,6 +324,7 @@ int name_cache_timeout; int client_signing; int server_signing; + int client_ldap_sasl_wrapping; int iUsershareMaxShares; int iIdmapCacheTime; int iIdmapNegativeCacheTime; @@ -688,6 +689,13 @@ {-1, NULL} }; +static const struct enum_list enum_ldap_sasl_wrapping[] = { + {0, plain}, + {ADS_AUTH_SASL_SIGN, sign}, + {ADS_AUTH_SASL_SEAL, seal}, + {-1, NULL} +}; + static const struct enum_list enum_ldap_ssl[] = { {LDAP_SSL_OFF, no}, {LDAP_SSL_OFF, No}, @@ -1014,7 +1022,7 @@ {client signing, P_ENUM, P_GLOBAL, Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {server signing, P_ENUM, P_GLOBAL, Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {client use spnego, P_BOOL, P_GLOBAL, Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, - + {client ldap sasl wrapping, P_ENUM, P_GLOBAL, Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED}, {enable asu support, P_BOOL, P_GLOBAL, Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, {svcctl list, P_LIST, P_GLOBAL, Globals.szServicesList, NULL, NULL, FLAG_ADVANCED}, @@ -2182,6 +2190,7 @@ FN_GLOBAL_INTEGER(lp_name_cache_timeout, Globals.name_cache_timeout) FN_GLOBAL_INTEGER(lp_client_signing, Globals.client_signing) FN_GLOBAL_INTEGER(lp_server_signing, Globals.server_signing) +FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, Globals.client_ldap_sasl_wrapping) /* local prototypes */
svn commit: samba r24073 - in branches/SAMBA_3_2_0/source: libads param
Author: metze Date: 2007-07-30 08:24:10 + (Mon, 30 Jul 2007) New Revision: 24073 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24073 Log: merge from SAMBA_3_2: Add client ldap sasl wrapping parameter. Possible values are plain (default), sign or seal. metze Modified: branches/SAMBA_3_2_0/source/libads/ads_struct.c branches/SAMBA_3_2_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/ads_struct.c === --- branches/SAMBA_3_2_0/source/libads/ads_struct.c 2007-07-30 08:22:45 UTC (rev 24072) +++ branches/SAMBA_3_2_0/source/libads/ads_struct.c 2007-07-30 08:24:10 UTC (rev 24073) @@ -109,6 +109,7 @@ const char *ldap_server) { ADS_STRUCT *ads; + int wrap_flags; ads = SMB_XMALLOC_P(ADS_STRUCT); ZERO_STRUCTP(ads); @@ -128,6 +129,13 @@ /* the caller will own the memory by default */ ads-is_mine = 1; + wrap_flags = lp_client_ldap_sasl_wrapping(); + if (wrap_flags == -1) { + wrap_flags = 0; + } + + ads-auth.flags = wrap_flags; + return ads; } Modified: branches/SAMBA_3_2_0/source/param/loadparm.c === --- branches/SAMBA_3_2_0/source/param/loadparm.c2007-07-30 08:22:45 UTC (rev 24072) +++ branches/SAMBA_3_2_0/source/param/loadparm.c2007-07-30 08:24:10 UTC (rev 24073) @@ -325,6 +325,7 @@ int name_cache_timeout; int client_signing; int server_signing; + int client_ldap_sasl_wrapping; int iUsershareMaxShares; int iIdmapCacheTime; int iIdmapNegativeCacheTime; @@ -690,6 +691,13 @@ {-1, NULL} }; +static const struct enum_list enum_ldap_sasl_wrapping[] = { + {0, plain}, + {ADS_AUTH_SASL_SIGN, sign}, + {ADS_AUTH_SASL_SEAL, seal}, + {-1, NULL} +}; + static const struct enum_list enum_ldap_ssl[] = { {LDAP_SSL_OFF, no}, {LDAP_SSL_OFF, No}, @@ -1017,7 +1025,7 @@ {client signing, P_ENUM, P_GLOBAL, Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {server signing, P_ENUM, P_GLOBAL, Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {client use spnego, P_BOOL, P_GLOBAL, Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, - + {client ldap sasl wrapping, P_ENUM, P_GLOBAL, Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED}, {enable asu support, P_BOOL, P_GLOBAL, Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, {svcctl list, P_LIST, P_GLOBAL, Globals.szServicesList, NULL, NULL, FLAG_ADVANCED}, @@ -2183,6 +2191,7 @@ FN_GLOBAL_INTEGER(lp_name_cache_timeout, Globals.name_cache_timeout) FN_GLOBAL_INTEGER(lp_client_signing, Globals.client_signing) FN_GLOBAL_INTEGER(lp_server_signing, Globals.server_signing) +FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, Globals.client_ldap_sasl_wrapping) /* local prototypes */
