Re: [Samba] Mac client
Mikko Suomi on 14/11/07 16:48, wrote: Adam Hardy wrote: I'm trying to copy files to a Samba share that I have set up on a linux debian machine from a Mac running OS X, using samba 3.0.24. The Mac complains that there is something wrong with the file name, and then refuses to copy, and the operation leaves a zero-byte file with the same name on the samba share. I had similiar problems with Mac's when I had veto files = /.*/ in samba share to pervent users from deleting their linux profile files from Windows workstations. (OSx likes to create .DS_Store -files to it's folders) For some reason files could be written to samba from Macs terminal window. Chancing veto files to /.bash*/ fixed problem for me. Thanks for the tip. I had veto = /*.{*}/.*/mail/bin - put in there by default by SWAT! Thanks Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] First user can't find profile
Hello, We use Samba as Domain Controller and file server with XP Prof. Clients. There are 5 Samba Servers with network shares spread acroll all servers. I have the problem that the first user that wants to logon in the morning can't find the profile at least two or three times a week - thus the local profile is used. Additionally the mapping of network drives is going on really slow - he must wait up to two minutes until all network drives appears (currently about 7 network drives). When the other colleagues are in the office and log on samba became faster. It is like samba is sleeping and slowly wakes up when the first user logs on, after it has a cup of coffee first. We have a 100 MBit switched network with about 60 clients. Regards, Henry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind password problem
On Thursday 15 November 2007 00:56, John and Asta wrote: I’m having a real problem getting winbind to work with our domain server SAMBA version:3.0.26a. Winbind used to work fine with the old server running an older version of samba The Globals of my smb.conf looks like: # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2005/07/04 14:40:01 # Global parameters [global] logon drive = H: domain master = Yes map to guest = Bad User username map = /etc/samba/smbusers encrypt passwords = yes printer admin = @ntadmin, root, administrator logon home = \\%L\%u\.win_profile\%m wins support = Yes printcap cache time = 750 cups options = raw ldap machine suffix = ou=Computers logon script = logon.bat ldap suffix = dc=example,dc=com workgroup = MACHABENG logon path = \\%L\profiles\%u\%m os level = 65 printcap name = cups security = DOMAIN preferred master = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ ldap idmap suffix = ou=Idmap domain logons = Yes This configuration is broken! You have told Samba to be a domain member server (security = domain), yet it appears you want it to be a domain controller (security = user plus domain logons = Yes). The configuration uses LDAP, but I do not see specification of passdb backend = ldapsam which is necessary so that Samba knows how to connect with LDAP. If I run the following command things seem to work wbinfo -t checking the trust secret via RPC calls succeeded wbinfo -u produces a list of users getent passwd guidance:x:10005:1:guidance:/home/MACHABENG/guidance:/bin/bash science:x:10006:1:science:/home/MACHABENG/science:/bin/bash humanities:x:10007:1:humanities:/home/MACHABENG/humanities:/bin/bash however, sudo wbinfo -a user%password plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user asta%verity with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user asta with challenge/response [EMAIL PROTECTED]:~$ Is this machine intended to be the PDC? If so, change the security = domain to security = user and add passdb = ldapsam. If it should in fact be a domain member server the configuration needs to be corrected also. Well I’m stuck may be a bug in SAMBA version:3.0.26a. Is there a better way of getting a username and password from a Linux server than winbind? Please follow the guidelines in Samba3-ByExample. You can obtain this in HTML from: http://www.samba.org/samba/docs/Samba3-ByExample or in PDF format from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf In particular, check chapters 5 and 7. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2GB limit
I checked the disk format. It is UFS2. ? Could you help me to fix this? I don't know where else I can check. Does any body had similar problem like this with current version 3.26? There is no such limit in Samba; it i probably a limit in the underlying filesystem. We create gargantuan (2Gb) files via Samba all the time, but we use LINUX ext3/xfs servers. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can samba authenticate against non domain/server?
We've installed/enabled IIS to get us an FTP server site on a windows XP pro. This machine has local accounts for remote users to connect to. Thus they can remotely window in, be prompted to change their password the first time and use their local accounts to ftp files to/from us. What if the remote end was not using windows? If they had some type of unix host, they could still ftp in but as we set up their local accounts to force changing their initial password, they'd need to first connect in some other manner and change their password. Can samba do this? ie if the remote end was a unix box with samba, could it connect to this XP (workgroup, not domain) and authenticate against it. Aside from authentication, the basic question is can samba allow unix users (or their sysadmin) to change their remote windows password using smbpasswd or some other utility? If not, how do others set up IIS on non- domain servers. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2GB limit
Am Donnerstag, den 15.11.2007, 07:16 -0500 schrieb Adam Tauno Williams: I checked the disk format. It is UFS2. ? Could you help me to fix this? I don't know where else I can check. Does any body had similar problem like this with current version 3.26? There is no such limit in Samba; it i probably a limit in the underlying filesystem. We create gargantuan (2Gb) files via Samba all the time, but we use LINUX ext3/xfs servers. It's also a limit of the transport filesystem. Try to map the remote filsystem using cifs instead of smb. smb has the limit of 2GB Regards Sebastian Ries -- DT Netsolution GmbH - Talaeckerstr. 30 - D-70437 Stuttgart Tel: +49-711-849910-36 Fax: +49-711-849910-936 WEB: http://www.dtnet.de/ email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba unable to bind to LDAP server
I've spent the last several days trying to get Samba to bind to our OpenDirectory server for user authentication with no success. Whenever I try start Samba, it complains that the connection to the LDAP server failed with invalid credentials. I am authenticating other services against the LDAP server through NSS, so I am a bit at a loss as to why Samba won't run. I'm also a bit at a loss as to why I can't just tell Samba to use the same PAM modules that the other servers are using and just have authentication chug happily along through existing mechanisms. At any rate, here are the details right now: Samba 3.0.26a built with ./configure --prefix=/usr/local --enable-fhs --with-ldap --with-pam --with-configdir=/etc/samba --with-logfilebase=/var/log/samba $ cat /etc/samba/smb.conf [global] workgroup = WORKGROUP netbios name = Samuel security = user passdb backend =ldapsam:ldap://192.168.19.1/ ldap suffix = dc=vpn,dc=a3dauto,dc=com ldap admin dn = dc=vpn,dc=a3dauto,dc=com ldap user suffix = cn=users ldap group suffix = cn=groups [test] path = /mnt/smb read only = no guest ok = no $ sudo /usr/local/sbin/smbd -iS smbd version 3.0.26a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 failed to bind to server ldap://192.168.19.1/ with dn=dc=vpn,dc=a3dauto,dc=com Error: Invalid credentials (unknown) Connection to LDAP server failed for the 1 try! Connection to LDAP server failed for the 2 try! I am able to query the LDAP server using ldapsearch -x just fine, which tells me that my settings in /etc/openldap/ldap.conf are correct. I assumed that I could just duplicate the same settings in smb.conf, add my admin password through smbpasswd -W and everything would Just Work (tm), but that is obviously not the case. I did some reviewing of network traffic comparing and it seems that the only difference between successful binds and Samba's binds is that Samba is sending the dn when trying to bind and others are just binding then sending the dn later. So my questions are as follows: 1) Is there anything that I am missing in the configuration that would make everything roll over? 2) Is there a way to make Samba use the PAM / NSS mechanism that is already working? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [SECURITY] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Stack buffer overflow in nmbd's logon == request processing. == == CVE ID#: CVE-2007-4572 == == Versions:Samba 3.0.0 - 3.0.26a (inclusive) == == Summary: Processing of specially crafted GETDC == mailslot requests can result in a buffer == overrun in nmbd. It is not believed that == that this issues can be exploited to == result in remote code execution. == == === Description === Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller. == Patch Availability == A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.27 has been issued as a security release to correct the defect. == Workaround == Samba administrators may avoid this security issue by disabling both the domain logons and the domain master options in in the server's smb.conf file. Note that this will disable all domain controller features as well. === Credits === This vulnerability was discovered by Samba developers during an internal code audit. The time line is as follows: * Sep 13, 2007: Initial report to [EMAIL PROTECTED] including proposed patch. * Sep 14, 2007: Patch review by members of the Josh Bressers (RedHat Security Team) and Simo Sorce (Samba/RedHat developer) * Nov 15, 2007: Public security advisory made available. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPEdIIR7qMdg1EfYRAo0dAKC3m5RqVv9ZnwdbsFlvsTtBZuPPwwCg5Q22 bRcVL/Nl5oFmtnddjQlqN1k= =Adhf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
I would expect that to happen also, but that is how the PAM/NSS is configured, so I would expect it to be the same. I see. PAM/NSS uses an anonymous bind and does this as read only I believe. -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
Yup, I did: $ sudo tdbdump /usr/local/private/secrets.tdb { key(45) = SECRETS/LDAP_BIND_PW/dc=vpn,dc=a3dauto,dc=com data(7) = mypass\00 } I believe this one will not connect to the ldap server because you are not specfying the uid or cn to conncet with. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
Thu, Nov 15, 2007 at 09:55:01AM -0600, Steve Brown napsal(a): $ sudo /usr/local/sbin/smbd -iS smbd version 3.0.26a started. Copyright Andrew Tridgell and the Samba Team 1992-2007 failed to bind to server ldap://192.168.19.1/ with dn=dc=vpn,dc=a3dauto,dc=com Error: Invalid credentials (unknown) Connection to LDAP server failed for the 1 try! Connection to LDAP server failed for the 2 try! I see no smbpasswd -w ;o) Regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Hi, I just upgraded one of our samba BDC's (with LDAP back end on solaris 10) from 3.0.23c to 3.0.26a and can no longer mount shares. The error message I'm seeing in the samba logs is [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172) sam_account_ok: Account for user 'dbb' password must change!. [2007/11/15 14:15:26, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 14:15:26, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_MUST_CHANGE [2007/11/15 14:15:26, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(1489) cmd=115 (SMBsesssetupX) NT_STATUS_PASSWORD_MUST_CHANGE I tried reinstalling 3.0.23c and now get init_sam_from_ldap: Entry found for user: dbb [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'dbb' password expired!. [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Mon, 16 Feb 1970 08:06:40 BST' (400) unix time. [2007/11/15 16:28:13, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 16:28:13, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_EXPIRED Any thoughts? It worked fine earlier. I've tried deleting all the var/locks tdb files and the private/*.tdb files, resetting the SID and smbpassword but it doesn't seem to help. Reasoning for this is there seemed to be a new Account Policy entry appear in the gencache.tdb file to do with password age after the upgrade. There isn't anything set in the samba attributes of the ldap accounts to do with password expiry so it's all default. Cheers, Duncan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
I see. PAM/NSS uses an anonymous bind and does this as read only I believe. So can I configure Samba to do an anonymous bind? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot rename and/or delete files from windows clients
Hello sambers I have a samba working as a PDC in my network. Then i created a main share and within this share a i have all the company departments directories. I use POSIX ACLs in the directories to control the user access. For example, i have a directory named sales and i want that the user boss hava total access in this directory, so as the sales group so i defined some ACEs: setfacl -m user:boss:rwx sales setfacl -d -m user:boss:rwx sales When the user boss access it from a windows client, he can view the files, edit files, but cannot remove or rename them, that's is my nightmare. Thanks for any help Bruno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fileserver integrated into windows domain, pl us linux clients needed
Update: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier. My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible! Ben _ Feel like a local wherever you go. http://www.backofmyhand.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
I see. PAM/NSS uses an anonymous bind and does this as read only I believe. So can I configure Samba to do an anonymous bind? I have never tried that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
It does look like samba 3.0.23c now writes extra info into the sambaDomain object in ldap (?) sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutThreshold: 0 sambaMinPwdLength: 5 but that looks like it shouldn't be expiring passwords ( -1 ) Should it? Cheers, Duncan Duncan Brannen wrote: Hi, I just upgraded one of our samba BDC's (with LDAP back end on solaris 10) from 3.0.23c to 3.0.26a and can no longer mount shares. The error message I'm seeing in the samba logs is [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172) sam_account_ok: Account for user 'dbb' password must change!. [2007/11/15 14:15:26, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 14:15:26, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_MUST_CHANGE [2007/11/15 14:15:26, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(1489) cmd=115 (SMBsesssetupX) NT_STATUS_PASSWORD_MUST_CHANGE I tried reinstalling 3.0.23c and now get init_sam_from_ldap: Entry found for user: dbb [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'dbb' password expired!. [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Mon, 16 Feb 1970 08:06:40 BST' (400) unix time. [2007/11/15 16:28:13, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 16:28:13, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_EXPIRED Any thoughts? It worked fine earlier. I've tried deleting all the var/locks tdb files and the private/*.tdb files, resetting the SID and smbpassword but it doesn't seem to help. Reasoning for this is there seemed to be a new Account Policy entry appear in the gencache.tdb file to do with password age after the upgrade. There isn't anything set in the samba attributes of the ldap accounts to do with password expiry so it's all default. Cheers, Duncan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Rolling back to 3.0.23c has worked. the error with 3.0.23c was a change made to my account when looking at the 3.0.26a problem as blatantly obvious from the log below. Any ideas as to why 3.0.26a shouldn't be working? I'm guessing it's something ldap related? Thanks Duncan Duncan Brannen wrote: I tried reinstalling 3.0.23c and now get init_sam_from_ldap: Entry found for user: dbb [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(178) sam_account_ok: Account for user 'dbb' password expired!. [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Password expired at 'Mon, 16 Feb 1970 08:06:40 BST' (400) unix time. [2007/11/15 16:28:13, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [CLASSROOM] was for this SAM. [2007/11/15 16:28:13, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dbb] - [dbb] FAILED with error NT_STATUS_PASSWORD_EXPIRED Cheers, Duncan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
