[Samba] Can someone help? Strange behaviour of establishing trust
Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:53:17 up 8:07, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpXh0MtLEihW.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can someone help? Strange behaviour of establishing trust
Fajar, you should put the result of the following command : testparm -sva | grep winbin On Tue, 2007-07-31 at 16:00 +0700, Fajar Priyanto wrote: Sorry for top posting. Thank you to Daniel and Frederick who have helped me. Despite the error, client can browse the shares OK. Just a luck? Well, I'll try to set it until there's no error. Btw, this is my testparm result: [EMAIL PROTECTED] doc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Cheers, On Tuesday 31 July 2007 15:51:14 you wrote: Hello, winbind enume users should be at no check this with testparm On Tue, 2007-07-31 at 14:59 +0700, Fajar Priyanto wrote: Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can someone help? Strange behaviour of establishing trust
Ok Frederic, here it is: (something's wrong? I guess it's the default values since I don't set anything about winbind) [EMAIL PROTECTED] doc]# testparm -sva | grep winbin Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC winbind separator = \ winbind cache time = 300 winbind enum users = No winbind enum groups = No winbind use default domain = No winbind trusted domains only = No winbind nested groups = Yes winbind nss info = template winbind refresh tickets = No winbind offline logon = No Cheers :) On Tuesday 31 July 2007 16:06:51 Frederic Descamps wrote: Fajar, you should put the result of the following command : testparm -sva | grep winbin On Tue, 2007-07-31 at 16:00 +0700, Fajar Priyanto wrote: Sorry for top posting. Thank you to Daniel and Frederick who have helped me. Despite the error, client can browse the shares OK. Just a luck? Well, I'll try to set it until there's no error. Btw, this is my testparm result: [EMAIL PROTECTED] doc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Cheers, On Tuesday 31 July 2007 15:51:14 you wrote: Hello, winbind enume users should be at no check this with testparm On Tue, 2007-07-31 at 14:59 +0700, Fajar Priyanto wrote: Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 16:15:55 up 9:29, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpD6i5wJ50b4.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can someone help? Strange behaviour of establishing trust
Sorry for top posting. Thank you to Daniel and Frederick who have helped me. Despite the error, client can browse the shares OK. Just a luck? Well, I'll try to set it until there's no error. Btw, this is my testparm result: [EMAIL PROTECTED] doc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Cheers, On Tuesday 31 July 2007 15:51:14 you wrote: Hello, winbind enume users should be at no check this with testparm On Tue, 2007-07-31 at 14:59 +0700, Fajar Priyanto wrote: Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 15:58:03 up 9:11, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpesbT2SvBfI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc/bdc and trust relationship
Hi all, My environment consists of 2 locations. the first has a windows NT4 PDC (for domain EGVLE) and another SLES10 PDC server (for VLE domain).with a bi-directional trust relationship between them. the second location will have SLES10 server that will work as a BDC for the samba VLE domain. I want to know how the bdc server will take the trust relationship from the PDC server? and what is the optimum solution to do that? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'Got user' is blank, can't authenticate
Hello, I have a working samba PDC with an old version of samba. I'm moving this to a new server. I've taken the old server off the net and rebooted all windows clients. All further comments are related to the new server. I'm running samba 3.10 with LDAP back end. I can log into the linux console as test-user and the ldap/pam configuration works fine. I can access the samba shares from a windows client as test-user, not logging into the domain, and all accesses work correctly on all shares When I attempt to log into the windows client using the domain served by this samba pdc, I get no username in the log file, and I can't log into the domain. [2007/07/31 07:04:21, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[] domain=[] workstation=[CREVASSE] len1=1 len2=0 and check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/07/31 07:04:21, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] I figure I've missed something simple but I can't find anybody on the net with a blank username, thanks in advance. doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tar with smbclient
This is what I get when using the -d 3 switch lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=192.168.1.19 bcast=192.168.255.255 nmask=255.255.0.0 Client started (version 3.0.23c-2.el5.2.0.2). resolve_lmhosts: Attempting lmhosts lookup for name servccc0x20 resolve_wins: Attempting wins lookup for name servccc0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name servccc0x20 Connecting to 192.168.1.30 at port 445 error connecting to 192.168.1.30:445 (Connection refused) Connecting to 192.168.1.30 at port 139 cli_session_setup: NT1 session setup failed! session setup failed: NT_STATUS_LOGON_FAILURE Any ideas? -- Bo Lynch Systems Administrator RedHat Academy Instructor Energy Manager Amelia County Public Schools On Mon, July 30, 2007 4:49 pm, Doug VanLeuven wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bo Lynch wrote: Just created a new backup server using CentOS 5.0. I am using a auth file to access windows shares for backups. When connecting like this smbclient //server/share -A=/auth/file it works. When I try to tar with smbclient like this smbclinet //server/share -A=/auth/file -Tc /backup/tarfile.tar I get the following message. session_setup_failed : NT_STATUS_LOGON_FAILURE Am I doing something wrong? This worked just find with the older versions of Fedora and CentOS. Works fine with Version 3.0.25b-1.1.72-1411-SUSE-SL10.2 Try -d 3 and redirect error output to a file. Should be able to see what's failing then. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGrk7sFqWysr/jOHMRAozMAJ9meN2kbdADkyAEbgzwnHRLzsCvGQCgxH65 tKvGaD+fMvn/tDeXLj5w0WE= =HL9M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tracking file activity
Ryan Steele wrote: Ray Anderson wrote: Been using it for a while now: smb.conf entry: # turn on auditing vfs objects = audit In the Samba howto collection, section 21.3: 21.3 Included Modules 21.3.1 audit 21.3.2 extd audit And just for completeness: 21.3.1 audit A simple module to audit file access to the syslog facility. The following operations are logged: • share • connect/disconnect • directory opens/create/remove • file open/close/rename/unlink/chmod 21.3.2 extd audit This module is identical with the audit module above except that it sends audit logs to both syslog as well as the smbd log files. The log level for this module is set in the smb. conf file. Valid settings and the information that will be recorded are shown in the next table. 21.3.2.1 Configuration of Auditing This auditing tool is more felxible than most people readily will recognize. There are a number of ways by which useful logging information can be recorded. • Syslog can be used to record all transaction. This can be disabled by setting in the smb.conf file syslog = 0. Section 21.3. Included Modules Table 21.1. Extended Auditing Log Information Log Level Log Details - File and Directory Operations 0 Make Directory, Remove Directory, Unlink 1 Open Directory, Rename File, Change Permissions/ACLs 2 Open Close File 10 Maximum Debug Level • Logging can take place to the default log file (log.smbd) for all loaded VFS modules just by setting in the smb.conf file log level = 0 vfs:x, where x is the log level. This will disable general logging while activating all logging of VFS module activity at the log level specified. • Detailed logging can be obtained per user, per client machine, etc. This requires the above together with the creative use of the log file settings. An example of detailed per-user and per-machine logging can be obtained by setting log level = /var/log/samba/%U.%m.log. Auditing information often must be preserved for a long time. So that the log files do not get rotated it is essential that the max log size = 0 be set in the smb.conf file. Ryan Steele wrote: Hey List, I was wondering if and how one would go about tracking file activity on a Samba server, for basic auditing purposes. I'd ideally like to see what files where edited, by whom and when. I've done some RTFM and a bit of searching around the 'net, but haven't found anything yet. Even pointers to documentation on the subject would be welcome. Thanks in advance for any tips! Best Regards, Ryan Ray, I appreciate your advice. I am experimenting with an implementation of the extd_audit module now on a test cluster - thanks for pointing me in the direction of the HOWTO, I should have looked there before bumping the list. Thanks again. Ryan I'm having a bit of trouble with the logging on this, and I'm hoping someone can point out a simple mistake I'm overlooking. My intentions are to have everything in the shared directory container log to /var/log/samba/log.machine.username, but the all of the VFS info continues to filter into syslog. I've HUP'ed the daemon and restarted to no avail. Any thoughts? Here's my smb.conf - it's pretty vanilla, as it's a testbox for the purposes only of testing the audit module: [global] obey pam restrictions = Yes encrypt passwords = Yes local master = no domain master = no preferred master = no netbios name = Testbox workgroup = TESTDOMAIN server string = %h server (TestServer) wins support = yes dns proxy = yes name resolve order = wins lmhosts host bcast smb ports = 139 log file = /var/log/samba/log.%m max log size = 100 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 [Shared Files] comment = Shared Files log level = vfs:2 path = /home/sharedfiles browseable = yes writable = yes oplocks = No level 2 oplocks = No directory mask = 0775 create mask = 0664 log file = /var/log/samba/log.%m.%U vfs objects = extd_audit Thanks in advance for any advice. Best Regards, Ryan -- Ryan Steele Systems Administrator Greater Philadelphia Area -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.1 (GNU/Linux) mQELBEaFKjABCADLYm6aPkaSU0QWXu5hqocuyIwl1d1NUuoVJ97tBUqkR3IOJMZC mLhMF3x1XE5zykajE6mIAKR8uVgubrHRBbTZtM+vH4u2ZboY+NBEzABZqj+NQtnW dVEeFPKsWA991iUV9hyj2H51fVQa1wa7xM7Im75iSnSZJ+oxFWzPQrv0znFBs5H0 xVlX4i1zSICqM4WRjBsZTGG5PcaG9i1TS/txBM8YWp0eZAHnpuY3BXzW6EPuKe7w 7vfXOWo/FOd0PaMY/yMWgL5YfvhdZ7FwWjDbhYp/ypnVk9DOLLFm0sH8S20BelUR +zd86ksGzipjSOC21D/q9PFn6DtV5JFH7qEBAAYptCJSeWFuIFN0ZWVsZSA8c3Rl
