svn commit: samba-web r1274 - in trunk: .
Author: idra Date: 2009-03-14 17:45:44 + (Sat, 14 Mar 2009) New Revision: 1274 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1274 Log: Outage notification Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2009-03-12 14:44:50 UTC (rev 1273) +++ trunk/index.html2009-03-14 17:45:44 UTC (rev 1274) @@ -19,7 +19,15 @@ h2Current Release/h2 -h4a name=latest12 March 2009/a/h4 +h4a name=latest14 March 2009/a/h4 +p class=headlineScheduled Maintenance for some services/p + +pOur git repository, the wiki and bugzilla server will be down for +maintenance today between 12:30-22:00 GMT/p + +pwww.samba.org and other services will not be affected/p + +h412 March 2009/h4 p class=headlineSamba 3.3.2 Available for Download/p pThis is the latest stable release of the Samba 3.3 series/p
svn commit: samba-web r1275 - in trunk: .
Author: idra Date: 2009-03-14 17:56:28 + (Sat, 14 Mar 2009) New Revision: 1275 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1275 Log: Move Maintenance news on top, (not a release :-) Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2009-03-14 17:45:44 UTC (rev 1274) +++ trunk/index.html2009-03-14 17:56:28 UTC (rev 1275) @@ -14,12 +14,7 @@ a href=http://conservancy.softwarefreedom.org/;Software Freedom Conservancy/a./p -h2Latest News/h2 -!--#include virtual=/samba/news/headlines.html -- - -h2Current Release/h2 - -h4a name=latest14 March 2009/a/h4 +h414 March 2009/h4 p class=headlineScheduled Maintenance for some services/p pOur git repository, the wiki and bugzilla server will be down for @@ -27,7 +22,12 @@ pwww.samba.org and other services will not be affected/p -h412 March 2009/h4 +h2Latest News/h2 +!--#include virtual=/samba/news/headlines.html -- + +h2Current Release/h2 + +h4a name=latest12 March 2009/a/h4 p class=headlineSamba 3.3.2 Available for Download/p pThis is the latest stable release of the Samba 3.3 series/p
svn commit: samba-docs r1253 - in trunk/manpages-3: .
Author: idra Date: 2008-03-31 20:13:01 + (Mon, 31 Mar 2008) New Revision: 1253 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1253 Log: Better doc mount.cifs. Original commit msg from Jeff: This patch adds a section to the mount.cifs manpage to clarify how mount.cifs treats delimiters and when it autoconverts them from one type to another. It also has it state that the use of forward slash as a delimiter is preferred and why. Signed-off-by: Jeff Layton [EMAIL PROTECTED] Modified: trunk/manpages-3/mount.cifs.8.xml Changeset: Modified: trunk/manpages-3/mount.cifs.8.xml === --- trunk/manpages-3/mount.cifs.8.xml 2008-03-27 17:54:31 UTC (rev 1252) +++ trunk/manpages-3/mount.cifs.8.xml 2008-03-31 20:13:01 UTC (rev 1253) @@ -499,6 +499,17 @@ /refsect1 refsect1 + titleSERVICE FORMATTING AND DELIMITERS/title + + para + It's generally preferred to use forward slashes (/) as a delimiter in service names. They are considered to be the universal delimiter since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\) unconditionally. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can't be automatically converted in the same way. + /para + para + mount.cifs will attempt to convert backslashes to forward slashes where it's able to do so, but it cannot do so in any path component following the sharename. + /para +/refsect1 + +refsect1 titleENVIRONMENT VARIABLES/title para
svn commit: samba-web r1169 - in trunk/devel: .
Author: idra Date: 2008-01-10 18:38:14 + (Thu, 10 Jan 2008) New Revision: 1169 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1169 Log: We finally moved to git for all branches. Modified: trunk/devel/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2008-01-10 08:15:28 UTC (rev 1168) +++ trunk/devel/index.html 2008-01-10 18:38:14 UTC (rev 1169) @@ -13,9 +13,8 @@ h3General Overview/h3 pOn 4 April 2004, the Samba Team converted from CVS to Subversion for -maintaining the Samba source code, and we are now (fall 2007) switching to -Git. The 3.0.x and 3.2.x branches have been already migrated fully to Git and -Git is the authoritative repository for them. Samba4 will follow shortly. +maintaining the Samba source code, and on 10 January 2008 we completed the +switch to Git for all development barnches. With the transition to Git we also recovered in the main tree the CVS history. All older code is in the original Subversion and CVS trees; this would include 3.0.x and 2.2.x versions of Samba, which are no longer in active development. @@ -39,7 +38,7 @@ br / h3Samba Branches/h3 -pAreas of Samba development are listed below according to their branches within the Git and Subversion source tree. Plans for each release follow its listing, along with a sample check out command./p +pAreas of Samba development are listed below according to their branches within the Git source tree. Plans for each release follow its listing, along with a sample check out command./p h3GIT/h3 @@ -57,47 +56,32 @@ ul li h4emv3-2-test/em/h4 - pThis is the current development branch for 3.2.x development./p + pThis is the current branch for 3.2.x development./p /li li h4emv3-2-stable/em/h4 - pThis is the current development branch for 3.2.x production releases./p + pThis is the current branch for 3.2.x production releases./p /li li h4emv3-0-test/em/h4 - pThis is the current development branch for 3.0.x development. + pThis is the current branch for 3.0.x development. (critical bugfix and security fixes emonly/em)/p /li li h4emv3-0-stable/em/h4 - pThis is the current development branch for 3.0.x production releases./p + pThis is the current branch for 3.0.x production releases./p /li - /ul - -h3Subversion/h3 - -pExample checkout command:/p -pre -svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba4 -/pre - - ul -lih4emSAMBA_4_0/em/h4 -pThis is the research branch for Samba 4. - a href=/samba/ftp/samba4/Technical Previews/a of this code base are available - for download. Be aware that these snapshots are intended for testing purposes - only and not for use in production environments. For more information, see - the a href=/samba/devel/roadmap-4.0.htmlroad map document/a./p +li + h4emv4-0-test/em/h4 + pThis is the current branch for 4.x.x development./p /li - -lih4emSubversion TRUNK/em/h4 -pbNOTE:/b TRUNK is not use for development. See the news item - a href=http://news.samba.org/developers/svn_repo_reorganized/;SVN Repo - Reorganzied/a for more info./p +li + h4emv4-0-stable/em/h4 + pThis is the current branch for 4.x.x Alpha releases./p +/li +li /ul -pFurther information on anonymous subversion access is available on a href=/samba/subversion.htmlthe subversion page/a. Those interested in the old CVS tree can check out the the a href=/samba/cvs.htmlCVS page/a./p - br / h3TODO List/h3
svn commit: samba-web r1165 - in trunk/devel: .
Author: idra Date: 2007-12-23 18:14:18 + (Sun, 23 Dec 2007) New Revision: 1165 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1165 Log: Update information about development now that we fully use Git for 3.0.x/3.2.x Modified: trunk/devel/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2007-12-20 00:26:05 UTC (rev 1164) +++ trunk/devel/index.html 2007-12-23 18:14:18 UTC (rev 1165) @@ -12,7 +12,14 @@ h3General Overview/h3 -pAs of 4 April 2004, the Samba Team converted from CVS to Subversion for maintaining the Samba source code. All current development is done in a Subversion repository. All older code is in the original CVS tree; this would include 2.2.x versions of Samba, which are no longer in active development./p +pOn 4 April 2004, the Samba Team converted from CVS to Subversion for +maintaining the Samba source code, and we are now (fall 2007) switching to +Git. The 3.0.x and 3.2.x branches have been already migrated fully to Git and +Git is the authoritative repository for them. Samba4 will follow shortly. +With the transition to Git we also recovered in the main tree the CVS history. +All older code is in the original Subversion and CVS trees; this would include +3.0.x and 2.2.x versions of Samba, which are no longer in active development. +/p pThe latest production release is emSamba 3.0.28/em (a href=/samba/history/samba-3.0.28.htmlrelease notes/a and a @@ -27,47 +34,52 @@ pOngoing future research is being done for Samba 4.0 This work is concurrent with Samba 3.2 maintenance -and development. A a href=/samba/ftp/samba4/technology -preview release/a is available./p +and development. An a href=/samba/ftp/samba4/alpha release/a is available./p -pIn addition to the Subversion references also see Jerry's wiki article on -a href=http://wiki.samba.org/index.php/Using_Git_for_Samba_Development;Using -Git for Samba Development/a./p - br / h3Samba Branches/h3 -pAreas of Samba development are listed below according to their branches within the Subversion source tree. Plans for each release follow its listing, along with a sample check out command./p +pAreas of Samba development are listed below according to their branches within the Git and Subversion source tree. Plans for each release follow its listing, along with a sample check out command./p - ul -lih4emTRUNK/em/h4 -pbNOTE:/b TRUNK is no longer used for development. See the news item - a href=http://news.samba.org/developers/svn_repo_reorganized/;SVN Repo - Reorganzied/a for more info./p - /ul +h3GIT/h3 - ul -lih4emSAMBA_3_2/em/h4 -pThis is the current development branch for 3.2.x production releases./p -pExample checkout command:/p/li - /ul - +pExample checkout command for the main git repo:br +/p pre -svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_2 samba3 +git-clone git://git.samba.org/samba.git samba /pre +pSee Jerry's wiki article on +a href=http://wiki.samba.org/index.php/Using_Git_for_Samba_Development;Using +Git for Samba Development/a./p +pList of branches:/p + ul - lih4SAMBA_3_2_X/h4 - pBefore a release, a SAMBA_3_2_X branch is created, where X is the latest - release number (SAMBA_3_2_0, for example). This branch is used by - developers to check in stuff they want to see in the 3.2.x release./p - pExample checkout command (remember to substitute for current release):/p - /li +li + h4emv3-2-test/em/h4 + pThis is the current development branch for 3.2.x development./p +/li +li + h4emv3-2-stable/em/h4 + pThis is the current development branch for 3.2.x production releases./p +/li +li + h4emv3-0-test/em/h4 + pThis is the current development branch for 3.0.x development. + (critical bugfix and security fixes emonly/em)/p +/li +li + h4emv3-0-stable/em/h4 + pThis is the current development branch for 3.0.x production releases./p +/li /ul +h3Subversion/h3 + +pExample checkout command:/p pre -svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_2_0 samba_3.2.0 -/pre +svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba4 +/pre ul lih4emSAMBA_4_0/em/h4 @@ -76,13 +88,14 @@ for download. Be aware that these snapshots are intended for testing purposes only and not for use in production environments. For more information, see the a href=/samba/devel/roadmap-4.0.htmlroad map document/a./p -pExample checkout command:/p/li +/li + +lih4emSubversion TRUNK/em/h4 +pbNOTE:/b TRUNK is not use for development. See the news item + a href=http://news.samba.org/developers/svn_repo_reorganized/;SVN Repo + Reorganzied/a for more info./p /ul -pre -svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba4 -/pre
svn commit: samba r26574 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: idra Date: 2007-12-23 22:03:31 + (Sun, 23 Dec 2007) New Revision: 26574 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26574 Log: Do not call functions in the variable declaration, fix checking for tmp_ctx, and also makes code more readable and debuggable. Eliminate silly parenthesys. Simo. Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2007-12-23 21:27:58 UTC (rev 26573) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2007-12-23 22:03:31 UTC (rev 26574) @@ -961,16 +961,20 @@ */ static int ltdb_sequence_number(struct ldb_module *module, struct ldb_request *req) { - TALLOC_CTX *tmp_ctx = talloc_new(req); + TALLOC_CTX *tmp_ctx; struct ldb_message *msg = NULL; - struct ldb_dn *dn = ldb_dn_new(tmp_ctx, module-ldb, LTDB_BASEINFO); + struct ldb_dn *dn; + const char *date; int tret; + tmp_ctx = talloc_new(req); if (tmp_ctx == NULL) { talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } + dn = ldb_dn_new(tmp_ctx, module-ldb, LTDB_BASEINFO); + msg = talloc(tmp_ctx, struct ldb_message); if (msg == NULL) { talloc_free(tmp_ctx); @@ -996,8 +1000,7 @@ req-op.seq_num.seq_num++; break; case LDB_SEQ_HIGHEST_TIMESTAMP: - { - const char *date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL); + date = ldb_msg_find_attr_as_string(msg, LTDB_MOD_TIMESTAMP, NULL); if (date) { req-op.seq_num.seq_num = ldb_string_to_time(date); } else { @@ -1006,7 +1009,6 @@ } break; } - } talloc_free(tmp_ctx); return LDB_SUCCESS; }
svn commit: samba r26581 - in branches/SAMBA_4_0/source/lib/ldb/modules: .
Author: idra Date: 2007-12-24 01:38:37 + (Mon, 24 Dec 2007) New Revision: 26581 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26581 Log: Make ldb_wait uniform, so that it is easy to remove it completely from modules later on. Modified: branches/SAMBA_4_0/source/lib/ldb/modules/asq.c branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c branches/SAMBA_4_0/source/lib/ldb/modules/paged_searches.c branches/SAMBA_4_0/source/lib/ldb/modules/rdn_name.c branches/SAMBA_4_0/source/lib/ldb/modules/sort.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/modules/asq.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/asq.c 2007-12-24 01:28:22 UTC (rev 26580) +++ branches/SAMBA_4_0/source/lib/ldb/modules/asq.c 2007-12-24 01:38:37 UTC (rev 26581) @@ -429,27 +429,26 @@ return asq_search_continue(h); } -static int asq_wait_all(struct ldb_handle *handle) +static int asq_wait(struct ldb_handle *handle, enum ldb_wait_type type) { int ret; - while (handle-state != LDB_ASYNC_DONE) { - ret = asq_search_continue(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + if (!handle || !handle-private_data) { + return LDB_ERR_OPERATIONS_ERROR; } - return handle-status; -} - -static int asq_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ if (type == LDB_WAIT_ALL) { - return asq_wait_all(handle); - } else { - return asq_search_continue(handle); + while (handle-state != LDB_ASYNC_DONE) { + ret = asq_search_continue(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle-status; } + + return asq_search_continue(handle); } static int asq_init(struct ldb_module *module) Modified: branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c 2007-12-24 01:28:22 UTC (rev 26580) +++ branches/SAMBA_4_0/source/lib/ldb/modules/paged_results.c 2007-12-24 01:38:37 UTC (rev 26581) @@ -440,8 +440,7 @@ return ret; } -static int paged_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ +static int paged_wait_once(struct ldb_handle *handle) { struct paged_context *ac; int ret; @@ -471,28 +470,7 @@ return ret; } - if (type == LDB_WAIT_ALL) { - while (ac-store-req-handle-state != LDB_ASYNC_DONE) { - ret = ldb_wait(ac-store-req-handle, type); - if (ret != LDB_SUCCESS) { - handle-state = LDB_ASYNC_DONE; - handle-status = ret; - return ret; - } - } - - ret = paged_results(handle); - - /* we are done, if num_entries is zero free the storage -* as that mean we delivered the last batch */ - if (ac-store-num_entries == 0) { - talloc_free(ac-store); - } - - return ret; - } - - ret = ldb_wait(ac-store-req-handle, type); + ret = ldb_wait(ac-store-req-handle, LDB_WAIT_NONE); if (ret != LDB_SUCCESS) { handle-state = LDB_ASYNC_DONE; handle-status = ret; @@ -516,6 +494,28 @@ return ret; } +static int paged_wait(struct ldb_handle *handle, enum ldb_wait_type type) +{ + int ret; + + if (!handle || !handle-private_data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if (type == LDB_WAIT_ALL) { + while (handle-state != LDB_ASYNC_DONE) { + ret = paged_wait_once(handle); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return handle-status; + } + + return paged_wait_once(handle); +} + static int paged_request_init(struct ldb_module *module) { struct private_data *data; Modified: branches/SAMBA_4_0/source/lib/ldb/modules/paged_searches.c === --- branches/SAMBA_4_0/source/lib/ldb/modules/paged_searches.c 2007-12-24 01:28:22 UTC (rev 26580) +++ branches/SAMBA_4_0/source/lib/ldb/modules/paged_searches.c 2007-12-24 01:38:37 UTC (rev 26581) @@ -312,7 +312,7 @@ return ldb_next_request(handle-module, ac-new_req); } -static int ps_wait_none(struct ldb_handle *handle) +static int ps_wait_once(struct ldb_handle *handle) { struct ps_context *ac
svn commit: samba r25573 - in branches/SAMBA_3_2/source/winbindd: .
Author: idra Date: 2007-10-08 12:56:57 + (Mon, 08 Oct 2007) New Revision: 25573 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25573 Log: Add my (C) as well Modified: branches/SAMBA_3_2/source/winbindd/winbindd_idmap.c Changeset: Modified: branches/SAMBA_3_2/source/winbindd/winbindd_idmap.c === --- branches/SAMBA_3_2/source/winbindd/winbindd_idmap.c 2007-10-08 12:56:27 UTC (rev 25572) +++ branches/SAMBA_3_2/source/winbindd/winbindd_idmap.c 2007-10-08 12:56:57 UTC (rev 25573) @@ -5,6 +5,7 @@ Copyright (C) Volker Lendecke 2005 Copyright (C) Gerald Carter 2006 + Copyright (C) Simo Sorce 2007 The helpers always consist of three functions:
Re: [Samba] Samba vs Microsoft Logon Protocols
On Wed, Sep 26, 2007 at 10:29:09AM -0400, Server Gremlin wrote: Volker Lendecke wrote: On Wed, Sep 26, 2007 at 10:01:40AM -0400, Server Gremlin wrote: If my mapping of the notes in the smb.conf man page to the Microsoft jargon is incorrect, then could someone please provide me with a correct one? In particular, I am most curious to know if I am right about NT1 being the same thing as NTLMv1. If it is, then what is NTLMv2? The full story can be found on http://davenport.sourceforge.net/ntlm.html. But beware, this is not a particularly easy read :-) Volker Bring the pain!!! Thanks, love it. That looks like a wealth of great information if I can manage to grasp it. I'd still like a simple answer to Is NT1 going to make my Samba server use NTLMv1, NTLMv2, or what? if anyone knows. The SMB protocol dialects and the authentication protocols are somewhat orthogonal. The mapping you are trying to make simply does not make sense. Simo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r25127 - in branches: SAMBA_3_2/examples/LDAP SAMBA_3_2_0/examples/LDAP
Author: idra Date: 2007-09-13 12:51:00 + (Thu, 13 Sep 2007) New Revision: 25127 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25127 Log: Add ol-schema-migrate.pl to the repo. This script is useful for migrating OpenLDAP schema files to FDS/RHDS lidf schema files. License kindly updated to GPLv3+ at our request. Simo. Added: branches/SAMBA_3_2/examples/LDAP/ol-schema-migrate.pl branches/SAMBA_3_2_0/examples/LDAP/ol-schema-migrate.pl Modified: branches/SAMBA_3_2/examples/LDAP/README branches/SAMBA_3_2_0/examples/LDAP/README Changeset: Sorry, the patch is too large (915 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25127
svn commit: samba r25132 - in branches/SAMBA_3_0_MAINT/packaging/Debian/debian-sarge/patches: .