svn commit: samba r24074 - in branches/SAMBA_4_0/source: auth torture/rpc
Author: abartlet Date: 2007-07-30 08:58:39 + (Mon, 30 Jul 2007) New Revision: 24074 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24074 Log: Test both permitted logon hours and permitted workstations in the RPC-SAMLOGON test. This showed that, as noted by bug #4823, we didn't test for invalid workstations. In fact, the code had been ported across, but because untested code is broken code, it never worked... Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/sam.c branches/SAMBA_4_0/source/torture/rpc/samlogon.c branches/SAMBA_4_0/source/torture/rpc/testjoin.c Changeset: Modified: branches/SAMBA_4_0/source/auth/sam.c === --- branches/SAMBA_4_0/source/auth/sam.c2007-07-30 08:24:10 UTC (rev 24073) +++ branches/SAMBA_4_0/source/auth/sam.c2007-07-30 08:58:39 UTC (rev 24074) @@ -46,7 +46,6 @@ pwdLastSet, accountExpires, logonHours, - objectSid, /* check 'allowed workstations' */ @@ -213,7 +212,7 @@ DEBUG(10,(sam_account_ok: checking for workstation match '%s' and '%s'\n, workstations[i], logon_workstation)); - if (strequal(workstations[i], logon_workstation) == 0) { + if (strequal(workstations[i], logon_workstation)) { invalid_ws = False; break; } Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c === --- branches/SAMBA_4_0/source/torture/rpc/samlogon.c2007-07-30 08:24:10 UTC (rev 24073) +++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c2007-07-30 08:58:39 UTC (rev 24074) @@ -24,6 +24,7 @@ #include includes.h #include librpc/gen_ndr/ndr_netlogon.h #include librpc/gen_ndr/ndr_netlogon_c.h +#include librpc/gen_ndr/ndr_samr_c.h #include auth/auth.h #include lib/crypto/crypto.h #include lib/cmdline/popt_common.h @@ -33,6 +34,8 @@ #define TEST_MACHINE_NAME samlogontest #define TEST_USER_NAME samlogontestuser +#define TEST_USER_NAME_WRONG_WKS samlogontest2 +#define TEST_USER_NAME_WRONG_TIME samlogontest3 enum ntlm_break { BREAK_BOTH, @@ -1476,13 +1479,15 @@ struct cli_credentials *machine_credentials; TALLOC_CTX *mem_ctx = talloc_init(torture_rpc_netlogon); BOOL ret = True; - struct test_join *join_ctx; - struct test_join *user_ctx; - char *user_password; + struct test_join *join_ctx = NULL; + struct test_join *user_ctx = NULL, *user_ctx_wrong_wks = NULL, *user_ctx_wrong_time = NULL; + char *user_password, *user_password_wrong_wks, *user_password_wrong_time; const char *old_user_password; char *test_machine_account; const char *binding = torture_setting_string(torture, binding, NULL); const char *userdomain; + struct samr_SetUserInfo s; + union samr_UserInfo u; int i; int ci; @@ -1514,7 +1519,7 @@ ACB_NORMAL, (const char **)user_password); if (!user_ctx) { - d_printf(Failed to join as Workstation\n); + d_printf(Failed to create a test user\n); return False; } @@ -1524,6 +1529,57 @@ TEST_USER_NAME, 16 /* 14 */, user_password, NULL, 0, False); + user_ctx_wrong_wks = torture_create_testuser(TEST_USER_NAME_WRONG_WKS, + userdomain, + ACB_NORMAL, + (const char **)user_password_wrong_wks); + if (!user_ctx_wrong_wks) { + d_printf(Failed to create a test user (wrong workstation test)\n); + return False; + } + + ZERO_STRUCT(u); + s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_wks); + s.in.info = u; + s.in.level = 21; + + u.info21.fields_present = SAMR_FIELD_WORKSTATIONS; + u.info21.workstations.string = not TEST_MACHINE_NAME; + + status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_wks), mem_ctx, s); + if (!NT_STATUS_IS_OK(status)) { + printf(SetUserInfo (list of workstations) failed - %s\n, nt_errstr(status)); + ret = False; + goto failed; + } + + user_ctx_wrong_time + = torture_create_testuser(TEST_USER_NAME_WRONG_TIME, + userdomain, + ACB_NORMAL, + (const char **)user_password_wrong_time); + if (!user_ctx_wrong_time) { + d_printf(Failed to create a
svn commit: samba r24075 - in branches/SAMBA_4_0/source/ntvfs/ipc: .