[Samba] adding valid user to a home share
What is the easiest way to allow specific users access to other users home shares? Current config is: = [homes] comment = Home Directories browseable = no read only = no valid users = %S dos filetimes = Yes guest ok = no = Of course, I do want to continue to use the general [homes] share, but for some users to allow other than themselves (%S) access to their home shares. For example, allow jane to connect to john's home share as she needs access to his data. Will a separate home share for these users overide the general [homes] share? Is there an easier way? Maybe some conditional syntax for valid users? Thanks. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tar with smbclient
This is what I get when using the -d 3 switch lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=192.168.1.19 bcast=192.168.255.255 nmask=255.255.0.0 Client started (version 3.0.23c-2.el5.2.0.2). resolve_lmhosts: Attempting lmhosts lookup for name servccc0x20 resolve_wins: Attempting wins lookup for name servccc0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name servccc0x20 Connecting to 192.168.1.30 at port 445 error connecting to 192.168.1.30:445 (Connection refused) Connecting to 192.168.1.30 at port 139 cli_session_setup: NT1 session setup failed! session setup failed: NT_STATUS_LOGON_FAILURE Any ideas? -- Bo Lynch Systems Administrator RedHat Academy Instructor Energy Manager Amelia County Public Schools On Mon, July 30, 2007 4:49 pm, Doug VanLeuven wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bo Lynch wrote: Just created a new backup server using CentOS 5.0. I am using a auth file to access windows shares for backups. When connecting like this smbclient //server/share -A=/auth/file it works. When I try to tar with smbclient like this smbclinet //server/share -A=/auth/file -Tc /backup/tarfile.tar I get the following message. session_setup_failed : NT_STATUS_LOGON_FAILURE Am I doing something wrong? This worked just find with the older versions of Fedora and CentOS. Works fine with Version 3.0.25b-1.1.72-1411-SUSE-SL10.2 Try -d 3 and redirect error output to a file. Should be able to see what's failing then. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGrk7sFqWysr/jOHMRAozMAJ9meN2kbdADkyAEbgzwnHRLzsCvGQCgxH65 tKvGaD+fMvn/tDeXLj5w0WE= =HL9M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Vista roaming profiles
Finally tracked this down... The profile path for each user, configured in my LDAP directory, used %L instead of the server's netbios name hard-coded. E.g., \\%L\profiles\andy instead of \\alpha\profiles\andy. Whilst the %L seems to be subsituted correctly for 2k/xp logons, it was not for my vista logon. So, hard-coding the netbios name fixed this problem for me. I have no idea why vista exhibits this odd behaviour. Because NetBIOS is not used in Vista (?). I think there was a warning/notice about this. Just use substitution with the servers DNS name. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tar with smbclient
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bo Lynch wrote: This is what I get when using the -d 3 switch lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=192.168.1.19 bcast=192.168.255.255 nmask=255.255.0.0 Client started (version 3.0.23c-2.el5.2.0.2). resolve_lmhosts: Attempting lmhosts lookup for name servccc0x20 resolve_wins: Attempting wins lookup for name servccc0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name servccc0x20 Connecting to 192.168.1.30 at port 445 error connecting to 192.168.1.30:445 (Connection refused) Connecting to 192.168.1.30 at port 139 cli_session_setup: NT1 session setup failed! session setup failed: NT_STATUS_LOGON FAILURE Any ideas? It's failing to lookup via wins when wins configured. If you've meant to configure wins, it's not happening. I've always used a wins server. Try upping the debug level to get a clue about why the session request is failing. I noticed in your first post you used -A=authfile I thought it was -A authfile or --authentication-file=authfile Maybe it makes a difference for your version. It doesn't on mine. Sorry I can't be more help. What should be happening: resolve_lmhosts: Attempting lmhosts lookup for name gate0x20 resolve_wins: Attempting wins lookup for name gate0x20 resolve_wins: using WINS server 192.168.202.35 and tag 'eth0' Got a positive name query response from 192.168.202.35 ( 192.168.201.25 ) Connecting to 192.168.201.25 at port 445 Doing spnego session setup (blob length=110) got OID=1 2 840 113554 1 2 2 got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got principal=cifs/[EMAIL PROTECTED] Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGr5FOFqWysr/jOHMRAsaGAJ9kfPdd01opSVtgoOK+tznJlKAECwCeNgAQ vq2jUh7XTBDjbMllvMyCGQg= =MfRo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Renice server process [solved]
Am Dienstag, 31. Jul 2007, 17:46:26 +0200 schrieb Bertram Scharpf: for a job of lesser priority I would like to connect to a Samba server. When I'm doing a 'smbmount', enter the server by SSH, pgrep for the new smbd process and then renice it I have exactly the behaviour I desire. root preexec = renice 18 -p %d or root preexec = bash -c '[ %I = 192.168.42.33 ] renice 18 -p %d' Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a loop mounted file system
I am trying to share a loop mounted file system from a linux box but Windows XP does not display the share: I mounted a dd image of an ntfs partition using: mount -o loop /home/public/ntfs_image.dd /mnt/diskimage/ I then shared /mnt/diskimage using the webmin samba interface and restarted the samba server. When I browsed (in Windows) to where the share should be I can not see the diskimage share. All the other shares are visible/accessible. /mnt/diskimage is browsable on the linux host If I unmount /mnt/diskimage and restart the samba server then I can see the empty diskimage directory from Windows XP Any thoughts? Is this a samba issue or a mount issue or simply a you can't get there from here? Any help would be greatly appreciated. - gustav -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain and local user permissions
Hi all, I have a question regarding the seperation of domain and local permissions. I have a Samba PDC and BDC setup with three member servers authenticating from them. I've set all the boxes up to use nss_ldap for the Posix side so that all the groupmapping between domain and unix groups across the servers is consistent. All seems to be fine but I can't find any info about setting domain user permissions. When I create a folder or file, I can view the permissions in the Windows properties but these show the owner to be Unix User\username instead of Domain User\username in Windows. I can set the permissions correctly via Windows but pre Samba 3.0.8 (as shown in the docs), chowning a file in Linux would show as a change to the Windows domain account. Is MMC the easiest way to set domain user permissions with the new setup or can I do it easily from a Linux terminal. Thanks, Julian PB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain and local user permissions
On Tuesday 31 July 2007 23:38:54 Julian Pilfold-Bagwell wrote: Hi all, I have a question regarding the seperation of domain and local permissions. I have a Samba PDC and BDC setup with three member servers authenticating from them. I've set all the boxes up to use nss_ldap for the Posix side so that all the groupmapping between domain and unix groups across the servers is consistent. All seems to be fine but I can't find any info about setting domain user permissions. When I create a folder or file, I can view the permissions in the Windows properties but these show the owner to be Unix User\username instead of Domain User\username in Windows. I can set the permissions correctly via Windows but pre Samba 3.0.8 (as shown in the docs), chowning a file in Linux would show as a change to the Windows domain account. Is MMC the easiest way to set domain user permissions with the new setup or can I do it easily from a Linux terminal. Thanks, Julian PB Hello Julian, I'm wondering exactly like yours. I have setup an interdomain trust between Samba PDC and W2K DC. From W2K I can easily setup sharing permission such as adding a user/group from Samba. But, when I'm creating a sharing in Samba, I'm confused on how to do that from CLI. Do you know the syntax? Thanks. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 08:32:02 up 1:19, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org pgpWvVZU4J5yq.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to create Users problem.