Author: idra Date: 2007-09-13 15:10:36 + (Thu, 13 Sep 2007) New Revision: 25132 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25132 Log: Unneeded patch Removed: branches/SAMBA_3_0_MAINT/packaging/Debian/debian-sarge/patches/py_smb.patch Changeset: Deleted: branches/SAMBA_3_0_MAINT/packaging/Debian/debian-sarge/patches/py_smb.patch === --- branches/SAMBA_3_0_MAINT/packaging/Debian/debian-sarge/patches/py_smb.patch 2007-09-13 14:42:25 UTC (rev 25131) +++ branches/SAMBA_3_0_MAINT/packaging/Debian/debian-sarge/patches/py_smb.patch 2007-09-13 15:10:36 UTC (rev 25132) @@ -1,11 +0,0 @@ samba-3.0.25c.orig/source/python/py_smb.c 2007-09-03 15:34:13.0 + -+++ samba-3.0.25c/source/python/py_smb.c 2007-09-03 15:34:31.0 + -@@ -48,7 +48,7 @@ - - ZERO_STRUCT(ip); - -- if (!cli_connect(cli, server, ip)) -+ if (!NT_STATUS_IS_OK(cli_connect(cli, server, ip))) - return NULL; - - return new_cli_state_object(cli);
svn commit: samba r25107 - in branches: SAMBA_3_0_MAINT/source/nsswitch SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: idra Date: 2007-09-11 23:04:14 + (Tue, 11 Sep 2007) New Revision: 25107 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25107 Log: Fix const warning caused by the way I reformatted this Modified: branches/SAMBA_3_0_MAINT/source/nsswitch/idmap.c branches/SAMBA_3_2/source/nsswitch/idmap.c branches/SAMBA_3_2_0/source/nsswitch/idmap.c Changeset: Modified: branches/SAMBA_3_0_MAINT/source/nsswitch/idmap.c === --- branches/SAMBA_3_0_MAINT/source/nsswitch/idmap.c2007-09-11 22:49:11 UTC (rev 25106) +++ branches/SAMBA_3_0_MAINT/source/nsswitch/idmap.c2007-09-11 23:04:14 UTC (rev 25107) @@ -422,9 +422,10 @@ if (compat) { parm_backend = talloc_strdup(idmap_ctx, compat_backend); } else { - char *backend = lp_parm_const_string(-1, config_option, -backend, tdb); - parm_backend = talloc_strdup(idmap_ctx, backend); + parm_backend = talloc_strdup(idmap_ctx, +lp_parm_const_string( + -1, config_option, + backend, tdb)); } IDMAP_CHECK_ALLOC(parm_backend); Modified: branches/SAMBA_3_2/source/nsswitch/idmap.c === --- branches/SAMBA_3_2/source/nsswitch/idmap.c 2007-09-11 22:49:11 UTC (rev 25106) +++ branches/SAMBA_3_2/source/nsswitch/idmap.c 2007-09-11 23:04:14 UTC (rev 25107) @@ -431,9 +431,10 @@ if (compat) { parm_backend = talloc_strdup(idmap_ctx, compat_backend); } else { - char *backend = lp_parm_const_string(-1, config_option, -backend, tdb); - parm_backend = talloc_strdup(idmap_ctx, backend); + parm_backend = talloc_strdup(idmap_ctx, +lp_parm_const_string( + -1, config_option, + backend, tdb)); } IDMAP_CHECK_ALLOC(parm_backend); Modified: branches/SAMBA_3_2_0/source/nsswitch/idmap.c === --- branches/SAMBA_3_2_0/source/nsswitch/idmap.c2007-09-11 22:49:11 UTC (rev 25106) +++ branches/SAMBA_3_2_0/source/nsswitch/idmap.c2007-09-11 23:04:14 UTC (rev 25107) @@ -431,9 +431,10 @@ if (compat) { parm_backend = talloc_strdup(idmap_ctx, compat_backend); } else { - char *backend = lp_parm_const_string(-1, config_option, -backend, tdb); - parm_backend = talloc_strdup(idmap_ctx, backend); + parm_backend = talloc_strdup(idmap_ctx, +lp_parm_const_string( + -1, config_option, + backend, tdb)); } IDMAP_CHECK_ALLOC(parm_backend);
svn commit: samba r25057 - in branches: SAMBA_3_2/examples/LDAP SAMBA_3_2_0/examples/LDAP
Author: idra Date: 2007-09-10 15:14:39 + (Mon, 10 Sep 2007) New Revision: 25057 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25057 Log: Add a schema file ready to be used in Fedora/RedHat Directory Server Added: branches/SAMBA_3_2/examples/LDAP/samba-schema-FDS.ldif branches/SAMBA_3_2_0/examples/LDAP/samba-schema-FDS.ldif Changeset: Added: branches/SAMBA_3_2/examples/LDAP/samba-schema-FDS.ldif === --- branches/SAMBA_3_2/examples/LDAP/samba-schema-FDS.ldif 2007-09-10 15:06:05 UTC (rev 25056) +++ branches/SAMBA_3_2/examples/LDAP/samba-schema-FDS.ldif 2007-09-10 15:14:39 UTC (rev 25057) @@ -0,0 +1,156 @@ +## schema file for Fedora/RedHat Directory Server +## +## NOTE: this file can be copied as 60samba.ldif into your instance schema +## directory: +## cp samba-schema-FDS.ldif /etc/dirsrv/slapd-instance-name/schema/60schema.ldif +## +## Schema for storing Samba user accounts and group maps in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas - uid (cosine.schema) +## - displayName (inetorgperson.schema) +## - gidNumber (nis.schema) +## +## 1.3.6.1.4.1.7165.2.1.x - attributeTypess +## 1.3.6.1.4.1.7165.2.2.x - objectClasseses +## +## Printer support +## 1.3.6.1.4.1.7165.2.3.1.x - attributeTypess +## 1.3.6.1.4.1.7165.2.3.2.x - objectClasseses +## +## Samba4 +## 1.3.6.1.4.1.7165.4.1.x - attributeTypess +## 1.3.6.1.4.1.7165.4.2.x - objectClasseses +## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls +## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations +## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track +## +dn: cn=schema +## +### +##Attributes used by Samba 3.0 schema## +### +## +## Password hashes## +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +## +## Account flags in string format ([UWDX ]) +## +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) +## +## Password timestamps policies +## +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) +## +## string settings +## +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME
svn commit: samba r25058 - in branches/SAMBA_3_0_25/source/nsswitch: .
Author: idra Date: 2007-09-10 16:20:41 + (Mon, 10 Sep 2007) New Revision: 25058 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25058 Log: Fix #4772 the idmap ldap suffix was evaluated in the wrong order resulting in the code giving precedence to the old global prameter instead of the one specified for the specific idmap domain configuration. Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-09-10 15:14:39 UTC (rev 25057) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-09-10 16:20:41 UTC (rev 25058) @@ -287,16 +287,9 @@ } CHECK_ALLOC_DONE( idmap_alloc_ldap-url ); - tmp = lp_ldap_idmap_suffix(); + tmp = lp_parm_const_string(-1, idmap alloc config, ldap_base_dn, NULL); if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, idmap alloc config, ldap_base_dn, NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, (WARNING: Trying to use the global ldap suffix(%s)\n, tmp)); - DEBUGADD(1, (as suffix. This may not be what you want!\n)); - } + tmp = lp_ldap_idmap_suffix(); if ( ! tmp) { DEBUG(1, (ERROR: missing idmap ldap suffix\n)); ret = NT_STATUS_UNSUCCESSFUL; @@ -780,21 +773,16 @@ } CHECK_ALLOC_DONE(ctx-url); - tmp = lp_ldap_idmap_suffix(); - if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, config_option, ldap_base_dn, NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, (WARNING: Trying to use the global ldap suffix(%s)\n, tmp)); - DEBUGADD(1, (as suffix. This may not be what you want!\n)); - } else { - DEBUG(1, (ERROR: missing idmap ldap suffix\n)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } +tmp = lp_parm_const_string(-1, config_option, ldap_base_dn, NULL); +if ( ! tmp || ! *tmp) { +tmp = lp_ldap_idmap_suffix(); +if ( ! tmp) { +DEBUG(1, (ERROR: missing idmap ldap suffix\n)); +ret = NT_STATUS_UNSUCCESSFUL; +goto done; + } +} + ctx-suffix = talloc_strdup(ctx, tmp); CHECK_ALLOC_DONE(ctx-suffix);
svn commit: samba r25059 - in branches: SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: idra Date: 2007-09-10 16:21:55 + (Mon, 10 Sep 2007) New Revision: 25059 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25059 Log: Apply to 3.2 as well Modified: branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c 2007-09-10 16:20:41 UTC (rev 25058) +++ branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c 2007-09-10 16:21:55 UTC (rev 25059) @@ -287,16 +287,9 @@ } CHECK_ALLOC_DONE( idmap_alloc_ldap-url ); - tmp = lp_ldap_idmap_suffix(); + tmp = lp_parm_const_string(-1, idmap alloc config, ldap_base_dn, NULL); if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, idmap alloc config, ldap_base_dn, NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, (WARNING: Trying to use the global ldap suffix(%s)\n, tmp)); - DEBUGADD(1, (as suffix. This may not be what you want!\n)); - } + tmp = lp_ldap_idmap_suffix(); if ( ! tmp) { DEBUG(1, (ERROR: missing idmap ldap suffix\n)); ret = NT_STATUS_UNSUCCESSFUL; @@ -781,21 +774,16 @@ } CHECK_ALLOC_DONE(ctx-url); - tmp = lp_ldap_idmap_suffix(); - if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, config_option, ldap_base_dn, NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, (WARNING: Trying to use the global ldap suffix(%s)\n, tmp)); - DEBUGADD(1, (as suffix. This may not be what you want!\n)); - } else { - DEBUG(1, (ERROR: missing idmap ldap suffix\n)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } +tmp = lp_parm_const_string(-1, config_option, ldap_base_dn, NULL); +if ( ! tmp || ! *tmp) { +tmp = lp_ldap_idmap_suffix(); +if ( ! tmp) { +DEBUG(1, (ERROR: missing idmap ldap suffix\n)); +ret = NT_STATUS_UNSUCCESSFUL; +goto done; + } +} + ctx-suffix = talloc_strdup(ctx, tmp); CHECK_ALLOC_DONE(ctx-suffix); Modified: branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c 2007-09-10 16:20:41 UTC (rev 25058) +++ branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c 2007-09-10 16:21:55 UTC (rev 25059) @@ -287,16 +287,9 @@ } CHECK_ALLOC_DONE( idmap_alloc_ldap-url ); - tmp = lp_ldap_idmap_suffix(); + tmp = lp_parm_const_string(-1, idmap alloc config, ldap_base_dn, NULL); if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, idmap alloc config, ldap_base_dn, NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, (WARNING: Trying to use the global ldap suffix(%s)\n, tmp)); - DEBUGADD(1, (as suffix. This may not be what you want!\n)); - } + tmp = lp_ldap_idmap_suffix(); if ( ! tmp) { DEBUG(1, (ERROR: missing idmap ldap suffix\n)); ret = NT_STATUS_UNSUCCESSFUL; @@ -781,21 +774,16 @@ } CHECK_ALLOC_DONE(ctx-url); - tmp = lp_ldap_idmap_suffix(); - if ( ! tmp || ! *tmp) { - tmp = lp_parm_const_string(-1, config_option, ldap_base_dn, NULL); - } - if ( ! tmp) { - tmp = lp_ldap_suffix(); - if (tmp) { - DEBUG(1, (WARNING: Trying to use the global ldap suffix(%s)\n, tmp)); - DEBUGADD(1, (as suffix. This may not be what you want!\n)); - } else { - DEBUG(1, (ERROR: missing idmap ldap suffix\n)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } +tmp = lp_parm_const_string(-1, config_option, ldap_base_dn, NULL); +if ( ! tmp || ! *tmp) { +tmp = lp_ldap_idmap_suffix(); +if ( ! tmp) { +DEBUG(1, (ERROR: missing idmap ldap suffix\n)); +ret = NT_STATUS_UNSUCCESSFUL; +goto done; + } +} + ctx-suffix = talloc_strdup(ctx, tmp); CHECK_ALLOC_DONE(ctx-suffix);
svn commit: samba r25060 - in branches: SAMBA_3_0_25/source/nsswitch SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: idra Date: 2007-09-10 16:56:51 + (Mon, 10 Sep 2007) New Revision: 25060 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25060 Log: Fix formatting, remove trailing spaces and cut lines longer than 80 chars Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_2/source/nsswitch/idmap.c branches/SAMBA_3_2_0/source/nsswitch/idmap.c Changeset: Sorry, the patch is too large (3062 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25060
svn commit: samba r25062 - in branches: SAMBA_3_0_25/source/nsswitch SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: idra Date: 2007-09-10 19:04:57 + (Mon, 10 Sep 2007) New Revision: 25062 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25062 Log: Reformat, remove trailing spaces and fit lines into 80 columns Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c Changeset: Sorry, the patch is too large (3094 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25062
svn commit: samba r25063 - in branches: SAMBA_3_0_25/source/nsswitch SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: idra Date: 2007-09-10 19:14:22 + (Mon, 10 Sep 2007) New Revision: 25063 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25063 Log: Fix segfault in smbldp_set_creds when we want to use anonymous, the code was not passing in the anon flag correctly and was passing NULL pointers. Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-09-10 19:04:57 UTC (rev 25062) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-09-10 19:14:22 UTC (rev 25063) @@ -78,6 +78,7 @@ char *secret = NULL; const char *tmp = NULL; char *user_dn = NULL; + bool anon = false; /* assume anonymous if we don't have a specified user */ @@ -106,7 +107,7 @@ if (!fetch_ldap_pw(user_dn, secret)) { DEBUG(2, (get_credentials: Failed to lookup ldap bind creds. Using anonymous connection.\n)); - *dn = talloc_strdup(mem_ctx, ); + anon = true; } else { *dn = talloc_strdup(mem_ctx, user_dn); SAFE_FREE( user_dn ); @@ -114,10 +115,10 @@ } } - smbldap_set_creds(ldap_state, false, *dn, secret); + smbldap_set_creds(ldap_state, anon, *dn, secret); ret = NT_STATUS_OK; - done: +done: SAFE_FREE(secret); return ret; Modified: branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c 2007-09-10 19:04:57 UTC (rev 25062) +++ branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c 2007-09-10 19:14:22 UTC (rev 25063) @@ -78,6 +78,7 @@ char *secret = NULL; const char *tmp = NULL; char *user_dn = NULL; + bool anon = false; /* assume anonymous if we don't have a specified user */ @@ -106,7 +107,7 @@ if (!fetch_ldap_pw(user_dn, secret)) { DEBUG(2, (get_credentials: Failed to lookup ldap bind creds. Using anonymous connection.\n)); - *dn = talloc_strdup(mem_ctx, ); + anon = true; } else { *dn = talloc_strdup(mem_ctx, user_dn); SAFE_FREE( user_dn ); @@ -114,10 +115,10 @@ } } - smbldap_set_creds(ldap_state, false, *dn, secret); + smbldap_set_creds(ldap_state, anon, *dn, secret); ret = NT_STATUS_OK; - done: +done: SAFE_FREE(secret); return ret; Modified: branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c 2007-09-10 19:04:57 UTC (rev 25062) +++ branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c 2007-09-10 19:14:22 UTC (rev 25063) @@ -78,6 +78,7 @@ char *secret = NULL; const char *tmp = NULL; char *user_dn = NULL; + bool anon = false; /* assume anonymous if we don't have a specified user */ @@ -106,7 +107,7 @@ if (!fetch_ldap_pw(user_dn, secret)) { DEBUG(2, (get_credentials: Failed to lookup ldap bind creds. Using anonymous connection.\n)); - *dn = talloc_strdup(mem_ctx, ); + anon = true; } else { *dn = talloc_strdup(mem_ctx, user_dn); SAFE_FREE( user_dn ); @@ -114,10 +115,10 @@ } } - smbldap_set_creds(ldap_state, false, *dn, secret); + smbldap_set_creds(ldap_state, anon, *dn, secret); ret = NT_STATUS_OK; - done: +done: SAFE_FREE(secret); return ret;
svn commit: samba r25064 - in branches: SAMBA_3_0_25/source/nsswitch SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch
Author: idra Date: 2007-09-10 19:19:59 + (Mon, 10 Sep 2007) New Revision: 25064 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25064 Log: We use BOOL/True/False not bool/true/false Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-09-10 19:14:22 UTC (rev 25063) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-09-10 19:19:59 UTC (rev 25064) @@ -78,7 +78,7 @@ char *secret = NULL; const char *tmp = NULL; char *user_dn = NULL; - bool anon = false; + BOOL anon = False; /* assume anonymous if we don't have a specified user */ @@ -87,10 +87,10 @@ if ( tmp ) { if (!dom) { /* only the alloc backend can pass in a NULL dom */ - secret = idmap_fetch_secret(ldap, true, + secret = idmap_fetch_secret(ldap, True, NULL, tmp); } else { - secret = idmap_fetch_secret(ldap, false, + secret = idmap_fetch_secret(ldap, False, dom-name, tmp); } @@ -107,7 +107,7 @@ if (!fetch_ldap_pw(user_dn, secret)) { DEBUG(2, (get_credentials: Failed to lookup ldap bind creds. Using anonymous connection.\n)); - anon = true; + anon = True; } else { *dn = talloc_strdup(mem_ctx, user_dn); SAFE_FREE( user_dn ); Modified: branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c 2007-09-10 19:14:22 UTC (rev 25063) +++ branches/SAMBA_3_2/source/nsswitch/idmap_ldap.c 2007-09-10 19:19:59 UTC (rev 25064) @@ -78,7 +78,7 @@ char *secret = NULL; const char *tmp = NULL; char *user_dn = NULL; - bool anon = false; + BOOL anon = False; /* assume anonymous if we don't have a specified user */ @@ -87,10 +87,10 @@ if ( tmp ) { if (!dom) { /* only the alloc backend can pass in a NULL dom */ - secret = idmap_fetch_secret(ldap, true, + secret = idmap_fetch_secret(ldap, True, NULL, tmp); } else { - secret = idmap_fetch_secret(ldap, false, + secret = idmap_fetch_secret(ldap, False, dom-name, tmp); } @@ -107,7 +107,7 @@ if (!fetch_ldap_pw(user_dn, secret)) { DEBUG(2, (get_credentials: Failed to lookup ldap bind creds. Using anonymous connection.\n)); - anon = true; + anon = True; } else { *dn = talloc_strdup(mem_ctx, user_dn); SAFE_FREE( user_dn ); Modified: branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c 2007-09-10 19:14:22 UTC (rev 25063) +++ branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c 2007-09-10 19:19:59 UTC (rev 25064) @@ -78,7 +78,7 @@ char *secret = NULL; const char *tmp = NULL; char *user_dn = NULL; - bool anon = false; + BOOL anon = False; /* assume anonymous if we don't have a specified user */ @@ -87,10 +87,10 @@ if ( tmp ) { if (!dom) { /* only the alloc backend can pass in a NULL dom */ - secret = idmap_fetch_secret(ldap, true, + secret = idmap_fetch_secret(ldap, True, NULL, tmp); } else { - secret = idmap_fetch_secret(ldap, false, + secret = idmap_fetch_secret(ldap, False, dom-name, tmp); } @@ -107,7 +107,7 @@ if (!fetch_ldap_pw(user_dn, secret)) { DEBUG(2, (get_credentials: Failed to lookup ldap bind creds. Using anonymous connection.\n)); - anon = true; + anon = True; } else
svn commit: samba r24963 - in branches/SAMBA_3_0_25/source/smbd: .