Author: abartlet Date: 2007-07-30 09:04:28 + (Mon, 30 Jul 2007) New Revision: 24075 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24075 Log: As suggested by metze, match the behaviour of ntvfs_posix, and remove the backend data (effectivly closing the handle) when we close an IPC FD. This should fix #4821. Andrew Bartlett Modified: branches/SAMBA_4_0/source/ntvfs/ipc/vfs_ipc.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/ipc/vfs_ipc.c === --- branches/SAMBA_4_0/source/ntvfs/ipc/vfs_ipc.c 2007-07-30 08:58:39 UTC (rev 24074) +++ branches/SAMBA_4_0/source/ntvfs/ipc/vfs_ipc.c 2007-07-30 09:04:28 UTC (rev 24075) @@ -174,6 +174,7 @@ static int ipc_fd_destructor(struct pipe_state *p) { DLIST_REMOVE(p-private-pipe_list, p); + ntvfs_handle_remove_backend_data(p-handle, p-private-ntvfs); return 0; }
svn commit: samba r24076 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet Date: 2007-07-30 10:05:47 + (Mon, 30 Jul 2007) New Revision: 24076 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24076 Log: Make ldap.js pass against Win2k3 again (looks like we don't match AD on this error code, but allow both for now). Also prove that bug #4829 needs a different solution: we can't fix this by changing the template. I think this fix needs to be in the SAMR server. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js === --- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-07-30 09:04:28 UTC (rev 24075) +++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-07-30 10:05:47 UTC (rev 24076) @@ -190,7 +190,11 @@ } assert(ok.error == 68); ok = ldb.rename(cn=ldaptestuser3,cn=users, + base_dn, cn=ldaptestuser3,cn=configuration, + base_dn); - assert(ok.error == 71); + if (ok.error != 71 ok.error != 64) { + println(expected error LDB_ERR_ENTRY_ALREADY_EXISTS or LDAP_NAMING_VIOLATION, got: + ok.errstr); + assert(ok.error == 71 || ok.error == 64); + } + assert(ok.error == 71 || ok.error == 64); ok = ldb.del(cn=ldaptestuser3,cn=users, + base_dn); @@ -328,6 +332,7 @@ assert(res.msgs[0].objectGUID != undefined); assert(res.msgs[0].whenCreated != undefined); assert(res.msgs[0].objectCategory == cn=Computer,cn=Schema,cn=Configuration, + base_dn); + assert(res.msgs[0].primaryGroupID == 513); // assert(res.msgs[0].sAMAccountType == 805306368); // assert(res.msgs[0].userAccountControl == 546);
svn commit: samba r24077 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-30 10:20:52 + (Mon, 30 Jul 2007) New Revision: 24077 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24077 Log: Convert reply_tdis to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-30 10:05:47 UTC (rev 24076) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-30 10:20:52 UTC (rev 24077) @@ -747,7 +747,7 @@ /* 0x6e */ { NULL, NULL, NULL, 0 }, /* 0x6f */ { NULL, NULL, NULL, 0 }, /* 0x70 */ { SMBtcon,reply_tcon,NULL,0}, -/* 0x71 */ { SMBtdis,reply_tdis,NULL,DO_CHDIR}, +/* 0x71 */ { SMBtdis,NULL,reply_tdis,DO_CHDIR}, /* 0x72 */ { SMBnegprot,NULL,reply_negprot,0}, /* 0x73 */ { SMBsesssetupX,NULL,reply_sesssetup_and_X,0}, /* 0x74 */ { SMBulogoffX, reply_ulogoffX,NULL, 0}, /* ulogoff doesn't give a valid TID */ Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 10:05:47 UTC (rev 24076) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 10:20:52 UTC (rev 24077) @@ -3704,27 +3704,24 @@ conn POINTER CAN BE NULL HERE ! / -int reply_tdis(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize) +void reply_tdis(connection_struct *conn, struct smb_request *req) { - int outsize = set_message(inbuf,outbuf,0,0,False); - uint16 vuid; START_PROFILE(SMBtdis); - vuid = SVAL(inbuf,smb_uid); - if (!conn) { DEBUG(4,(Invalid connection in tdis\n)); + reply_doserror(req, ERRSRV, ERRinvnid); END_PROFILE(SMBtdis); - return ERROR_DOS(ERRSRV,ERRinvnid); + return; } conn-used = False; - close_cnum(conn,vuid); - + close_cnum(conn,req-vuid); + + reply_outbuf(req, 0, 0); END_PROFILE(SMBtdis); - return outsize; + return; } /