Hi everybody, I have been struggling to get my Windows XP box to be able to access my samba server. When samba starts, I see the following my my /var/log/samba/log.smb file: smbd version 3.0.25b-2.fc7 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/07/31 20:22:43, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/07/31 20:22:43, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2007/07/31 20:22:43, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/07/31 20:22:43, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users Through various Google searches, I have found that when people say they get this error, it means samba will not work at all. Though samba does stay running: # ps aux | grep mbd root 4428 0.0 0.1 8996 1288 ?Ss 20:22 0:00 nmbd -D root 4679 0.0 0.2 13704 2236 ?Ss 21:09 0:00 smbd -D root 4681 0.0 0.0 13704 924 ?S21:09 0:00 smbd -D When I try to access \\www in Explorer from my XP box, I get an alert that says, Windows cannot find '\\www'. Check the spelling and try again, [etc...] (same when I try by IP). When I access smb:/ and navigate through the tree in Konqueror on the samba server itself, everything works fine. I can ping back-and-forth between the two machines by name and IP just fine. My passwords seem in order: # pdbedit -L daryl:500:Daryl Beattie tv:522:Television My workgroup is named home on both client and server, my hostname matches my netbios name (as defined in smb.conf, it is www)... The only thing slightly abnormal that I have is that my /files share has a different group than its owner --but I've fiddled with the group permissions (i.e. setting them back to same owner/group) and that doesn't seem to help. Here is my testparm output: # testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [files] Processing section [downloads] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = HOME server string = Samba Server Version %v passdb backend = tdbsam username map = /etc/samba/smbusers log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY idmap uid = 1-2 idmap gid = 1-2 hosts allow = 192.168.0. [homes] comment = Home Directories read only = No [files] path = /files read only = No guest ok = Yes [downloads] path = /home/daryl/documents/downloads valid users = daryl, tv read only = No browseable = No This problem has been driving me nuts for a while, because everything /used to/ work fine with an almost identical setup on my old Fedora Core 5 machine (same filesystem directories, same users, etc; they were moved from one machine to the other). But looking at the logs on that machine, I never had a Failed to create Users error message. I'd greatly appreciate any help anybody could give me. Sincerely, Daryl. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r24089 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 08:06:56 + (Tue, 31 Jul 2007) New Revision: 24089 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24089 Log: Add reply_prep/post_legacy Routines to ease the transition to the new API Modified: branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-31 07:57:33 UTC (rev 24088) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-31 08:06:56 UTC (rev 24089) @@ -67,6 +67,60 @@ req-outbuf = NULL; } +/* + * From within a converted call you might have to call non-converted + * subroutines that still take the old inbuf/outbuf/lenght/bufsize + * parameters. This takes a struct smb_request and prepares the legacy + * parameters. + */ + +BOOL reply_prep_legacy(struct smb_request *req, + char **pinbuf, char **poutbuf, + int *psize, int *pbufsize) +{ + const int bufsize = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE ++ SAFETY_MARGIN); + char *inbuf, *outbuf; + + if (!(inbuf = TALLOC_ARRAY(req, char, bufsize))) { + DEBUG(0, (Could not allocate legacy inbuf\n)); + return False; + } + memcpy(inbuf, req-inbuf, MIN(smb_len(req-inbuf)+4, bufsize)); + req-inbuf = (uint8 *)inbuf; + + if (!(outbuf = TALLOC_ARRAY(req, char, bufsize))) { + DEBUG(0, (Could not allocate legacy outbuf\n)); + return False; + } + req-outbuf = (uint8 *)outbuf; + + construct_reply_common(inbuf, outbuf); + + *pinbuf = inbuf; + *poutbuf = outbuf; + *psize= smb_len(inbuf)+4; + *pbufsize = bufsize; + + return True; +} + +/* + * Post-process the output of the legacy routine so that the result fits into + * the new reply_xxx API + */ + +void reply_post_legacy(struct smb_request *req, int outsize) +{ + if (outsize 0) { + smb_setlen((char *)req-inbuf, (char *)req-outbuf, + outsize); + } + else { + TALLOC_FREE(req-outbuf); + } +} + / structure to hold a linked list of queued messages. for processing.
svn commit: samba r24090 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 08:37:54 + (Tue, 31 Jul 2007) New Revision: 24090 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24090 Log: Separate parsing in reply_ntcreate_and_X In particular, check if we have enough parameters Modified: branches/SAMBA_3_2/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:06:56 UTC (rev 24089) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:37:54 UTC (rev 24090) @@ -484,13 +484,14 @@ { int result; pstring fname; - uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); - uint32 access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess); - uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); - uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); - uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); - uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); - uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); + uint32 flags; + uint32 access_mask; + uint32 file_attributes; + uint32 share_access; + uint32 create_disposition; + uint32 create_options; + uint16 root_dir_fid; + SMB_BIG_UINT allocation_size; /* Breakout the oplock request bits so we can set the reply bits separately. */ int oplock_request = 0; @@ -510,6 +511,25 @@ START_PROFILE(SMBntcreateX); + init_smb_request(req, (uint8 *)inbuf); + + if (req.wct 24) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } + + flags = IVAL(inbuf,smb_ntcreate_Flags); + access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess); + file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); + share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); + create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); + create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); + root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); + + allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize); +#ifdef LARGE_SMB_OFF_T + allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) 32); +#endif + DEBUG(10,(reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x file_attributes = 0x%x, share_access = 0x%x, create_disposition = 0x%x create_options = 0x%x @@ -522,8 +542,6 @@ (unsigned int)create_options, (unsigned int)root_dir_fid )); - init_smb_request(req, (uint8 *)inbuf); - /* * If it's an IPC, use the pipe handler. */ @@ -562,7 +580,7 @@ if(!dir_fsp-is_directory) { - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, + srvstr_get_path(inbuf, req.flags2, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { @@ -606,7 +624,7 @@ dir_name_len++; } - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), rel_fname, + srvstr_get_path(inbuf, req.flags2, rel_fname, smb_buf(inbuf), sizeof(rel_fname), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { @@ -615,7 +633,7 @@ } pstrcat(fname, rel_fname); } else { - srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, + srvstr_get_path(inbuf, req.flags2, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { @@ -654,7 +672,7 @@ * Now contruct the smb_open_mode value from the filename, * desired access and the share access. */ - status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) FLAGS2_DFS_PATHNAMES, fname); + status = resolve_dfspath(conn, req.flags2 FLAGS2_DFS_PATHNAMES, fname); if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBntcreateX); if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { @@ -842,7 +860,7 @@ } else { TALLOC_FREE(case_state); END_PROFILE(SMBntcreateX); - if (open_was_deferred(SVAL(inbuf,smb_mid))) { + if (open_was_deferred(req.mid)) { /* We have re-scheduled this call. */