On Nov 15, 2007 12:20 PM, Duncan Brannen [EMAIL PROTECTED] wrote: Rolling back to 3.0.23c has worked. the error with 3.0.23c was a change made to my account when looking at the 3.0.26a problem as blatantly obvious from the log below. Any ideas as to why 3.0.26a shouldn't be working? I'm guessing it's something ldap related? I think your problem is that the password expiration is on a per user bases in the ldap. The key param is sambaPwdMustChange. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Thanks John, Setting this to 0 (Zero) or not having it present seems to work with 3.0.23c but with 3.0.26a I still get the NT_STATUS_PASSWORD_MUST_CHANGE error. Looking at the code the log points to (auth/auth_sam.c) line 172 There is a change between 23c and 26a which may or may not point to the answer. It doesn't look obvious to me. 3.0.26a if (!(pdb_get_acct_ctrl(sampass) ACB_PWNOEXP) !(pdb_get_acct_ctrl(sampass) ACB_PWNOTREQ)) { time_t must_change_time = pdb_get_pass_must_change_time(sampass); time_t last_set_time = pdb_get_pass_last_set_time(sampass); /* check for immediate expiry must change at next logon */ if (last_set_time == 0) { DEBUG(1,(sam_account_ok: Account for user '%s' password must change!.\n, pdb_get_username(sampass))); return NT_STATUS_PASSWORD_MUST_CHANGE; } # diff samba-3.0.26a/source/auth/auth_sam.c samba-3.0.23c/source/auth/auth_sam.c 166c166 if (!(pdb_get_acct_ctrl(sampass) ACB_PWNOEXP) !(pdb_get_acct_ctrl(sampass) ACB_PWNOTREQ)) { --- if (!(pdb_get_acct_ctrl(sampass) ACB_PWNOEXP)) { 171c171 if (last_set_time == 0) { --- if (must_change_time == 0 last_set_time != 0) { Cheers, Duncan John Drescher wrote: On Nov 15, 2007 12:20 PM, Duncan Brannen [EMAIL PROTECTED] wrote: Rolling back to 3.0.23c has worked. the error with 3.0.23c was a change made to my account when looking at the 3.0.26a problem as blatantly obvious from the log below. Any ideas as to why 3.0.26a shouldn't be working? I'm guessing it's something ldap related? I think your problem is that the password expiration is on a per user bases in the ldap. The key param is sambaPwdMustChange. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with net rpc vampire
when migrating from a NT4 domain using net rpc vampire i get the following error message: Creating unix group: 'Users' sh: /usr/sbin/smbldap-groupadd: No such file or directory [2007/11/15 10:21:31, 0] groupdb/mapping.c:smb_create_group(234) smb_create_group: Running the command `/usr/sbin/smbldap-groupadd 'Users'' gave 127 if i run the same command manually (/usr/sbin/smbldap-groupadd 'Users') the command runs successfully. any hint on why the command fails when using net rpc vampire? cheers, asgeir. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-registry problem: Slow printing
Greetings, I created a guest user and the error message goes away but that doesn't effect the performance of the printers. That is, the printer drivers that are slow are still slow and the ones that are fast have remained fast. I have updated the log in http://www.brightsands.com/~chris/log.bz2 if anyone has any ideas. --Chris :Cc: samba@lists.samba.org :Subject: Re: [Samba] Non-registry problem: Slow printing : :From your log: : :check_sam_security: Couldn't find user 'guest' in passdb. :auth/auth.c:check_ntlm_password(273) : check_ntlm_password: sam authentication for user [guest] FAILED with error NT_STATUS_NO_SUCH_USER :auth/auth.c:check_ntlm_password(319) : check_ntlm_password: Authentication for user [guest] - [guest] FAILED with error NT_STATUS_NO_SUCH_USER : :From smb.conf :[global] :guest account = guest :guest only = yes : :[cr1000] :guest only = Yes : :It appears the user guest does not exist. The clues would suggest :that you either need to add the user guest, choose an existing user :for the guest account, or change the printer to something other than :guest only. Based on the logs, I'm guessing that all that extra time :is going toward trying to authenticate a forced user that doesn't exist. :Do the printers that work have the same setup? (good information about SWAT deleted to try to keep this mail size down) :Hope this helps, Dale : : : :-Original message- :From: [EMAIL PROTECTED] :To: samba@lists.samba.org :Subject: Re: [Samba] Non-registry problem: Slow printing : : Greetings, : : I have commented out the wins support line, restarted samba and : added the printer with the slow driver. No difference in performance. : I also tried moving wins to the end of the name resolve order, also : no difference. : : I'd rather not bring the Internet to a halt by sending around the 987k : log file, but those wishing to see it can go to: : : http://www.brightsands.com/~chris/log.bz2 : : Anyone have any thoughts? --Chris : : | Date: Wed, 14 Nov 2007 16:40:27 -0600 : | From: Dale Schroeder [EMAIL PROTECTED] : | To: [EMAIL PROTECTED] : | Subject: Re: [Samba] Non-registry problem: Slow printing : | : | It may have nothing to do with your printing problem, but you should : | never have both wins support and wins server in the same smb.conf. : | If this system is the WINS server, then use wins support. If another : | system is the WINS server, then use wins server. This might be : | significant since wins is listed first in name resolve order and a lot : | of network printers now come with WINS support. : | : | I don't know a thing about lprng printing (CUPS exclusively), so I can't : | help you there. The logs may be necessary. : | : | [EMAIL PROTECTED] wrote: : | I have a client running samba-3.0.24 with mostly Windows-XP clients. : | They can print to some printers (those with drivers provided by Microsoft) : | without problem. : | : | They can also print to printers with vendor supplied printer drivers : | but they end up waiting up to 30 seconds just to select the printer. : | There is a similar wait when adding the printer to the list of printers : | the XP client knows about. : | : | This does not appear to be the much discussed registry problem, as : | we have repeatedly removed these registry entries and, though they come : | back, there is no performance improvement. Also, when people have : | described the registry problem they have not said that it was driver : | dependent. Furthermore, as I understand the registry problem, it occurs : | when there are non-existant printers listed ... which there are not in : | our case. : | : | There is no firewall between the client and the server except that which : | Microsoft provides, and we still have the problem with that completely : | disabled. : | : | Here is my smb.conf: : | : | [global] : | workgroup = FUZZBALL : | netbios name = fzb3 : | netbios aliases = fzb3 : | server string = fzb3 : | bind interfaces only = true : | interfaces = eth0 : | null passwords = Yes : | security = SHARE : | guest account = guest : | lanman auth = No : | client lanman auth = No : | client plaintext auth = No : | socket options = TCP_NODELAY IPTOS_LOWDELAY : | local master = yes : | prefered master = yes : | log level = 3 : | log file = /usr/local/samba/log.%m : | *name resolve order = wins bcast host* : | deadtime = 1 : | printcap cache time = 750 : | printcap name = /etc/printcap : | domain logons = No : | #domain logons = yes : | *wins support = yes* : | local master = No : | dns proxy = No : | *wins server = 10.1.1.1* : | ldap ssl = no : | path = /var/tmp/samba%S : | admin users = root, guest : | printer admin = root, guest : | guest ok = Yes : | guest only = Yes : | hosts allow =
Re: [Samba] Fileserver integrated into w indows domain, plus linux clients needed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Ladd wrote: Update: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). rig·ma·role (rĭg'mə-rōl') pronunciation also rig·a·ma·role (-ə-mə-rōl') n. 1. Confused, rambling, or incoherent discourse; nonsense. 2. A complicated, petty set of procedures. Most of us here on this list don't consider this an accurate perspective of the documentation. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ or the following ubuntu link are pretty well thought out and elucidated. I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier. My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? Depends on what you mean by easy. A lot of intelligent, committed individuals have done all the hard work of overcoming the barriers erected by Microsoft to true interoperability. All you have to do is fill in a few details nowadays. I think a word that describes this process might be tedious. Do you define tedious as hard? I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible! Follow one of the procedures, get to a point you can say this works, this doesn't, here is the configuration, any suggestions. There was a change in the implementation for winbind backends relatively recently and the documentation (and swat) is behind on this. Idmap_ad, idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb. See: http://us3.samba.org/samba/docs/man/manpages-3/ You'll need to investigate how you want to map windows users and groups to unix users and groups and pick one technique. Look to password sync options to resolve your other issue. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHPKsmFqWysr/jOHMRAmXwAJ0STtXNyq7J1m+yzweKzJwCbslt3ACfToEm yKqkYYwVSFeOMeuBGwj07xk= =lg9m -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
$ sudo tdbdump /usr/local/private/secrets.tdb { key(45) = SECRETS/LDAP_BIND_PW/dc=vpn,dc=a3dauto,dc=com data(7) = mypass\00 } I believe this one will not connect to the ldap server because you are not specfying the uid or cn to conncet with. I would expect that to happen also, but that is how the PAM/NSS is configured, so I would expect it to be the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [SECURITY] CVE-2007-5398 - Remote Code Execution in Samba's nmbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Remote code execution in Samba's WINS == server daemon (nmbd) when processing name == registration followed name query requests. == == CVE ID#: CVE-2007-5398 == == Versions:Samba 3.0.0 - 3.0.26a (inclusive) == == Summary: When nmbd has been configured as a WINS == server, a client can send a series of name == registration request followed by a specific == name query request packet and execute == arbitrary code. == == === Description === Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the wins support parameter has been enabled in smb.conf. == Patch Availability == A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.27 has been issued as a security release to correct the defect. == Workaround == Samba administrators may avoid this security issue by disabling the wins support feature in the hosts smb.conf file. === Credits === This vulnerability was reported to Samba developers by Alin Rad Pop, Secunia Research. The time line is as follows: * Oct 30, 2007: Initial report to [EMAIL PROTECTED] * Oct 30, 2007: First response from Samba developers confirming the bug along with a proposed patch. * Nov 15, 2007: Public security advisory to be made available. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPEfSIR7qMdg1EfYRAk8AAJ4w/eUyHYYo+tBlu+0pFXsr7G7CMwCg2yco 1kzBXPCsz/WcfGAfnTdAwgg= =YVMj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbstatus
Is there any way to customize smbstatus to produce the following columns? share user file My problem is that I have multiple shares. Each share has somewhat the same file structure. I need to be able to see which user is using which file on which share. Currently you can only get one of the following: PID Client IP address Date Share User Group PID Client Date PID Sharing R/W Oplock File Date I just want to know if there is a way to view these lists as anything except for the default. I'm sorry if this question is old, and answered already. I searched the list, and google, and didn't come up with anything. TIA -Aubrey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
Thu, Nov 15, 2007 at 10:03:30AM -0600, Steve Brown napsal(a): I see no smbpasswd -w ;o) I'm sorry. You wrote you use smbpasswd -W ... Its there: $ sudo tdbdump /usr/local/private/secrets.tdb { key(58) = SECRETS/LDAP_BIND_PW/uid=diradmin,dc=vpn,dc=a3dauto,dc=com data(7) = mypass\00 } Have you copied something wrong? I see ldap admin dn = dc=vpn,dc=a3dauto,dc=com in your smb.conf and in error message failed to bind to server ldap://192.168.19.1/ with dn=dc=vpn,dc=a3dauto,dc=com Error: Invalid credentials So its different dn ;o) Regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
Have you copied something wrong? Yup, I did: $ sudo tdbdump /usr/local/private/secrets.tdb { key(45) = SECRETS/LDAP_BIND_PW/dc=vpn,dc=a3dauto,dc=com data(7) = mypass\00 } { key(58) = SECRETS/LDAP_BIND_PW/uid=diradmin,dc=vpn,dc=a3dauto,dc=com data(7) = mypass\00 } Both entries are there in varying attempts to make things work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sometimes users can't connect to the samba shares
Hello, Hope you can help us out with a problem with samba / winbind; We have samba 3.0.21c with winbind running on an RHEL 4 server. This runs quite stable for more than a year now. But since the lasts weeks it appears that sometimes our users can't connect to the samba shares. I suspect that this problem has something to do with the integration of samba (winbind) with the Microsoft Active Directory. Some lines of interest in the log files are: in the /var/log/samba/client-pc-name.log: [2007/11/15 21:25:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(322) make_server_info_pac failed! and in the /var/log/messages: Nov 15 07:08:09 janus winbindd[2352]: [2007/11/15 07:08:09, 0] lib/util_sock.c:write_data(559) Nov 15 07:08:09 janus winbindd[2352]: write_data: write failure. Error = Connection reset by peer Nov 15 07:08:09 janus winbindd[2352]: [2007/11/15 07:08:09, 0] libsmb/clientgen.c:write_socket(138) Nov 15 07:08:09 janus winbindd[2352]: write_socket: Error writing 246 bytes to socket 25: ERRNO = Connection reset by peer Nov 15 07:08:09 janus winbindd[2352]: [2007/11/15 07:08:09, 0] libsmb/clientgen.c:cli_send_smb(168) Nov 15 07:08:09 janus winbindd[2352]: Error writing 246 bytes to client. -1 (Connection reset by peer) Nov 15 07:08:09 janus winbindd[2352]: [2007/11/15 07:08:09, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Nov 15 07:08:09 janus winbindd[2352]: rpc_api_pipe: Remote machine TERRA pipe \lsarpc fnum 0x4000returned critical error. Error was Write error: Connection reset by peer Nov 15 07:08:09 janus winbindd[2352]: [2007/11/15 07:08:09, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) Nov 15 07:08:09 janus winbindd[2352]: cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x4000 to machine TERRA. Error was Write error: Success Nov 15 07:08:10 janus winbindd[2352]: [2007/11/15 07:08:10, 0] lib/util_sid.c:string_to_sid(285) Nov 15 07:08:10 janus winbindd[2352]: string_to_sid: Sid S-0-0 is not in a valid format. When we try wbinfo -u or -g we get all users and groups successfully, and this problem does not always appear, but only a few times per week. Do you have any suggestions or hints ? Can you point us in the right direction where to look for ? Any help will be appreciated. Many thanks in advance. Frits Heemstra -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
I see no smbpasswd -w ;o) Its there: $ sudo tdbdump /usr/local/private/secrets.tdb { key(58) = SECRETS/LDAP_BIND_PW/uid=diradmin,dc=vpn,dc=a3dauto,dc=com data(7) = mypass\00 } Now I don't know where the \00 comes from. Is that just something that the tdb adds and Samba is smart enough to strip out? Or is that something that is throwing off the authentication? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: configure: error: C compiler cannot create executables
_ From: Morimoto, Mark K Sent: Thursday, November 15, 2007 11:26 AM To: 'samba@lists.samba.org' Subject: configure: error: C compiler cannot create executables Hello, I get this when I run ./configure. I have searched for other problems and others who had the problem say its due to cc not being installed. Well its not but I have gcc. So I saw where someone put define CC=gcc and then ran the ./configure command. I tried it but still the same error. So what is the solution? Should I install C? I am running this on a solaris 9 on x86. Mark # ./configure SAMBA VERSION: 3.0.26a LIBREPLACE_LOCATION_CHECKS: START checking build system type... i386-pc-solaris2.10 checking host system type... i386-pc-solaris2.10 checking target system type... i386-pc-solaris2.10 LIBREPLACE_LOCATION_CHECKS: END LIBREPLACE_CC_CHECKS: START checking for gcc... gcc checking for C compiler default output file name... configure: error: C compiler cannot create executables See `config.log' for more details. # echo $PATH /bin:/usr/bin:/usr/ucb:/etc:/usr/atria/bin:/usr/dt/bin:/usr/sbin:/usr/ openwin/bin:/opt/gcc/bin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba unable to bind to LDAP server
On Nov 15, 2007 11:42 AM, Steve Brown [EMAIL PROTECTED] wrote: I see. PAM/NSS uses an anonymous bind and does this as read only I believe. So can I configure Samba to do an anonymous bind? BTW, Here is what I have in my ldap config for samba: [global] passdb backend = ldapsam:ldap://sysserv0.radimg.pitt.edu ldap://192.168.1.230; ldap ssl = false ldap admin dn = cn=Manager,dc=radimg,dc=pitt,dc=edu ldap user suffix = ou=People ldap delete dn = yes ldap machine suffix = ou=Hosts ldap group suffix = ou=Groups ldapsam:trusted=yes ldap suffix = dc=radimg,dc=pitt,dc=edu John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can samba authenticate against non domain/server?