svn commit: samba r24078 - in branches/SAMBA_3_2/source: include smbd
Author: vlendec Date: 2007-07-30 10:23:26 + (Mon, 30 Jul 2007) New Revision: 24078 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24078 Log: Add reply_unixerror Modified: branches/SAMBA_3_2/source/include/smb_macros.h branches/SAMBA_3_2/source/smbd/error.c Changeset: Modified: branches/SAMBA_3_2/source/include/smb_macros.h === --- branches/SAMBA_3_2/source/include/smb_macros.h 2007-07-30 10:20:52 UTC (rev 24077) +++ branches/SAMBA_3_2/source/include/smb_macros.h 2007-07-30 10:23:26 UTC (rev 24078) @@ -172,6 +172,7 @@ #define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__) #define reply_doserror(req,eclass,ecode) reply_dos_error(req,eclass,ecode,__LINE__,__FILE__) #define reply_botherror(req,status,eclass,ecode) reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__) +#define reply_unixerror(req,defclass,deferror) reply_unix_error(req,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__) /* this is how errors are generated */ #define UNIXERROR(defclass,deferror) unix_error_packet(inbuf,outbuf,defclass,deferror,NT_STATUS_OK,__LINE__,__FILE__) Modified: branches/SAMBA_3_2/source/smbd/error.c === --- branches/SAMBA_3_2/source/smbd/error.c 2007-07-30 10:20:52 UTC (rev 24077) +++ branches/SAMBA_3_2/source/smbd/error.c 2007-07-30 10:23:26 UTC (rev 24078) @@ -157,3 +157,33 @@ error_packet_set((char *)req-outbuf, eclass, ecode, status, line, file); } + +void reply_unix_error(struct smb_request *req, uint8 defclass, uint32 defcode, + NTSTATUS defstatus, int line, const char *file) +{ + int eclass=defclass; + int ecode=defcode; + NTSTATUS ntstatus = defstatus; + int i=0; + + TALLOC_FREE(req-outbuf); + reply_outbuf(req, 0, 0); + + if (errno != 0) { + DEBUG(3,(unix_error_packet: error string = %s\n, +strerror(errno))); + + while (unix_dos_nt_errmap[i].dos_class != 0) { + if (unix_dos_nt_errmap[i].unix_error == errno) { + eclass = unix_dos_nt_errmap[i].dos_class; + ecode = unix_dos_nt_errmap[i].dos_code; + ntstatus = unix_dos_nt_errmap[i].nt_error; + break; + } + i++; + } + } + + error_packet_set((char *)req-outbuf, eclass, ecode, ntstatus, +line, file); +}
svn commit: samba r24079 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-30 10:30:19 + (Mon, 30 Jul 2007) New Revision: 24079 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24079 Log: Convert reply_dskattr to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-30 10:23:26 UTC (rev 24078) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-30 10:30:19 UTC (rev 24079) @@ -762,7 +762,7 @@ /* 0x7d */ { NULL, NULL, NULL, 0 }, /* 0x7e */ { NULL, NULL, NULL, 0 }, /* 0x7f */ { NULL, NULL, NULL, 0 }, -/* 0x80 */ { SMBdskattr,reply_dskattr,NULL,AS_USER}, +/* 0x80 */ { SMBdskattr,NULL,reply_dskattr,AS_USER}, /* 0x81 */ { SMBsearch,reply_search,NULL,AS_USER}, /* 0x82 */ { SMBffirst,reply_search,NULL,AS_USER}, /* 0x83 */ { SMBfunique,reply_search,NULL,AS_USER}, Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 10:23:26 UTC (rev 24078) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 10:30:19 UTC (rev 24079) @@ -1007,18 +1007,18 @@ Reply to a dskattr. / -int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) +void reply_dskattr(connection_struct *conn, struct smb_request *req) { - int outsize = 0; SMB_BIG_UINT dfree,dsize,bsize; START_PROFILE(SMBdskattr); if (get_dfree_info(conn,.,True,bsize,dfree,dsize) == (SMB_BIG_UINT)-1) { + reply_unixerror(req, ERRHRD, ERRgeneral); END_PROFILE(SMBdskattr); - return(UNIXERROR(ERRHRD,ERRgeneral)); + return; } - - outsize = set_message(inbuf,outbuf,5,0,True); + + reply_outbuf(req, 5, 0); if (Protocol = PROTOCOL_LANMAN2) { double