svn commit: samba r24091 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 08:56:08 + (Tue, 31 Jul 2007) New Revision: 24091 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24091 Log: Convert reply_ntcreate_and_X to the new API The routines called will follow Modified: branches/SAMBA_3_2/source/smbd/nttrans.c branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:37:54 UTC (rev 24090) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:56:08 UTC (rev 24091) @@ -479,10 +479,9 @@ Reply to an NT create and X call. / -int reply_ntcreate_and_X(connection_struct *conn, -char *inbuf,char *outbuf,int length,int bufsize) +void reply_ntcreate_and_X(connection_struct *conn, + struct smb_request *req) { - int result; pstring fname; uint32 flags; uint32 access_mask; @@ -506,28 +505,26 @@ struct timespec m_timespec; BOOL extended_oplock_granted = False; NTSTATUS status; - struct smb_request req; struct case_semantics_state *case_state = NULL; START_PROFILE(SMBntcreateX); - init_smb_request(req, (uint8 *)inbuf); - - if (req.wct 24) { - return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + if (req-wct 24) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; } - flags = IVAL(inbuf,smb_ntcreate_Flags); - access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess); - file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); - share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); - create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); - create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); - root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); + flags = IVAL(req-inbuf,smb_ntcreate_Flags); + access_mask = IVAL(req-inbuf,smb_ntcreate_DesiredAccess); + file_attributes = IVAL(req-inbuf,smb_ntcreate_FileAttributes); + share_access = IVAL(req-inbuf,smb_ntcreate_ShareAccess); + create_disposition = IVAL(req-inbuf,smb_ntcreate_CreateDisposition); + create_options = IVAL(req-inbuf,smb_ntcreate_CreateOptions); + root_dir_fid = (uint16)IVAL(req-inbuf,smb_ntcreate_RootDirectoryFid); - allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize); + allocation_size = (SMB_BIG_UINT)IVAL(req-inbuf,smb_ntcreate_AllocationSize); #ifdef LARGE_SMB_OFF_T - allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) 32); + allocation_size |= (((SMB_BIG_UINT)IVAL(req-inbuf,smb_ntcreate_AllocationSize + 4)) 32); #endif DEBUG(10,(reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x @@ -548,17 +545,30 @@ if (IS_IPC(conn)) { if (lp_nt_pipe_support()) { + char *inbuf, *outbuf; + int length, bufsize; + + if (!reply_prep_legacy(req, inbuf, outbuf, + length, bufsize)) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + reply_post_legacy(req, do_ntcreate_pipe_open( + conn, inbuf, outbuf, + length, bufsize)); END_PROFILE(SMBntcreateX); - return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize); + return; } else { + reply_doserror(req, ERRDOS, ERRnoaccess); END_PROFILE(SMBntcreateX); - return(ERROR_DOS(ERRDOS,ERRnoaccess)); + return; } } if (create_options FILE_OPEN_BY_FILE_ID) { + reply_nterror(req, NT_STATUS_NOT_SUPPORTED); END_PROFILE(SMBntcreateX); - return ERROR_NT(NT_STATUS_NOT_SUPPORTED); + return; } /* @@ -570,22 +580,25 @@ * This filename is relative to a directory fid. */ pstring rel_fname; - files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid); + files_struct *dir_fsp = file_fsp( + (char *)req-inbuf, smb_ntcreate_RootDirectoryFid); size_t dir_name_len; if(!dir_fsp) { + reply_doserror(req, ERRDOS, ERRbadfid); END_PROFILE(SMBntcreateX); - return
svn commit: samba r24092 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 09:22:16 + (Tue, 31 Jul 2007) New Revision: 24092 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24092 Log: Convert do_ntcreate_pipe_open to the new API nt_open_pipe_new() is a copy of nt_open_pipe(). It will stick for a bit until do_nt_transact_create_pipe is converted as well. Modified: branches/SAMBA_3_2/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:56:08 UTC (rev 24091) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:22:16 UTC (rev 24092) @@ -321,7 +321,8 @@ } / - Reply to an NT create and X call on a pipe. + Reply to an NT create and X call on a pipe -- this will die when all + callers are converted to nt_open_pipe_new / static int nt_open_pipe(char *fname, connection_struct *conn, @@ -369,24 +370,75 @@ return 0; } +static void nt_open_pipe_new(char *fname, connection_struct *conn, +struct smb_request *req, int *ppnum) +{ + smb_np_struct *p = NULL; + int i; + + DEBUG(4,(nt_open_pipe: Opening pipe %s.\n, fname)); + + /* See if it is one we want to handle. */ + + if (lp_disable_spoolss() strequal(fname, \\spoolss)) { + reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, + ERRDOS, ERRbadpipe); + return; + } + + for( i = 0; known_nt_pipes[i]; i++ ) { + if( strequal(fname,known_nt_pipes[i])) { + break; + } + } + + if ( known_nt_pipes[i] == NULL ) { + reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, + ERRDOS, ERRbadpipe); + return; + } + + /* Strip \\ off the name. */ + fname++; + + DEBUG(3,(nt_open_pipe: Known pipe %s opening.\n, fname)); + + p = open_rpc_pipe_p(fname, conn, req-vuid); + if (!p) { + reply_doserror(req, ERRSRV, ERRnofids); + return; + } + + /* TODO: Add pipe to db */ + + if ( !store_pipe_opendb( p ) ) { + DEBUG(3,(nt_open_pipe: failed to store %s pipe open.\n, fname)); + } + + *ppnum = p-pnum; + return; +} + / Reply to an NT create and X call for pipes. / -static int do_ntcreate_pipe_open(connection_struct *conn, -char *inbuf,char *outbuf,int length,int bufsize) +static void do_ntcreate_pipe_open(connection_struct *conn, + struct smb_request *req) { pstring fname; - int ret; int pnum = -1; char *p = NULL; - uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); + uint32 flags = IVAL(req-inbuf,smb_ntcreate_Flags); - srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf), - sizeof(fname), STR_TERMINATE); + srvstr_pull_buf((char *)req-inbuf, req-flags2, fname, + smb_buf(req-inbuf), sizeof(fname), STR_TERMINATE); - if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, pnum)) != 0) { - return ret; + nt_open_pipe_new(fname, conn, req, pnum); + + if (req-outbuf) { + /* error reply */ + return; } /* @@ -399,13 +451,13 @@ * the wcnt to 42 ? It's definately * what happens on the wire */ - set_message(inbuf,outbuf,50,0,True); - SCVAL(outbuf,smb_wct,42); + reply_outbuf(req, 50, 0); + SCVAL(req-outbuf,smb_wct,42); } else { - set_message(inbuf,outbuf,34,0,True); + reply_outbuf(req, 34, 0); } - p = outbuf + smb_vwv2; + p = (char *)req-outbuf + smb_vwv2; p++; SSVAL(p,0,pnum); p += 2; @@ -433,7 +485,7 @@ DEBUG(5,(do_ntcreate_pipe_open: open pipe = %s\n, fname)); - return chain_reply(inbuf,outbuf,length,bufsize); + chain_reply_new(req); } / @@ -545,17 +597,7 @@ if (IS_IPC(conn)) { if (lp_nt_pipe_support()) { - char *inbuf, *outbuf; - int length, bufsize; - - if (!reply_prep_legacy(req, inbuf, outbuf, - length, bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); -
svn commit: samba r24093 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 09:31:47 + (Tue, 31 Jul 2007) New Revision: 24093 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24093 Log: move gssapi/krb5 principal handling into a function metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:22:16 UTC (rev 24092) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:31:47 UTC (rev 24093) @@ -360,7 +360,7 @@ /* perform a LDAP/SASL/SPNEGO/GSSKRB5 bind */ -static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const char *sname) +static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { ADS_STATUS status; BOOL ok; @@ -371,7 +371,6 @@ gss_OID mech_type = krb5_mech_type; gss_OID actual_mech_type = GSS_C_NULL_OID; const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL}; - gss_name_t serv_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_buffer_desc input_token, output_token; uint32 req_flags, ret_flags; @@ -379,51 +378,7 @@ DATA_BLOB unwrapped; DATA_BLOB wrapped; struct berval cred, *scred = NULL; - krb5_principal principal = NULL; - gss_buffer_desc input_name; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -633,17 +588,136 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); return status; } #endif #ifdef HAVE_KRB5 +struct ads_service_principal { +krb5_context ctx; +char *string; +krb5_principal principal; +#ifdef HAVE_GSSAPI +gss_name_t name; +#endif +}; + +static void ads_free_service_principal(struct ads_service_principal *p) +{ + SAFE_FREE(p-string); + +#ifdef HAVE_GSSAPI + if (p-name) { + uint32 minor_status; + gss_release_name(minor_status, p-name); + } +#endif + if (p-principal) { + krb5_free_principal(p-ctx, p-principal); + } + + if (p-ctx) { + krb5_free_context(p-ctx); + } + + ZERO_STRUCTP(p); +} + +static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, +const char *given_principal, +struct ads_service_principal *p) +{ + ADS_STATUS status; + krb5_enctype enc_types[] = { +#ifdef ENCTYPE_ARCFOUR_HMAC + ENCTYPE_ARCFOUR_HMAC, +#endif + ENCTYPE_DES_CBC_MD5, + ENCTYPE_NULL}; +#ifdef HAVE_GSSAPI + gss_buffer_desc input_name; + gss_OID_desc nt_principal = + {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; + uint32 minor_status; + int gss_rc; +#endif + + ZERO_STRUCTP(p); + + /* I've seen a child Windows
svn commit: samba r24094 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 09:33:27 + (Tue, 31 Jul 2007) New Revision: 24094 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24094 Log: merge from SAMBA_3_2: move gssapi/krb5 principal handling into a function metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:31:47 UTC (rev 24093) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:33:27 UTC (rev 24094) @@ -360,7 +360,7 @@ /* perform a LDAP/SASL/SPNEGO/GSSKRB5 bind */ -static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const char *sname) +static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { ADS_STATUS status; BOOL ok; @@ -371,7 +371,6 @@ gss_OID mech_type = krb5_mech_type; gss_OID actual_mech_type = GSS_C_NULL_OID; const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL}; - gss_name_t serv_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_buffer_desc input_token, output_token; uint32 req_flags, ret_flags; @@ -379,51 +378,7 @@ DATA_BLOB unwrapped; DATA_BLOB wrapped; struct berval cred, *scred = NULL; - krb5_principal principal = NULL; - gss_buffer_desc input_name; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - krb5_free_context(ctx); - return status; - } - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -633,17 +588,136 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); return status; } #endif #ifdef HAVE_KRB5 +struct ads_service_principal { +krb5_context ctx; +char *string; +krb5_principal principal; +#ifdef HAVE_GSSAPI +gss_name_t name; +#endif +}; + +static void ads_free_service_principal(struct ads_service_principal *p) +{ + SAFE_FREE(p-string); + +#ifdef HAVE_GSSAPI + if (p-name) { + uint32 minor_status; + gss_release_name(minor_status, p-name); + } +#endif + if (p-principal) { + krb5_free_principal(p-ctx, p-principal); + } + + if (p-ctx) { + krb5_free_context(p-ctx); + } + + ZERO_STRUCTP(p); +} + +static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, +const char *given_principal, +struct ads_service_principal *p) +{ + ADS_STATUS status; + krb5_enctype enc_types[] = { +#ifdef ENCTYPE_ARCFOUR_HMAC + ENCTYPE_ARCFOUR_HMAC, +#endif + ENCTYPE_DES_CBC_MD5, + ENCTYPE_NULL}; +#ifdef HAVE_GSSAPI + gss_buffer_desc input_name; + gss_OID_desc nt_principal = + {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; + uint32 minor_status; + int gss_rc; +#endif + + ZERO_STRUCTP(p); + + /*