What do you mean by window in the only way I can think of having a non-domain member windows system change a password on another system is Remote Desktop. If that is the case, the unix system needs a remote desktop client, something like rdesktop. -- Michael [EMAIL PROTECTED] wrote: We've installed/enabled IIS to get us an FTP server site on a windows XP pro. This machine has local accounts for remote users to connect to. Thus they can remotely window in, be prompted to change their password the first time and use their local accounts to ftp files to/from us. What if the remote end was not using windows? If they had some type of unix host, they could still ftp in but as we set up their local accounts to force changing their initial password, they'd need to first connect in some other manner and change their password. Can samba do this? ie if the remote end was a unix box with samba, could it connect to this XP (workgroup, not domain) and authenticate against it. Aside from authentication, the basic question is can samba allow unix users (or their sysadmin) to change their remote windows password using smbpasswd or some other utility? If not, how do others set up IIS on non- domain servers. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vista Ulimate joining Samba-Domain
Hi list, I have a question concerning a MS Vista Ultimate-Client which I already have joined with a Samba-Domain (3.0.26a), and I do hope that anyone can help me or can give me a hint where to proceed my search. My problem is, that the logon process on this Vista-Client is very long (~1-2 min.). After switching to the detailed logon view, I can see, that Vista displays the (german) messages Warten auf 'Benutzerprofildienst' for a very long time. Then suddenly the messages Desktop vorbereiten appears and the logon is finally processed after some seconds. - Vice versa the logoff process lasts very long, - without too much network traffic, as I assume from looking at the router´s lights. ;-) This behaviour is strange, since other WinXP and Win2000-Clients - also joined to my domain - log on and off usually fast. I first wondered if it had to do with roaming profils and switched them, - but it had absolutely no effect. First I thought, I might have misconfigured my samba 3.0.24-installation running on Opensuse 10.2, so I installed the meanwhile released Opensuse 10.3 with samba 3.0.26a on another machine, - but this had no effect. Does anyone have an idea or can confirm this effect? Can samba have to do anything with this effect at all? Thanks for any idea! Best regards, Helge -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
=?windows-1256?Q?RE:_[Samba]__Fileserver_integrated_into_windows_domain, _?= plus linux clients needed
_ Feel like a local wherever you go. http://www.backofmyhand.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fileserver integrated into windows domain, plus linux clients needed?
Doug, Is the sarcasm and condescension really necessary? I mean, point him in the direction of the docs by all means (which you did, great) with perhaps an RTFM for good measure but i'm not sure that i'd describe fully integrating Linux logins with AD (which is what i think Ben is trying to do) as fill in a few details. As someone who comes from a Windows background, the first foray into Linux is intimidating at best. This kind of how dare you ask such an elementary question response doesn't help anyone. Ben, Your questions are kind of general. The doco for the most part is a pretty good guide, the samba.org web-site has links to pretty much everything you need. If you have more specific questions, you will (hopefully) get more useful answers. m. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug VanLeuven Sent: Friday, 16 November 2007 5:25 AM To: Ben Ladd Cc: samba@lists.samba.org Subject: Re: [Samba] Fileserver integrated into windows domain, plus linux clients needed? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Ladd wrote: Update: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). rig·ma·role (rĭg'mə-rōl') pronunciation also rig·a·ma·role (-ə-mə-rōl') n. 1. Confused, rambling, or incoherent discourse; nonsense. 2. A complicated, petty set of procedures. Most of us here on this list don't consider this an accurate perspective of the documentation. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ or the following ubuntu link are pretty well thought out and elucidated. I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier. My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? Depends on what you mean by easy. A lot of intelligent, committed individuals have done all the hard work of overcoming the barriers erected by Microsoft to true interoperability. All you have to do is fill in a few details nowadays. I think a word that describes this process might be tedious. Do you define tedious as hard? I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible! Follow one of the procedures, get to a point you can say this works, this doesn't, here is the configuration, any suggestions. There was a change in the implementation for winbind backends relatively recently and the documentation (and swat) is behind on this. Idmap_ad, idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb. See: http://us3.samba.org/samba/docs/man/manpages-3/ You'll need to investigate how you want to map windows users and groups to unix users and groups and pick one technique. Look to password sync options to resolve your other issue. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHPKsmFqWysr/jOHMRAmXwAJ0STtXNyq7J1m+yzweKzJwCbslt3ACfToEm yKqkYYwVSFeOMeuBGwj07xk= =lg9m -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] recycle: touching failed operation not permitted
Hi, If this is a temporary file, do you really need it to be recycled? If not, just add it to your recycle:exclude line * Michael Heydon - IT Administration / Support * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] TEL: (08) 9351 3400 Direct: (08) 9351 3473 FAX: (08) 9351 3410 http://www.jaswin.com.au 1 McDowell Street Welshpool WA 6106 **Disclaimer** Jason Windows Pty Ltd This email is private and confidential. If you are not the intended recipient, please immediately advise us by return email, and delete this email and any attachments without using or disclosing the contents in any way. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Jason Windows Pty Ltd. Hubert Choma wrote: Hello In /var/log/messages I have got a lot of errors such as : recycle: touching .recycle/jankowski/500/500_U/21-10-5U.~TIF failed, reason = Operation not permitted ~~.tif it's a temp file and I noticed that samba deletes this files to recycle . My smb.conf comment = Rastry public = yes invalid users = @geodeta,@ewidencja, path = /home/samba/rastry write list = @rastry deny hosts = korytarz1, korytarz2 force create mode = 0777 vfs object = full_audit recycle recycle:repository = .recycle/%U recycle:touch = true recycle:keeptree = true recycle:versions = false recycle:exclude = *.TMP recycle:directory_mode = 773 full_audit:prefix = %u|%m|%I full_audit:failure = read full_audit:success = pwrite rename unlink rmdir mkdir Please help me because my syslog has a lot of this entry's ATRAKCYJNE NIERUCHOMOŚCI W ZAKOPANEM !!! Apartamenty, Domy, Działki, Pensjonaty, Hotele, Lokale użytkowe... Kliknij: http://klik.wp.pl/?adr=www.bachledanieruchomosci.plsid=54 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fileserver integrated into windows domain, plus linux clients n eeded
Making an AD Domain Member Server is not difficult. However, what is difficult, is getting it to work reliably. It seems to work OK for a week or so at a time, which is not particularly robust... Cheers, H. Ben Ladd wrote: Update: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier. My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible! Ben _ Feel like a local wherever you go. http://www.backofmyhand.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fileserver integrated into windows domain, plus linux clients needed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Cleghorn wrote: Doug, Is the sarcasm and condescension really necessary? I thought the original author was trolling and I bit. Rereading I see he was referring to password changing as rigmarol not configuring samba. So OK, it would seem sarcastic. For the public record, I owe you an apology Ben, my bad. But I won't cop to the condescension. I was being straightforward. Regards, Doug I mean, point him in the direction of the docs by all means (which you did, great) with perhaps an RTFM for good measure but i'm not sure that i'd describe fully integrating Linux logins with AD (which is what i think Ben is trying to do) as fill in a few details. As someone who comes from a Windows background, the first foray into Linux is intimidating at best. This kind of how dare you ask such an elementary question response doesn't help anyone. Ben, Your questions are kind of general. The doco for the most part is a pretty good guide, the samba.org web-site has links to pretty much everything you need. If you have more specific questions, you will (hopefully) get more useful answers. Ben Ladd wrote: Update: Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year). rig·ma·role (r-g'mY-rMl') pronunciation also rig·a·ma·role (-Y-mY-rMl') n. 1. Confused, rambling, or incoherent discourse; nonsense. 2. A complicated, petty set of procedures. Most of us here on this list don't consider this an accurate perspective of the documentation. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ or the following ubuntu link are pretty well thought out and elucidated. I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier. My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients? Depends on what you mean by easy. A lot of intelligent, committed individuals have done all the hard work of overcoming the barriers erected by Microsoft to true interoperability. All you have to do is fill in a few details nowadays. I think a word that describes this process might be tedious. Do you define tedious as hard? I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible! Follow one of the procedures, get to a point you can say this works, this doesn't, here is the configuration, any suggestions. There was a change in the implementation for winbind backends relatively recently and the documentation (and swat) is behind on this. Idmap_ad, idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb. See: http://us3.samba.org/samba/docs/man/manpages-3/ You'll need to investigate how you want to map windows users and groups to unix users and groups and pick one technique. Look to password sync options to resolve your other issue. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHPUftFqWysr/jOHMRAqlbAJ9uMfflkG2BMEcknM9HnhJuGXtaigCgqOUi hzduwfDP9bI/F6RXnvU= =CkBX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SECURITY] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == == == Subject: Stack buffer overflow in nmbd's logon == request processing. == == CVE ID#: CVE-2007-4572 == == Versions:Samba 3.0.0 - 3.0.26a (inclusive) == == Summary: Processing of specially crafted GETDC == mailslot requests can result in a buffer == overrun in nmbd. It is not believed that == that this issues can be exploited to == result in remote code execution. == == === Description === Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller. == Patch Availability == A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.27 has been issued as a security release to correct the defect. == Workaround == Samba administrators may avoid this security issue by disabling both the domain logons and the domain master options in in the server's smb.conf file. Note that this will disable all domain controller features as well. === Credits === This vulnerability was discovered by Samba developers during an internal code audit. The time line is as follows: * Sep 13, 2007: Initial report to [EMAIL PROTECTED] including proposed patch. * Sep 14, 2007: Patch review by members of the Josh Bressers (RedHat Security Team) and Simo Sorce (Samba/RedHat developer) * Nov 15, 2007: Public security advisory made available. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPD3gIR7qMdg1EfYRAhwsAKDBNWSLTdovANjSgVXrPIio4xs3vQCgsblj COwj02PQXI8T4Dgext8RmOs= =ib+U -END PGP SIGNATURE-
Re: svn commit: samba r25959 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 + + /* possibly initialise the baseinfo */ + if (r == LDB_SUCCESS) { this comment is wrong (cut-n-paste?) } + + if ((req-op.search.base == NULL) || (ldb_dn_is_null(req-op.search.base) == true)) { + + /* Check what we should do with a NULL dn */ + switch (req-op.search.scope) { + case LDB_SCOPE_BASE: + ldb_asprintf_errstring(module-ldb, +NULL Base DN invalid for a base search); + ret = LDB_ERR_INVALID_DN_SYNTAX; + case LDB_SCOPE_ONELEVEL: + ldb_asprintf_errstring(module-ldb, +NULL Base DN invalid for a one-level search); + ret = LDB_ERR_INVALID_DN_SYNTAX; + case LDB_SCOPE_SUBTREE: + default: + /* We accept subtree searches from a NULL base DN, ie over the whole DB */ + ret = LDB_SUCCESS; + } + } else if (ldb_dn_is_valid(req-op.search.base) == false) { + + /* We don't want invalid base DNs here */ + ldb_asprintf_errstring(module-ldb, +Invalid Base DN: %s, + ldb_dn_get_linearized(req-op.search.base)); + ret = LDB_ERR_INVALID_DN_SYNTAX; + + } else if (ldb_dn_is_null(req-op.search.base) == true) { + + /* Check what we should do with a NULL dn */ + switch (req-op.search.scope) { This is never reached as the first if also checks for this... metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHPBKzm70gjA5TCD8RAhxwAKCRr7oqjkjiyh391fvVjpH8PDOOMQCgiEum m6JGpQvTOtrezosJAe/YPBw= =lsul -END PGP SIGNATURE-
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-317-g242fc00
The branch, v3-2-test has been updated via 242fc0099cc81877d8e9630b46dfb8d4a3265d94 (commit) from 00760451b6c2b65f3a8a9187789ca4f270b622a2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 242fc0099cc81877d8e9630b46dfb8d4a3265d94 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Nov 15 11:08:53 2007 +0100 Fix bug #5083 (and duplicate bug #5084). Make solarisacl_sys_acl_get_fd() return a result when there is one (thereby fixing a memleak). Thanks to Markus Zell for reporting this. Michael --- Summary of changes: source/modules/vfs_solarisacl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/modules/vfs_solarisacl.c b/source/modules/vfs_solarisacl.c index b29c218..673b680 100644 --- a/source/modules/vfs_solarisacl.c +++ b/source/modules/vfs_solarisacl.c @@ -128,7 +128,7 @@ SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle, DEBUG(10, (solarisacl_sys_acl_get_fd %s.\n, ((result == NULL) ? failed : succeeded))); SAFE_FREE(solaris_acl); - return NULL; + return result; } int solarisacl_sys_acl_set_file(vfs_handle_struct *handle, -- Samba Shared Repository