total_space, free_space; @@ -1037,21 +1037,21 @@ if (dsize 0x) dsize = 0x; if (dfree 0x) dfree = 0x; - SSVAL(outbuf,smb_vwv0,dsize); - SSVAL(outbuf,smb_vwv1,64); /* this must be 64 for dos systems */ - SSVAL(outbuf,smb_vwv2,512); /* and this must be 512 */ - SSVAL(outbuf,smb_vwv3,dfree); + SSVAL(req-outbuf,smb_vwv0,dsize); + SSVAL(req-outbuf,smb_vwv1,64); /* this must be 64 for dos systems */ + SSVAL(req-outbuf,smb_vwv2,512); /* and this must be 512 */ + SSVAL(req-outbuf,smb_vwv3,dfree); } else { - SSVAL(outbuf,smb_vwv0,dsize); - SSVAL(outbuf,smb_vwv1,bsize/512); - SSVAL(outbuf,smb_vwv2,512); - SSVAL(outbuf,smb_vwv3,dfree); + SSVAL(req-outbuf,smb_vwv0,dsize); + SSVAL(req-outbuf,smb_vwv1,bsize/512); + SSVAL(req-outbuf,smb_vwv2,512); + SSVAL(req-outbuf,smb_vwv3,dfree); } DEBUG(3,(dskattr dfree=%d\n, (unsigned int)dfree)); END_PROFILE(SMBdskattr); - return(outsize); + return; } /
svn commit: samba r24080 - in branches/SAMBA_4_0/source: librpc/idl rpc_server/samr torture/rpc
Author: abartlet Date: 2007-07-30 10:30:34 + (Mon, 30 Jul 2007) New Revision: 24080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24080 Log: Set the primary group (matching windows) when creating new users in SAMR. This can't be done in the ldb templates code, as it doesn't happen over direct LDAP. As noted in bug #4829. Andrew Bartlett Modified: branches/SAMBA_4_0/source/librpc/idl/security.idl branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/security.idl === --- branches/SAMBA_4_0/source/librpc/idl/security.idl 2007-07-30 10:30:19 UTC (rev 24079) +++ branches/SAMBA_4_0/source/librpc/idl/security.idl 2007-07-30 10:30:34 UTC (rev 24080) @@ -170,6 +170,7 @@ const int DOMAIN_RID_GUEST = 501; const int DOMAIN_RID_ADMINS= 512; const int DOMAIN_RID_USERS = 513; + const int DOMAIN_RID_DOMAIN_MEMBERS= 515; const int DOMAIN_RID_DCS = 516; const int DOMAIN_RID_CERT_ADMINS = 517; const int DOMAIN_RID_SCHEMA_ADMINS = 518; Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:30:19 UTC (rev 24079) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:30:34 UTC (rev 24080) @@ -1269,6 +1269,7 @@ cn_name[cn_name_len - 1] = '\0'; container = CN=Computers; obj_class = computer; + samdb_msg_add_int(d_state-sam_ctx, mem_ctx, msg, primaryGroupID, DOMAIN_RID_DOMAIN_MEMBERS); } else if (r-in.acct_flags == ACB_SVRTRUST) { if (cn_name[cn_name_len - 1] != '$') { @@ -1277,6 +1278,7 @@ cn_name[cn_name_len - 1] = '\0'; container = OU=Domain Controllers; obj_class = computer; + samdb_msg_add_int(d_state-sam_ctx, mem_ctx, msg, primaryGroupID, DOMAIN_RID_DCS); } else if (r-in.acct_flags == ACB_DOMTRUST) { container = CN=Users; Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c === --- branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-30 10:30:19 UTC (rev 24079) +++ branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-30 10:30:34 UTC (rev 24080) @@ -2513,7 +2513,7 @@ if (NT_STATUS_IS_OK(status)) { q.in.user_handle = user_handle; - q.in.level = 16; + q.in.level = 5; status = dcerpc_samr_QueryUserInfo(p, user_ctx, q); if (!NT_STATUS_IS_OK(status)) { @@ -2521,11 +2521,34 @@ q.in.level, nt_errstr(status)); ret = False; } else { - if ((q.out.info-info16.acct_flags acct_flags) != acct_flags) { - printf(QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n, - q.out.info-info16.acct_flags, + if ((q.out.info-info5.acct_flags acct_flags) != acct_flags) { + printf(QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n, + q.out.info-info5.acct_flags, acct_flags); ret = False; + } + switch (acct_flags) { + case ACB_SVRTRUST: + if (q.out.info-info5.primary_gid != DOMAIN_RID_DCS) { + printf(QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n, + DOMAIN_RID_DCS, q.out.info-info5.primary_gid); + ret = False; + } + break; + case ACB_WSTRUST: + if (q.out.info-info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) { + printf(QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n, + DOMAIN_RID_DOMAIN_MEMBERS, q.out.info-info5.primary_gid); +