svn commit: samba r24095 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 09:37:25 + (Tue, 31 Jul 2007) New Revision: 24095 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24095 Log: add one more fallback alternative to construct the principal metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:33:27 UTC (rev 24094) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:37:25 UTC (rev 24095) @@ -676,6 +676,26 @@ if (!p-string) { return ADS_ERROR(LDAP_NO_MEMORY); } + } else if (ads-config.realm ads-config.ldap_server_name) { + char *server, *server_realm; + + server = SMB_STRDUP(ads-config.ldap_server_name); + server_realm = SMB_STRDUP(ads-config.realm); + + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(p-string, ldap/[EMAIL PROTECTED], server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!p-string) { + return ADS_ERROR(LDAP_NO_MEMORY); + } } initialize_krb5_error_table();
svn commit: samba r24096 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 09:38:15 + (Tue, 31 Jul 2007) New Revision: 24096 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24096 Log: merge from SAMBA_3_2: add one more fallback alternative to construct the principal metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:37:25 UTC (rev 24095) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:38:15 UTC (rev 24096) @@ -676,6 +676,26 @@ if (!p-string) { return ADS_ERROR(LDAP_NO_MEMORY); } + } else if (ads-config.realm ads-config.ldap_server_name) { + char *server, *server_realm; + + server = SMB_STRDUP(ads-config.ldap_server_name); + server_realm = SMB_STRDUP(ads-config.realm); + + if (!server || !server_realm) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + strlower_m(server); + strupper_m(server_realm); + asprintf(p-string, ldap/[EMAIL PROTECTED], server, server_realm); + + SAFE_FREE(server); + SAFE_FREE(server_realm); + + if (!p-string) { + return ADS_ERROR(LDAP_NO_MEMORY); + } } initialize_krb5_error_table();
svn commit: samba r24097 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 09:41:21 + (Tue, 31 Jul 2007) New Revision: 24097 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24097 Log: Convert reply_ntcreate_and_X_quota to the new API Modified: branches/SAMBA_3_2/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:38:15 UTC (rev 24096) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:41:21 UTC (rev 24097) @@ -492,17 +492,13 @@ Reply to an NT create and X call for a quota file. / -int reply_ntcreate_and_X_quota(connection_struct *conn, - char *inbuf, - char *outbuf, - int length, - int bufsize, - enum FAKE_FILE_TYPE fake_file_type, - const char *fname) +static void reply_ntcreate_and_X_quota(connection_struct *conn, + struct smb_request *req, + enum FAKE_FILE_TYPE fake_file_type, + const char *fname) { - int result; char *p; - uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess); + uint32 desired_access = IVAL(req-inbuf,smb_ntcreate_DesiredAccess); files_struct *fsp; NTSTATUS status; @@ -510,12 +506,13 @@ fsp); if (!NT_STATUS_IS_OK(status)) { - return ERROR_NT(status); + reply_nterror(req, status); + return; } - set_message(inbuf,outbuf,34,0,True); + reply_outbuf(req, 34, 0); - p = outbuf + smb_vwv2; + p = (char *)req-outbuf + smb_vwv2; /* SCVAL(p,0,NO_OPLOCK_RETURN); */ p++; @@ -523,8 +520,7 @@ DEBUG(5,(reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n, fsp-fnum, fsp-fsp_name)); - result = chain_reply(inbuf,outbuf,length,bufsize); - return result; + chain_reply_new(req); } / @@ -708,10 +704,6 @@ if( is_ntfs_stream_name(fname)) { enum FAKE_FILE_TYPE fake_file_type = is_fake_file(fname); if (fake_file_type!=FAKE_FILE_TYPE_NONE) { - - char *inbuf, *outbuf; - int length, bufsize; - /* * Here we go! support for changing the disk quotas --metze * @@ -721,22 +713,13 @@ * w2k close this file directly after openening * xp also tries a QUERY_FILE_INFO on the file and then close it */ - if (!reply_prep_legacy(req, inbuf, outbuf, - length, bufsize)) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - reply_post_legacy(req, reply_ntcreate_and_X_quota( - conn, inbuf, outbuf, - length, bufsize, - fake_file_type, fname)); - END_PROFILE(SMBntcreateX); - return; + reply_ntcreate_and_X_quota(conn, req, + fake_file_type, fname); } else { reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND); - END_PROFILE(SMBntcreateX); - return; } + END_PROFILE(SMBntcreateX); + return; } }
svn commit: samba r24098 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 09:49:14 + (Tue, 31 Jul 2007) New Revision: 24098 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24098 Log: - make use of the ads_service_principal abstraction also for the GSSAPI sasl mech. - also use the ads_kinit_password() fallback logic from the GSS-SPNEGO sasl mech. metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:41:21 UTC (rev 24097) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:49:14 UTC (rev 24098) @@ -905,11 +905,9 @@ this routine is much less fragile see RFC2078 and RFC for details */ -static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { uint32 minor_status; - gss_name_t serv_name; - gss_buffer_desc input_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; @@ -921,63 +919,8 @@ int gss_rc, rc; uint8 *p; uint32 max_msg_size = 0; - char *sname = NULL; ADS_STATUS status; - krb5_principal principal = NULL; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - /* we need to fetch a service ticket as the ldap user in the - servers realm, regardless of our realm */ - asprintf(sname, ldap/[EMAIL PROTECTED], ads-config.ldap_server_name, ads-config.realm); - - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - - SAFE_FREE(sname); - - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -1122,16 +1065,44 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); if(scred) ber_bvfree(scred); return status; } + +static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +{ + ADS_STATUS status; + struct ads_service_principal p; + + status = ads_generate_service_principal(ads, NULL, p); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_sasl_gssapi_do_bind(ads, p.name); + if (ADS_ERR_OK(status)) { + ads_free_service_principal(p); + return status; + } + + DEBUG(10,(ads_sasl_gssapi_do_bind failed with: %s, + calling kinit\n, ads_errstr(status))); + + status = ADS_ERROR_KRB5(ads_kinit_password(ads)); + + if (ADS_ERR_OK(status)) { + status = ads_sasl_gssapi_do_bind(ads, p.name); + } + + ads_free_service_principal(p); + + return status; +} + #endif /* HAVE_GGSAPI */ /* mapping between SASL mechanisms and functions */
svn commit: samba r24100 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 10:04:54 + (Tue, 31 Jul 2007) New Revision: 24100 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24100 Log: Convert reply_ntcancel to the new API Modified: branches/SAMBA_3_2/source/smbd/nttrans.c branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:50:05 UTC (rev 24099) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 10:04:54 UTC (rev 24100) @@ -1786,23 +1786,21 @@ conn POINTER CAN BE NULL HERE ! / -int reply_ntcancel(connection_struct *conn, - char *inbuf,char *outbuf,int length,int bufsize) +void reply_ntcancel(connection_struct *conn, struct smb_request *req) { /* * Go through and cancel any pending change notifies. */ - int mid = SVAL(inbuf,smb_mid); START_PROFILE(SMBntcancel); - remove_pending_change_notify_requests_by_mid(mid); - remove_pending_lock_requests_by_mid(mid); - srv_cancel_sign_response(mid); + remove_pending_change_notify_requests_by_mid(req-mid); + remove_pending_lock_requests_by_mid(req-mid); + srv_cancel_sign_response(req-mid); - DEBUG(3,(reply_ntcancel: cancel called on mid = %d.\n, mid)); + DEBUG(3,(reply_ntcancel: cancel called on mid = %d.\n, req-mid)); END_PROFILE(SMBntcancel); - return(-1); + return; } / Modified: branches/SAMBA_3_2/source/smbd/process.c === --- branches/SAMBA_3_2/source/smbd/process.c2007-07-31 09:50:05 UTC (rev 24099) +++ branches/SAMBA_3_2/source/smbd/process.c2007-07-31 10:04:54 UTC (rev 24100) @@ -852,7 +852,7 @@ /* 0xa1 */ { SMBnttranss, reply_nttranss,NULL, AS_USER | CAN_IPC }, /* 0xa2 */ { SMBntcreateX, NULL,reply_ntcreate_and_X, AS_USER | CAN_IPC }, /* 0xa3 */ { NULL, NULL, NULL, 0 }, -/* 0xa4 */ { SMBntcancel, reply_ntcancel,NULL, 0 }, +/* 0xa4 */ { SMBntcancel, NULL,reply_ntcancel, 0 }, /* 0xa5 */ { SMBntrename, reply_ntrename,NULL, AS_USER | NEED_WRITE }, /* 0xa6 */ { NULL, NULL, NULL, 0 }, /* 0xa7 */ { NULL, NULL, NULL, 0 },