Author: idra Date: 2007-09-05 12:40:15 + (Wed, 05 Sep 2007) New Revision: 24963 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24963 Log: Older patch that I forgot to commit Actually prevent machine from changing the password if we are configured so Modified: branches/SAMBA_3_0_25/source/smbd/chgpasswd.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/chgpasswd.c === --- branches/SAMBA_3_0_25/source/smbd/chgpasswd.c 2007-09-05 09:44:05 UTC (rev 24962) +++ branches/SAMBA_3_0_25/source/smbd/chgpasswd.c 2007-09-05 12:40:15 UTC (rev 24963) @@ -1019,6 +1019,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, BOOL as_root, uint32 *samr_reject_reason) { uint32 min_len; + uint32 refuse; struct passwd *pass = NULL; const char *username = pdb_get_username(hnd); time_t can_change_time = pdb_get_pass_can_change_time(hnd); @@ -1036,6 +1037,21 @@ return NT_STATUS_ACCOUNT_RESTRICTION; } + /* check to see if it is a Machine account and if the policy +* denies machines to change the password. * +* Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */ + if (pdb_get_acct_ctrl(hnd) ACB_WSTRUST) { + if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, refuse) refuse) { + DEBUG(1, (Machine %s cannot change password now, + denied by Refuse Machine Password Change policy\n, + username)); + if (samr_reject_reason) { + *samr_reject_reason = REJECT_REASON_OTHER; + } + return NT_STATUS_ACCOUNT_RESTRICTION; + } + } + /* removed calculation here, becuase passdb now calculates based on policy. jmcd */ if ((can_change_time != 0) (time(NULL) can_change_time)) {
svn commit: samba r24964 - in branches/SAMBA_3_0_25/source/smbd: .
Author: idra Date: 2007-09-05 12:41:13 + (Wed, 05 Sep 2007) New Revision: 24964 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24964 Log: ports cant be greater then 65535, ignore anything above Modified: branches/SAMBA_3_0_25/source/smbd/server.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/server.c === --- branches/SAMBA_3_0_25/source/smbd/server.c 2007-09-05 12:40:15 UTC (rev 24963) +++ branches/SAMBA_3_0_25/source/smbd/server.c 2007-09-05 12:41:13 UTC (rev 24964) @@ -363,7 +363,7 @@ for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) { + if (port == 0 || port 0x) { continue; } s = fd_listenset[num_sockets] = open_socket_in(SOCK_STREAM, port, 0, ifip-s_addr, True); @@ -403,7 +403,7 @@ for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) continue; + if (port == 0 || port 0x) continue; /* open an incoming socket */ s = open_socket_in(SOCK_STREAM, port, 0, interpret_addr(lp_socket_address()),True);
svn commit: samba r24965 - in branches/SAMBA_3_0_25/source: include libsmb
Author: idra Date: 2007-09-05 12:43:39 + (Wed, 05 Sep 2007) New Revision: 24965 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24965 Log: open is a macro in newest glibc in rawhide this patch let samba compile again Modified: branches/SAMBA_3_0_25/source/include/vfs_macros.h branches/SAMBA_3_0_25/source/libsmb/libsmb_compat.c branches/SAMBA_3_0_25/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_0_25/source/include/vfs_macros.h === --- branches/SAMBA_3_0_25/source/include/vfs_macros.h 2007-09-05 12:41:13 UTC (rev 24964) +++ branches/SAMBA_3_0_25/source/include/vfs_macros.h 2007-09-05 12:43:39 UTC (rev 24965) @@ -47,7 +47,7 @@ #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)-vfs.ops.closedir((conn)-vfs.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)-vfs.ops.open((conn)-vfs.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)-vfs.ops.open)((conn)-vfs.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_CLOSE(fsp, fd) ((fsp)-conn-vfs.ops.close_fn((fsp)-conn-vfs.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_READ(fsp, fd, data, n) ((fsp)-conn-vfs.ops.read((fsp)-conn-vfs.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)-conn-vfs.ops.pread((fsp)-conn-vfs.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -163,7 +163,7 @@ #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)-vfs_opaque.ops.closedir((conn)-vfs_opaque.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)-vfs_opaque.ops.open((conn)-vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)-vfs_opaque.ops.open)((conn)-vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)-conn-vfs_opaque.ops.close_fn((fsp)-conn-vfs_opaque.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)-conn-vfs_opaque.ops.read((fsp)-conn-vfs_opaque.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)-conn-vfs_opaque.ops.pread((fsp)-conn-vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -280,7 +280,7 @@ #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)-vfs_next.ops.closedir((handle)-vfs_next.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)-vfs_next.ops.open((handle)-vfs_next.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)-vfs_next.ops.open)((handle)-vfs_next.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)-vfs_next.ops.close_fn((handle)-vfs_next.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)-vfs_next.ops.read((handle)-vfs_next.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)-vfs_next.ops.pread((handle)-vfs_next.handles.pread, (fsp), (fd), (data), (n), (off))) Modified: branches/SAMBA_3_0_25/source/libsmb/libsmb_compat.c === --- branches/SAMBA_3_0_25/source/libsmb/libsmb_compat.c 2007-09-05 12:41:13 UTC (rev 24964) +++ branches/SAMBA_3_0_25/source/libsmb/libsmb_compat.c 2007-09-05 12:43:39 UTC (rev 24965) @@ -157,7 +157,7 @@ SMBCFILE * file; int fd; - file = statcont-open(statcont, furl, flags, mode); + file = (statcont-open)(statcont, furl, flags, mode); if (!file) return -1; Modified: branches/SAMBA_3_0_25/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_0_25/source/libsmb/libsmbclient.c 2007-09-05 12:41:13 UTC (rev 24964) +++ branches/SAMBA_3_0_25/source/libsmb/libsmbclient.c 2007-09-05 12:43:39 UTC (rev 24965) @@ -5980,7 +5980,7 @@ /* What if the path is empty, or the file exists? */ -return context-open(context, fname, O_WRONLY, 666); +return (context-open)(context, fname, O_WRONLY, 666); } @@ -6021,7 +6021,7 @@ /* Try to open the file for reading ... */ -if ((long)(fid1 = c_file-open(c_file, fname, O_RDONLY, 0666)) 0) { +if ((long)(fid1 = (c_file-open)(c_file, fname, O_RDONLY, 0666)) 0) { DEBUG(3, (Error, fname=%s, errno=%i\n, fname, errno)); return -1; /* smbc_open sets errno */
svn commit: samba r24966 - in branches/SAMBA_3_0_25/source/smbd: .
Author: idra Date: 2007-09-05 12:52:40 + (Wed, 05 Sep 2007) New Revision: 24966 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24966 Log: Revert, wrong branch Modified: branches/SAMBA_3_0_25/source/smbd/chgpasswd.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/chgpasswd.c === --- branches/SAMBA_3_0_25/source/smbd/chgpasswd.c 2007-09-05 12:43:39 UTC (rev 24965) +++ branches/SAMBA_3_0_25/source/smbd/chgpasswd.c 2007-09-05 12:52:40 UTC (rev 24966) @@ -1019,7 +1019,6 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, BOOL as_root, uint32 *samr_reject_reason) { uint32 min_len; - uint32 refuse; struct passwd *pass = NULL; const char *username = pdb_get_username(hnd); time_t can_change_time = pdb_get_pass_can_change_time(hnd); @@ -1037,21 +1036,6 @@ return NT_STATUS_ACCOUNT_RESTRICTION; } - /* check to see if it is a Machine account and if the policy -* denies machines to change the password. * -* Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */ - if (pdb_get_acct_ctrl(hnd) ACB_WSTRUST) { - if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, refuse) refuse) { - DEBUG(1, (Machine %s cannot change password now, - denied by Refuse Machine Password Change policy\n, - username)); - if (samr_reject_reason) { - *samr_reject_reason = REJECT_REASON_OTHER; - } - return NT_STATUS_ACCOUNT_RESTRICTION; - } - } - /* removed calculation here, becuase passdb now calculates based on policy. jmcd */ if ((can_change_time != 0) (time(NULL) can_change_time)) {
svn commit: samba r24967 - in branches/SAMBA_3_0_25/packaging/Debian: .
Author: idra Date: 2007-09-05 12:53:04 + (Wed, 05 Sep 2007) New Revision: 24967 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24967 Log: Add note about Debian packaging Modified: branches/SAMBA_3_0_25/packaging/Debian/README Changeset: Modified: branches/SAMBA_3_0_25/packaging/Debian/README === --- branches/SAMBA_3_0_25/packaging/Debian/README 2007-09-05 12:52:40 UTC (rev 24966) +++ branches/SAMBA_3_0_25/packaging/Debian/README 2007-09-05 12:53:04 UTC (rev 24967) @@ -1,3 +1,6 @@ +NOTE: the debian-unstable and debian-woody are not updated anymore, +they are left only as a reference for now. --SSS + Building Samba Packages for Debian GNU/Linux
svn commit: samba r24968 - in branches/SAMBA_3_2_0/source: include libsmb
Author: idra Date: 2007-09-05 12:53:38 + (Wed, 05 Sep 2007) New Revision: 24968 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24968 Log: Fwd port open patch Modified: branches/SAMBA_3_2_0/source/include/vfs_macros.h branches/SAMBA_3_2_0/source/libsmb/libsmb_compat.c branches/SAMBA_3_2_0/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_2_0/source/include/vfs_macros.h === --- branches/SAMBA_3_2_0/source/include/vfs_macros.h2007-09-05 12:53:04 UTC (rev 24967) +++ branches/SAMBA_3_2_0/source/include/vfs_macros.h2007-09-05 12:53:38 UTC (rev 24968) @@ -46,7 +46,7 @@ #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)-vfs.ops.closedir((conn)-vfs.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)-vfs.ops.open((conn)-vfs.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)-vfs.ops.open)((conn)-vfs.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_CLOSE(fsp, fd) ((fsp)-conn-vfs.ops.close_fn((fsp)-conn-vfs.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_READ(fsp, fd, data, n) ((fsp)-conn-vfs.ops.read((fsp)-conn-vfs.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)-conn-vfs.ops.pread((fsp)-conn-vfs.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -164,7 +164,7 @@ #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)-vfs_opaque.ops.closedir((conn)-vfs_opaque.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)-vfs_opaque.ops.open((conn)-vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)-vfs_opaque.ops.open)((conn)-vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)-conn-vfs_opaque.ops.close_fn((fsp)-conn-vfs_opaque.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)-conn-vfs_opaque.ops.read((fsp)-conn-vfs_opaque.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)-conn-vfs_opaque.ops.pread((fsp)-conn-vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -283,7 +283,7 @@ #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)-vfs_next.ops.closedir((handle)-vfs_next.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)-vfs_next.ops.open((handle)-vfs_next.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)-vfs_next.ops.open)((handle)-vfs_next.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)-vfs_next.ops.close_fn((handle)-vfs_next.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)-vfs_next.ops.read((handle)-vfs_next.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)-vfs_next.ops.pread((handle)-vfs_next.handles.pread, (fsp), (fd), (data), (n), (off))) Modified: branches/SAMBA_3_2_0/source/libsmb/libsmb_compat.c === --- branches/SAMBA_3_2_0/source/libsmb/libsmb_compat.c 2007-09-05 12:53:04 UTC (rev 24967) +++ branches/SAMBA_3_2_0/source/libsmb/libsmb_compat.c 2007-09-05 12:53:38 UTC (rev 24968) @@ -156,7 +156,7 @@ SMBCFILE * file; int fd; - file = statcont-open(statcont, furl, flags, mode); + file = (statcont-open)(statcont, furl, flags, mode); if (!file) return -1; Modified: branches/SAMBA_3_2_0/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_2_0/source/libsmb/libsmbclient.c 2007-09-05 12:53:04 UTC (rev 24967) +++ branches/SAMBA_3_2_0/source/libsmb/libsmbclient.c 2007-09-05 12:53:38 UTC (rev 24968) @@ -5981,7 +5981,7 @@ /* What if the path is empty, or the file exists? */ -return context-open(context, fname, O_WRONLY, 666); +return (context-open)(context, fname, O_WRONLY, 666); } @@ -6022,7 +6022,7 @@ /* Try to open the file for reading ... */ -if ((long)(fid1 = c_file-open(c_file, fname, O_RDONLY, 0666)) 0) { +if ((long)(fid1 = (c_file-open)(c_file, fname, O_RDONLY, 0666)) 0) { DEBUG(3, (Error, fname=%s, errno=%i\n, fname, errno)); return -1; /* smbc_open sets errno */
svn commit: samba r24969 - in branches/SAMBA_3_2/source: include libsmb
Author: idra Date: 2007-09-05 12:53:56 + (Wed, 05 Sep 2007) New Revision: 24969 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24969 Log: Fwd port open patch Modified: branches/SAMBA_3_2/source/include/vfs_macros.h branches/SAMBA_3_2/source/libsmb/libsmb_compat.c branches/SAMBA_3_2/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_2/source/include/vfs_macros.h === --- branches/SAMBA_3_2/source/include/vfs_macros.h 2007-09-05 12:53:38 UTC (rev 24968) +++ branches/SAMBA_3_2/source/include/vfs_macros.h 2007-09-05 12:53:56 UTC (rev 24969) @@ -46,7 +46,7 @@ #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)-vfs.ops.closedir((conn)-vfs.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)-vfs.ops.open((conn)-vfs.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)-vfs.ops.open)((conn)-vfs.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_CLOSE(fsp, fd) ((fsp)-conn-vfs.ops.close_fn((fsp)-conn-vfs.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_READ(fsp, fd, data, n) ((fsp)-conn-vfs.ops.read((fsp)-conn-vfs.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)-conn-vfs.ops.pread((fsp)-conn-vfs.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -164,7 +164,7 @@ #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)-vfs_opaque.ops.closedir((conn)-vfs_opaque.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)-vfs_opaque.ops.open((conn)-vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)-vfs_opaque.ops.open)((conn)-vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)-conn-vfs_opaque.ops.close_fn((fsp)-conn-vfs_opaque.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)-conn-vfs_opaque.ops.read((fsp)-conn-vfs_opaque.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)-conn-vfs_opaque.ops.pread((fsp)-conn-vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off))) @@ -283,7 +283,7 @@ #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)-vfs_next.ops.closedir((handle)-vfs_next.handles.closedir, dir)) /* File operations */ -#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)-vfs_next.ops.open((handle)-vfs_next.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)-vfs_next.ops.open)((handle)-vfs_next.handles.open, (fname), (fsp), (flags), (mode))) #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)-vfs_next.ops.close_fn((handle)-vfs_next.handles.close_hnd, (fsp), (fd))) #define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)-vfs_next.ops.read((handle)-vfs_next.handles.read, (fsp), (fd), (data), (n))) #define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)-vfs_next.ops.pread((handle)-vfs_next.handles.pread, (fsp), (fd), (data), (n), (off))) Modified: branches/SAMBA_3_2/source/libsmb/libsmb_compat.c === --- branches/SAMBA_3_2/source/libsmb/libsmb_compat.c2007-09-05 12:53:38 UTC (rev 24968) +++ branches/SAMBA_3_2/source/libsmb/libsmb_compat.c2007-09-05 12:53:56 UTC (rev 24969) @@ -156,7 +156,7 @@ SMBCFILE * file; int fd; - file = statcont-open(statcont, furl, flags, mode); + file = (statcont-open)(statcont, furl, flags, mode); if (!file) return -1; Modified: branches/SAMBA_3_2/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_2/source/libsmb/libsmbclient.c 2007-09-05 12:53:38 UTC (rev 24968) +++ branches/SAMBA_3_2/source/libsmb/libsmbclient.c 2007-09-05 12:53:56 UTC (rev 24969) @@ -5971,7 +5971,7 @@ /* What if the path is empty, or the file exists? */ -return context-open(context, fname, O_WRONLY, 666); +return (context-open)(context, fname, O_WRONLY, 666); } @@ -6012,7 +6012,7 @@ /* Try to open the file for reading ... */ -if ((long)(fid1 = c_file-open(c_file, fname, O_RDONLY, 0666)) 0) { +if ((long)(fid1 = (c_file-open)(c_file, fname, O_RDONLY, 0666)) 0) { DEBUG(3, (Error, fname=%s, errno=%i\n, fname, errno)); return -1; /* smbc_open sets errno */