svn commit: samba r25965 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-15 11:05:22 + (Thu, 15 Nov 2007) New Revision: 25965 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25965 Log: Remove duplicate block - thanks metze! Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15 11:01:14 UTC (rev 25964) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15 11:05:22 UTC (rev 25965) @@ -547,24 +547,6 @@ ldb_dn_get_linearized(req-op.search.base)); ret = LDB_ERR_INVALID_DN_SYNTAX; - } else if (ldb_dn_is_null(req-op.search.base) == true) { - - /* Check what we should do with a NULL dn */ - switch (req-op.search.scope) { - case LDB_SCOPE_BASE: - ldb_asprintf_errstring(module-ldb, - NULL Base DN invalid for a base search); - ret = LDB_ERR_INVALID_DN_SYNTAX; - case LDB_SCOPE_ONELEVEL: - ldb_asprintf_errstring(module-ldb, - NULL Base DN invalid for a one-level search); - ret = LDB_ERR_INVALID_DN_SYNTAX; - case LDB_SCOPE_SUBTREE: - default: - /* We accept subtree searches from a NULL base DN, ie over the whole DB */ - ret = LDB_SUCCESS; - } - } else if (ltdb-check_base) { /* This database has been marked as 'checkBaseOnSearch', so do a spot check of the base dn */ ret = ltdb_search_base(module, req-op.search.base);
svn commit: samba r25964 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-15 11:01:14 + (Thu, 15 Nov 2007) New Revision: 25964 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25964 Log: Fix comment and use talloc hirachy in ldb_tdb initialisation. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15 10:20:55 UTC (rev 25963) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15 11:01:14 UTC (rev 25964) @@ -307,7 +307,7 @@ options = talloc(ltdb-cache, struct ldb_message); if (options == NULL) goto failed; - options_dn = ldb_dn_new(module, module-ldb, LTDB_OPTIONS); + options_dn = ldb_dn_new(options, module-ldb, LTDB_OPTIONS); if (options_dn == NULL) goto failed; r= ltdb_search_dn1(module, options_dn, options); @@ -315,7 +315,7 @@ goto failed; } - /* possibly initialise the baseinfo */ + /* set flag for checking base DN on searches */ if (r == LDB_SUCCESS) { ltdb-check_base = ldb_msg_find_attr_as_bool(options, LTDB_CHECK_BASE, false); } else { @@ -350,7 +350,6 @@ done: talloc_free(options); - talloc_free(options_dn); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); @@ -358,7 +357,6 @@ failed: talloc_free(options); - talloc_free(options_dn); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn);
[SCM] Samba Shared Repository - branch v3-0-test updated - initial-v3-0-unstable-15-g1cdf89a
The branch, v3-0-test has been updated via 1cdf89a02af6e7a2deed3f59519af97c10dbdaa3 (commit) from 3480b42be1adc7c2876a77e8260049447338c3ff (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 1cdf89a02af6e7a2deed3f59519af97c10dbdaa3 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Nov 15 11:08:53 2007 +0100 Fix bug #5083 (and duplicate bug #5084). Make solarisacl_sys_acl_get_fd() return a result when there is one (thereby fixing a memleak). Thanks to Markus Zell for reporting this. Michael --- Summary of changes: source/modules/vfs_solarisacl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/modules/vfs_solarisacl.c b/source/modules/vfs_solarisacl.c index b39ec44..8c28213 100644 --- a/source/modules/vfs_solarisacl.c +++ b/source/modules/vfs_solarisacl.c @@ -129,7 +129,7 @@ SMB_ACL_T solarisacl_sys_acl_get_fd(vfs_handle_struct *handle, DEBUG(10, (solarisacl_sys_acl_get_fd %s.\n, ((result == NULL) ? failed : succeeded))); SAFE_FREE(solaris_acl); - return NULL; + return result; } int solarisacl_sys_acl_set_file(vfs_handle_struct *handle, -- Samba Shared Repository
svn commit: samba r25966 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: abartlet Date: 2007-11-15 11:37:41 + (Thu, 15 Nov 2007) New Revision: 25966 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25966 Log: Don't force an 8 byte width to generated SIDs, as this can actually end up with a SID with a space in it. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c 2007-11-15 11:05:22 UTC (rev 25965) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c 2007-11-15 11:37:41 UTC (rev 25966) @@ -70,7 +70,7 @@ */ static int ejs_randsid(MprVarHandle eid, int argc, struct MprVar **argv) { - char *s = talloc_asprintf(mprMemCtx(), S-1-5-21-%8u-%8u-%8u, + char *s = talloc_asprintf(mprMemCtx(), S-1-5-21-%u-%u-%u, (unsigned)generate_random(), (unsigned)generate_random(), (unsigned)generate_random());
svn commit: samba r25967 - in branches/SAMBA_4_0/source/lib/ldb: .
Author: metze Date: 2007-11-15 13:07:08 + (Thu, 15 Nov 2007) New Revision: 25967 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25967 Log: ldb: a module doesn't need to link against $(LIBS) As the main library already links to it. metze Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in === --- branches/SAMBA_4_0/source/lib/ldb/Makefile.in 2007-11-15 11:37:41 UTC (rev 25966) +++ branches/SAMBA_4_0/source/lib/ldb/Makefile.in 2007-11-15 13:07:08 UTC (rev 25967) @@ -127,7 +127,7 @@ $(CC) $(SHLD_FLAGS) $(SONAMEFLAG)libnss_ldb.$(SHLIBEXT).2 -o lib/libnss_ldb.$(SHLIBEXT).2 $(NSS_OBJ) $(OBJS) $(LIB_FLAGS) sample_module.$(SHLIBEXT): tests/sample_module.o - $(CC) $(SHLD_FLAGS) $(LIBS) $(LDFLAGS) -o $@ tests/sample_module.o + $(CC) $(SHLD_FLAGS) $(LDFLAGS) -o $@ tests/sample_module.o bin/ldbadd: tools/ldbadd.o tools/cmdline.o $(LIBS) $(CC) -o bin/ldbadd tools/ldbadd.o tools/cmdline.o $(LIB_FLAGS) $(LD_EXPORT_DYNAMIC)
svn commit: samba r25968 - in branches/SAMBA_4_0/source/lib/ldb: .
Author: metze Date: 2007-11-15 13:11:50 + (Thu, 15 Nov 2007) New Revision: 25968 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25968 Log: ldb: we need to use @SONAMEFLAG@ directly so that the '#' trick can work metze Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in === --- branches/SAMBA_4_0/source/lib/ldb/Makefile.in 2007-11-15 13:07:08 UTC (rev 25967) +++ branches/SAMBA_4_0/source/lib/ldb/Makefile.in 2007-11-15 13:11:50 UTC (rev 25968) @@ -35,7 +35,6 @@ LIBDL = @LIBDL@ SHLIBEXT = @SHLIBEXT@ -SONAMEFLAG = @SONAMEFLAG@ LD_EXPORT_DYNAMIC = @LD_EXPORT_DYNAMIC@ SHLD_FLAGS = @SHLD_FLAGS@ @@ -97,7 +96,7 @@ STATICLIB = lib/libldb.a $(SOLIB): $(OBJS) - $(CC) $(SHLD_FLAGS) -o $@ $(OBJS) $(LDFLAGS) $(LIBS) $(TALLOC_LIBS) $(TDB_LIBS) $(SONAMEFLAG)$(SONAME) + $(CC) $(SHLD_FLAGS) -o $@ $(OBJS) $(LDFLAGS) $(LIBS) $(TALLOC_LIBS) $(TDB_LIBS) @[EMAIL PROTECTED](SONAME) all: showflags dirs $(OBJS) $(STATICLIB) $(SOLIB) $(BINS) $(EXAMPLES) manpages @@ -124,7 +123,7 @@ @-ranlib $@ lib/libnss_ldb.$(SHLIBEXT).2: $(NSS_OBJ) $(LIBS) bin/libldb.a - $(CC) $(SHLD_FLAGS) $(SONAMEFLAG)libnss_ldb.$(SHLIBEXT).2 -o lib/libnss_ldb.$(SHLIBEXT).2 $(NSS_OBJ) $(OBJS) $(LIB_FLAGS) + $(CC) $(SHLD_FLAGS) -o lib/libnss_ldb.$(SHLIBEXT).2 $(NSS_OBJ) $(OBJS) $(LIB_FLAGS) @[EMAIL PROTECTED](SHLIBEXT).2 sample_module.$(SHLIBEXT): tests/sample_module.o $(CC) $(SHLD_FLAGS) $(LDFLAGS) -o $@ tests/sample_module.o
svn commit: samba r25969 - in branches/SAMBA_4_0/source/lib/ldb: .
Author: metze Date: 2007-11-15 13:16:31 + (Thu, 15 Nov 2007) New Revision: 25969 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25969 Log: ldb: link libnss_ldb.so.2 against the shared library metze Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in === --- branches/SAMBA_4_0/source/lib/ldb/Makefile.in 2007-11-15 13:11:50 UTC (rev 25968) +++ branches/SAMBA_4_0/source/lib/ldb/Makefile.in 2007-11-15 13:16:31 UTC (rev 25969) @@ -122,8 +122,8 @@ ar -rv $@ $(OBJS) @-ranlib $@ -lib/libnss_ldb.$(SHLIBEXT).2: $(NSS_OBJ) $(LIBS) bin/libldb.a - $(CC) $(SHLD_FLAGS) -o lib/libnss_ldb.$(SHLIBEXT).2 $(NSS_OBJ) $(OBJS) $(LIB_FLAGS) @[EMAIL PROTECTED](SHLIBEXT).2 +lib/libnss_ldb.$(SHLIBEXT).2: $(NSS_OBJ) $(SOLIB) + $(CC) $(SHLD_FLAGS) -o $@ $(NSS_OBJ) $(LDFLAGS) $(SOLIB) @[EMAIL PROTECTED](SHLIBEXT).2 sample_module.$(SHLIBEXT): tests/sample_module.o $(CC) $(SHLD_FLAGS) $(LDFLAGS) -o $@ tests/sample_module.o
svn commit: samba r25963 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-11-15 10:20:55 + (Thu, 15 Nov 2007) New Revision: 25963 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25963 Log: libreplace: samba3 doesn't use SONAMEFLAG on Mac OS 10, so also try this metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 2007-11-15 05:54:51 UTC (rev 25962) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 2007-11-15 10:20:55 UTC (rev 25963) @@ -172,7 +172,7 @@ SONAMEFLAG=-Wl,-soname, ;; *darwin*) - SONAMEFLAG=-compatibility_version + SONAMEFLAG=# ;; *aix*) # Not supported
svn commit: samba-web r1150 - in trunk: . history security
Author: jerry Date: 2007-11-15 14:05:56 + (Thu, 15 Nov 2007) New Revision: 1150 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1150 Log: Samba 3.0.27 release announcement details Added: trunk/history/samba-3.0.27.html trunk/security/CVE-2007-4572.html trunk/security/CVE-2007-5398.html Modified: trunk/header_columns.html trunk/history/header_history.html trunk/history/security.html trunk/index.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/header_columns.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -130,9 +130,9 @@ div class=releases h4Current Stable Release/h4 ul -lia href=/samba/ftp/stable/samba-3.0.26a.tar.gzSamba 3.0.26a (gzipped)/a/li -lia href=/samba/history/samba-3.0.26a.htmlRelease Notes/a/li -lia href=/samba/ftp/stable/samba-3.0.26a.tar.ascSignature/a/li +lia href=/samba/ftp/stable/samba-3.0.27.tar.gzSamba 3.0.27 (gzipped)/a/li +lia href=/samba/history/samba-3.0.27.htmlRelease Notes/a/li +lia href=/samba/ftp/stable/samba-3.0.27.tar.ascSignature/a/li /ul h4Historical/h4 Modified: trunk/history/header_history.html === --- trunk/history/header_history.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/history/header_history.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -77,6 +77,10 @@ div class=notes h6Release Notes/h6 ul +lia href=samba-3.0.27.htmlsamba-3.0.27/a/li +lia href=samba-3.0.26a.htmlsamba-3.0.26a/a/li +lia href=samba-3.0.26.htmlsamba-3.0.26/a/li +lia href=samba-3.0.25c.htmlsamba-3.0.25c/a/li lia href=samba-3.0.25b.htmlsamba-3.0.25b/a/li lia href=samba-3.0.25a.htmlsamba-3.0.25a/a/li lia href=samba-3.0.25.htmlsamba-3.0.25/a/li Added: trunk/history/samba-3.0.27.html === --- trunk/history/samba-3.0.27.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/history/samba-3.0.27.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -0,0 +1,54 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 3.0.27 Available for Download/H2 + +p +pre + == + Release Notes for Samba 3.0.27 +Nov 15, 2007 + == + +Samba 3.0.27 is a security release in order to address the following +defects: + + o CVS-2007-4572 +Stack buffer overflow in nmbd's logon request processing. + + o CVE-2007-5398 +Remote code execution in Samba's WINS server daemon (nmbd) +when processing name registration followed name query requests. + +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ + +## +Changes +### + +Changes since 3.0.26a +- + +o Jeremy Allison [EMAIL PROTECTED] +* Fix for CVS-2007-4572. +* Fix for CVE-2007-5398. + + +o Simo Sorce [EMAIL PROTECTED] +* Additional fixes for CVS-2007-4572. +/pre + +pPlease refer to the original a href=/samba/history/samba-3.0.26a.htmlSamba +3.0.26a Release Notes/a for more details regarding changes in +previous releases./p +/body +/html + Property changes on: trunk/history/samba-3.0.27.html ___ Name: svn:executable + * Modified: trunk/history/security.html === --- trunk/history/security.html 2007-09-29 04:26:39 UTC (rev 1149) +++ trunk/history/security.html 2007-11-15 14:05:56 UTC (rev 1150) @@ -22,6 +22,24 @@ /tr tr +td15 Nov 2007/td +tda href=/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patchpatch for Samba 3.0.26a/a/td +tdRemote Code Execution in Samba's nmbd/td +tdSamba 3.0.0 - 3.0.26a/td +tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4398;CVE-2007-5398/a/td +tda href=/samba/security/CVE-2007-5398.htmlAnnouncement/a/td +/tr + +tr +td15 Nov 2007/td +tda href=/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patchpatch for Samba 3.0.26a/a/td +tdGETDC mailslot processing buffer overrun in nmbd/td +tdSamba 3.0.0 - 3.0.26a/td +tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138;CVE-2007-4572/a/td +tda href=/samba/security/CVE-2007-4572.htmlAnnouncement/a/td +/tr + +tr td11 Sep 2007/td tda
svn commit: samba r25971 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-11-15 14:55:48 + (Thu, 15 Nov 2007) New Revision: 25971 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25971 Log: libreplace: remove AC_EXTENSION_FLAG as it's the same as AC_N_DEFINE metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2007-11-15 14:46:47 UTC (rev 25970) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2007-11-15 14:55:48 UTC (rev 25971) @@ -48,8 +48,8 @@ AC_PROG_INSTALL AC_ISC_POSIX -AC_EXTENSION_FLAG(_XOPEN_SOURCE_EXTENDED) -AC_EXTENSION_FLAG(_OSF_SOURCE) +AC_N_DEFINE(_XOPEN_SOURCE_EXTENDED) +AC_N_DEFINE(_OSF_SOURCE) AC_SYS_LARGEFILE Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 2007-11-15 14:46:47 UTC (rev 25970) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 2007-11-15 14:55:48 UTC (rev 25971) @@ -87,19 +87,6 @@ rm -f conftest* ])]) -AC_DEFUN([AC_EXTENSION_FLAG], -[ - cat confdefs.h \EOF -#ifndef $1 -# define $1 1 -#endif -EOF -AH_VERBATIM([$1], [#ifndef $1 -# define $1 1 -#endif]) -]) - - dnl see if a declaration exists for a function or variable dnl defines HAVE_function_DECL if it exists dnl AC_HAVE_DECL(var, includes)
svn commit: samba r25974 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-11-15 15:43:14 + (Thu, 15 Nov 2007) New Revision: 25974 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25974 Log: libreplace: see what the build-farm says if we use _XOPEN_SOURCE=600 On Tru64 this brings in socklen_t and some other socket stuff metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2007-11-15 15:41:03 UTC (rev 25973) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2007-11-15 15:43:14 UTC (rev 25974) @@ -49,6 +49,7 @@ AC_ISC_POSIX AC_N_DEFINE(_XOPEN_SOURCE_EXTENDED) +AC_N_DEFINE(_XOPEN_SOURCE,600) AC_N_DEFINE(_OSF_SOURCE) AC_SYS_LARGEFILE
svn commit: samba r25975 - in branches/SAMBA_4_0/source/build/smb_build: .