svn commit: samba r24099 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 09:50:05 + (Tue, 31 Jul 2007) New Revision: 24099 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24099 Log: merge from SAMBA_3_2: - make use of the ads_service_principal abstraction also for the GSSAPI sasl mech. - also use the ads_kinit_password() fallback logic from the GSS-SPNEGO sasl mech. metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:49:14 UTC (rev 24098) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:50:05 UTC (rev 24099) @@ -905,11 +905,9 @@ this routine is much less fragile see RFC2078 and RFC for details */ -static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv_name) { uint32 minor_status; - gss_name_t serv_name; - gss_buffer_desc input_name; gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; @@ -921,63 +919,8 @@ int gss_rc, rc; uint8 *p; uint32 max_msg_size = 0; - char *sname = NULL; ADS_STATUS status; - krb5_principal principal = NULL; - krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; - gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)}; - /* we need to fetch a service ticket as the ldap user in the - servers realm, regardless of our realm */ - asprintf(sname, ldap/[EMAIL PROTECTED], ads-config.ldap_server_name, ads-config.realm); - - initialize_krb5_error_table(); - status = ADS_ERROR_KRB5(krb5_init_context(ctx)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - return status; - } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal)); - if (!ADS_ERR_OK(status)) { - SAFE_FREE(sname); - krb5_free_context(ctx); - return status; - } - - input_name.value = principal; - input_name.length = sizeof(principal); - - gss_rc = gss_import_name(minor_status, input_name, nt_principal, serv_name); - - /* -* The MIT libraries have a *HORRIBLE* bug - input_value.value needs -* to point to the *address* of the krb5_principal, and the gss libraries -* to a shallow copy of the krb5_principal pointer - so we need to keep -* the krb5_principal around until we do the gss_release_name. MIT *SUCKS* ! -* Just one more way in which MIT engineers screwed me over JRA. -*/ - - SAFE_FREE(sname); - - if (gss_rc) { - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); - return ADS_ERROR_GSS(gss_rc, minor_status); - } - input_token.value = NULL; input_token.length = 0; @@ -1122,16 +1065,44 @@ } failed: - gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); - krb5_free_principal(ctx, principal); - krb5_free_context(ctx); if(scred) ber_bvfree(scred); return status; } + +static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) +{ + ADS_STATUS status; + struct ads_service_principal p; + + status = ads_generate_service_principal(ads, NULL, p); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_sasl_gssapi_do_bind(ads, p.name); + if (ADS_ERR_OK(status)) { + ads_free_service_principal(p); + return status; + } + + DEBUG(10,(ads_sasl_gssapi_do_bind failed with: %s, + calling kinit\n, ads_errstr(status))); + + status = ADS_ERROR_KRB5(ads_kinit_password(ads)); + + if (ADS_ERR_OK(status)) { + status = ads_sasl_gssapi_do_bind(ads, p.name); + } + + ads_free_service_principal(p); + + return status; +} + #endif /* HAVE_GGSAPI */ /* mapping between SASL mechanisms and functions */
svn commit: samba r24101 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 11:26:24 + (Tue, 31 Jul 2007) New Revision: 24101 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24101 Log: Move prohibited_ea_names[] into samba_private_attr_name() Minor cleanup Modified: branches/SAMBA_3_2/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/trans2.c === --- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 10:04:54 UTC (rev 24100) +++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 11:26:24 UTC (rev 24101) @@ -90,18 +90,18 @@ Utility functions for dealing with extended attributes. / -static const char *prohibited_ea_names[] = { - SAMBA_POSIX_INHERITANCE_EA_NAME, - SAMBA_XATTR_DOS_ATTRIB, - NULL -}; - / Refuse to allow clients to overwrite our private xattrs. / static BOOL samba_private_attr_name(const char *unix_ea_name) { + static const char *prohibited_ea_names[] = { + SAMBA_POSIX_INHERITANCE_EA_NAME, + SAMBA_XATTR_DOS_ATTRIB, + NULL + }; + int i; for (i = 0; prohibited_ea_names[i]; i++) {
svn commit: samba r24102 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-31 12:05:40 + (Tue, 31 Jul 2007) New Revision: 24102 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24102 Log: Pass the fid instead of inbuf and an offset to file_fsp. This removes the buf==NULL condition in file_fsp(), but wherever it is called we do have a buffer anyway. Volker Modified: branches/SAMBA_3_2/source/smbd/files.c branches/SAMBA_3_2/source/smbd/nttrans.c branches/SAMBA_3_2/source/smbd/reply.c branches/SAMBA_3_2/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/files.c === --- branches/SAMBA_3_2/source/smbd/files.c 2007-07-31 11:26:24 UTC (rev 24101) +++ branches/SAMBA_3_2/source/smbd/files.c 2007-07-31 12:05:40 UTC (rev 24102) @@ -487,7 +487,7 @@ Get an fsp from a packet given the offset of a 16 bit fnum. / -files_struct *file_fsp(const char *buf, int where) +files_struct *file_fsp(uint16 fid) { files_struct *fsp; @@ -495,11 +495,7 @@ return chain_fsp; } - if (!buf) { - return NULL; - } - - fsp = file_fnum(SVAL(buf, where)); + fsp = file_fnum(fid); if (fsp) { chain_fsp = fsp; } Modified: branches/SAMBA_3_2/source/smbd/nttrans.c === --- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 11:26:24 UTC (rev 24101) +++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 12:05:40 UTC (rev 24102) @@ -619,7 +619,7 @@ */ pstring rel_fname; files_struct *dir_fsp = file_fsp( - (char *)req-inbuf, smb_ntcreate_RootDirectoryFid); + SVAL(req-inbuf, smb_ntcreate_RootDirectoryFid)); size_t dir_name_len; if(!dir_fsp) { @@ -1377,7 +1377,7 @@ /* * This filename is relative to a directory fid. */ - files_struct *dir_fsp = file_fsp(params,4); + files_struct *dir_fsp = file_fsp(SVAL(params,4)); size_t dir_name_len; if(!dir_fsp) { @@ -2078,7 +2078,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - fsp = file_fsp((char *)setup,4); + fsp = file_fsp(SVAL(setup,4)); filter = IVAL(setup, 0); recursive = (SVAL(setup, 6) != 0) ? True : False; @@ -2173,7 +2173,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - fsp = file_fsp(params, 0); + fsp = file_fsp(SVAL(params, 0)); replace_if_exists = (SVAL(params,2) RENAME_REPLACE_IF_EXISTS) ? True : False; CHECK_FSP(fsp, conn); srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), new_name, params+4, @@ -2244,7 +2244,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - fsp = file_fsp(params,0); + fsp = file_fsp(SVAL(params,0)); if(!fsp) { return ERROR_DOS(ERRDOS,ERRbadfid); } @@ -2358,7 +2358,7 @@ return ERROR_DOS(ERRDOS,ERRbadfunc); } - if((fsp = file_fsp(params,0)) == NULL) { + if((fsp = file_fsp(SVAL(params,0))) == NULL) { return ERROR_DOS(ERRDOS,ERRbadfid); } @@ -2415,7 +2415,7 @@ DEBUG(10,(call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n, function, fidnum, isFSctl, compfilter)); - fsp=file_fsp((char *)*ppsetup, 4); + fsp=file_fsp(SVAL(ppsetup, 4)); /* this check is done in each implemented function case for now because I don't want to break anything... --metze FSP_BELONGS_CONN(fsp,conn);*/ @@ -2693,7 +2693,7 @@ } /* maybe we can check the quota_fnum */ - fsp = file_fsp(params,0); + fsp = file_fsp(SVAL(params,0)); if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { DEBUG(3,(TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n)); return ERROR_NT(NT_STATUS_INVALID_HANDLE); @@ -2941,7 +2941,7 @@ } /* maybe we can check the quota_fnum */ - fsp = file_fsp(params,0); + fsp = file_fsp(SVAL(params,0)); if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { DEBUG(3,(TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n)); return ERROR_NT(NT_STATUS_INVALID_HANDLE); Modified: branches/SAMBA_3_2/source/smbd/reply.c === --- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-31 11:26:24 UTC (rev 24101) +++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-31 12:05:40 UTC (rev 24102) @@ -709,7 +709,7 @@ switch (ioctl_code) { case IOCTL_QUERY_JOB_INFO:
svn commit: samba r24103 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 12:27:25 + (Tue, 31 Jul 2007) New Revision: 24103 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24103 Log: add some useful debug messages, as not all LDAP libraries support wrapping hooks... metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:05:40 UTC (rev 24102) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:27:25 UTC (rev 24103) @@ -251,7 +251,13 @@ ads-ldap.out.sig_size = NTLMSSP_SIG_SIZE; ads-ldap.in.min = 4; ads-ldap.in.max = 0x0FFF; - ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + ntlmssp_end(ntlmssp_state); + return status; + } } else { ntlmssp_end(ntlmssp_state); } @@ -582,7 +588,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; } @@ -1059,7 +1070,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; }
svn commit: samba r24104 - in branches/SAMBA_3_2/source/libads: .