svn commit: samba r24938 - in branches/SAMBA_3_0_25/packaging/Debian/debian-sarge: . patches
Author: idra Date: 2007-09-03 16:09:30 + (Mon, 03 Sep 2007) New Revision: 24938 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24938 Log: Patches to build 3.0.25c Added: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch.unused branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/py_smb.patch Removed: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch Changeset: Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog 2007-09-03 13:13:25 UTC (rev 24937) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog 2007-09-03 16:09:30 UTC (rev 24938) @@ -1,3 +1,15 @@ +samba (3.0.25c-1) stable; urgency=low + + * samba 3.0.25c bugfix release + + -- Simo Sorce [EMAIL PROTECTED] Mon, 3 Sep 2007 11:18:30 -0400 + +samba (3.0.25b-1) stable; urgency=low + + * samba 3.0.25b bugfix release + + -- Simo Sorce [EMAIL PROTECTED] Mon, 2 Jul 2007 12:16:30 -0400 + samba (3.0.25a-2) stable; urgency=low * Fix bug in fhs.patch Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch 2007-09-03 13:13:25 UTC (rev 24937) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch 2007-09-03 16:09:30 UTC (rev 24938) @@ -13,15 +13,15 @@ .PP @@ -87,12 +94,12 @@ .TP 3n - #8226; + \(bu -/usr/local/samba/sbin/swat +/usr/sbin/swat .TP 3n - #8226; + \(bu -/usr/local/samba/swat/images/* +/usr/share/samba/swat/images/* .TP 3n - #8226; + \(bu -/usr/local/samba/swat/help/* +/usr/share/samba/swat/help/* .SS Inetd Installation @@ -43,8 +43,8 @@ -you should add a line like this: +you should add a line like this (not needed for Debian since the maintainer scripts do it automatically. You need to uncomment the line, though, because it is added commented out for security reasons): .PP --\fBswat stream tcp nowait.400 root /usr/local/samba/sbin/swat swat\fR -+\fBswat stream tcp nowait.400 root /usr/sbin/swat swat\fR +-swat stream tcp nowait.400 root /usr/local/samba/sbin/swat swat ++swat stream tcp nowait.400 root /usr/sbin/swat swat .PP Once you have edited \fI/etc/services\fR Deleted: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch 2007-09-03 13:13:25 UTC (rev 24937) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch 2007-09-03 16:09:30 UTC (rev 24938) @@ -1,20 +0,0 @@ -diff -uNr samba-2.999+3.0.alpha21.orig/source/nmbd/nmbd_subnetdb.c samba-2.999+3.0.alpha21/source/nmbd/nmbd_subnetdb.c samba-2.999+3.0.alpha21.orig/source/nmbd/nmbd_subnetdb.c 2002-11-26 20:54:19.0 -0600 -+++ samba-2.999+3.0.alpha21/source/nmbd/nmbd_subnetdb.c2002-12-16 23:34:13.0 -0600 -@@ -214,12 +214,16 @@ - extern struct in_addr loopback_ip; - - if(num_interfaces == 0) { -+ void (*old_handler)(int); -+ - DEBUG(0,(create_subnets: No local interfaces !\n)); - DEBUG(0,(create_subnets: Waiting for an interface to appear ...\n)); -+ old_handler = CatchSignal( SIGTERM, SIGNAL_CAST SIG_DFL ); - while (iface_count() == 0) { - sleep(5); - load_interfaces(); - } -+ CatchSignal( SIGTERM, SIGNAL_CAST old_handler ); - } - - num_interfaces = iface_count(); Copied: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch.unused (from rev 24937, branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/nmbd-signalling.patch) Added: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/py_smb.patch === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/py_smb.patch 2007-09-03 13:13:25 UTC (rev 24937) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/py_smb.patch 2007-09-03 16:09:30 UTC (rev 24938) @@ -0,0 +1,11 @@ +--- samba-3.0.25c.orig/source/python/py_smb.c 2007-09-03 15:34:13.0 + samba-3.0.25c/source/python/py_smb.c 2007-09-03 15:34:31.0 + +@@ -48,7 +48,7 @@ + + ZERO_STRUCT(ip); + +- if (!cli_connect(cli, server, ip)) ++ if (!NT_STATUS_IS_OK(cli_connect(cli, server, ip
svn commit: samba r24650 - in branches/SAMBA_4_0/source/setup: .
Author: idra Date: 2007-08-24 13:21:43 + (Fri, 24 Aug 2007) New Revision: 24650 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24650 Log: Some more instructions to have make GSS-TSIG work Modified: branches/SAMBA_4_0/source/setup/named.conf Changeset: Modified: branches/SAMBA_4_0/source/setup/named.conf === --- branches/SAMBA_4_0/source/setup/named.conf 2007-08-24 11:25:38 UTC (rev 24649) +++ branches/SAMBA_4_0/source/setup/named.conf 2007-08-24 13:21:43 UTC (rev 24650) @@ -1,10 +1,22 @@ # -# Insert this snippit into your named.conf or bind.conf to configure +# Insert these snippets into your named.conf or bind.conf to configure # the BIND nameserver. # +#insert this into options {} +tkey-gssapi-credential DNS/${DNSDOMAIN} +tkey-domain ${REALM}; + +#the zone file zone ${DNSDOMAIN}. IN { type master; file ${DNSDOMAIN}.zone; }; +# Also, you need to change your init scripts to set this environment variable +# for named: KRB_KTNAME so that it points to the keytab generated. +# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following +# line to the /etc/sysconfig/named file +# export KRB_KTNAME=/etc/named.keytab + +# *TODO*: generate and install a keytab file in /etc/named.keytab
svn commit: samba r24651 - in branches/SAMBA_4_0/source/setup: .
Author: idra Date: 2007-08-24 13:31:05 + (Fri, 24 Aug 2007) New Revision: 24651 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24651 Log: Allow dynamic updates for the domain controller over its own name Modified: branches/SAMBA_4_0/source/setup/named.conf Changeset: Modified: branches/SAMBA_4_0/source/setup/named.conf === --- branches/SAMBA_4_0/source/setup/named.conf 2007-08-24 13:21:43 UTC (rev 24650) +++ branches/SAMBA_4_0/source/setup/named.conf 2007-08-24 13:31:05 UTC (rev 24651) @@ -11,6 +11,11 @@ zone ${DNSDOMAIN}. IN { type master; file ${DNSDOMAIN}.zone; + update-policy { + /* use ANY only for Domain controllers for now */ + /* for normal machines A PTR is probbaly all is needed */ + grant [EMAIL PROTECTED] name ${HOSTNAME}.${DNSDOMAIN} ANY; + }; }; # Also, you need to change your init scripts to set this environment variable
svn commit: samba-docs r1166 - in trunk/smbdotconf/security: .
Author: idra Date: 2007-08-23 20:43:59 + (Thu, 23 Aug 2007) New Revision: 1166 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1166 Log: Explain better what happens when you set to 0 these bits. Modified: trunk/smbdotconf/security/directorysecuritymask.xml trunk/smbdotconf/security/securitymask.xml Changeset: Modified: trunk/smbdotconf/security/directorysecuritymask.xml === --- trunk/smbdotconf/security/directorysecuritymask.xml 2007-08-23 19:50:44 UTC (rev 1165) +++ trunk/smbdotconf/security/directorysecuritymask.xml 2007-08-23 20:43:59 UTC (rev 1166) @@ -3,18 +3,23 @@ type=string xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; description -paraThis parameter controls what UNIX permission bits -can be set when a Windows NT client is manipulating the UNIX -permission on a directory using the native NT security dialog +paraThis parameter controls what UNIX permission bits +will be set when a Windows NT client is manipulating the UNIX +permission on a directory using the native NT security dialog box./para para - This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus preventing any bits not - in this mask from being set. Make sure not to mix up this parameter with smbconfoption name=force + This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting +any bits not in this mask. Make sure not to mix up this parameter with smbconfoption name=force directory security mode/, which works similar like this one but uses logical OR instead of AND. Essentially, zero bits in this mask are a set of bits that will always be set to zero. /para +para + Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the + file permissions regardless of the previous status of this bits on the file. +/para + paraIf not set explicitly this parameter is set to 0777 meaning a user is allowed to set all the user/group/world permissions on a directory./para Modified: trunk/smbdotconf/security/securitymask.xml === --- trunk/smbdotconf/security/securitymask.xml 2007-08-23 19:50:44 UTC (rev 1165) +++ trunk/smbdotconf/security/securitymask.xml 2007-08-23 20:43:59 UTC (rev 1166) @@ -4,19 +4,20 @@ xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; description para - This parameter controls what UNIX permission bits can be set when a Windows NT client is manipulating the + This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box. /para para - This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus preventing any bits not - in this mask from being set. Make sure not to mix up this parameter with smbconfoption name=force + This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting + any bits not in this mask. Make sure not to mix up this parameter with smbconfoption name=force security mode/, which works in a manner similar to this one but uses a logical OR instead of an AND. /para - para - Essentially, zero bits in this mask are a set of bits that will always be set to zero. - /para +para + Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the + file permissions regardless of the previous status of this bits on the file. +/para para If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file.
svn commit: samba r24603 - in branches: SAMBA_3_2/source/smbd SAMBA_3_2_0/source/smbd
Author: idra Date: 2007-08-21 18:45:45 + (Tue, 21 Aug 2007) New Revision: 24603 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24603 Log: In case of error we need to free prefix_cache otherwise on re-init the first statement will return positively but prefix_cache_hashes would be NULL Modified: branches/SAMBA_3_2/source/smbd/mangle_hash2.c branches/SAMBA_3_2_0/source/smbd/mangle_hash2.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/mangle_hash2.c === --- branches/SAMBA_3_2/source/smbd/mangle_hash2.c 2007-08-21 14:47:15 UTC (rev 24602) +++ branches/SAMBA_3_2/source/smbd/mangle_hash2.c 2007-08-21 18:45:45 UTC (rev 24603) @@ -163,6 +163,7 @@ prefix_cache_hashes = SMB_CALLOC_ARRAY(unsigned int, MANGLE_CACHE_SIZE); if (!prefix_cache_hashes) { + SAFE_FREE(prefix_cache); return False; } Modified: branches/SAMBA_3_2_0/source/smbd/mangle_hash2.c === --- branches/SAMBA_3_2_0/source/smbd/mangle_hash2.c 2007-08-21 14:47:15 UTC (rev 24602) +++ branches/SAMBA_3_2_0/source/smbd/mangle_hash2.c 2007-08-21 18:45:45 UTC (rev 24603) @@ -163,6 +163,7 @@ prefix_cache_hashes = SMB_CALLOC_ARRAY(unsigned int, MANGLE_CACHE_SIZE); if (!prefix_cache_hashes) { + SAFE_FREE(prefix_cache); return False; }
svn commit: samba-docs r1134 - in trunk/Samba3-HOWTO: .
Author: idra Date: 2007-07-10 21:54:55 + (Tue, 10 Jul 2007) New Revision: 1134 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1134 Log: We don't use svnweb since long, correct the howto and point users to viewcvs Modified: trunk/Samba3-HOWTO/TOSHARG-Compiling.xml Changeset: Modified: trunk/Samba3-HOWTO/TOSHARG-Compiling.xml === --- trunk/Samba3-HOWTO/TOSHARG-Compiling.xml2007-07-03 12:32:50 UTC (rev 1133) +++ trunk/Samba3-HOWTO/TOSHARG-Compiling.xml2007-07-10 21:54:55 UTC (rev 1134) @@ -53,7 +53,7 @@ /para sect3 -titleAccess via SVNweb/title +titleAccess via ViewCVS/title para @@ -66,7 +66,7 @@ para Use the URL -ulink noescape=1 url=http://svnweb.samba.org/;http://svnweb.samba.org//ulink. +ulink noescape=1 url=http://viewcvs.samba.org/;http://viewcvs.samba.org//ulink. /para /sect3
svn commit: samba r23782 - in branches: SAMBA_3_2/source/utils SAMBA_3_2_0/source/utils
Author: idra Date: 2007-07-09 22:15:22 + (Mon, 09 Jul 2007) New Revision: 23782 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23782 Log: I tested this against NT4 PDC, W2K Server, W2K3 Dc, and a Win XP std alone client and they all work with this code. Modified: branches/SAMBA_3_2/source/utils/smbcacls.c branches/SAMBA_3_2_0/source/utils/smbcacls.c Changeset: Modified: branches/SAMBA_3_2/source/utils/smbcacls.c === --- branches/SAMBA_3_2/source/utils/smbcacls.c 2007-07-09 21:48:33 UTC (rev 23781) +++ branches/SAMBA_3_2/source/utils/smbcacls.c 2007-07-09 22:15:22 UTC (rev 23782) @@ -730,7 +730,7 @@ sort_acl(old-dacl); /* Create new security descriptor and set it */ -#if 0 + /* We used to just have WRITE_DAC_ACCESS without WRITE_OWNER. But if we're sending an owner, even if it's the same as the one that already exists then W2K3 insists we open with WRITE_OWNER access. @@ -742,12 +742,7 @@ NULL, old-dacl, sd_size); fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS); -#else - sd = make_sec_desc(ctx,old-revision, old-type, NULL, NULL, - NULL, old-dacl, sd_size); - fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS); -#endif if (fnum == -1) { printf(cacl_set failed to open %s: %s\n, filename, cli_errstr(cli)); return EXIT_FAILED; Modified: branches/SAMBA_3_2_0/source/utils/smbcacls.c === --- branches/SAMBA_3_2_0/source/utils/smbcacls.c2007-07-09 21:48:33 UTC (rev 23781) +++ branches/SAMBA_3_2_0/source/utils/smbcacls.c2007-07-09 22:15:22 UTC (rev 23782) @@ -730,7 +730,7 @@ sort_acl(old-dacl); /* Create new security descriptor and set it */ -#if 0 + /* We used to just have WRITE_DAC_ACCESS without WRITE_OWNER. But if we're sending an owner, even if it's the same as the one that already exists then W2K3 insists we open with WRITE_OWNER access. @@ -742,12 +742,7 @@ NULL, old-dacl, sd_size); fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS); -#else - sd = make_sec_desc(ctx,old-revision, old-type, NULL, NULL, - NULL, old-dacl, sd_size); - fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS); -#endif if (fnum == -1) { printf(cacl_set failed to open %s: %s\n, filename, cli_errstr(cli)); return EXIT_FAILED;
svn commit: samba r23723 - in branches: SAMBA_3_0/source/libsmb SAMBA_3_0_26/source/libsmb
Author: idra Date: 2007-07-05 13:46:47 + (Thu, 05 Jul 2007) New Revision: 23723 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23723 Log: Alexander Larsson pointed me at a missing mapping in clierror.c When renaming a file across 2 filesystem a samba server returns NT_STATUS_NOT_SAME_DEVICE but thius is not translated to EXDEV, and the generic EINVAL is returned instead. This should fix it, Jeremy or Derrel please check if this is ok. Modified: branches/SAMBA_3_0/source/libsmb/clierror.c branches/SAMBA_3_0_26/source/libsmb/clierror.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clierror.c === --- branches/SAMBA_3_0/source/libsmb/clierror.c 2007-07-05 10:32:51 UTC (rev 23722) +++ branches/SAMBA_3_0/source/libsmb/clierror.c 2007-07-05 13:46:47 UTC (rev 23723) @@ -336,7 +336,9 @@ #ifdef ECOMM {NT_STATUS_NET_WRITE_FAULT, ECOMM}, #endif - +#ifdef EXDEV + {NT_STATUS_NOT_SAME_DEVICE, EXDEV}, +#endif {NT_STATUS(0), 0} }; Modified: branches/SAMBA_3_0_26/source/libsmb/clierror.c === --- branches/SAMBA_3_0_26/source/libsmb/clierror.c 2007-07-05 10:32:51 UTC (rev 23722) +++ branches/SAMBA_3_0_26/source/libsmb/clierror.c 2007-07-05 13:46:47 UTC (rev 23723) @@ -331,7 +331,9 @@ #ifdef ECOMM {NT_STATUS_NET_WRITE_FAULT, ECOMM}, #endif - +#ifdef EXDEV + {NT_STATUS_NOT_SAME_DEVICE, EXDEV}, +#endif {NT_STATUS(0), 0} };
svn commit: samba r23682 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_26/source/smbd