Author: metze Date: 2007-11-15 15:44:17 + (Thu, 15 Nov 2007) New Revision: 25975 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25975 Log: build: split SharedModule from SharedLibrary metze Modified: branches/SAMBA_4_0/source/build/smb_build/main.pl branches/SAMBA_4_0/source/build/smb_build/makefile.pm Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/main.pl === --- branches/SAMBA_4_0/source/build/smb_build/main.pl 2007-11-15 15:43:14 UTC (rev 25974) +++ branches/SAMBA_4_0/source/build/smb_build/main.pl 2007-11-15 15:44:17 UTC (rev 25975) @@ -60,12 +60,15 @@ $mkenv-StaticLibrary($key) if grep(/STATIC_LIBRARY/, @{$key-{OUTPUT_TYPE}}); $mkenv-PkgConfig($key, $OUTPUT) if $key-{TYPE} eq LIBRARY and defined($key-{VERSION}); - $mkenv-SharedLibrary($key) if grep(/SHARED_LIBRARY/, @{$key-{OUTPUT_TYPE}}); + $mkenv-SharedLibrary($key) if $key-{TYPE} eq LIBRARY and + grep(/SHARED_LIBRARY/, @{$key-{OUTPUT_TYPE}}); + $mkenv-SharedModule($key) if $key-{TYPE} eq MODULE and + grep(/SHARED_LIBRARY/, @{$key-{OUTPUT_TYPE}}); $mkenv-Binary($key) if grep(/BINARY/, @{$key-{OUTPUT_TYPE}}); $mkenv-Manpage($key) if defined($key-{MANPAGE}); $mkenv-Header($key) if defined($key-{PUBLIC_HEADERS}); $mkenv-ProtoHeader($key) if defined($key-{PRIVATE_PROTO_HEADER}) or - defined($key-{PUBLIC_PROTO_HEADER}); +defined($key-{PUBLIC_PROTO_HEADER}); } $mkenv-write(Makefile); Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm === --- branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2007-11-15 15:43:14 UTC (rev 25974) +++ branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2007-11-15 15:44:17 UTC (rev 25975) @@ -295,57 +295,44 @@ $self-_prepare_list($ctx, LINK_FLAGS); } -sub SharedLibrary($$) +sub SharedModule($$) { my ($self,$ctx) = @_; my $init_obj = ; - my $has_static_lib = 0; - if ($ctx-{TYPE} eq LIBRARY) { - push (@{$self-{shared_libs}}, $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME}) if (defined($ctx-{SO_VERSION})); - push (@{$self-{installable_shared_libs}}, $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME}) if (defined($ctx-{SO_VERSION})); - } elsif ($ctx-{TYPE} eq MODULE) { - my $sane_subsystem = lc($ctx-{SUBSYSTEM}); - $sane_subsystem =~ s/^lib//; + my $sane_subsystem = lc($ctx-{SUBSYSTEM}); + $sane_subsystem =~ s/^lib//; - push (@{$self-{shared_modules}}, $ctx-{TARGET_SHARED_LIBRARY}); - push (@{$self-{plugins}}, $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME}); + push (@{$self-{shared_modules}}, $ctx-{TARGET_SHARED_LIBRARY}); + push (@{$self-{plugins}}, $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME}); - $self-{install_plugins} .= [EMAIL PROTECTED] Installing $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME} as \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$ctx-{LIBRARY_REALNAME}\n; - $self-{install_plugins} .= [EMAIL PROTECTED] -p \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/\n; - $self-{install_plugins} .= [EMAIL PROTECTED] $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME} \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$ctx-{LIBRARY_REALNAME}\n; - $self-{uninstall_plugins} .= [EMAIL PROTECTED] Uninstalling \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$ctx-{LIBRARY_REALNAME}\n; - $self-{uninstall_plugins} .= [EMAIL PROTECTED] \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$ctx-{LIBRARY_REALNAME}\n; - if (defined($ctx-{ALIASES})) { - foreach (@{$ctx-{ALIASES}}) { - $self-{install_plugins} .= [EMAIL PROTECTED] -f \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$_.\$(SHLIBEXT)\n; - $self-{install_plugins} .= [EMAIL PROTECTED] -fs $ctx-{LIBRARY_REALNAME} \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$_.\$(SHLIBEXT)\n; - $self-{uninstall_plugins} .= [EMAIL PROTECTED] \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$_.\$(SHLIBEXT)\n; - } + $self-{install_plugins} .= [EMAIL PROTECTED] Installing $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME} as \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$ctx-{LIBRARY_REALNAME}\n; + $self-{install_plugins} .= [EMAIL PROTECTED] -p \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/\n; + $self-{install_plugins} .= [EMAIL PROTECTED] $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME} \$(DESTDIR)\$(MODULESDIR)/$sane_subsystem/$ctx-{LIBRARY_REALNAME}\n; + $self-{uninstall_plugins} .=
svn commit: samba r25970 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-11-15 14:46:47 + (Thu, 15 Nov 2007) New Revision: 25970 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25970 Log: libreplace: fix AC_N_DEFINE() so that some appears in config.h metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 2007-11-15 13:16:31 UTC (rev 25969) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_macros.m4 2007-11-15 14:46:47 UTC (rev 25970) @@ -248,11 +248,18 @@ dnl Define an AC_DEFINE with ifndef guard. dnl AC_N_DEFINE(VARIABLE [, VALUE]) -define(AC_N_DEFINE, -[cat confdefs.h \EOF -[#ifndef] $1 -[#define] $1 ifelse($#, 2, [$2], $#, 3, [$2], 1) -[#endif] +AC_DEFUN([AC_N_DEFINE], +[ +AH_VERBATIM([$1], [ +#ifndef $1 +# undef $1 +#endif +]) + + cat confdefs.h \EOF +#ifndef $1 +[#define] $1 m4_if($#, 1, 1, [$2]) +#endif EOF ])
[SCM] Samba Shared Repository - annotated tag release-3-0-27 created - release-3-0-27
The annotated tag, release-3-0-27 has been created at 14bc8cc3b779c5ed54798b5dae4157dfaa8e6a89 (tag) tagging 6d9de2b0b3fb102762d8e17b4398e9d2d4e6bd65 (commit) replaces release-3-0-26a tagged by Gerald (Jerry) Carter on Wed Nov 14 21:39:26 2007 -0600 - Log - Tagging 3.0.27 release. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBHO798IR7qMdg1EfYRAutKAJ9iHsfozHGiCB5cPYbkXFQUNNl2FwCgoQLu 8G7JgY5okbVnRfH6RUhyYEU= =ariO -END PGP SIGNATURE- Gerald (Jerry) Carter (3): Fix for CVE-2007-5398. Fix for CVE-2007-4572 Update release notes for 3.0.27 --- -- Samba Shared Repository
svn commit: samba r25977 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-11-15 16:44:28 + (Thu, 15 Nov 2007) New Revision: 25977 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25977 Log: libreplace: add AC_LIBREPLACE_MDLD and AC_LIBREPLACE_MDLD_FLAGS macros They define the linker and link flags for building shared modules metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 2007-11-15 16:40:32 UTC (rev 25976) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 2007-11-15 16:44:28 UTC (rev 25977) @@ -180,3 +180,53 @@ ;; esac ]) + +AC_DEFUN([AC_LIBREPLACE_MDLD], +[ + MDLD=${CC} + + case $host_os in + *irix*) + MDLD=${PROG_LD} + ;; + esac + + AC_SUBST(MDLD) +]) + +AC_DEFUN([AC_LIBREPLACE_MDLD_FLAGS], +[ + MDLD_FLAGS=-shared + + case $host_os in + *linux*) + MDLD_FLAGS=-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined + ;; + *solaris*) + MDLD_FLAGS=-G + if test ${GCC} = no; then + ## ${CFLAGS} added for building 64-bit shared + ## libs using Sun's Compiler + NDLD_FLAGS=-G \${CFLAGS} + fi + ;; + *sunos*) + MDLD_FLAGS=-G + ;; + *aix*) + MDLD_FLAGS=-Wl,-G,-bexpall,-bbigtoc + ;; + *hpux*) + if test ${GCC} = yes; then + MDLD_FLAGS=-shared + else + MDLD_FLAGS=-b + fi + ;; + *darwin*) + MDLD_FLAGS=-bundle -flat_namespace -undefined suppress -Wl,-search_paths_first + ;; + esac + + AC_SUBST(MDLD_FLAGS) +])
svn commit: samba r25978 - in branches/SAMBA_4_0/source/build: m4 smb_build
Author: metze Date: 2007-11-15 16:46:57 + (Thu, 15 Nov 2007) New Revision: 25978 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25978 Log: build: use AC_LIBREPLACE_MDLD_* macros and use the result to build modules metze Modified: branches/SAMBA_4_0/source/build/m4/check_ld.m4 branches/SAMBA_4_0/source/build/smb_build/makefile.pm Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_ld.m4 === --- branches/SAMBA_4_0/source/build/m4/check_ld.m4 2007-11-15 16:44:28 UTC (rev 25977) +++ branches/SAMBA_4_0/source/build/m4/check_ld.m4 2007-11-15 16:46:57 UTC (rev 25978) @@ -115,6 +115,8 @@ AC_LD_SHLDFLAGS AC_LD_SHLIBEXT AC_LD_SONAMEFLAG +AC_LIBREPLACE_MDLD +AC_LIBREPLACE_MDLD_FLAGS ### # test whether building a shared library actually works @@ -125,6 +127,11 @@ AC_MSG_CHECKING([SHLD_FLAGS]) AC_MSG_RESULT([$SHLD_FLAGS]) + AC_MSG_CHECKING([MDLD]) + AC_MSG_RESULT([$MDLD]) + AC_MSG_CHECKING([MDLD_FLAGS]) + AC_MSG_RESULT([$MDLD_FLAGS]) + AC_MSG_CHECKING([SHLIBEXT]) AC_MSG_RESULT([$SHLIBEXT]) AC_MSG_CHECKING([SONAMEFLAG]) @@ -137,12 +144,22 @@ [ac_cv_shlib_works],[ ac_cv_shlib_works=no # try building a trivial shared library + # TODO: also test SONAMEFLAG ${CC} ${CFLAGS} ${PICFLAG} -c ${srcdir-.}/build/tests/shlib.c -o shlib.o ${SHLD} ${SHLD_FLAGS} -o shlib.${SHLIBEXT} shlib.o ac_cv_shlib_works=yes rm -f shlib.${SHLIBEXT} shlib.o ]) - if test $ac_cv_shlib_works = no; then + AC_CACHE_CHECK([whether building shared modules actually works], + [ac_cv_shmod_works],[ + ac_cv_shmod_works=no + # try building a trivial shared library + ${CC} ${CFLAGS} ${PICFLAG} -c ${srcdir-.}/build/tests/shlib.c -o shlib.o + ${MDLD} ${MDLD_FLAGS} -o shlib.${SHLIBEXT} shlib.o + ac_cv_shmod_works=yes + rm -f shlib.${SHLIBEXT} shlib.o + ]) + if test $ac_cv_shlib_works = no -o $ac_cv_shmod_works = no; then BLDSHARED=false fi fi @@ -150,6 +167,8 @@ if test $BLDSHARED != true; then SHLD=shared-libraries-disabled SHLD_FLAGS=shared-libraries-disabled + MDLD=shared-modules-disabled + MDLD_FLAGS=shared-modules-disabled SHLIBEXT=shared_libraries_disabled SONAMEFLAG=shared-libraries-disabled PICFLAG= @@ -158,6 +177,11 @@ AC_MSG_CHECKING([SHLD_FLAGS]) AC_MSG_RESULT([$SHLD_FLAGS]) + AC_MSG_CHECKING([MDLD]) + AC_MSG_RESULT([$MDLD]) + AC_MSG_CHECKING([MDLD_FLAGS]) + AC_MSG_RESULT([$MDLD_FLAGS]) + AC_MSG_CHECKING([SHLIBEXT]) AC_MSG_RESULT([$SHLIBEXT]) AC_MSG_CHECKING([SONAMEFLAG]) Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm === --- branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2007-11-15 16:44:28 UTC (rev 25977) +++ branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2007-11-15 16:46:57 UTC (rev 25978) @@ -204,7 +204,10 @@ SHLD=$self-{config}-{SHLD} SHLD_FLAGS=$self-{config}-{SHLD_FLAGS} -L\$(builddir)/bin/shared -SHLD_UNDEF_FLAGS=$self-{config}-{SHLD_UNDEF_FLAGS} + +MDLD=$self-{config}-{MDLD} +MDLD_FLAGS=$self-{config}-{MDLD_FLAGS} -L\$(builddir)/bin/shared + SHLIBEXT=$self-{config}-{SHLIBEXT} XSLTPROC=$self-{config}-{XSLTPROC} @@ -355,9 +358,9 @@ $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME}: \$($ctx-{TYPE}_$ctx-{NAME}_DEPEND_LIST) \$($ctx-{TYPE}_$ctx-{NAME}_FULL_OBJ_LIST) $init_obj [EMAIL PROTECTED] Linking \$\@ [EMAIL PROTECTED] -p $ctx-{SHAREDDIR} - [EMAIL PROTECTED](SHLD) \$(SHLD_FLAGS) -o \$\@ \$(INSTALL_LINK_FLAGS) \\ + [EMAIL PROTECTED](MDLD) \$(MDLD_FLAGS) -o \$\@ \$(INSTALL_LINK_FLAGS) \\ \$($ctx-{TYPE}_$ctx-{NAME}\_FULL_OBJ_LIST) $init_obj \\ - \$($ctx-{TYPE}_$ctx-{NAME}_LINK_FLAGS) \$(SHLD_UNDEF_FLAGS) + \$($ctx-{TYPE}_$ctx-{NAME}_LINK_FLAGS) __EOD__ );