Author: metze Date: 2007-07-31 12:30:37 + (Tue, 31 Jul 2007) New Revision: 24104 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24104 Log: fix the build, sorry... metze Modified: branches/SAMBA_3_2/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2/source/libads/sasl.c === --- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:27:25 UTC (rev 24103) +++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:30:37 UTC (rev 24104) @@ -126,6 +126,7 @@ struct berval cred, *scred = NULL; int rc; NTSTATUS nt_status; + ADS_STATUS status; int turn = 1; uint32 features = 0; @@ -253,7 +254,7 @@ ads-ldap.in.max = 0x0FFF; status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); if (!ADS_ERR_OK(status)) { - DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, ads_errstr(status))); ntlmssp_end(ntlmssp_state); return status; @@ -590,7 +591,7 @@ ads-ldap.in.max = max_msg_size; status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); if (!ADS_ERR_OK(status)) { - DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, ads_errstr(status))); goto failed; } @@ -1072,7 +1073,7 @@ ads-ldap.in.max = max_msg_size; status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); if (!ADS_ERR_OK(status)) { - DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n, + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, ads_errstr(status))); goto failed; }
svn commit: samba r24105 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze Date: 2007-07-31 12:32:01 + (Tue, 31 Jul 2007) New Revision: 24105 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24105 Log: merge from SAMBA_3_2: add some useful debug messages, as not all LDAP libraries support wrapping hooks... metze Modified: branches/SAMBA_3_2_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_2_0/source/libads/sasl.c === --- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 12:30:37 UTC (rev 24104) +++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 12:32:01 UTC (rev 24105) @@ -126,6 +126,7 @@ struct berval cred, *scred = NULL; int rc; NTSTATUS nt_status; + ADS_STATUS status; int turn = 1; uint32 features = 0; @@ -251,7 +252,13 @@ ads-ldap.out.sig_size = NTLMSSP_SIG_SIZE; ads-ldap.in.min = 4; ads-ldap.in.max = 0x0FFF; - ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops, ntlmssp_state); + if (!ADS_ERR_OK(status)) { + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + ntlmssp_end(ntlmssp_state); + return status; + } } else { ntlmssp_end(ntlmssp_state); } @@ -582,7 +589,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; } @@ -1059,7 +1071,12 @@ ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max; ads-ldap.in.min = 4; ads-ldap.in.max = max_msg_size; - ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops, context_handle); + if (!ADS_ERR_OK(status)) { + DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n, + ads_errstr(status))); + goto failed; + } /* make sure we don't free context_handle */ context_handle = GSS_C_NO_CONTEXT; }
svn commit: samba r24106 - in branches/SAMBA_3_2/source: rpc_server smbd
Author: vlendec Date: 2007-07-31 13:14:07 + (Tue, 31 Jul 2007) New Revision: 24106 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24106 Log: Pass fnum instead of buf/offset into get_rpc_pipe_p Modified: branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c branches/SAMBA_3_2/source/smbd/pipes.c branches/SAMBA_3_2/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c === --- branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c 2007-07-31 12:32:01 UTC (rev 24105) +++ branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c 2007-07-31 13:14:07 UTC (rev 24106) @@ -1246,10 +1246,8 @@ Find an rpc pipe given a pipe handle in a buffer and an offset. / -smb_np_struct *get_rpc_pipe_p(const char *buf, int where) +smb_np_struct *get_rpc_pipe_p(uint16 pnum) { - int pnum = SVAL(buf,where); - if (chain_p) { return chain_p; } Modified: branches/SAMBA_3_2/source/smbd/pipes.c === --- branches/SAMBA_3_2/source/smbd/pipes.c 2007-07-31 12:32:01 UTC (rev 24105) +++ branches/SAMBA_3_2/source/smbd/pipes.c 2007-07-31 13:14:07 UTC (rev 24106) @@ -140,7 +140,7 @@ int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize) { - smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0); + smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv0)); uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv1); int nwritten; @@ -185,7 +185,7 @@ int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) { - smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2)); uint16 vuid = SVAL(inbuf,smb_uid); size_t numtowrite = SVAL(inbuf,smb_vwv10); int nwritten = -1; @@ -247,7 +247,7 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) { - smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2)); int smb_maxcnt = SVAL(inbuf,smb_vwv5); int smb_mincnt = SVAL(inbuf,smb_vwv6); int nread = -1; @@ -292,7 +292,7 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req) { - smb_np_struct *p = get_rpc_pipe_p((char *)req-inbuf,smb_vwv0); + smb_np_struct *p = get_rpc_pipe_p(SVAL(req-inbuf,smb_vwv0)); if (!p) { reply_doserror(req, ERRDOS, ERRbadfid); Modified: branches/SAMBA_3_2/source/smbd/trans2.c === --- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 12:32:01 UTC (rev 24105) +++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 13:14:07 UTC (rev 24106) @@ -3244,7 +3244,7 @@ return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } - p_pipe = get_rpc_pipe_p(params,0); + p_pipe = get_rpc_pipe_p(SVAL(params,0)); if (p_pipe == NULL) { return ERROR_NT(NT_STATUS_INVALID_HANDLE); }
svn commit: samba r24107 - in branches: SAMBA_3_0_25/source/utils SAMBA_3_2/source/utils SAMBA_3_2_0/source/utils
Author: vlendec Date: 2007-07-31 19:15:27 + (Tue, 31 Jul 2007) New Revision: 24107 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24107 Log: Fix bug 4849. Thanks to Matthijs Kooijman [EMAIL PROTECTED] Modified: branches/SAMBA_3_0_25/source/utils/net_ads.c branches/SAMBA_3_2/source/utils/net_ads.c branches/SAMBA_3_2_0/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0_25/source/utils/net_ads.c === --- branches/SAMBA_3_0_25/source/utils/net_ads.c2007-07-31 13:14:07 UTC (rev 24106) +++ branches/SAMBA_3_0_25/source/utils/net_ads.c2007-07-31 19:15:27 UTC (rev 24107) @@ -1720,7 +1720,7 @@ #endif if (argc 0) { - d_fprintf(stderr, net ads dns register name ip\n); + d_fprintf(stderr, net ads dns register\n); return -1; } Modified: branches/SAMBA_3_2/source/utils/net_ads.c === --- branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-31 13:14:07 UTC (rev 24106) +++ branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-31 19:15:27 UTC (rev 24107) @@ -1743,7 +1743,7 @@ #endif if (argc 0) { - d_fprintf(stderr, net ads dns register name ip\n); + d_fprintf(stderr, net ads dns register\n); return -1; } Modified: branches/SAMBA_3_2_0/source/utils/net_ads.c === --- branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-31 13:14:07 UTC (rev 24106) +++ branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-31 19:15:27 UTC (rev 24107) @@ -1743,7 +1743,7 @@ #endif if (argc 0) { - d_fprintf(stderr, net ads dns register name ip\n); + d_fprintf(stderr, net ads dns register\n); return -1; }
svn commit: samba r24109 - in branches/SAMBA_4_0/source/winbind: .
Author: kai Date: 2007-07-31 23:49:04 + (Tue, 31 Jul 2007) New Revision: 24109 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24109 Log: Add a wb_name2domain call Added: branches/SAMBA_4_0/source/winbind/wb_name2domain.c Modified: branches/SAMBA_4_0/source/winbind/config.mk Changeset: Modified: branches/SAMBA_4_0/source/winbind/config.mk === --- branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:43:59 UTC (rev 24108) +++ branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:49:04 UTC (rev 24109) @@ -15,6 +15,7 @@ wb_dom_info.o \ wb_dom_info_trusted.o \ wb_sid2domain.o \ + wb_name2domain.o \ wb_connect_lsa.o \ wb_connect_sam.o \ wb_cmd_lookupname.o \ Added: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:43:59 UTC (rev 24108) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:49:04 UTC (rev 24109) @@ -0,0 +1,131 @@ +/* + Unix SMB/CIFS implementation. + + Find and init a domain struct for a name + + Copyright (C) Kai Blin 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include libcli/composite/composite.h +#include winbind/wb_server.h +#include smbd/service_task.h +#include winbind/wb_helper.h + +struct name2domain_state { + struct composite_context *ctx; + struct wbsrv_service *service; + + struct wbsrv_domain *domain; +}; + +static void name2domain_recv_sid(struct composite_context *ctx); +static void name2domain_recv_domain(struct composite_context *ctx); + +struct composite_context *wb_name2domain_send(TALLOC_CTX *mem_ctx, + struct wbsrv_service *service, const char* name) +{ + struct composite_context *result, *ctx; + struct name2domain_state *state; + char *user_dom, *user_name; + + DEBUG(5, (wb_name2domain_send called\n)); + + result = composite_create(mem_ctx, service-task-event_ctx); + if (result == NULL) goto failed; + + state = talloc(result, struct name2domain_state); + if (state == NULL) goto failed; + state-ctx = result; + result-private_data = state; + state-service = service; + + if(!wb_samba3_split_username(state, name, user_dom, user_name)) + goto failed; + + ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); + if (ctx == NULL) goto failed; + + ctx-async.fn = name2domain_recv_sid; + ctx-async.private_data = state; + return result; + +failed: + talloc_free(result); + return NULL; +} + +static void name2domain_recv_sid(struct composite_context *ctx) +{ + struct name2domain_state *state = + talloc_get_type(ctx-async.private_data, + struct name2domain_state); + struct wb_sid_object *sid; + + DEBUG(1, (name2domain_recv_sid called\n)); + + state-ctx-status = wb_cmd_lookupname_recv(ctx, state, sid); + if(!composite_is_ok(state-ctx)) return; + + ctx = wb_sid2domain_send(state, state-service, sid-sid); + + composite_continue(state-ctx, ctx, name2domain_recv_domain, state); +} + +static void name2domain_recv_domain(struct composite_context *ctx) +{ + struct name2domain_state *state = + talloc_get_type(ctx-async.private_data, + struct name2domain_state); + struct wbsrv_domain *domain; + + DEBUG(1, (name2domain_recv_domain called\n)); + + state-ctx-status = wb_sid2domain_recv(ctx, domain); + if(!composite_is_ok(state-ctx)) return; + + state-domain = domain; + + composite_done(state-ctx); +} + +NTSTATUS wb_name2domain_recv(struct composite_context *ctx, + struct wbsrv_domain **result) +{ + NTSTATUS status = composite_wait(ctx); + + DEBUG(1, (wb_name2domain_recv called\n)); + + if (NT_STATUS_IS_OK(status)) { + struct name2domain_state *state = + talloc_get_type(ctx-private_data, + struct name2domain_state); + *result =
svn commit: samba r24108 - in branches/SAMBA_4_0/source/winbind: .