Author: idra Date: 2007-07-03 13:07:56 + (Tue, 03 Jul 2007) New Revision: 23682 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23682 Log: Old patch I forgot in one of my 3.0.25 trees. Make sure we honour the directive not to allow machine password changes. Modified: branches/SAMBA_3_0/source/smbd/chgpasswd.c branches/SAMBA_3_0_26/source/smbd/chgpasswd.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/chgpasswd.c === --- branches/SAMBA_3_0/source/smbd/chgpasswd.c 2007-07-03 08:22:24 UTC (rev 23681) +++ branches/SAMBA_3_0/source/smbd/chgpasswd.c 2007-07-03 13:07:56 UTC (rev 23682) @@ -1019,6 +1019,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, BOOL as_root, uint32 *samr_reject_reason) { uint32 min_len; + uint32 refuse; struct passwd *pass = NULL; const char *username = pdb_get_username(hnd); time_t can_change_time = pdb_get_pass_can_change_time(hnd); @@ -1036,6 +1037,21 @@ return NT_STATUS_ACCOUNT_RESTRICTION; } + /* check to see if it is a Machine account and if the policy +* denies machines to change the password. * +* Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */ + if (pdb_get_acct_ctrl(hnd) ACB_WSTRUST) { + if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, refuse) refuse) { + DEBUG(1, (Machine %s cannot change password now, + denied by Refuse Machine Password Change policy\n, + username)); + if (samr_reject_reason) { + *samr_reject_reason = REJECT_REASON_OTHER; + } + return NT_STATUS_ACCOUNT_RESTRICTION; + } + } + /* removed calculation here, becuase passdb now calculates based on policy. jmcd */ if ((can_change_time != 0) (time(NULL) can_change_time)) { Modified: branches/SAMBA_3_0_26/source/smbd/chgpasswd.c === --- branches/SAMBA_3_0_26/source/smbd/chgpasswd.c 2007-07-03 08:22:24 UTC (rev 23681) +++ branches/SAMBA_3_0_26/source/smbd/chgpasswd.c 2007-07-03 13:07:56 UTC (rev 23682) @@ -1019,6 +1019,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, BOOL as_root, uint32 *samr_reject_reason) { uint32 min_len; + uint32 refuse; struct passwd *pass = NULL; const char *username = pdb_get_username(hnd); time_t can_change_time = pdb_get_pass_can_change_time(hnd); @@ -1036,6 +1037,21 @@ return NT_STATUS_ACCOUNT_RESTRICTION; } + /* check to see if it is a Machine account and if the policy +* denies machines to change the password. * +* Should we deny also SRVTRUST and/or DOMSTRUST ? .SSS. */ + if (pdb_get_acct_ctrl(hnd) ACB_WSTRUST) { + if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, refuse) refuse) { + DEBUG(1, (Machine %s cannot change password now, + denied by Refuse Machine Password Change policy\n, + username)); + if (samr_reject_reason) { + *samr_reject_reason = REJECT_REASON_OTHER; + } + return NT_STATUS_ACCOUNT_RESTRICTION; + } + } + /* removed calculation here, becuase passdb now calculates based on policy. jmcd */ if ((can_change_time != 0) (time(NULL) can_change_time)) {
svn commit: samba r23683 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_26/source/smbd
Author: idra Date: 2007-07-03 13:11:56 + (Tue, 03 Jul 2007) New Revision: 23683 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23683 Log: Check ports are in the correct range (1-65535) Modified: branches/SAMBA_3_0/source/smbd/sockinit.c branches/SAMBA_3_0_26/source/smbd/server.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/sockinit.c === --- branches/SAMBA_3_0/source/smbd/sockinit.c 2007-07-03 13:07:56 UTC (rev 23682) +++ branches/SAMBA_3_0/source/smbd/sockinit.c 2007-07-03 13:11:56 UTC (rev 23683) @@ -63,7 +63,7 @@ for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) { + if (port == 0 || port 0x) { continue; } s = listenset[num_sockets] = open_socket_in(SOCK_STREAM, port, 0, ifip-s_addr, True); @@ -101,7 +101,7 @@ for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) continue; + if (port == 0 || port 0x) continue; /* open an incoming socket */ s = open_socket_in(SOCK_STREAM, port, 0, interpret_addr(lp_socket_address()),True); Modified: branches/SAMBA_3_0_26/source/smbd/server.c === --- branches/SAMBA_3_0_26/source/smbd/server.c 2007-07-03 13:07:56 UTC (rev 23682) +++ branches/SAMBA_3_0_26/source/smbd/server.c 2007-07-03 13:11:56 UTC (rev 23683) @@ -381,7 +381,7 @@ for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) { + if (port == 0 || port 0x) { continue; } s = fd_listenset[num_sockets] = open_socket_in(SOCK_STREAM, port, 0, ifip-s_addr, True); @@ -421,7 +421,7 @@ for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); - if (port == 0) continue; + if (port == 0 || port 0x) continue; /* open an incoming socket */ s = open_socket_in(SOCK_STREAM, port, 0, interpret_addr(lp_socket_address()),True);
svn commit: samba r23691 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_26/source/modules
Author: idra Date: 2007-07-03 23:34:01 + (Tue, 03 Jul 2007) New Revision: 23691 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23691 Log: fix for bug on touching files as described here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243897 Modified: branches/SAMBA_3_0/source/modules/vfs_recycle.c branches/SAMBA_3_0_26/source/modules/vfs_recycle.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_recycle.c === --- branches/SAMBA_3_0/source/modules/vfs_recycle.c 2007-07-03 20:00:02 UTC (rev 23690) +++ branches/SAMBA_3_0/source/modules/vfs_recycle.c 2007-07-03 23:34:01 UTC (rev 23691) @@ -386,20 +386,28 @@ /** * Touch access or modify date **/ -static void recycle_do_touch(vfs_handle_struct *handle, const char *fname, BOOL touch_mtime) +static void recycle_do_touch(vfs_handle_struct *handle, const char *fname, +BOOL touch_mtime) { SMB_STRUCT_STAT st; struct timespec ts[2]; - + int status, err; + if (SMB_VFS_NEXT_STAT(handle, fname, st) != 0) { - DEBUG(0,(recycle: stat for %s returned %s\n, fname, strerror(errno))); + DEBUG(0,(recycle: stat for %s returned %s\n, +fname, strerror(errno))); return; } ts[0] = timespec_current(); /* atime */ ts[1] = touch_mtime ? ts[0] : get_mtimespec(st); /* mtime */ - if (SMB_VFS_NEXT_NTIMES(handle, fname, ts) == -1 ) { - DEBUG(0, (recycle: touching %s failed, reason = %s\n, fname, strerror(errno))); + become_root(); + status = SMB_VFS_NEXT_NTIMES(handle, fname, ts); + err = errno; + unbecome_root(); + if (status == -1 ) { + DEBUG(0, (recycle: touching %s failed, reason = %s\n, + fname, strerror(err))); } } Modified: branches/SAMBA_3_0_26/source/modules/vfs_recycle.c === --- branches/SAMBA_3_0_26/source/modules/vfs_recycle.c 2007-07-03 20:00:02 UTC (rev 23690) +++ branches/SAMBA_3_0_26/source/modules/vfs_recycle.c 2007-07-03 23:34:01 UTC (rev 23691) @@ -386,20 +386,28 @@ /** * Touch access or modify date **/ -static void recycle_do_touch(vfs_handle_struct *handle, const char *fname, BOOL touch_mtime) +static void recycle_do_touch(vfs_handle_struct *handle, const char *fname, +BOOL touch_mtime) { SMB_STRUCT_STAT st; struct timespec ts[2]; - + int status, err; + if (SMB_VFS_NEXT_STAT(handle, fname, st) != 0) { - DEBUG(0,(recycle: stat for %s returned %s\n, fname, strerror(errno))); + DEBUG(0,(recycle: stat for %s returned %s\n, +fname, strerror(errno))); return; } ts[0] = timespec_current(); /* atime */ ts[1] = touch_mtime ? ts[0] : get_mtimespec(st); /* mtime */ - if (SMB_VFS_NEXT_NTIMES(handle, fname, ts) == -1 ) { - DEBUG(0, (recycle: touching %s failed, reason = %s\n, fname, strerror(errno))); + become_root(); + status = SMB_VFS_NEXT_NTIMES(handle, fname, ts); + err = errno; + unbecome_root(); + if (status == -1 ) { + DEBUG(0, (recycle: touching %s failed, reason = %s\n, + fname, strerror(err))); } }
svn commit: samba-docs r1130 - in trunk/manpages-3: .
Author: idra Date: 2007-06-26 19:29:31 + (Tue, 26 Jun 2007) New Revision: 1130 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1130 Log: Make the manpage reflect the command behavior Modified: trunk/manpages-3/net.8.xml Changeset: Modified: trunk/manpages-3/net.8.xml === --- trunk/manpages-3/net.8.xml 2007-06-26 17:50:20 UTC (rev 1129) +++ trunk/manpages-3/net.8.xml 2007-06-26 19:29:31 UTC (rev 1130) @@ -1166,10 +1166,11 @@ /refsect2 refsect2 -titleIDMAP DUMP lt;output filegt;/title +titleIDMAP DUMP lt;local tdb file namegt;/title para -Dumps the mappings in the specified output file. +Dumps the mappings contained in the local tdb file specified. +This command is useful to dump only the mappings produced by the idmap_tdb backend. /para /refsect2
svn commit: samba r23571 - in branches: SAMBA_3_0/source/client SAMBA_3_0_25/source/client SAMBA_3_0_26/source/client
Author: idra Date: 2007-06-21 17:05:59 + (Thu, 21 Jun 2007) New Revision: 23571 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23571 Log: Fix, parsing of multi byte share names. Thanks to SATOH Fumiyasu Fixes 4720 Jerry, this is a showstopper for 3.0.25b, please grab it into SAMBA_3_0_RELEASE before cuting the tarballs. Simo. Modified: branches/SAMBA_3_0/source/client/client.c branches/SAMBA_3_0_25/source/client/client.c branches/SAMBA_3_0_26/source/client/client.c Changeset: Modified: branches/SAMBA_3_0/source/client/client.c === --- branches/SAMBA_3_0/source/client/client.c 2007-06-21 15:41:19 UTC (rev 23570) +++ branches/SAMBA_3_0/source/client/client.c 2007-06-21 17:05:59 UTC (rev 23571) @@ -3970,14 +3970,6 @@ /* if the service has not yet been specified lets see if it is available in the popt stack */ if (!service_opt poptPeekArg(pc)) { pstrcpy(service, poptGetArg(pc)); - /* Convert any '/' characters in the service name to '\' characters */ - string_replace(service, '/','\\'); - - if (count_chars(service,'\\') 3) { - d_printf(\n%s: Not enough '\\' characters in service\n,service); - poptPrintUsage(pc, stderr, 0); - exit(1); - } service_opt = True; } @@ -4065,14 +4057,6 @@ /* if the service has not yet been specified lets see if it is available in the popt stack */ if (!service_opt poptPeekArg(pc)) { pstrcpy(service, poptGetArg(pc)); - /* Convert any '/' characters in the service name to '\' characters */ - string_replace(service, '/','\\'); - - if (count_chars(service,'\\') 3) { - d_printf(\n%s: Not enough '\\' characters in service\n,service); - poptPrintUsage(pc, stderr, 0); - exit(1); - } service_opt = True; } @@ -4111,6 +4095,16 @@ } load_interfaces(); + + if (service_opt) { + /* Convert any '/' characters in the service name to '\' characters */ + string_replace(service, '/','\\'); + if (count_chars(service,'\\') 3) { + d_printf(\n%s: Not enough '\\' characters in service\n,service); + poptPrintUsage(pc, stderr, 0); + exit(1); + } + } if ( strlen(new_workgroup) != 0 ) set_global_myworkgroup( new_workgroup ); Modified: branches/SAMBA_3_0_25/source/client/client.c === --- branches/SAMBA_3_0_25/source/client/client.c2007-06-21 15:41:19 UTC (rev 23570) +++ branches/SAMBA_3_0_25/source/client/client.c2007-06-21 17:05:59 UTC (rev 23571) @@ -3921,14 +3921,6 @@ /* if the service has not yet been specified lets see if it is available in the popt stack */ if (!service_opt poptPeekArg(pc)) { pstrcpy(service, poptGetArg(pc)); - /* Convert any '/' characters in the service name to '\' characters */ - string_replace(service, '/','\\'); - - if (count_chars(service,'\\') 3) { - d_printf(\n%s: Not enough '\\' characters in service\n,service); - poptPrintUsage(pc, stderr, 0); - exit(1); - } service_opt = True; } @@ -4016,14 +4008,6 @@ /* if the service has not yet been specified lets see if it is available in the popt stack */ if (!service_opt poptPeekArg(pc)) { pstrcpy(service, poptGetArg(pc)); - /* Convert any '/' characters in the service name to '\' characters */ - string_replace(service, '/','\\'); - - if (count_chars(service,'\\') 3) { - d_printf(\n%s: Not enough '\\' characters in service\n,service); - poptPrintUsage(pc, stderr, 0); - exit(1); - } service_opt = True; } @@ -4062,6 +4046,16 @@ } load_interfaces(); + + if (service_opt) { + /* Convert any '/' characters in the service name to '\' characters */ + string_replace(service, '/','\\'); + if (count_chars(service,'\\') 3) { + d_printf(\n%s: Not enough '\\' characters in service\n,service); + poptPrintUsage(pc, stderr, 0
svn commit: samba r23524 - in branches: SAMBA_3_0/source/client SAMBA_3_0_25/source/client SAMBA_3_0_26/source/client
Author: idra Date: 2007-06-16 18:54:13 + (Sat, 16 Jun 2007) New Revision: 23524 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23524 Log: Fix bug 2319. Got report this is all ok form a tester. Close a loong standing bug preventing people to freely use any character in their password when printing via cups were involved. Modified: branches/SAMBA_3_0/source/client/smbspool.c branches/SAMBA_3_0_25/source/client/smbspool.c branches/SAMBA_3_0_26/source/client/smbspool.c Changeset: Modified: branches/SAMBA_3_0/source/client/smbspool.c === --- branches/SAMBA_3_0/source/client/smbspool.c 2007-06-16 18:19:42 UTC (rev 23523) +++ branches/SAMBA_3_0/source/client/smbspool.c 2007-06-16 18:54:13 UTC (rev 23524) @@ -47,6 +47,7 @@ static struct cli_state *smb_complete_connection(const char *, const char *,int , const char *, const char *, const char *, const char *, int); static struct cli_state*smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *); static int smb_print(struct cli_state *, char *, FILE *); +static char * uri_unescape_alloc(const char *); /* @@ -62,8 +63,9 @@ int port; /* Port number */ char uri[1024], /* URI */ *sep, /* Pointer to separator */ + *tmp, *tmp2,/* Temp pointers to do escaping */ *password; /* Password */ - const char *username, /* Username */ + char *username, /* Username */ *server,/* Server name */ *printer; /* Printer name */ const char *workgroup; /* Workgroup */ @@ -152,19 +154,24 @@ if ((sep = strrchr_m(uri, '@')) != NULL) { -username = uri + 6; +tmp = uri + 6; *sep++ = '\0'; +/* username is in tmp */ + server = sep; /* * Extract password as needed... */ -if ((password = strchr_m(username, ':')) != NULL) - *password++ = '\0'; -else +if ((tmp2 = strchr_m(tmp, ':')) != NULL) { + *tmp2++ = '\0'; + password = uri_unescape_alloc(tmp2); +} else { password = null_str; +} +username = uri_unescape_alloc(tmp); } else { @@ -173,16 +180,18 @@ server = uri + 6; } - if ((sep = strchr_m(server, '/')) == NULL) + tmp = server; + + if ((sep = strchr_m(tmp, '/')) == NULL) { fputs(ERROR: Bad URI - need printer name!\n, stderr); return (1); } *sep++ = '\0'; - printer = sep; + tmp2 = sep; - if ((sep = strchr_m(printer, '/')) != NULL) + if ((sep = strchr_m(tmp2, '/')) != NULL) { /* * Convert to smb://[username:[EMAIL PROTECTED]/server/printer... @@ -190,12 +199,15 @@ *sep++ = '\0'; -workgroup = server; -server= printer; -printer = sep; +workgroup = uri_unescape_alloc(tmp); +server= uri_unescape_alloc(tmp2); +printer = uri_unescape_alloc(sep); } - else + else { workgroup = NULL; +server = uri_unescape_alloc(tmp); +printer = uri_unescape_alloc(tmp2); + } if ((sep = strrchr_m(server, ':')) != NULL) { @@ -203,7 +215,7 @@ port=atoi(sep); } - else + else port=0; @@ -588,3 +600,38 @@ else return (0); } + +static char *uri_unescape_alloc(const char *uritok) +{ + char *t, *ret; + const char *p; + long int val; + char eval[3]; + + ret = (char *)SMB_MALLOC(strlen(uritok)+1); + + if (!ret) return NULL; + + eval[2] = '\0'; + + for (p = uritok, t = ret; *p; p++, t++) { + if (*p == '%') { /* unescape hex */ + p++; + eval[0] = *p; + p++; + eval[1] = *p; + val = strtol(eval, NULL, 16); + if ((val == LONG_MIN || val == LONG_MAX) errno == ERANGE) { + SAFE_FREE(ret); + return NULL; + } + *t = (char)val; + } else { + *t = *p; + } + } + + *t = '\0'; /*terminate*/ + + return ret; +} Modified: branches/SAMBA_3_0_25/source/client/smbspool.c === --- branches/SAMBA_3_0_25/source/client/smbspool.c 2007-06-16 18:19:42 UTC (rev 23523) +++ branches/SAMBA_3_0_25/source/client/smbspool.c 2007-06-16 18:54:13 UTC (rev 23524) @@ -47,6 +47,7 @@ static struct cli_state *smb_complete_connection(const char *, const char *,int , const char *, const char *, const char *, const char *, int); static struct cli_state*smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *); static int smb_print(struct