svn commit: samba-web r1152 - in trunk: devel history
Author: deryck Date: 2007-11-15 16:53:51 + (Thu, 15 Nov 2007) New Revision: 1152 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1152 Log: Update latest release links. Modified: trunk/devel/index.html trunk/history/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2007-11-15 16:50:36 UTC (rev 1151) +++ trunk/devel/index.html 2007-11-15 16:53:51 UTC (rev 1152) @@ -14,8 +14,8 @@ pAs of 4 April 2004, the Samba Team converted from CVS to Subversion for maintaining the Samba source code. All current development is done in a Subversion repository. All older code is in the original CVS tree; this would include 2.2.x versions of Samba, which are no longer in active development./p -pThe latest production release is emSamba 3.0.25c/em (a -href=/samba/history/samba-3.0.25c.htmlrelease notes/a and a +pThe latest production release is emSamba 3.0.27/em (a +href=/samba/history/samba-3.0.27.htmlrelease notes/a and a href=/samba/download/download/a)./p pWith the release of version 3 of the GPL, the Samba Team has decided to Modified: trunk/history/index.html === --- trunk/history/index.html2007-11-15 16:50:36 UTC (rev 1151) +++ trunk/history/index.html2007-11-15 16:53:51 UTC (rev 1152) @@ -6,8 +6,8 @@ div class=latest ul - liLatest Release mdash; a href=/samba/#latestSamba 3.0.25c/a/li - liCurrent Stable Release mdash; a href=/samba/#latestSamba 3.0.25c/a/li + liLatest Release mdash; a href=/samba/#latestSamba 3.0.27/a/li + liCurrent Stable Release mdash; a href=/samba/#latestSamba 3.0.27/a/li !-- Second link will point to #stable on this page when current release is a development release -- /ul /div
[SCM] Samba Shared Repository - branch v3-0-test updated - initial-v3-0-unstable-20-g14ecfec
The branch, v3-0-test has been updated via 14ecfecbdf3e631f87d83337e06060724deb7756 (commit) via 63918ac0f0a3767237210182f0f35840db87242c (commit) via 96e61fb89caa9e9d500c3006b83299a7938d0af7 (commit) via 99eea67a5a1114e499ece00f8b68ccbf2ec4ae75 (commit) via a7c6fe1e3cb4d66a48f43a49fe31778adace2332 (commit) from 1cdf89a02af6e7a2deed3f59519af97c10dbdaa3 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 14ecfecbdf3e631f87d83337e06060724deb7756 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Thu Nov 15 10:51:37 2007 -0600 Set release to 3.0.27a in development branch commit 63918ac0f0a3767237210182f0f35840db87242c Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Thu Nov 15 10:51:23 2007 -0600 Pull in release notes from 3.0.27 to the v3-0 development branch commit 96e61fb89caa9e9d500c3006b83299a7938d0af7 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Thu Nov 15 10:48:13 2007 -0600 Set version to 3.0.27a commit 99eea67a5a1114e499ece00f8b68ccbf2ec4ae75 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Wed Nov 14 20:54:44 2007 -0600 Fix for CVE-2007-4572 == Subject: Stack buffer overflow in nmbd's logon == request processing. == == CVE ID#: CVE-2007-4572 == == Versions:Samba 3.0.0 - 3.0.26a (inclusive) ... Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller. commit a7c6fe1e3cb4d66a48f43a49fe31778adace2332 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Wed Nov 14 20:51:14 2007 -0600 Fix for CVE-2007-5398. == Subject: Remote code execution in Samba's WINS == server daemon (nmbd) when processing name == registration followed name query requests. == == CVE ID#: CVE-2007-5398 == == Versions:Samba 3.0.0 - 3.0.26a (inclusive) ... Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the wins support parameter has been enabled in smb.conf. --- Summary of changes: WHATSNEW.txt| 265 +++ source/VERSION |4 +- source/lib/charcnv.c|4 +- source/libsmb/ntlmssp_parse.c |3 +- source/nmbd/nmbd_packets.c |6 + source/nmbd/nmbd_processlogon.c | 89 +++-- source/smbd/lanman.c|2 +- 7 files changed, 354 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5868036..d208c07 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,268 @@ + == + Release Notes for Samba 3.0.27 +Nov 15, 2007 + == + +Samba 3.0.27 is a security release in order to address the following +defects: + + o CVS-2007-4572 +Stack buffer overflow in nmbd's logon request processing. + + o CVE-2007-5398 +Remote code execution in Samba's WINS server daemon (nmbd) +when processing name registration followed name query requests. + +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ + +## +Changes +### + +Changes since 3.0.26a +- + +o Jeremy Allison [EMAIL PROTECTED] +* Fix for CVS-2007-4572. +* Fix for CVE-2007-5398. + + +o Simo Sorce [EMAIL PROTECTED] +* Additional fixes for CVS-2007-4572. + + +Release notes for older releases follow: + + -- + === + Release Notes for Samba 3.0.26a + Sep 11, 2007 + === + +Major bug fixes included in Samba 3.0.26a are: + + o Memory leaks in Winbind's IDMap manager. + + +## +Changes +### + +Changes since 3.0.26 + + +o Michael Adam [EMAIL PROTECTED] +* Fix read_sock() semantics in wb_common.c to address invalid + request size errors in winbindd logs. +* Fix use of pwrite() in tdb IO code paths. + + +o Jeremy Allison [EMAIL PROTECTED] +* Fix logic error in timeout of blocking lock processing. + + +o Guenther Deschner [EMAIL PROTECTED] +* Fix error code in the msrpc EnumerateDomainGroups()
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-318-ge40c372
The branch, v3-2-test has been updated via e40c372e0ddf631dd9162c1fdfaaa49c29915f23 (commit) from 242fc0099cc81877d8e9630b46dfb8d4a3265d94 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit e40c372e0ddf631dd9162c1fdfaaa49c29915f23 Author: Gerald (Jerry) Carter [EMAIL PROTECTED] Date: Wed Nov 14 20:51:14 2007 -0600 Fix for CVE-2007-5398. == Subject: Remote code execution in Samba's WINS == server daemon (nmbd) when processing name == registration followed name query requests. == == CVE ID#: CVE-2007-5398 == == Versions:Samba 3.0.0 - 3.0.26a (inclusive) ... Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the wins support parameter has been enabled in smb.conf. --- Summary of changes: source/nmbd/nmbd_packets.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c index d49c8ba..b78ab5b 100644 --- a/source/nmbd/nmbd_packets.c +++ b/source/nmbd/nmbd_packets.c @@ -970,6 +970,12 @@ for id %hu\n, packet_type, nmb_namestr(orig_nmb-question.question_name), nmb-answers-ttl = ttl; if (data len) { + if (len 0 || len sizeof(nmb-answers-rdata)) { + DEBUG(5,(reply_netbios_packet: + invalid packet len (%d)\n, + len )); + return; + } nmb-answers-rdlength = len; memcpy(nmb-answers-rdata, data, len); } -- Samba Shared Repository
svn commit: samba r25973 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: metze Date: 2007-11-15 15:41:03 + (Thu, 15 Nov 2007) New Revision: 25973 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25973 Log: talloc: fix usage of SONAMEFLAG metze Modified: branches/SAMBA_4_0/source/lib/talloc/Makefile.in Changeset: Modified: branches/SAMBA_4_0/source/lib/talloc/Makefile.in === --- branches/SAMBA_4_0/source/lib/talloc/Makefile.in2007-11-15 15:40:39 UTC (rev 25972) +++ branches/SAMBA_4_0/source/lib/talloc/Makefile.in2007-11-15 15:41:03 UTC (rev 25973) @@ -18,7 +18,6 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ SHLIBEXT = @SHLIBEXT@ SHLD_FLAGS = @SHLD_FLAGS@ -SONAMEFLAG = @SONAMEFLAG@ .SUFFIXES: .c .o .3 .3.xml .xml .html @@ -45,7 +44,7 @@ @-ranlib $@ $(SOLIB): $(LIBOBJ) - $(CC) $(SHLD_FLAGS) -o $@ $(LIBOBJ) $(SONAMEFLAG)$(SONAME) + $(CC) $(SHLD_FLAGS) -o $@ $(LIBOBJ) @[EMAIL PROTECTED](SONAME) install: all ${INSTALLCMD} -d $(DESTDIR)$(libdir)
svn commit: samba r25976 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-11-15 16:40:32 + (Thu, 15 Nov 2007) New Revision: 25976 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25976 Log: libreplace: not all platforms like _XOPEN_SOURCE=600 - Only use _XOPEN_SOURCE=600 on Tru64 - _OSF_SOURCE is also Tru64 specific metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2007-11-15 15:44:17 UTC (rev 25975) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2007-11-15 16:40:32 UTC (rev 25976) @@ -49,8 +49,6 @@ AC_ISC_POSIX AC_N_DEFINE(_XOPEN_SOURCE_EXTENDED) -AC_N_DEFINE(_XOPEN_SOURCE,600) -AC_N_DEFINE(_OSF_SOURCE) AC_SYS_LARGEFILE @@ -78,6 +76,11 @@ CFLAGS=$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000 fi ;; + *osf*) + # this brings in socklen_t + AC_N_DEFINE(_XOPEN_SOURCE,600) + AC_N_DEFINE(_OSF_SOURCE) + ;; # # VOS may need to have POSIX support and System V compatibility enabled. #
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-319-gb3ed3f7
The branch, v3-2-test has been updated via b3ed3f7e4e40c4f78d4c347411c75de81979455f (commit) from e40c372e0ddf631dd9162c1fdfaaa49c29915f23 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b3ed3f7e4e40c4f78d4c347411c75de81979455f Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 15 13:18:42 2007 -0800 alpha_strcpy includes the space for the terminating nul. Jeremy. --- Summary of changes: source/lib/substitute.c |9 ++--- 1 files changed, 6 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/substitute.c b/source/lib/substitute.c index ce88a78..db79a9f 100644 --- a/source/lib/substitute.c +++ b/source/lib/substitute.c @@ -72,8 +72,9 @@ bool set_local_machine_name(const char *local_name, bool perm) SAFE_FREE(tmp_local_machine); return false; } + /* alpha_strcpy includes the space for the terminating nul. */ alpha_strcpy(local_machine,tmp_local_machine, - SAFE_NETBIOS_CHARS,len); + SAFE_NETBIOS_CHARS,len+1); strlower_m(local_machine); SAFE_FREE(tmp_local_machine); @@ -123,8 +124,9 @@ bool set_remote_machine_name(const char *remote_name, bool perm) return false; } + /* alpha_strcpy includes the space for the terminating nul. */ alpha_strcpy(remote_machine,tmp_remote_machine, - SAFE_NETBIOS_CHARS,len); + SAFE_NETBIOS_CHARS,len+1); strlower_m(remote_machine); SAFE_FREE(tmp_remote_machine); @@ -185,9 +187,10 @@ void sub_set_smb_name(const char *name) return; } + /* alpha_strcpy includes the space for the terminating nul. */ alpha_strcpy(smb_user_name, tmp, SAFE_NETBIOS_CHARS, - len); + len+1); SAFE_FREE(tmp); -- Samba Shared Repository
svn commit: samba r25972 - in branches/SAMBA_4_0/source/lib/tdb: .