Author: kai Date: 2007-07-31 23:43:59 + (Tue, 31 Jul 2007) New Revision: 24108 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24108 Log: Split out samba3_parse_domuser to a seperate file and rename, so it can be used for a name2domain call. Added: branches/SAMBA_4_0/source/winbind/wb_utils.c Modified: branches/SAMBA_4_0/source/winbind/config.mk branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/config.mk === --- branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 19:15:27 UTC (rev 24107) +++ branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:43:59 UTC (rev 24108) @@ -41,7 +41,8 @@ [SUBSYSTEM::WB_HELPER] PRIVATE_PROTO_HEADER = wb_helper.h OBJ_FILES = \ - wb_async_helpers.o + wb_async_helpers.o \ + wb_utils.o PUBLIC_DEPENDENCIES = RPC_NDR_LSA dcerpc_samr # End SUBSYSTEM WB_HELPER Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c === --- branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2007-07-31 19:15:27 UTC (rev 24107) +++ branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2007-07-31 23:43:59 UTC (rev 24108) @@ -25,6 +25,7 @@ #include nsswitch/winbindd_nss.h #include winbind/wb_server.h #include winbind/wb_async_helpers.h +#include winbind/wb_helper.h #include libcli/composite/composite.h #include version.h #include librpc/gen_ndr/netlogon.h @@ -529,27 +530,6 @@ wbsrv_samba3_async_auth_epilogue(status, s3call); } -/* Helper function: Split a domain\\user string into it's parts, - * because the client supplies it as one string */ - -static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser, -char **domain, char **user) -{ - char *p = strchr(domuser, *lp_winbind_separator()); - - if (p == NULL) { - *domain = talloc_strdup(mem_ctx, lp_workgroup()); - } else { - *domain = talloc_strndup(mem_ctx, domuser, -PTR_DIFF(p, domuser)); - domuser = p+1; - } - - *user = talloc_strdup(mem_ctx, domuser); - - return ((*domain != NULL) (*user != NULL)); -} - /* Plaintext authentication This interface is used by ntlm_auth in it's 'basic' authentication @@ -566,7 +546,7 @@ s3call-wbconn-listen_socket-service; char *user, *domain; - if (!samba3_parse_domuser(s3call, + if (!wb_samba3_split_username(s3call, s3call-request.data.auth.user, domain, user)) { return NT_STATUS_NO_SUCH_USER; Added: branches/SAMBA_4_0/source/winbind/wb_utils.c === --- branches/SAMBA_4_0/source/winbind/wb_utils.c2007-07-31 19:15:27 UTC (rev 24107) +++ branches/SAMBA_4_0/source/winbind/wb_utils.c2007-07-31 23:43:59 UTC (rev 24108) @@ -0,0 +1,47 @@ +/* + Unix SMB/CIFS implementation. + + Utility functions that are not related with async operations. + + Copyright (C) Andrew Bartlett [EMAIL PROTECTED] 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h + + +/* Split a domain\\user string into it's parts, because the client supplies it + * as one string. + * TODO: We probably will need to handle other formats later. */ + +BOOL wb_samba3_split_username(TALLOC_CTX *mem_ctx, const char *domuser, +char **domain, char **user) +{ + char *p = strchr(domuser, *lp_winbind_separator()); + + if (p == NULL) { + *domain = talloc_strdup(mem_ctx, lp_workgroup()); + } else { + *domain = talloc_strndup(mem_ctx, domuser, +PTR_DIFF(p, domuser)); + domuser = p+1; + } + + *user = talloc_strdup(mem_ctx, domuser); + + return ((*domain != NULL) (*user != NULL)); +} + +
Build status as of Wed Aug 1 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-31 00:01:34.0 + +++ /home/build/master/cache/broken_results.txt 2007-08-01 00:03:28.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Jul 31 00:00:03 2007 +Build status as of Wed Aug 1 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ccache 32 8 0 ctdb 0 0 0 distcc 2 0 0 -ldb 30 4 0 +ldb 32 4 0 libreplace 31 10 0 lorikeet-heimdal 28 12 0 pidl 19 4 0 @@ -17,7 +17,7 @@ samba-docs 0 0 0 samba-gtk3 3 0 samba4 30 27 6 -samba_3_234 21 0 +samba_3_234 20 0 smb-build30 30 0 talloc 33 1 0 tdb 32 3 0
svn commit: samba r24110 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 00:38:53 + (Wed, 01 Aug 2007) New Revision: 24110 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24110 Log: I hate seeing callers manually filling in the composite context. Use the helper functions instead (and in kai's new code, which just copied the previous bad practice). Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c branches/SAMBA_4_0/source/winbind/wb_sid2domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:49:04 UTC (rev 24109) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 00:38:53 UTC (rev 24110) @@ -59,8 +59,7 @@ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); if (ctx == NULL) goto failed; - ctx-async.fn = name2domain_recv_sid; - ctx-async.private_data = state; + composite_continue(result, ctx, name2domain_recv_sid, ctx-async.private_data); return result; failed: Modified: branches/SAMBA_4_0/source/winbind/wb_sid2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-07-31 23:49:04 UTC (rev 24109) +++ branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 00:38:53 UTC (rev 24110) @@ -94,8 +94,8 @@ ctx = wb_cmd_lookupsid_send(state, service, state-sid); if (ctx == NULL) goto failed; - ctx-async.fn = sid2domain_recv_name; - ctx-async.private_data = state; + composite_continue(result, ctx, sid2domain_recv_name, ctx-async.private_data); + return result; failed:
svn commit: samba r24111 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 01:22:53 + (Wed, 01 Aug 2007) New Revision: 24111 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24111 Log: Untested code is broken code, untested code is broken code... Apologies for my previous commit, which should never have been commited untested. Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c branches/SAMBA_4_0/source/winbind/wb_sid2domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 00:38:53 UTC (rev 24110) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 01:22:53 UTC (rev 24111) @@ -59,7 +59,7 @@ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); if (ctx == NULL) goto failed; - composite_continue(result, ctx, name2domain_recv_sid, ctx-async.private_data); + composite_continue(result, ctx, name2domain_recv_sid, state); return result; failed: Modified: branches/SAMBA_4_0/source/winbind/wb_sid2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 00:38:53 UTC (rev 24110) +++ branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 01:22:53 UTC (rev 24111) @@ -94,7 +94,7 @@ ctx = wb_cmd_lookupsid_send(state, service, state-sid); if (ctx == NULL) goto failed; - composite_continue(result, ctx, sid2domain_recv_name, ctx-async.private_data); + composite_continue(result, ctx, sid2domain_recv_name, state); return result;
svn commit: samba r24112 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 04:05:06 + (Wed, 01 Aug 2007) New Revision: 24112 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24112 Log: Complete initialistion of the libnet_ctx when setting up the domain. We need to set the access_mask and the domain name, or else libnet will try to do this itself. This seems to fix the issues Kai was having. Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_init_domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_init_domain.c === --- branches/SAMBA_4_0/source/winbind/wb_init_domain.c 2007-08-01 01:22:53 UTC (rev 24111) +++ branches/SAMBA_4_0/source/winbind/wb_init_domain.c 2007-08-01 04:05:06 UTC (rev 24112) @@ -284,6 +284,8 @@ talloc_steal(state-domain-libnet_ctx, state-domain-libnet_ctx-lsa.pipe); talloc_steal(state-domain-libnet_ctx-lsa.pipe, state-domain-lsa_binding); + state-domain-libnet_ctx-lsa.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + state-domain-libnet_ctx-lsa.name = state-domain-info-name; ZERO_STRUCT(state-domain-libnet_ctx-lsa.handle); state-lsa_openpolicy.in.system_name = @@ -392,6 +394,8 @@ if (!composite_is_ok(state-ctx)) return; talloc_steal(state-domain-libnet_ctx-samr.pipe, state-domain-samr_binding); + state-domain-libnet_ctx-samr.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + state-domain-libnet_ctx-samr.name = state-domain-info-name; state-domain-ldap_conn = ldap4_new_connection(state-domain, state-ctx-event_ctx);