svn commit: samba r24081 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2007-07-30 10:34:23 + (Mon, 30 Jul 2007) New Revision: 24081 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24081 Log: Domain Controllers are also shown in this enumeration. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c === --- branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-30 10:30:34 UTC (rev 24080) +++ branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-30 10:34:23 UTC (rev 24081) @@ -3315,8 +3315,8 @@ q.out.info-info21.account_name.string); } - if (!(q.out.info-info21.acct_flags (ACB_WSTRUST))) { - printf(Found non-trust account %s in trust accoutn listing: 0x%x 0x%x\n, + if (!(q.out.info-info21.acct_flags (ACB_WSTRUST | ACB_SVRTRUST))) { + printf(Found non-trust account %s in trust account listing: 0x%x 0x%x\n, q.out.info-info21.account_name.string, querydisplayinfo-out.info.info2.entries[i].acct_flags, q.out.info-info21.acct_flags);
svn commit: samba r24082 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: abartlet Date: 2007-07-30 10:37:33 + (Mon, 30 Jul 2007) New Revision: 24082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24082 Log: Following the removal of a fanstsy condition from the SAMR testsuite, allow the server side to enumerate all domain controllers and domain members... Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:34:23 UTC (rev 24081) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-30 10:37:33 UTC (rev 24082) @@ -3707,13 +3707,6 @@ samdb_result_string(res[i], description, ); break; case 2: - if (!(samdb_result_acct_flags(res[i], - userAccountControl) ACB_WSTRUST)) { - /* Domain controllers match the -* filter, but should not be included -* in the output */ - continue; - } entriesFull[count].idx = count + 1; entriesFull[count].rid = objectsid-sub_auths[objectsid-num_auths-1];
svn commit: samba r24083 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2007-07-30 10:43:50 + (Mon, 30 Jul 2007) New Revision: 24083 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24083 Log: Don't fail the test (looking for the user in the enum) if we didn't create the user in the first place. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c === --- branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-30 10:37:33 UTC (rev 24082) +++ branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-30 10:43:50 UTC (rev 24083) @@ -3405,9 +3405,13 @@ ret = False; } if (!seen_testuser) { - printf(Didn't find test user TEST_ACCOUNT_NAME in enumeration of %s\n, - dom_info.out.info-info2.domain_name.string); - ret = False; + struct policy_handle user_handle; + if (NT_STATUS_IS_OK(test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, user_handle))) { + printf(Didn't find test user TEST_ACCOUNT_NAME in enumeration of %s\n, + dom_info.out.info-info2.domain_name.string); + ret = False; + test_samr_handle_Close(p, mem_ctx, user_handle); + } } break; case 3:
svn commit: samba r24084 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-30 11:35:39 + (Mon, 30 Jul 2007) New Revision: 24084 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24084 Log: Convert reply_mkdir to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-30 10:43:50 UTC (rev 24083) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-30 11:35:39 UTC (rev 24084) @@ -634,7 +634,7 @@ int flags; } smb_messages[256] = { -/* 0x00 */ { SMBmkdir,reply_mkdir,NULL,AS_USER | NEED_WRITE}, +/* 0x00 */ { SMBmkdir,NULL,reply_mkdir,AS_USER | NEED_WRITE}, /* 0x01 */ { SMBrmdir,reply_rmdir,NULL,AS_USER | NEED_WRITE}, /* 0x02 */ { SMBopen,reply_open,NULL,AS_USER }, /* 0x03 */ { SMBcreate,reply_mknew,NULL,AS_USER}, Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 10:43:50 UTC (rev 24083) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 11:35:39 UTC (rev 24084) @@ -3952,42 +3952,50 @@ Reply to a mkdir. / -int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) +void reply_mkdir(connection_struct *conn, struct smb_request *req) { pstring directory; - int outsize; NTSTATUS status; SMB_STRUCT_STAT sbuf; START_PROFILE(SMBmkdir); - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), directory, - smb_buf(inbuf) + 1, sizeof(directory), 0, + srvstr_get_path((char *)req-inbuf, req-flags2, directory, + smb_buf(req-inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBmkdir); - return ERROR_NT(status); + return; } - status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) FLAGS2_DFS_PATHNAMES, directory); + status = resolve_dfspath(conn, +req-flags2 FLAGS2_DFS_PATHNAMES, +directory); if (!NT_STATUS_IS_OK(status)) { - END_PROFILE(SMBmkdir); if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { - return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath); + reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, + ERRSRV, ERRbadpath); + END_PROFILE(SMBmkdir); + return; } - return ERROR_NT(status); + reply_nterror(req, status); + END_PROFILE(SMBmkdir); + return; } status = unix_convert(conn, directory, False, NULL, sbuf); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBmkdir); - return ERROR_NT(status); + return; } status = check_name(conn, directory); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBmkdir); - return ERROR_NT(status); + return; } status = create_directory(conn, directory); @@ -4007,16 +4015,17 @@ status = NT_STATUS_DOS(ERRDOS, ERRnoaccess); } + reply_nterror(req, status); END_PROFILE(SMBmkdir); - return ERROR_NT(status); + return; } - outsize = set_message(inbuf,outbuf,0,0,False); + reply_outbuf(req, 0, 0); - DEBUG( 3, ( mkdir %s ret=%d\n, directory, outsize ) ); + DEBUG( 3, ( mkdir %s\n, directory ) ); END_PROFILE(SMBmkdir); - return(outsize); + return; } /
svn commit: samba r24085 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-30 14:07:29 + (Mon, 30 Jul 2007) New Revision: 24085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24085 Log: Convert reply_rmdir to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-30 11:35:39 UTC (rev 24084) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-30 14:07:29 UTC (rev 24085) @@ -635,7 +635,7 @@ } smb_messages[256] = { /* 0x00 */ { SMBmkdir,NULL,reply_mkdir,AS_USER | NEED_WRITE}, -/* 0x01 */ { SMBrmdir,reply_rmdir,NULL,AS_USER | NEED_WRITE}, +/* 0x01 */ { SMBrmdir,NULL,reply_rmdir,AS_USER | NEED_WRITE}, /* 0x02 */ { SMBopen,reply_open,NULL,AS_USER }, /* 0x03 */ { SMBcreate,reply_mknew,NULL,AS_USER}, /* 0x04 */ { SMBclose,NULL,reply_close,AS_USER | CAN_IPC }, Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 11:35:39 UTC (rev 24084) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 14:07:29 UTC (rev 24085) @@ -4205,56 +4205,65 @@ Reply to a rmdir. / -int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) +void reply_rmdir(connection_struct *conn, struct smb_request *req) { pstring directory; - int outsize = 0; SMB_STRUCT_STAT sbuf; NTSTATUS status; START_PROFILE(SMBrmdir); - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), directory, - smb_buf(inbuf) + 1, sizeof(directory), 0, + srvstr_get_path((char *)req-inbuf, req-flags2, directory, + smb_buf(req-inbuf) + 1, sizeof(directory), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBrmdir); - return ERROR_NT(status); + return; } - status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) FLAGS2_DFS_PATHNAMES, directory); + status = resolve_dfspath(conn, +req-flags2 FLAGS2_DFS_PATHNAMES, +directory); if (!NT_STATUS_IS_OK(status)) { - END_PROFILE(SMBrmdir); if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { - return ERROR_BOTH(NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath); + reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, + ERRSRV, ERRbadpath); + END_PROFILE(SMBrmdir); + return; } - return ERROR_NT(status); + reply_nterror(req, status); + END_PROFILE(SMBrmdir); + return; } status = unix_convert(conn, directory, False, NULL, sbuf); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBrmdir); - return ERROR_NT(status); + return; } status = check_name(conn, directory); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBrmdir); - return ERROR_NT(status); + return; } - dptr_closepath(directory,SVAL(inbuf,smb_pid)); + dptr_closepath(directory, req-smbpid); status = rmdir_internals(conn, directory); if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); END_PROFILE(SMBrmdir); - return ERROR_NT(status); + return; } - outsize = set_message(inbuf,outbuf,0,0,False); + reply_outbuf(req, 0, 0); DEBUG( 3, ( rmdir %s\n, directory ) ); END_PROFILE(SMBrmdir); - return(outsize); + return; } /***
svn commit: samba r24086 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-30 19:53:57 + (Mon, 30 Jul 2007) New Revision: 24086 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24086 Log: Convert reply_ulogoffX to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-30 14:07:29 UTC (rev 24085) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-30 19:53:57 UTC (rev 24086) @@ -750,7 +750,7 @@ /* 0x71 */ { SMBtdis,NULL,reply_tdis,DO_CHDIR}, /* 0x72 */ { SMBnegprot,NULL,reply_negprot,0}, /* 0x73 */ { SMBsesssetupX,NULL,reply_sesssetup_and_X,0}, -/* 0x74 */ { SMBulogoffX, reply_ulogoffX,NULL, 0}, /* ulogoff doesn't give a valid TID */ +/* 0x74 */ { SMBulogoffX, NULL,reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */ /* 0x75 */ { SMBtconX,NULL,reply_tcon_and_X,0}, /* 0x76 */ { NULL, NULL, NULL, 0 }, /* 0x77 */ { NULL, NULL, NULL, 0 }, Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 14:07:29 UTC (rev 24085) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-30 19:53:57 UTC (rev 24086) @@ -1669,28 +1669,33 @@ conn POINTER CAN BE NULL HERE ! / -int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) +void reply_ulogoffX(connection_struct *conn, struct smb_request *req) { - uint16 vuid = SVAL(inbuf,smb_uid); - user_struct *vuser = get_valid_user_struct(vuid); + user_struct *vuser; + START_PROFILE(SMBulogoffX); - if(vuser == 0) - DEBUG(3,(ulogoff, vuser id %d does not map to user.\n, vuid)); + vuser = get_valid_user_struct(req-vuid); + if(vuser == NULL) { + DEBUG(3,(ulogoff, vuser id %d does not map to user.\n, +req-vuid)); + } + /* in user level security we are supposed to close any files open by this user */ - if ((vuser != 0) (lp_security() != SEC_SHARE)) - file_close_user(vuid); + if ((vuser != NULL) (lp_security() != SEC_SHARE)) { + file_close_user(req-vuid); + } - invalidate_vuid(vuid); + invalidate_vuid(req-vuid); - set_message(inbuf,outbuf,2,0,True); + reply_outbuf(req, 2, 0); - DEBUG( 3, ( ulogoffX vuid=%d\n, vuid ) ); + DEBUG( 3, ( ulogoffX vuid=%d\n, req-vuid ) ); END_PROFILE(SMBulogoffX); - return chain_reply(inbuf,outbuf,length,bufsize); + chain_reply_new(req); } /
Build status as of Tue Jul 31 00:00:03 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-30 00:00:33.0 + +++ /home/build/master/cache/broken_results.txt 2007-07-31 00:01:34.0 + @@ -1,4 +1,4 @@ -Build status as of Mon Jul 30 00:00:02 2007 +Build status as of Tue Jul 31 00:00:03 2007 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ccache 32 8 0 ctdb 0 0 0 distcc 2 0 0 -ldb 32 4 0 +ldb 30 4 0 libreplace 31 10 0 lorikeet-heimdal 28 12 0 pidl 19 4 0 @@ -16,9 +16,9 @@ rsync33 13 0 samba-docs 0 0 0 samba-gtk3 3 0 -samba4 30 27 4 -samba_3_234 20 0 +samba4 30 27 6 +samba_3_234 21 0 smb-build30 30 0 talloc 33 1 0 -tdb 31 3 0 +tdb 32 3 0