Author: metze Date: 2007-11-15 15:40:39 + (Thu, 15 Nov 2007) New Revision: 25972 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25972 Log: tdb: fix usage of SONAMEFLAG metze Modified: branches/SAMBA_4_0/source/lib/tdb/Makefile.in Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/Makefile.in === --- branches/SAMBA_4_0/source/lib/tdb/Makefile.in 2007-11-15 14:55:48 UTC (rev 25971) +++ branches/SAMBA_4_0/source/lib/tdb/Makefile.in 2007-11-15 15:40:39 UTC (rev 25972) @@ -19,7 +19,6 @@ SHLD_FLAGS = @SHLD_FLAGS@ PACKAGE_VERSION = @PACKAGE_VERSION@ PICFLAG = @PICFLAG@ -SONAMEFLAG = @SONAMEFLAG@ SHLIBEXT = @SHLIBEXT@ .PHONY: test @@ -67,14 +66,14 @@ libtdb.a: $(TDB_OBJ) ar -rv libtdb.a $(TDB_OBJ) -libtdb.(SHLIBEXT): $(SOLIB) +libtdb.$(SHLIBEXT): $(SOLIB) ln -s $ $@ $(SONAME): $(SOLIB) ln -s $ $@ $(SOLIB): $(TDB_OBJ) - $(CC) $(SHLD_FLAGS) -o $@ $(TDB_OBJ) $(SONAMEFLAG)$(SONAME) + $(CC) $(SHLD_FLAGS) -o $@ $(TDB_OBJ) @[EMAIL PROTECTED](SONAME) TDB_LIB = libtdb.a
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-320-g1ea3ac8
The branch, v3-2-test has been updated via 1ea3ac80146b83c2522b69e7747c823366a2b47d (commit) from b3ed3f7e4e40c4f78d4c347411c75de81979455f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 1ea3ac80146b83c2522b69e7747c823366a2b47d Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 15 14:19:52 2007 -0800 More pstring removal. This one was tricky. I had to add one horror (pstring_clean_name()) which will have to remain until I've removed all pstrings from the client code. Jeremy. --- Summary of changes: source/client/client.c| 16 ++- source/client/clitar.c|2 +- source/client/smbctool.c | 11 +- source/include/debug.h|1 - source/lib/afs.c | 18 ++- source/lib/debug.c| 105 ++-- source/lib/fault.c| 29 +++-- source/lib/popt_common.c | 26 +++-- source/lib/readline.c | 13 ++- source/lib/smbldap_util.c | 93 +- source/lib/sysquotas.c| 44 --- source/lib/util.c | 204 +-- source/lib/util_file.c|4 +- source/lib/util_unistr.c | 52 +++-- source/libsmb/clidfs.c|8 +- source/nmbd/nmbd.c|2 + source/param/loadparm.c |2 +- source/printing/nt_printing.c | 246 - source/rpc_server/srv_srvsvc_nt.c | 21 ++-- source/rpc_server/srv_winreg_nt.c | 27 ++-- source/smbd/server.c |5 +- source/utils/smbcacls.c |3 +- source/web/swat.c |3 + source/winbindd/winbindd.c|4 +- 24 files changed, 623 insertions(+), 316 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/client.c b/source/client/client.c index 94dc52d..1c54b2d 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -283,7 +283,7 @@ static int do_cd(char *newdir) } } - clean_name(cur_dir); + pstring_clean_name(cur_dir); pstrcpy( dname, cur_dir ); if ( !cli_resolve_path( , cli, dname, targetcli, targetpath ) ) { @@ -313,7 +313,7 @@ static int do_cd(char *newdir) } } else { pstrcat( targetpath, CLI_DIRSEP_STR ); - clean_name( targetpath ); + pstring_clean_name( targetpath ); if ( !cli_chkpath(targetcli, targetpath) ) { d_printf(cd %s: %s\n, dname, cli_errstr(targetcli)); @@ -953,7 +953,7 @@ static int cmd_get(void) return 1; } pstrcpy(lname,p); - clean_name(rname); + pstring_clean_name(rname); next_token_nr(NULL,lname,NULL,sizeof(lname)); @@ -1054,7 +1054,7 @@ static int cmd_more(void) unlink(lname); return 1; } - clean_name(rname); + pstring_clean_name(rname); rc = do_get(rname, lname, False); @@ -1393,7 +1393,7 @@ static int cmd_put(void) else pstrcat(rname,lname); - clean_name(rname); + pstring_clean_name(rname); { SMB_STRUCT_STAT st; @@ -2949,7 +2949,7 @@ static int cmd_reget(void) return 1; } pstrcpy(local_name, p); - clean_name(remote_name); + pstring_clean_name(remote_name); next_token_nr(NULL, local_name, NULL, sizeof(local_name)); @@ -2987,7 +2987,7 @@ static int cmd_reput(void) else pstrcat(remote_name, local_name); - clean_name(remote_name); + pstring_clean_name(remote_name); return do_put(remote_name, local_name, True); } @@ -3960,6 +3960,7 @@ static int do_message_op(void) POPT_COMMON_CREDENTIALS POPT_TABLEEND }; + TALLOC_CTX *frame = talloc_stackframe(); load_case_tables(); @@ -4205,5 +4206,6 @@ static int do_message_op(void) } talloc_destroy( ctx); + talloc_destroy(frame); return rc; } diff --git a/source/client/clitar.c b/source/client/clitar.c index 0c82017..4ce92c6 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -651,7 +651,7 @@ static void do_atar(char *rname,char *lname,file_info *finfo1) fnum = cli_open(cli, rname, O_RDONLY, DENY_NONE); - clean_name(rname); + pstring_clean_name(rname); if (fnum == -1) { DEBUG(0,(%s opening remote file %s (%s)\n, diff --git a/source/client/smbctool.c b/source/client/smbctool.c index e7ac802..b563a33 100644 --- a/source/client/smbctool.c +++
svn commit: samba r25980 - in branches/4.0-python: . source/build/m4 source/build/smb_build source/dsdb/samdb source/ldap_server source/lib source/lib/ldb source/lib/ldb/common source/lib/ldb/ldb_tdb
Author: jelmer Date: 2007-11-15 23:40:46 + (Thu, 15 Nov 2007) New Revision: 25980 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25980 Log: Merge upstream. Modified: branches/4.0-python/ branches/4.0-python/source/build/m4/check_ld.m4 branches/4.0-python/source/build/smb_build/main.pl branches/4.0-python/source/build/smb_build/makefile.pm branches/4.0-python/source/dsdb/samdb/cracknames.c branches/4.0-python/source/ldap_server/ldap_backend.c branches/4.0-python/source/lib/gendb.c branches/4.0-python/source/lib/ldb/Makefile.in branches/4.0-python/source/lib/ldb/common/ldb_modules.c branches/4.0-python/source/lib/ldb/ldb_tdb/ldb_cache.c branches/4.0-python/source/lib/ldb/ldb_tdb/ldb_search.c branches/4.0-python/source/lib/ldb/ldb_tdb/ldb_tdb.h branches/4.0-python/source/lib/ldb/tests/python/ldap.py branches/4.0-python/source/lib/replace/libreplace_cc.m4 branches/4.0-python/source/lib/replace/libreplace_ld.m4 branches/4.0-python/source/lib/replace/libreplace_macros.m4 branches/4.0-python/source/lib/talloc/Makefile.in branches/4.0-python/source/lib/tdb/Makefile.in branches/4.0-python/source/setup/provision_init.ldif branches/4.0-python/source/setup/provision_partitions.ldif Changeset: Sorry, the patch is too large (1280 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25980
svn commit: samba-web r1151 - in trunk: . style team
Author: deryck Date: 2007-11-15 16:50:36 + (Thu, 15 Nov 2007) New Revision: 1151 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1151 Log: Remove T-shirt, mugs, etc. promos from the site. Modified: trunk/header_columns.html trunk/header_wide.html trunk/index.html trunk/style/columns.css trunk/team/tshirt.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2007-11-15 14:05:56 UTC (rev 1150) +++ trunk/header_columns.html 2007-11-15 16:50:36 UTC (rev 1151) @@ -119,7 +119,6 @@ ul lia href=/samba/team/Samba Team/a/li lia href=/samba/donations.htmlDonations/a/li - lia href=/samba/team/tshirt.htmlT-shirts, etc/a/li lia href=/samba/contacts.htmlContacts For.../a/li /ul Modified: trunk/header_wide.html === --- trunk/header_wide.html 2007-11-15 14:05:56 UTC (rev 1150) +++ trunk/header_wide.html 2007-11-15 16:50:36 UTC (rev 1151) @@ -117,7 +117,6 @@ ul lia href=/samba/team/Samba Team/a/li lia href=/samba/donations.htmlDonations/a/li - lia href=/samba/team/tshirt.htmlT-shirts, etc/a/li lia href=/samba/contacts.htmlContacts For.../a/li /ul Modified: trunk/index.html === --- trunk/index.html2007-11-15 14:05:56 UTC (rev 1150) +++ trunk/index.html2007-11-15 16:50:36 UTC (rev 1151) @@ -62,13 +62,6 @@ a href=/samba/ftp/samba4/samba-4.0.0alpha1.tar.gzdownloaded now/a./p -div class=plugs - a href=/samba/team/tshirt.htmlimg src=/samba/images/t-small.jpg -alt=Samba t-shirt //a - - pa href=/samba/team/tshirt.htmlSamba T-shirts and mugs are available!/a/p -/div - div class=request phttp://samba.org/ is automatically redirected to one of our US mirrors. To change to a mirror closer to your location, choose a Modified: trunk/style/columns.css === --- trunk/style/columns.css 2007-11-15 14:05:56 UTC (rev 1150) +++ trunk/style/columns.css 2007-11-15 16:50:36 UTC (rev 1151) @@ -96,6 +96,8 @@ font-style:italic; } .request { + width:75%; + margin:65px auto 0 auto; font-style:italic; font-size:small; } Modified: trunk/team/tshirt.html === --- trunk/team/tshirt.html 2007-11-15 14:05:56 UTC (rev 1150) +++ trunk/team/tshirt.html 2007-11-15 16:50:36 UTC (rev 1151) @@ -2,140 +2,9 @@ titleT-shirts and other Samba gear/title !--#include virtual=/samba/header_wide.html -- -P -CENTER -A HREF=#shirtsshirts/A #183; -A HREF=#stickersstickers/A #183; -A HREF=#mugsmugs/A -/CENTER +h2Samba Team T-shirts and other Samba gear/h2 -P -HR WIDTH=50% +pWe no longer have any Samba Team gear available for +purchase./p -P -A NAME=shirts /A -H1 ALIGN=CENTERSamba T-Shirts!/H1 - -CENTER -TABLE BORDER=0 WIDTH=532 -TRTD -A HREF=http://www.ubiqx.org/sambashirts/;IMG -SRC=/samba/images/t-front.jpg -ALT=[JPG Image: Samba T-Shirt Front] -BORDER=0/ABR -/TDTD -A HREF=http://www.ubiqx.org/sambashirts/;IMG -SRC=/samba/images/t-back.jpg -ALT=[JPG Image: Samba T-Shirt Back] -BORDER=0/ABR -/TD/TR - -TRTD COLSPAN=2 ALIGN=CENTER -A HREF=http://www.ubiqx.org/sambashirts/;IMG - SRC=/samba/images/t-black.gif BORDER=0 - ALT=[GIF Image: Samba Logo on Black T-Shirt]/A - BR -/TD/TR - -TRTD COLSPAN=2 - -PSamba T-shirts are 100% cotton and have the IBsFONT -COLOR=BLUEa/FONTmbFONT COLOR=BLUEa/FONT/B/I logo on the front. -The back has the #34;Bopening windows to a wider world/B#34; slogan -and the IBsFONT COLOR=BLUEa/FONTmbFONT -COLOR=BLUEa/FONT/B/I website URL. They look pretty much like the -images above, and are available in: - -UL -LIMedium -LILarge -LIX-Large -LIXX-Large -LIXXX-Large -/UL - -PT-shirt prices, including shipping and handling, are (in USD): -UL -LI$16.00 within the United States for short sleeve -LI$18.00 to Canada or Mexico -LIOverseas (relative to the US) shipping rates vary by country. -/UL - -CENTER -FONT COLOR=BLUEBNote:/B The black T-shirts are also available in -long sleeve for $2.00US more./FONT -/CENTER - -P -HR WIDTH=50% - -P -A NAME=stickers /A -H1 ALIGN=CENTERSamba Stickers!/H1 -CENTER -A HREF=http://www.ubiqx.org/sambashirts/;IMG - SRC=/samba/images/small-sticker.gif BORDER=0 - ALT=[GIF Image: Samba oval auto sticker]/A -/CENTER - -PThe stickers are heavy vinyl, intended to last a long time on a car or -jet aircraft. They can also be stuck onto your laptop, bicycle seat, or -fishtank. They measure 9.5cm #215; 14.5cm (or about 3#190;#34; #215; -5#190;#34;), and they look a lot better than the image above. Ordering -information is available on A -HREF=http://www.ubiqx.org/sambashirts/;Aled amp; Amalia's upstairs -shirt
Build status as of Fri Nov 16 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-11-15 00:00:46.0 + +++ /home/build/master/cache/broken_results.txt 2007-11-16 00:00:39.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Nov 15 00:00:02 2007 +Build status as of Fri Nov 16 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ccache 29 10 0 ctdb 0 0 0 distcc 1 0 0 -ldb 29 12 0 +ldb 29 10 0 libreplace 28 11 0 lorikeet-heimdal 23 13 0 pidl 16 3 0 @@ -16,10 +16,10 @@ rsync29 15 0 samba-docs 0 0 0 samba-gtk2 2 0 -samba4 26 17 0 +samba4 26 19 0 samba_3_20 0 0 -samba_3_2_test 28 18 0 +samba_3_2_test 28 19 0 smb-build28 28 0 -talloc 29 11 0 -tdb 29 10 0 +talloc 29 10 0 +tdb 29 9 0
svn commit: samba-web r1153 - in trunk/history: .