svn commit: samba r23527 - in branches: SAMBA_3_0/source/client SAMBA_3_0_25/source/client SAMBA_3_0_26/source/client
Author: idra Date: 2007-06-16 22:52:51 + (Sat, 16 Jun 2007) New Revision: 23527 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23527 Log: Use existing escaping function pointed by James Modified: branches/SAMBA_3_0/source/client/smbspool.c branches/SAMBA_3_0_25/source/client/smbspool.c branches/SAMBA_3_0_26/source/client/smbspool.c Changeset: Modified: branches/SAMBA_3_0/source/client/smbspool.c === --- branches/SAMBA_3_0/source/client/smbspool.c 2007-06-16 19:58:17 UTC (rev 23526) +++ branches/SAMBA_3_0/source/client/smbspool.c 2007-06-16 22:52:51 UTC (rev 23527) @@ -603,35 +603,11 @@ static char *uri_unescape_alloc(const char *uritok) { - char *t, *ret; - const char *p; - long int val; - char eval[3]; + char *ret; - ret = (char *)SMB_MALLOC(strlen(uritok)+1); - + ret = (char *)SMB_STRDUP(uritok); if (!ret) return NULL; - eval[2] = '\0'; - - for (p = uritok, t = ret; *p; p++, t++) { - if (*p == '%') { /* unescape hex */ - p++; - eval[0] = *p; - p++; - eval[1] = *p; - val = strtol(eval, NULL, 16); - if ((val == LONG_MIN || val == LONG_MAX) errno == ERANGE) { - SAFE_FREE(ret); - return NULL; - } - *t = (char)val; - } else { - *t = *p; - } - } - - *t = '\0'; /*terminate*/ - + rfc1738_unescape(ret); return ret; } Modified: branches/SAMBA_3_0_25/source/client/smbspool.c === --- branches/SAMBA_3_0_25/source/client/smbspool.c 2007-06-16 19:58:17 UTC (rev 23526) +++ branches/SAMBA_3_0_25/source/client/smbspool.c 2007-06-16 22:52:51 UTC (rev 23527) @@ -603,35 +603,11 @@ static char *uri_unescape_alloc(const char *uritok) { - char *t, *ret; - const char *p; - long int val; - char eval[3]; + char *ret; - ret = (char *)SMB_MALLOC(strlen(uritok)+1); - + ret = (char *)SMB_STRDUP(uritok); if (!ret) return NULL; - eval[2] = '\0'; - - for (p = uritok, t = ret; *p; p++, t++) { - if (*p == '%') { /* unescape hex */ - p++; - eval[0] = *p; - p++; - eval[1] = *p; - val = strtol(eval, NULL, 16); - if ((val == LONG_MIN || val == LONG_MAX) errno == ERANGE) { - SAFE_FREE(ret); - return NULL; - } - *t = (char)val; - } else { - *t = *p; - } - } - - *t = '\0'; /*terminate*/ - + rfc1738_unescape(ret); return ret; } Modified: branches/SAMBA_3_0_26/source/client/smbspool.c === --- branches/SAMBA_3_0_26/source/client/smbspool.c 2007-06-16 19:58:17 UTC (rev 23526) +++ branches/SAMBA_3_0_26/source/client/smbspool.c 2007-06-16 22:52:51 UTC (rev 23527) @@ -603,35 +603,11 @@ static char *uri_unescape_alloc(const char *uritok) { - char *t, *ret; - const char *p; - long int val; - char eval[3]; + char *ret; - ret = (char *)SMB_MALLOC(strlen(uritok)+1); - + ret = (char *)SMB_STRDUP(uritok); if (!ret) return NULL; - eval[2] = '\0'; - - for (p = uritok, t = ret; *p; p++, t++) { - if (*p == '%') { /* unescape hex */ - p++; - eval[0] = *p; - p++; - eval[1] = *p; - val = strtol(eval, NULL, 16); - if ((val == LONG_MIN || val == LONG_MAX) errno == ERANGE) { - SAFE_FREE(ret); - return NULL; - } - *t = (char)val; - } else { - *t = *p; - } - } - - *t = '\0'; /*terminate*/ - + rfc1738_unescape(ret); return ret; }
svn commit: samba r23411 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_25/source/lib SAMBA_3_0_26/source/lib
Author: idra Date: 2007-06-11 00:05:48 + (Mon, 11 Jun 2007) New Revision: 23411 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23411 Log: We were missing displayName and that was preventing us from successfully deleting an entry when account is the STRUCTURAL objectclass used for users and machines. account is used each time the user entry is in /etc/passwd and we have only the samba attributes in ldap, as well as for rfc2307(bis) standard based directories. Modified: branches/SAMBA_3_0/source/lib/smbldap.c branches/SAMBA_3_0_25/source/lib/smbldap.c branches/SAMBA_3_0_26/source/lib/smbldap.c Changeset: Modified: branches/SAMBA_3_0/source/lib/smbldap.c === --- branches/SAMBA_3_0/source/lib/smbldap.c 2007-06-10 17:02:09 UTC (rev 23410) +++ branches/SAMBA_3_0/source/lib/smbldap.c 2007-06-11 00:05:48 UTC (rev 23411) @@ -138,6 +138,7 @@ { LDAP_ATTR_LOGON_TIME, sambaLogonTime}, { LDAP_ATTR_LOGOFF_TIME,sambaLogoffTime }, { LDAP_ATTR_KICKOFF_TIME, sambaKickoffTime }, + { LDAP_ATTR_DISPLAY_NAME, displayName }, { LDAP_ATTR_HOME_DRIVE, sambaHomeDrive}, { LDAP_ATTR_HOME_PATH, sambaHomePath }, { LDAP_ATTR_LOGON_SCRIPT, sambaLogonScript }, Modified: branches/SAMBA_3_0_25/source/lib/smbldap.c === --- branches/SAMBA_3_0_25/source/lib/smbldap.c 2007-06-10 17:02:09 UTC (rev 23410) +++ branches/SAMBA_3_0_25/source/lib/smbldap.c 2007-06-11 00:05:48 UTC (rev 23411) @@ -138,6 +138,7 @@ { LDAP_ATTR_LOGON_TIME, sambaLogonTime}, { LDAP_ATTR_LOGOFF_TIME,sambaLogoffTime }, { LDAP_ATTR_KICKOFF_TIME, sambaKickoffTime }, + { LDAP_ATTR_DISPLAY_NAME, displayName }, { LDAP_ATTR_HOME_DRIVE, sambaHomeDrive}, { LDAP_ATTR_HOME_PATH, sambaHomePath }, { LDAP_ATTR_LOGON_SCRIPT, sambaLogonScript }, Modified: branches/SAMBA_3_0_26/source/lib/smbldap.c === --- branches/SAMBA_3_0_26/source/lib/smbldap.c 2007-06-10 17:02:09 UTC (rev 23410) +++ branches/SAMBA_3_0_26/source/lib/smbldap.c 2007-06-11 00:05:48 UTC (rev 23411) @@ -138,6 +138,7 @@ { LDAP_ATTR_LOGON_TIME, sambaLogonTime}, { LDAP_ATTR_LOGOFF_TIME,sambaLogoffTime }, { LDAP_ATTR_KICKOFF_TIME, sambaKickoffTime }, + { LDAP_ATTR_DISPLAY_NAME, displayName }, { LDAP_ATTR_HOME_DRIVE, sambaHomeDrive}, { LDAP_ATTR_HOME_PATH, sambaHomePath }, { LDAP_ATTR_LOGON_SCRIPT, sambaLogonScript },
svn commit: samba r23404 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: idra Date: 2007-06-09 18:18:24 + (Sat, 09 Jun 2007) New Revision: 23404 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23404 Log: Fix wrong (and missing) action on error condition in ldap reply evaluation loop Fixes one of the segfaults in bug #4667 Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c 2007-06-09 07:17:24 UTC (rev 23403) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c 2007-06-09 18:18:24 UTC (rev 23404) @@ -965,7 +965,7 @@ } if ( ! entry) { DEBUG(2, (ERROR: Unable to fetch ldap entries from results\n)); - continue; + break; } /* first check if the SID is present */ @@ -1180,6 +1180,10 @@ } else { /* following ones */ entry = ldap_next_entry(ctx-smbldap_state-ldap_struct, entry); } + if ( ! entry) { + DEBUG(2, (ERROR: Unable to fetch ldap entries from results\n)); + break; + } /* first check if the SID is present */ sidstr = smbldap_talloc_single_attribute( Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-06-09 07:17:24 UTC (rev 23403) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-06-09 18:18:24 UTC (rev 23404) @@ -962,7 +962,7 @@ } if ( ! entry) { DEBUG(2, (ERROR: Unable to fetch ldap entries from results\n)); - continue; + break; } /* first check if the SID is present */ @@ -1177,6 +1177,10 @@ } else { /* following ones */ entry = ldap_next_entry(ctx-smbldap_state-ldap_struct, entry); } + if ( ! entry) { + DEBUG(2, (ERROR: Unable to fetch ldap entries from results\n)); + break; + } /* first check if the SID is present */ sidstr = smbldap_talloc_single_attribute( Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c 2007-06-09 07:17:24 UTC (rev 23403) +++ branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c 2007-06-09 18:18:24 UTC (rev 23404) @@ -962,7 +962,7 @@ } if ( ! entry) { DEBUG(2, (ERROR: Unable to fetch ldap entries from results\n)); - continue; + break; } /* first check if the SID is present */ @@ -1177,6 +1177,10 @@ } else { /* following ones */ entry = ldap_next_entry(ctx-smbldap_state-ldap_struct, entry); } + if ( ! entry) { + DEBUG(2, (ERROR: Unable to fetch ldap entries from results\n)); + break; + } /* first check if the SID is present */ sidstr = smbldap_talloc_single_attribute(
svn commit: samba r23405 - in branches/SAMBA_3_0_25/source/nsswitch: .
Author: idra Date: 2007-06-09 19:25:54 + (Sat, 09 Jun 2007) New Revision: 23405 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23405 Log: Fix typo (someone forgot to backport this from 3_0_26/3_0) Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-06-09 18:18:24 UTC (rev 23404) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-06-09 19:25:54 UTC (rev 23405) @@ -417,7 +417,7 @@ /* check the set_mapping function exists otherwise mark the module as readonly */ if ( ! dom-methods-set_mapping) { - DEBUG(5, (Forcing to readonly, as ithis module can't store arbitrary mappings.\n)); + DEBUG(5, (Forcing to readonly, as this module can't store arbitrary mappings.\n)); dom-readonly = True; }
svn commit: samba r23406 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: idra Date: 2007-06-09 19:29:35 + (Sat, 09 Jun 2007) New Revision: 23406 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23406 Log: Evn if not strictly currently necessary do check for correct init also in idmap_nss and idmap_passdb for coherency and to prevent errors in future if we change the init functions to actually do something and not just return NT_STATUS_OK Modified: branches/SAMBA_3_0/source/nsswitch/idmap_nss.c branches/SAMBA_3_0/source/nsswitch/idmap_passdb.c branches/SAMBA_3_0_25/source/nsswitch/idmap_nss.c branches/SAMBA_3_0_25/source/nsswitch/idmap_passdb.c branches/SAMBA_3_0_26/source/nsswitch/idmap_nss.c branches/SAMBA_3_0_26/source/nsswitch/idmap_passdb.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_nss.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_nss.c 2007-06-09 19:25:54 UTC (rev 23405) +++ branches/SAMBA_3_0/source/nsswitch/idmap_nss.c 2007-06-09 19:29:35 UTC (rev 23406) @@ -45,6 +45,10 @@ TALLOC_CTX *ctx; int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, (Out of memory!\n)); @@ -131,6 +135,10 @@ TALLOC_CTX *ctx; int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, (Out of memory!\n)); Modified: branches/SAMBA_3_0/source/nsswitch/idmap_passdb.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_passdb.c 2007-06-09 19:25:54 UTC (rev 23405) +++ branches/SAMBA_3_0/source/nsswitch/idmap_passdb.c 2007-06-09 19:29:35 UTC (rev 23406) @@ -43,6 +43,10 @@ { int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + for (i = 0; ids[i]; i++) { /* unmapped by default */ @@ -75,6 +79,10 @@ { int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + for (i = 0; ids[i]; i++) { enum lsa_SidType type; union unid_t id; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_nss.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_nss.c 2007-06-09 19:25:54 UTC (rev 23405) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_nss.c 2007-06-09 19:29:35 UTC (rev 23406) @@ -45,6 +45,10 @@ TALLOC_CTX *ctx; int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, (Out of memory!\n)); @@ -131,6 +135,10 @@ TALLOC_CTX *ctx; int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, (Out of memory!\n)); Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_passdb.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_passdb.c2007-06-09 19:25:54 UTC (rev 23405) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_passdb.c2007-06-09 19:29:35 UTC (rev 23406) @@ -43,6 +43,10 @@ { int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + for (i = 0; ids[i]; i++) { /* unmapped by default */ @@ -75,6 +79,10 @@ { int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + for (i = 0; ids[i]; i++) { enum lsa_SidType type; union unid_t id; Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap_nss.c === --- branches/SAMBA_3_0_26/source/nsswitch/idmap_nss.c 2007-06-09 19:25:54 UTC (rev 23405) +++ branches/SAMBA_3_0_26/source/nsswitch/idmap_nss.c 2007-06-09 19:29:35 UTC (rev 23406) @@ -45,6 +45,10 @@ TALLOC_CTX *ctx; int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, (Out of memory!\n)); @@ -131,6 +135,10 @@ TALLOC_CTX *ctx; int i; + if (! dom-initialized) { + return NT_STATUS_UNSUCCESSFUL; + } + ctx = talloc_new(dom); if ( ! ctx) { DEBUG(0, (Out of memory!\n)); Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap_passdb.c === --- branches/SAMBA_3_0_26/source/nsswitch/idmap_passdb.c2007-06-09 19:25:54 UTC (rev 23405
svn commit: samba r23407 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_25/source/utils SAMBA_3_0_26/source/utils
Author: idra Date: 2007-06-09 22:45:21 + (Sat, 09 Jun 2007) New Revision: 23407 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23407 Log: While verifying a bug I found out that for some reason the code to add a machine was different then the one used to add a user, the old code led to the machine SID not being built out correctly allocationg a new RID out of the passdb but instead by using the old algorithmic method. This may easily end up in creating duplicated SID when the RID counter get close to the values built by the algorithmic method. Simo. Modified: branches/SAMBA_3_0/source/utils/pdbedit.c branches/SAMBA_3_0_25/source/utils/pdbedit.c branches/SAMBA_3_0_26/source/utils/pdbedit.c Changeset: Modified: branches/SAMBA_3_0/source/utils/pdbedit.c === --- branches/SAMBA_3_0/source/utils/pdbedit.c 2007-06-09 19:29:35 UTC (rev 23406) +++ branches/SAMBA_3_0/source/utils/pdbedit.c 2007-06-09 22:45:21 UTC (rev 23407) @@ -624,28 +624,25 @@ fstrcpy(machineaccount, machinename); fstrcat(machineaccount, $); - if ((pwd = getpwnam_alloc(NULL, machineaccount))) { + if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) { + DEBUG(0,(Cannot locate Unix account for %s\n, machineaccount)); + return -1; + } - if ( (sam_pwent = samu_new( NULL )) == NULL ) { - fprintf(stderr, Memory allocation error!\n); - TALLOC_FREE(pwd); - return -1; - } + if ( (sam_pwent = samu_new( NULL )) == NULL ) { + fprintf(stderr, Memory allocation error!\n); + TALLOC_FREE(pwd); + return -1; + } - if ( !NT_STATUS_IS_OK(samu_set_unix(sam_pwent, pwd )) ) { - fprintf(stderr, Could not init sam from pw\n); - TALLOC_FREE(pwd); - return -1; - } - + if ( !NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd )) ) { + fprintf(stderr, Could not init sam from pw\n); TALLOC_FREE(pwd); - } else { - if ( (sam_pwent = samu_new( NULL )) == NULL ) { - fprintf(stderr, Could not init sam from pw\n); - return -1; - } + return -1; } + TALLOC_FREE(pwd); + pdb_set_plaintext_passwd (sam_pwent, machinename); pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED); pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED); Modified: branches/SAMBA_3_0_25/source/utils/pdbedit.c === --- branches/SAMBA_3_0_25/source/utils/pdbedit.c2007-06-09 19:29:35 UTC (rev 23406) +++ branches/SAMBA_3_0_25/source/utils/pdbedit.c2007-06-09 22:45:21 UTC (rev 23407) @@ -624,28 +624,25 @@ fstrcpy(machineaccount, machinename); fstrcat(machineaccount, $); - if ((pwd = getpwnam_alloc(NULL, machineaccount))) { + if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) { + DEBUG(0,(Cannot locate Unix account for %s\n, machineaccount)); + return -1; + } - if ( (sam_pwent = samu_new( NULL )) == NULL ) { - fprintf(stderr, Memory allocation error!\n); - TALLOC_FREE(pwd); - return -1; - } + if ( (sam_pwent = samu_new( NULL )) == NULL ) { + fprintf(stderr, Memory allocation error!\n); + TALLOC_FREE(pwd); + return -1; + } - if ( !NT_STATUS_IS_OK(samu_set_unix(sam_pwent, pwd )) ) { - fprintf(stderr, Could not init sam from pw\n); - TALLOC_FREE(pwd); - return -1; - } - + if ( !NT_STATUS_IS_OK(samu_alloc_rid_unix(sam_pwent, pwd )) ) { + fprintf(stderr, Could not init sam from pw\n); TALLOC_FREE(pwd); - } else { - if ( (sam_pwent = samu_new( NULL )) == NULL ) { - fprintf(stderr, Could not init sam from pw\n); - return -1; - } + return -1; } + TALLOC_FREE(pwd); + pdb_set_plaintext_passwd (sam_pwent, machinename); pdb_set_username (sam_pwent, machineaccount, PDB_CHANGED); pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED); Modified: branches/SAMBA_3_0_26/source/utils/pdbedit.c === --- branches/SAMBA_3_0_26/source/utils/pdbedit.c2007-06-09 19:29:35 UTC (rev 23406) +++ branches/SAMBA_3_0_26/source/utils/pdbedit.c2007-06-09 22:45:21 UTC (rev 23407) @@ -624,28 +624,25
svn commit: samba r23369 - in branches/SAMBA_3_0_25/packaging/Debian/debian-sarge: . patches
Author: idra Date: 2007-06-06 16:13:14 + (Wed, 06 Jun 2007) New Revision: 23369 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23369 Log: Fix an fhs.patch bug that causes winbind to refuse to start if it needs to recreate the winbindd_cache.tdb file Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/fhs.patch Changeset: Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog 2007-06-06 13:02:24 UTC (rev 23368) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog 2007-06-06 16:13:14 UTC (rev 23369) @@ -1,3 +1,9 @@ +samba (3.0.25a-2) stable; urgency=low + + * Fix bug in fhs.patch + + -- Simo Sorce [EMAIL PROTECTED] Wed, 6 Jun 2007 11:33:30 -0400 + samba (3.0.25a-1) stable; urgency=high * samba 3.0.25a Stabilizing release Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/fhs.patch === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/fhs.patch 2007-06-06 13:02:24 UTC (rev 23368) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/fhs.patch 2007-06-06 16:13:14 UTC (rev 23369) @@ -261,6 +261,27 @@ WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, TDB_DEFAULT /*TDB_CLEAR_IF_FIRST*/, O_RDWR|O_CREAT, 0600); +@@ -2223,9 +2223,9 @@ + tdb_close(wcache-tdb); + wcache-tdb = NULL; + +- if (unlink(lock_path(winbindd_cache.tdb)) == -1) { ++ if (unlink(cache_path(winbindd_cache.tdb)) == -1) { + DEBUG(0,(initialize_winbindd_cache: unlink %s failed %s , +- lock_path(winbindd_cache.tdb), ++ cache_path(winbindd_cache.tdb), + strerror(errno) )); + return False; + } +@@ -2487,7 +2487,7 @@ + return; + + /* when working offline we must not clear the cache on restart */ +- wcache-tdb = tdb_open_log(lock_path(winbindd_cache.tdb), ++ wcache-tdb = tdb_open_log(cache_path(winbindd_cache.tdb), + WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, + lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), + O_RDWR|O_CREAT, 0600); diff -uNr samba-3.0.10.orig/source/param/loadparm.c samba-3.0.10/source/param/loadparm.c --- samba-3.0.10.orig/source/param/loadparm.c 2004-12-17 03:50:09.0 -0800 +++ samba-3.0.10/source/param/loadparm.c 2004-12-17 03:55:30.0 -0800
svn commit: samba r23356 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_25/source/lib SAMBA_3_0_26/source/lib
Author: idra Date: 2007-06-05 12:58:18 + (Tue, 05 Jun 2007) New Revision: 23356 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23356 Log: We missed to add the 'c' character to the list of valid ones for shell escaping. I hate this kind of bugs more than how Jeremy hates off by ones :( Simo. Modified: branches/SAMBA_3_0/source/lib/util_str.c branches/SAMBA_3_0_25/source/lib/util_str.c branches/SAMBA_3_0_26/source/lib/util_str.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_str.c === --- branches/SAMBA_3_0/source/lib/util_str.c2007-06-05 10:49:05 UTC (rev 23355) +++ branches/SAMBA_3_0/source/lib/util_str.c2007-06-05 12:58:18 UTC (rev 23356) @@ -2622,7 +2622,7 @@ of characters. UNIX charset format. ***/ -#define INCLUDE_LIST 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t., +#define INCLUDE_LIST 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_/ \t., #define INSIDE_DQUOTE_LIST $`\n\\\ char *escape_shell_string(const char *src) Modified: branches/SAMBA_3_0_25/source/lib/util_str.c === --- branches/SAMBA_3_0_25/source/lib/util_str.c 2007-06-05 10:49:05 UTC (rev 23355) +++ branches/SAMBA_3_0_25/source/lib/util_str.c 2007-06-05 12:58:18 UTC (rev 23356) @@ -2622,7 +2622,7 @@ of characters. UNIX charset format. ***/ -#define INCLUDE_LIST 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t., +#define INCLUDE_LIST 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_/ \t., #define INSIDE_DQUOTE_LIST $`\n\\\ char *escape_shell_string(const char *src) Modified: branches/SAMBA_3_0_26/source/lib/util_str.c === --- branches/SAMBA_3_0_26/source/lib/util_str.c 2007-06-05 10:49:05 UTC (rev 23355) +++ branches/SAMBA_3_0_26/source/lib/util_str.c 2007-06-05 12:58:18 UTC (rev 23356) @@ -2622,7 +2622,7 @@ of characters. UNIX charset format. ***/ -#define INCLUDE_LIST 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t., +#define INCLUDE_LIST 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_/ \t., #define INSIDE_DQUOTE_LIST $`\n\\\ char *escape_shell_string(const char *src)
svn commit: samba r23234 - in branches/SAMBA_3_0_25/packaging/Debian/debian-sarge: . patches
Author: idra Date: 2007-05-30 00:40:31 + (Wed, 30 May 2007) New Revision: 23234 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23234 Log: Update debian-sarge packaging Removed: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/undefined-symbols.patch Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/fhs.patch branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/non-linux-ports.patch branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/samba.patch Changeset: Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog 2007-05-30 00:36:23 UTC (rev 23233) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/changelog 2007-05-30 00:40:31 UTC (rev 23234) @@ -1,3 +1,34 @@ +samba (3.0.25a-1) stable; urgency=high + + * samba 3.0.25a Stabilizing release + * Includes Security fixes release with 3.0.24a and 3.0.25 + + -- Simo Sorce [EMAIL PROTECTED] Mon, 28 May 2007 20:45:30 -0400 + +samba (3.0.24-1) stable; urgency=high + + * samba 3.0.24 Security Release + + -- Simo Sorce [EMAIL PROTECTED] Mon, 19 Feb 2007 15:53:30 -0500 + +samba (3.0.23d-1) stable; urgency=low + + * samba 3.0.23d Samba Team Release + + -- Simo Sorce [EMAIL PROTECTED] Fri, 17 Nov 2006 15:39:30 -0500 + +samba (3.0.23c-1) stable; urgency=low + + * samba 3.0.23c Samba Team Release + + -- Simo Sorce [EMAIL PROTECTED] Fri, 8 Sep 2006 14:12:30 -0400 + +samba (3.0.23a-1) stable; urgency=low + + * samba 3.0.23a Samba Team Release + + -- Simo Sorce [EMAIL PROTECTED] Tue, 1 Aug 2006 22:01:30 -0400 + samba (3.0.23-1) stable; urgency=low * samba 3.0.23 Samba Team Release Modified: branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch === --- branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch 2007-05-30 00:36:23 UTC (rev 23233) +++ branches/SAMBA_3_0_25/packaging/Debian/debian-sarge/patches/documentation.patch 2007-05-30 00:40:31 UTC (rev 23234) @@ -1,66 +1,66 @@ --- samba-3.0.4/docs/manpages/swat.8.orig 2004-05-05 10:22:50.0 -0400 +++ samba-3.0.4/docs/manpages/swat.8 2004-05-10 13:25:53.0 -0400 -@@ -80,6 +80,13 @@ +@@ -80,4 +80,10 @@ .SH INSTALLATION - .PP +\fBDebian-specific Note\fR: all these steps have already been done for +you. However, by default, swat is not enabled. This has been done for +security reasons. To enable swat you need to edit /etc/inetd.conf, +uncomment the swat entry (usually at the end of the file), and then +restart inetd. -+ +.PP Swat is included as binary package with most distributions\. The package manager in this case takes care of the installation and configuration\. This section is only for those who have compiled swat from scratch\. - .PP -@@ -87,13 +94,13 @@ - - .TP 3 - \(bu +@@ -87,12 +94,12 @@ + .TP 3n + #8226; -/usr/local/samba/sbin/swat +/usr/sbin/swat - .TP - \(bu + .TP 3n + #8226; -/usr/local/samba/swat/images/* +/usr/share/samba/swat/images/* - .TP - \(bu + .TP 3n + #8226; -/usr/local/samba/swat/help/* +/usr/share/samba/swat/help/* - .LP - .SS Inetd Installation -@@ -102,7 +109,7 @@ - You need to edit your \fI/etc/inetd\.conf \fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR\. - .PP --In \fI/etc/services\fR you need to add a line like this: -+In \fI/etc/services\fR you need to add a line like this (not needed for Debian): - + You need to edit your +@@ -125,7 +131,7 @@ .PP + In + \fI/etc/services\fR +-you need to add a line like this: ++you need to add a line like this (not needed for Debian): + .PP \fBswat 901/tcp\fR -@@ -114,10 +121,10 @@ - the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your\fBinetd\fR daemon)\. - .PP --In \fI/etc/inetd\.conf\fR you should add a line like this: -+In \fI/etc/inetd\.conf\fR you should add a line like this (not needed for Debian since the maintainer scripts do it automatically. You need to uncomment the line, though, because it is added commented out for security reasons): - +@@ -140,9 +146,9 @@ .PP --\fBswat stream tcp nowait\.400 root /usr/local/samba/sbin/swat swat\fR -+\fBswat stream tcp nowait\.400 root /usr/sbin/swat swat\fR - + In + \fI/etc/inetd.conf\fR +-you should add a line like this: ++you should add a line like this (not needed for Debian since the maintainer scripts do it automatically. You need to uncomment the line, though, because it is added commented out
svn commit: samba r23049 - in branches/SAMBA_3_0_25/source/passdb: .
Author: idra Date: 2007-05-21 20:41:50 + (Mon, 21 May 2007) New Revision: 23049 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23049 Log: Short circuit Unix Users and Unix Groups Domain SID checks. Do not cache to avoid polluting the uid - Sid cache Modified: branches/SAMBA_3_0_25/source/passdb/lookup_sid.c Changeset: Modified: branches/SAMBA_3_0_25/source/passdb/lookup_sid.c === --- branches/SAMBA_3_0_25/source/passdb/lookup_sid.c2007-05-21 20:36:22 UTC (rev 23048) +++ branches/SAMBA_3_0_25/source/passdb/lookup_sid.c2007-05-21 20:41:50 UTC (rev 23049) @@ -1380,6 +1380,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) { + uint32 rid; gid_t gid; if (fetch_uid_from_cache(puid, psid)) @@ -1389,6 +1390,18 @@ return False; } + /* Optimize for the Unix Users Domain +* as the conversion is straightforward */ + if (sid_peek_check_rid(global_sid_Unix_Users, psid, rid)) { + uid_t uid = rid; + *puid = uid; + + /* return here, don't cache */ + DEBUG(10,(sid %s - uid %u\n, sid_string_static(psid), + (unsigned int)*puid )); + return True; + } + if (!winbind_sid_to_uid(puid, psid)) { if (!winbind_ping()) { return legacy_sid_to_uid(psid, puid); @@ -1416,6 +1429,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) { + uint32 rid; uid_t uid; if (fetch_gid_from_cache(pgid, psid)) @@ -1424,6 +1438,18 @@ if (fetch_uid_from_cache(uid, psid)) return False; + /* Optimize for the Unix Groups Domain +* as the conversion is straightforward */ + if (sid_peek_check_rid(global_sid_Unix_Groups, psid, rid)) { + gid_t gid = rid; + *pgid = gid; + + /* return here, don't cache */ + DEBUG(10,(sid %s - gid %u\n, sid_string_static(psid), + (unsigned int)*pgid )); + return True; + } + /* Ask winbindd if it can map this sid to a gid. * (Idmap will check it is a valid SID and of the right type) */
svn commit: samba r23050 - in branches/SAMBA_3_0_25/source/passdb: .
Author: idra Date: 2007-05-21 20:47:22 + (Mon, 21 May 2007) New Revision: 23050 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23050 Log: Do not double check for sid - uid, we already do it in sid_to_uid() (same for gids) Modified: branches/SAMBA_3_0_25/source/passdb/lookup_sid.c Changeset: Modified: branches/SAMBA_3_0_25/source/passdb/lookup_sid.c === --- branches/SAMBA_3_0_25/source/passdb/lookup_sid.c2007-05-21 20:41:50 UTC (rev 23049) +++ branches/SAMBA_3_0_25/source/passdb/lookup_sid.c2007-05-21 20:47:22 UTC (rev 23050) @@ -1209,12 +1209,6 @@ enum lsa_SidType type; uint32 rid; - if (sid_peek_check_rid(global_sid_Unix_Users, psid, rid)) { - uid_t uid = rid; - *puid = uid; - goto done; - } - if (sid_peek_check_rid(get_global_sam_sid(), psid, rid)) { union unid_t id; BOOL ret; @@ -1260,12 +1254,6 @@ union unid_t id; enum lsa_SidType type; - if (sid_peek_check_rid(global_sid_Unix_Groups, psid, rid)) { - gid_t gid = rid; - *pgid = gid; - goto done; - } - if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { BOOL ret;
svn commit: samba r23051 - in branches: SAMBA_3_0/source/passdb SAMBA_3_0_26/source/passdb
Author: idra Date: 2007-05-21 20:51:15 + (Mon, 21 May 2007) New Revision: 23051 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23051 Log: sid_to_[ug]id fixes for smbd Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c branches/SAMBA_3_0_26/source/passdb/lookup_sid.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/lookup_sid.c === --- branches/SAMBA_3_0/source/passdb/lookup_sid.c 2007-05-21 20:47:22 UTC (rev 23050) +++ branches/SAMBA_3_0/source/passdb/lookup_sid.c 2007-05-21 20:51:15 UTC (rev 23051) @@ -1208,12 +1208,6 @@ enum lsa_SidType type; uint32 rid; - if (sid_peek_check_rid(global_sid_Unix_Users, psid, rid)) { - uid_t uid = rid; - *puid = uid; - goto done; - } - if (sid_peek_check_rid(get_global_sam_sid(), psid, rid)) { union unid_t id; BOOL ret; @@ -1259,12 +1253,6 @@ union unid_t id; enum lsa_SidType type; - if (sid_peek_check_rid(global_sid_Unix_Groups, psid, rid)) { - gid_t gid = rid; - *pgid = gid; - goto done; - } - if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { BOOL ret; @@ -1379,6 +1367,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) { + uint32 rid; gid_t gid; if (fetch_uid_from_cache(puid, psid)) @@ -1388,6 +1377,18 @@ return False; } + /* Optimize for the Unix Users Domain +* as the conversion is straightforward */ + if (sid_peek_check_rid(global_sid_Unix_Users, psid, rid)) { + uid_t uid = rid; + *puid = uid; + + /* return here, don't cache */ + DEBUG(10,(sid %s - uid %u\n, sid_string_static(psid), + (unsigned int)*puid )); + return True; + } + if (!winbind_sid_to_uid(puid, psid)) { if (!winbind_ping()) { return legacy_sid_to_uid(psid, puid); @@ -1415,6 +1416,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) { + uint32 rid; uid_t uid; if (fetch_gid_from_cache(pgid, psid)) @@ -1423,6 +1425,18 @@ if (fetch_uid_from_cache(uid, psid)) return False; + /* Optimize for the Unix Groups Domain +* as the conversion is straightforward */ + if (sid_peek_check_rid(global_sid_Unix_Groups, psid, rid)) { + gid_t gid = rid; + *pgid = gid; + + /* return here, don't cache */ + DEBUG(10,(sid %s - gid %u\n, sid_string_static(psid), + (unsigned int)*pgid )); + return True; + } + /* Ask winbindd if it can map this sid to a gid. * (Idmap will check it is a valid SID and of the right type) */ Modified: branches/SAMBA_3_0_26/source/passdb/lookup_sid.c === --- branches/SAMBA_3_0_26/source/passdb/lookup_sid.c2007-05-21 20:47:22 UTC (rev 23050) +++ branches/SAMBA_3_0_26/source/passdb/lookup_sid.c2007-05-21 20:51:15 UTC (rev 23051) @@ -1209,12 +1209,6 @@ enum lsa_SidType type; uint32 rid; - if (sid_peek_check_rid(global_sid_Unix_Users, psid, rid)) { - uid_t uid = rid; - *puid = uid; - goto done; - } - if (sid_peek_check_rid(get_global_sam_sid(), psid, rid)) { union unid_t id; BOOL ret; @@ -1260,12 +1254,6 @@ union unid_t id; enum lsa_SidType type; - if (sid_peek_check_rid(global_sid_Unix_Groups, psid, rid)) { - gid_t gid = rid; - *pgid = gid; - goto done; - } - if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { BOOL ret; @@ -1380,6 +1368,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) { + uint32 rid; gid_t gid; if (fetch_uid_from_cache(puid, psid)) @@ -1389,6 +1378,18 @@ return False; } + /* Optimize for the Unix Users Domain +* as the conversion is straightforward */ + if (sid_peek_check_rid(global_sid_Unix_Users, psid, rid)) { + uid_t uid = rid; + *puid = uid; + + /* return here, don't cache */ + DEBUG(10,(sid %s - uid %u\n, sid_string_static(psid), + (unsigned int)*puid )); + return True; + } + if (!winbind_sid_to_uid(puid, psid)) { if (!winbind_ping()) { return legacy_sid_to_uid(psid, puid); @@ -1416,6 +1417,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid
svn commit: samba r22974 - in branches/SAMBA_3_0/source: .