Author: jerry Date: 2007-11-15 23:33:50 + (Thu, 15 Nov 2007) New Revision: 1153 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1153 Log: Fix typos in links to cvs.mitre.org for latest CVEs Modified: trunk/history/security.html Changeset: Modified: trunk/history/security.html === --- trunk/history/security.html 2007-11-15 16:53:51 UTC (rev 1152) +++ trunk/history/security.html 2007-11-15 23:33:50 UTC (rev 1153) @@ -26,7 +26,7 @@ tda href=/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patchpatch for Samba 3.0.26a/a/td tdRemote Code Execution in Samba's nmbd/td tdSamba 3.0.0 - 3.0.26a/td -tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4398;CVE-2007-5398/a/td +tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398;CVE-2007-5398/a/td tda href=/samba/security/CVE-2007-5398.htmlAnnouncement/a/td /tr @@ -35,7 +35,7 @@ tda href=/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patchpatch for Samba 3.0.26a/a/td tdGETDC mailslot processing buffer overrun in nmbd/td tdSamba 3.0.0 - 3.0.26a/td -tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138;CVE-2007-4572/a/td +tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572;CVE-2007-4572/a/td tda href=/samba/security/CVE-2007-4572.htmlAnnouncement/a/td /tr
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-322-g11bcdf7
The branch, v3-2-test has been updated via 11bcdf780e164659b89a66e24edc27e89da7619a (commit) via 4ab3b23a630e822e3fdf1ab4d08330625b0e4fb6 (commit) from 1ea3ac80146b83c2522b69e7747c823366a2b47d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 11bcdf780e164659b89a66e24edc27e89da7619a Author: Michael Adam [EMAIL PROTECTED] Date: Fri Nov 16 00:45:44 2007 +0100 Fix the build on RHEL5, when libcap-devel is installed. The /usr/include/sys/capability.h defines _LINUX_TYPES_H which prevents /usr/include/linux/types.h from being parsed (when included afterwards). Thus certain types are undefined that are for instance needed in /usr/include/linux/dqblk_xfs.h. This breaks the build of lib/sysquotas_xfs.c. This commit adds a configure check and a workaround for this. Michael commit 4ab3b23a630e822e3fdf1ab4d08330625b0e4fb6 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Nov 16 00:34:37 2007 +0100 Fix an implicit cast warning. Michael --- Summary of changes: source/configure.in| 12 source/lib/replace/system/capability.h |9 + source/smbd/password.c |2 +- 3 files changed, 22 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/configure.in b/source/configure.in index be2b262..d37e392 100644 --- a/source/configure.in +++ b/source/configure.in @@ -3242,6 +3242,18 @@ AC_TRY_COMPILE([ if test x$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS = xyes; then AC_DEFINE(BROKEN_REDHAT_7_SYSTEM_HEADERS,1,[Broken RedHat 7.2 system header files]) fi + +AC_CACHE_CHECK([for broken RHEL5 sys/capability.h],samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER,[ +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_CAPABILITY_H +#include sys/capability.h +#endif +#include linux/types.h +],[__s8 i;], + samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER=no,samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER=yes)]) +if test x$samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER = xyes; then + AC_DEFINE(BROKEN_RHEL5_SYS_CAP_HEADER,1,[Broken RHEL5 sys/capability.h]) +fi ;; esac diff --git a/source/lib/replace/system/capability.h b/source/lib/replace/system/capability.h index 4fe7c8d..b314237 100644 --- a/source/lib/replace/system/capability.h +++ b/source/lib/replace/system/capability.h @@ -32,8 +32,17 @@ #define BROKEN_REDHAT_7_STATFS_WORKAROUND #endif +#if defined(BROKEN_RHEL5_SYS_CAP_HEADER) !defined(_LINUX_TYPES_H) +#define BROKEN_RHEL5_SYS_CAP_HEADER_WORKAROUND +#endif + #include sys/capability.h +#ifdef BROKEN_RHEL5_SYS_CAP_HEADER_WORKAROUND +#undef _LINUX_TYPES_H +#undef BROKEN_RHEL5_SYS_CAP_HEADER_WORKAROUND +#endif + #ifdef BROKEN_REDHAT_7_STATFS_WORKAROUND #undef _I386_STATFS_H #undef BROKEN_REDHAT_7_STATFS_WORKAROUND diff --git a/source/smbd/password.c b/source/smbd/password.c index 80b5415..7bba458 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -684,7 +684,7 @@ static char *validate_group(char *group, DATA_BLOB password,int snum) } list_len++; - member_list = SMB_MALLOC(list_len); + member_list = (char *)SMB_MALLOC(list_len); if (!member_list) { endgrent(); return NULL; -- Samba Shared Repository
svn commit: samba r25979 - in branches/4.0-python: . source/build/smb_build source/cldap_server source/dsdb/samdb source/dsdb/samdb/ldb_modules source/dsdb/tests/python source/lib/ldb source/lib/ldb/s
Author: jelmer Date: 2007-11-15 23:40:36 + (Thu, 15 Nov 2007) New Revision: 25979 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25979 Log: Merge upstream. Added: branches/4.0-python/source/dsdb/samdb/ldb_modules/subtree_delete.c branches/4.0-python/testdata/samba3/provision_samba3sam_templates.ldif Modified: branches/4.0-python/ branches/4.0-python/source/build/smb_build/makefile.pm branches/4.0-python/source/cldap_server/cldap_server.c branches/4.0-python/source/cldap_server/netlogon.c branches/4.0-python/source/dsdb/samdb/ldb_modules/config.mk branches/4.0-python/source/dsdb/samdb/ldb_modules/linked_attributes.c branches/4.0-python/source/dsdb/samdb/ldb_modules/objectclass.c branches/4.0-python/source/dsdb/samdb/ldb_modules/partition.c branches/4.0-python/source/dsdb/samdb/ldb_modules/pdc_fsmo.c branches/4.0-python/source/dsdb/samdb/ldb_modules/samldb.c branches/4.0-python/source/dsdb/samdb/ldb_modules/schema_fsmo.c branches/4.0-python/source/dsdb/samdb/ldb_modules/subtree_rename.c branches/4.0-python/source/dsdb/samdb/samdb.c branches/4.0-python/source/dsdb/tests/python/samba3sam branches/4.0-python/source/lib/ldb/Makefile.in branches/4.0-python/source/lib/ldb/swig/ldb.i branches/4.0-python/source/lib/replace/libreplace_ld.m4 branches/4.0-python/source/lib/talloc/Makefile.in branches/4.0-python/source/lib/tdb/Makefile.in branches/4.0-python/source/librpc/idl/netlogon.idl branches/4.0-python/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/4.0-python/source/scripting/python/samba/provision.py branches/4.0-python/source/setup/provision branches/4.0-python/source/setup/provision_templates.ldif branches/4.0-python/testdata/samba3/provision_samba3sam.ldif Changeset: Sorry, the patch is too large (3992 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25979
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-324-ga1725f4
The branch, v3-2-test has been updated via a1725f4ff7ed375808c78ac661b539557748d0a5 (commit) from ad9f14b6dcb05e8fa68b51ff26ff40fc445a4631 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit a1725f4ff7ed375808c78ac661b539557748d0a5 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 15 18:27:26 2007 -0800 Add MAX_DNS_NAME_LENGTH, remove more pstrings. Jeremy. --- Summary of changes: source/lib/replace/replace.h |4 source/lib/util_sock.c |4 ++-- source/libads/dns.c |8 source/libgpo/gpo_fetch.c| 17 - source/libgpo/gpo_filesync.c | 20 ++-- source/locking/locking.c | 18 +- source/locking/posix.c |7 +-- source/smbd/open.c |6 +++--- source/utils/net_lookup.c|2 +- source/utils/nmblookup.c |2 +- 10 files changed, 55 insertions(+), 33 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/replace/replace.h b/source/lib/replace/replace.h index 36a355f..1d1cbc2 100644 --- a/source/lib/replace/replace.h +++ b/source/lib/replace/replace.h @@ -540,4 +540,8 @@ typedef int bool; #define PATH_MAX 1024 #endif +#ifndef MAX_DNS_NAME_LENGTH +#define MAX_DNS_NAME_LENGTH 256 /* Actually 255 but +1 for terminating null. */ +#endif + #endif /* _LIBREPLACE_REPLACE_H */ diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c index 2815406..a59b1d5 100644 --- a/source/lib/util_sock.c +++ b/source/lib/util_sock.c @@ -1802,8 +1802,8 @@ const char *get_peer_name(int fd, socklen_t length = sizeof(ss); const char *p; int ret; - char name_buf[HOST_NAME_MAX]; - char tmp_name[HOST_NAME_MAX]; + char name_buf[MAX_DNS_NAME_LENGTH]; + char tmp_name[MAX_DNS_NAME_LENGTH]; /* reverse lookups can be *very* expensive, and in many situations won't work because many networks don't link dhcp diff --git a/source/libads/dns.c b/source/libads/dns.c index 8aca5b0..cdc4b44 100644 --- a/source/libads/dns.c +++ b/source/libads/dns.c @@ -77,7 +77,7 @@ static bool ads_dns_parse_query( TALLOC_CTX *ctx, uint8 *start, uint8 *end, uint8 **ptr, struct dns_query *q ) { uint8 *p = *ptr; - pstring hostname; + char hostname[MAX_DNS_NAME_LENGTH]; int namelen; ZERO_STRUCTP( q ); @@ -115,7 +115,7 @@ static bool ads_dns_parse_rr( TALLOC_CTX *ctx, uint8 *start, uint8 *end, uint8 **ptr, struct dns_rr *rr ) { uint8 *p = *ptr; - pstring hostname; + char hostname[MAX_DNS_NAME_LENGTH]; int namelen; if ( !start || !end || !rr || !*ptr) @@ -170,7 +170,7 @@ static bool ads_dns_parse_rr_srv( TALLOC_CTX *ctx, uint8 *start, uint8 *end, { struct dns_rr rr; uint8 *p; - pstring dcname; + char dcname[MAX_DNS_NAME_LENGTH]; int namelen; if ( !start || !end || !srv || !*ptr) @@ -216,7 +216,7 @@ static bool ads_dns_parse_rr_ns( TALLOC_CTX *ctx, uint8 *start, uint8 *end, { struct dns_rr rr; uint8 *p; - pstring nsname; + char nsname[MAX_DNS_NAME_LENGTH]; int namelen; if ( !start || !end || !nsrec || !*ptr) diff --git a/source/libgpo/gpo_fetch.c b/source/libgpo/gpo_fetch.c index 6be986d..d9995ec 100644 --- a/source/libgpo/gpo_fetch.c +++ b/source/libgpo/gpo_fetch.c @@ -31,7 +31,7 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, char **unix_path) { fstring tok; - pstring path; + char *path = NULL; *server = NULL; *service = NULL; @@ -63,15 +63,22 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - pstrcpy(path, lock_path(GPO_CACHE_DIR)); - pstrcat(path, /); - pstrcat(path, file_sys_path); - pstring_sub(path, \\, /); + if ((path = talloc_asprintf(mem_ctx, + %s/%s, + lock_path(GPO_CACHE_DIR), + file_sys_path)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + path = talloc_string_sub(mem_ctx, path, \\, /); + if (!path) { + return NT_STATUS_NO_MEMORY; + } if ((*unix_path = talloc_strdup(mem_ctx, path)) == NULL) { return NT_STATUS_NO_MEMORY; } + TALLOC_FREE(path); return NT_STATUS_OK; } diff --git a/source/libgpo/gpo_filesync.c b/source/libgpo/gpo_filesync.c index c4b6521..9f6557e 100644 --- a/source/libgpo/gpo_filesync.c +++ b/source/libgpo/gpo_filesync.c @@ -24,7 +24,7 @@ struct sync_context { struct cli_state *cli; char *remote_path;
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-323-gad9f14b
The branch, v3-2-test has been updated via ad9f14b6dcb05e8fa68b51ff26ff40fc445a4631 (commit) from 11bcdf780e164659b89a66e24edc27e89da7619a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit ad9f14b6dcb05e8fa68b51ff26ff40fc445a4631 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Nov 15 17:59:12 2007 -0800 Fix bug noticed by kukks [EMAIL PROTECTED] where ip list didn't match namelist added to subnetdb. Could cause bogus IP addresses to be reported for the __SAMBA__ name. Jeremy. --- Summary of changes: source/nmbd/nmbd_namelistdb.c | 10 +- 1 files changed, 9 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nmbd/nmbd_namelistdb.c b/source/nmbd/nmbd_namelistdb.c index ae5f766..f9cbcf4 100644 --- a/source/nmbd/nmbd_namelistdb.c +++ b/source/nmbd/nmbd_namelistdb.c @@ -192,6 +192,10 @@ bool add_name_to_subnet( struct subnet_record *subrec, struct name_record *namerec; time_t time_now = time(NULL); + if (num_ips == 0) { + return false; + } + namerec = SMB_MALLOC_P(struct name_record); if( NULL == namerec ) { DEBUG( 0, ( add_name_to_subnet: malloc fail.\n ) ); @@ -504,8 +508,12 @@ void add_samba_names_to_subnet( struct subnet_record *subrec ) return; } - for( bcast_subrecs = FIRST_SUBNET, i = 0; bcast_subrecs; bcast_subrecs = NEXT_SUBNET_EXCLUDING_UNICAST(bcast_subrecs), i++ ) + for( bcast_subrecs = FIRST_SUBNET, i = 0; bcast_subrecs + i num_ips; + bcast_subrecs = NEXT_SUBNET_EXCLUDING_UNICAST(bcast_subrecs), i++ ) { iplist[i] = bcast_subrecs-myip; + } + num_ips = i; } add_name_to_subnet(subrec,*,0x0,samba_nb_type, PERMANENT_TTL, -- Samba Shared Repository
svn commit: samba r25981 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-11-16 04:18:22 + (Fri, 16 Nov 2007) New Revision: 25981 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25981 Log: Don't create an ldb_request on NULL. A re-arrangment of the code due to the base DN checking meant that the ac-down_req array wasn't started, so was NULL Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-15 23:40:46 UTC (rev 25980) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c 2007-11-16 04:18:22 UTC (rev 25981) @@ -127,8 +127,18 @@ for (j=0; j el-num_values; j++) { struct ldb_message_element *ret_el; struct ldb_request *new_req; + struct ldb_message *new_msg; + + /* Create a spot in the list for the requests */ + ac-down_req = talloc_realloc(ac, ac-down_req, + struct ldb_request *, ac-num_requests + 1); + if (!ac-down_req) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac-down_req); + new_msg = ldb_msg_new(ac-down_req); if (!new_msg) { ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -184,13 +194,6 @@ ldb_set_timeout_from_prev_req(ldb, ac-orig_req, new_req); - /* Now add it to the list */ - ac-down_req = talloc_realloc(ac, ac-down_req, - struct ldb_request *, ac-num_requests + 1); - if (!ac-down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } ac-down_req[ac-num_requests] = new_req; ac-num_requests++;