Author: idra Date: 2007-05-17 18:20:16 + (Thu, 17 May 2007) New Revision: 22974 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22974 Log: enable relro with PIE if available, this gives extra protection to the ELF segment Modified: branches/SAMBA_3_0/source/configure.in Changeset: Modified: branches/SAMBA_3_0/source/configure.in === --- branches/SAMBA_3_0/source/configure.in 2007-05-17 13:56:19 UTC (rev 22973) +++ branches/SAMBA_3_0/source/configure.in 2007-05-17 18:20:16 UTC (rev 22974) @@ -1763,6 +1763,29 @@ fi fi +#Check if we can enable relro as well +if test x${samba_cv_fpie} = xyes +then + AC_CACHE_CHECK(for relro, samba_cv_fpie_relro, + [ + cat conftest.c EOF +int foo; +main () { return 0;} +EOF +if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -fPIE -Wl,z,relro -o conftest conftest.c 1AS_MESSAGE_LOG_FD]) + then + samba_cv_fpie_relro=yes + else + samba_cv_fpie_relro=no + fi + rm -f conftest* + ]) + if test x${samba_cv_fpie_relro} = xyes + then + PIE_LDFLAGS=-pie -Wl,z,relro + fi +fi + # Assume non-shared by default and override below BLDSHARED=false
svn commit: samba r22976 - in branches/SAMBA_3_0/source: .
Author: idra Date: 2007-05-17 19:26:08 + (Thu, 17 May 2007) New Revision: 22976 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22976 Log: whoops typo Modified: branches/SAMBA_3_0/source/configure.in Changeset: Modified: branches/SAMBA_3_0/source/configure.in === --- branches/SAMBA_3_0/source/configure.in 2007-05-17 19:16:27 UTC (rev 22975) +++ branches/SAMBA_3_0/source/configure.in 2007-05-17 19:26:08 UTC (rev 22976) @@ -1772,7 +1772,7 @@ int foo; main () { return 0;} EOF -if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -fPIE -Wl,z,relro -o conftest conftest.c 1AS_MESSAGE_LOG_FD]) +if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -fPIE -Wl,-z,relro -o conftest conftest.c 1AS_MESSAGE_LOG_FD]) then samba_cv_fpie_relro=yes else @@ -1782,7 +1782,7 @@ ]) if test x${samba_cv_fpie_relro} = xyes then - PIE_LDFLAGS=-pie -Wl,z,relro + PIE_LDFLAGS=-pie -Wl,-z,relro fi fi
svn commit: samba r22771 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: idra Date: 2007-05-09 21:38:41 + (Wed, 09 May 2007) New Revision: 22771 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22771 Log: One liner fix for idmap_ldap Fixes the strange behavior we were seeing about idmap_ldap creating a new connection for each query. Jerry we need this in for 3.0.25 Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c 2007-05-09 16:26:43 UTC (rev 22770) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c 2007-05-09 21:38:41 UTC (rev 22771) @@ -821,6 +821,7 @@ talloc_set_destructor(ctx, idmap_ldap_close_destructor); dom-private_data = ctx; + dom-initialized = True; talloc_free(config_option); return NT_STATUS_OK; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-05-09 16:26:43 UTC (rev 22770) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-05-09 21:38:41 UTC (rev 22771) @@ -818,6 +818,7 @@ talloc_set_destructor(ctx, idmap_ldap_close_destructor); dom-private_data = ctx; + dom-initialized = True; talloc_free(config_option); return NT_STATUS_OK; Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c 2007-05-09 16:26:43 UTC (rev 22770) +++ branches/SAMBA_3_0_26/source/nsswitch/idmap_ldap.c 2007-05-09 21:38:41 UTC (rev 22771) @@ -818,6 +818,7 @@ talloc_set_destructor(ctx, idmap_ldap_close_destructor); dom-private_data = ctx; + dom-initialized = True; talloc_free(config_option); return NT_STATUS_OK;
svn commit: samba r22696 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: idra Date: 2007-05-06 15:17:14 + (Sun, 06 May 2007) New Revision: 22696 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22696 Log: Make sure this is an ascii char spotted by Volker Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2007-05-06 13:46:30 UTC (rev 22695) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2007-05-06 15:17:14 UTC (rev 22696) @@ -292,6 +292,12 @@ /* first char */ trim = false; + if (!isascii(*p)) { + /* attr names must be ascii only */ + dn-invalid = true; + goto failed; + } + if (isdigit(*p)) { is_oid = true; } else @@ -338,6 +344,12 @@ continue; } + if (!isascii(*p)) { + /* attr names must be ascii only */ + dn-invalid = true; + goto failed; + } + if (is_oid ( ! (isdigit(*p) || (*p == '.' { /* not a digit nor a dot, invalid attribute oid */ dn-invalid = true;
svn commit: samba r22677 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: idra Date: 2007-05-04 22:41:35 + (Fri, 04 May 2007) New Revision: 22677 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22677 Log: One line fix to make net idmap restore work again Jerry, please add this for 3.0.25 final Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2007-05-04 22:15:33 UTC (rev 22676) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2007-05-04 22:41:35 UTC (rev 22677) @@ -163,6 +163,7 @@ map.sid = sid; map.xid.id = state-request.data.dual_idmapset.id; map.xid.type = state-request.data.dual_idmapset.type; + map.status = ID_MAPPED; result = idmap_set_mapping(map); return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c 2007-05-04 22:15:33 UTC (rev 22676) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c 2007-05-04 22:41:35 UTC (rev 22677) @@ -163,6 +163,7 @@ map.sid = sid; map.xid.id = state-request.data.dual_idmapset.id; map.xid.type = state-request.data.dual_idmapset.type; + map.status = ID_MAPPED; result = idmap_set_mapping(map); return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c 2007-05-04 22:15:33 UTC (rev 22676) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c 2007-05-04 22:41:35 UTC (rev 22677) @@ -163,6 +163,7 @@ map.sid = sid; map.xid.id = state-request.data.dual_idmapset.id; map.xid.type = state-request.data.dual_idmapset.type; + map.status = ID_MAPPED; result = idmap_set_mapping(map); return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
svn commit: samba r22645 - in branches/SAMBA_3_0_25/source/nsswitch: .
Author: idra Date: 2007-05-03 12:27:31 + (Thu, 03 May 2007) New Revision: 22645 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22645 Log: Fix bug in idmap_ldap's get_credentials() code. We were dereferencing null for the alloc backend. Jerry, thits need to be in 3.0.25 final. Simo. Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-05-03 11:49:32 UTC (rev 22644) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c 2007-05-03 12:27:31 UTC (rev 22645) @@ -79,11 +79,17 @@ tmp = lp_parm_const_string(-1, config_option, ldap_user_dn, NULL); if ( tmp ) { - secret = idmap_fetch_secret(ldap, false, dom-name, tmp); + if (!dom) { + /* only the alloc backend is allowed to pass in a NULL dom */ + secret = idmap_fetch_secret(ldap, true, NULL, tmp); + } else { + secret = idmap_fetch_secret(ldap, false, dom-name, tmp); + } + if (!secret) { DEBUG(0, (get_credentials: Unable to fetch auth credentials for %s in %s\n, - tmp, dom-name)); + tmp, (dom==NULL)?ALLOC:dom-name)); ret = NT_STATUS_ACCESS_DENIED; goto done; }
svn commit: samba r22646 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra Date: 2007-05-03 12:28:25 + (Thu, 03 May 2007) New Revision: 22646 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22646 Log: segfault fix in idmap_ldap.c from 3_0_25 Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c 2007-05-03 12:27:31 UTC (rev 22645) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c 2007-05-03 12:28:25 UTC (rev 22646) @@ -80,11 +80,17 @@ tmp = lp_parm_const_string(-1, config_option, ldap_user_dn, NULL); if ( tmp ) { - secret = idmap_fetch_secret(ldap, false, dom-name, tmp); + if (!dom) { + /* only the alloc backend is allowed to pass in a NULL dom */ + secret = idmap_fetch_secret(ldap, true, NULL, tmp); + } else { + secret = idmap_fetch_secret(ldap, false, dom-name, tmp); + } + if (!secret) { DEBUG(0, (get_credentials: Unable to fetch auth credentials for %s in %s\n, - tmp, dom-name)); + tmp, (dom==NULL)?ALLOC:dom-name)); ret = NT_STATUS_ACCESS_DENIED; goto done; }
Re: [Samba] Problem with Samba-3.0.25rc3 idmap_ldap (winbind dumps core)
On Tue, May 01, 2007 at 02:49:10AM -0500, Don Meyer wrote: [...] Then I traced the secret retrieval process back to passdb/secrets.c, where I then traced the secrets_store_generic function back out to the 'net idmap secret' command. For others reference, to set the ldap_user_dn password for each defined domain, and for the idmap alloc config side, you use the following commands: net idmap secret DOMAIN secret net idmap secret alloc secret (Note: A little pointer dropped in the man page for idmap_ldap would have been quite helpful here...) There is a note in the man pages that say: NOTE In order to use authentication against ldap servers you may need to provide a DN and a password. To avoid exposing the password in plain text in the configuration file we store it into a security store. The net idmap command is used to store a secret for the DN specified in a specific idmap domain. From: http://www.samba.org/samba/docs/man/manpages-3/idmap_ldap.8.html [..] I'm having trouble tracing this beyond the idmap_init function in nsswitch/idmap.c. If this points to a problem in samba, I hope this helps. On the other hand, if this is a problem in my setup, any pointers in the direction of fixing it would be greatly appreciated. A core dump is definitively an issue, I will try to reproduce and fix it today on my train trip or at worst tomorrow. Simo. -- Simo Sorce [EMAIL PROTECTED] --- Samba Team http://www.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: svn commit: samba r22638 - in tags: .
On Thu, May 03, 2007 at 04:50:13AM +1000, [EMAIL PROTECTED] wrote: Jelmer, The sourceforge project with TDB and the package in Debian both use 1.0.1 as version number. I figured the support for transactions and the other improvements qualified for a new minor release. I'd vote for 2.0 - tdb has really improved a lot since the sourceforge project split off. +1 for 2.0 With transactions we have an api change (addition) so it is worth a major release number change Simo. -- Simo Sorce [EMAIL PROTECTED] --- Samba Team http://www.samba.org
Re: [Samba] Issue with mounted drive
On Tue, Apr 24, 2007 at 10:24:41AM -0500, Phusion wrote: The first three mounts are on a NT4 domain, while the last is on a active directory domain. I can reboot the RHEL4 ES server and when that reboots it gets mounted again, but how can I avoid doing it this way. You can't with smbfs, it is a known issue. Smbfs is deprecated anyway and nobody supports it in the kernel anymore, switch to cifs vfs. Simo. -- Simo Sorce [EMAIL PROTECTED] --- Samba Team http://www.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r22482 - in branches/SAMBA_3_0_25/source: .
Author: idra Date: 2007-04-23 09:46:06 + (Mon, 23 Apr 2007) New Revision: 22482 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22482 Log: Fix our brokeness in building shared libraries. Mixing -shared and -pie is not sane. Jerry this should be in 3.0.25 final, it fixed building on IA64 and works ok on F7 (test using libsmbclient) Modified: branches/SAMBA_3_0_25/source/Makefile.in Changeset: Modified: branches/SAMBA_3_0_25/source/Makefile.in === --- branches/SAMBA_3_0_25/source/Makefile.in2007-04-23 09:19:35 UTC (rev 22481) +++ branches/SAMBA_3_0_25/source/Makefile.in2007-04-23 09:46:06 UTC (rev 22482) @@ -23,10 +23,10 @@ [EMAIL PROTECTED]@ CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ @LDFLAGS@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ @LDFLAGS@ [EMAIL PROTECTED]@ @LDFLAGS@ [EMAIL PROTECTED]@ @LDFLAGS@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ @@ -1144,7 +1144,7 @@ bin/[EMAIL PROTECTED]@: proto_exists $(LIBADDNS_OBJ) @echo Linking libaddns shared library $@ - @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LDFLAGS) $(LIBS) \ + @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LIBS) \ $(KRB5LIBS) $(UUID_LIBS)\ @[EMAIL PROTECTED] [EMAIL PROTECTED](LIBADDNS_MAJOR) @@ -1154,7 +1154,7 @@ bin/[EMAIL PROTECTED]@: proto_exists $(LIBSMBCLIENT_OBJ) @echo Linking libsmbclient shared library $@ - @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LDFLAGS) $(LIBS) \ + @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \ @[EMAIL PROTECTED] [EMAIL PROTECTED](LIBSMBCLIENT_MAJOR) @@ -1164,7 +1164,7 @@ bin/[EMAIL PROTECTED]@: proto_exists $(LIBSMBSHAREMODES_OBJ) @echo Linking libsmbsharemodes shared library $@ - @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LDFLAGS) $(LIBS) \ + @$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) \ @[EMAIL PROTECTED] [EMAIL PROTECTED](LIBSMBSHAREMODES_MAJOR) @@ -1174,7 +1174,7 @@ bin/[EMAIL PROTECTED]@: proto_exists $(CAC_OBJ) @echo Linking libmsrpc shared library $@ - @$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LDFLAGS) $(LIBS) \ + @$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LIBS) \ @[EMAIL PROTECTED] [EMAIL PROTECTED](LIBMSRPC_MAJOR) bin/libmsrpc.a: proto_exists $(CAC_OBJ)
Re: [Samba] question re multiple backends and the 'guest' backend
Sun, Apr 22, 2007 at 06:35:00AM -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Dale wrote: I suspect that guest will simply allow someone to log on as a guest with whatever privileges (usually none) you give to guests. The guest backend is builtin and should not be specified in smb.conf. We also removed the support foir multiple passdb backends in latest versions of samba IIRC, so passdb backend should never list more than 1 backend. -- Simo Sorce [EMAIL PROTECTED] --- Samba Team http://www.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r22471 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: idra Date: 2007-04-23 00:36:49 + (Mon, 23 Apr 2007) New Revision: 22471 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22471 Log: Convert more code to use proper LDB error codes. This is a 1 to 1 convertion, next step is to make this code report an error if the basedn is not used, hopefully avoiding an explicit search on the base object in the most common cases. Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Sorry, the patch is too large (1121 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22471
svn commit: samba r22425 - in branches/SAMBA_3_0/source/libsmb: .
Author: idra Date: 2007-04-21 20:43:54 + (Sat, 21 Apr 2007) New Revision: 22425 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22425 Log: Avoid to segfault if we only have the realm. Modified: branches/SAMBA_3_0/source/libsmb/namequery_dc.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/namequery_dc.c === --- branches/SAMBA_3_0/source/libsmb/namequery_dc.c 2007-04-21 08:04:58 UTC (rev 22424) +++ branches/SAMBA_3_0/source/libsmb/namequery_dc.c 2007-04-21 20:43:54 UTC (rev 22425) @@ -215,6 +215,11 @@ if ( (our_domain lp_security()==SEC_ADS) || realm ) { ret = ads_dc_name(domain, realm, dc_ip, srv_name); } + + if (!domain) { + /* if we have only the realm we can't do anything else */ + return False; + } if (!ret) { /* fall back on rpc methods if the ADS methods fail */
svn commit: samba r22426 - in branches/SAMBA_3_0_25/source/libsmb: .
Author: idra Date: 2007-04-21 20:44:19 + (Sat, 21 Apr 2007) New Revision: 22426 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22426 Log: Avoid to segfault if we only have the realm Modified: branches/SAMBA_3_0_25/source/libsmb/namequery_dc.c Changeset: Modified: branches/SAMBA_3_0_25/source/libsmb/namequery_dc.c === --- branches/SAMBA_3_0_25/source/libsmb/namequery_dc.c 2007-04-21 20:43:54 UTC (rev 22425) +++ branches/SAMBA_3_0_25/source/libsmb/namequery_dc.c 2007-04-21 20:44:19 UTC (rev 22426) @@ -215,6 +215,11 @@ if ( (our_domain lp_security()==SEC_ADS) || realm ) { ret = ads_dc_name(domain, realm, dc_ip, srv_name); } + + if (!domain) { + /* if we have only the realm we can't do anything else */ + return False; + } if (!ret) { /* fall back on rpc methods if the ADS methods fail */
svn commit: samba r22388 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-04-19 20:00:40 + (Thu, 19 Apr 2007) New Revision: 22388 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22388 Log: clearer message, thanks David Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-04-19 17:55:52 UTC (rev 22387) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-04-19 20:00:40 UTC (rev 22388) @@ -921,7 +921,7 @@ } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, - Domain Controller unreachable, using cached credentials. Network resources may be unavailable); + Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable); _pam_log_debug(pamh, ctrl, LOG_DEBUG, User %s logged on using cached account\n, username); } Modified: branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c 2007-04-19 17:55:52 UTC (rev 22387) +++ branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c 2007-04-19 20:00:40 UTC (rev 22388) @@ -921,7 +921,7 @@ } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, - Domain Controller unreachable, using cached credentials. Network resources may be unavailable); + Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable); _pam_log_debug(pamh, ctrl, LOG_DEBUG, User %s logged on using cached credentials\n, username); }
svn commit: samba r22392 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-04-19 23:15:33 + (Thu, 19 Apr 2007) New Revision: 22392 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22392 Log: Remove leftover potentially segfaulty code. Check we are online before actually trying to connect anywhere Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-04-19 22:40:32 UTC (rev 22391) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-04-19 23:15:33 UTC (rev 22392) @@ -695,9 +695,6 @@ ad_map_type = WB_POSIX_MAP_SFU; - if ( !ad_idmap_ads ) - return idmap_ad_initialize(NULL); - return NT_STATUS_OK; } @@ -716,9 +713,6 @@ ad_map_type = WB_POSIX_MAP_RFC2307; - if ( !ad_idmap_ads ) - return idmap_ad_initialize(NULL); - return NT_STATUS_OK; } @@ -737,6 +731,11 @@ { ADS_STRUCT *ads_internal = NULL; + /* Only do query if we are online */ + if (idmap_is_offline()) { + return NT_STATUS_FILE_IS_OFFLINE; + } + /* We are assuming that the internal ADS_STRUCT is for the same forest as the incoming *ads pointer */ Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-04-19 22:40:32 UTC (rev 22391) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-04-19 23:15:33 UTC (rev 22392) @@ -695,9 +695,6 @@ ad_map_type = WB_POSIX_MAP_SFU; - if ( !ad_idmap_ads ) - return idmap_ad_initialize(NULL); - return NT_STATUS_OK; } @@ -716,9 +713,6 @@ ad_map_type = WB_POSIX_MAP_RFC2307; - if ( !ad_idmap_ads ) - return idmap_ad_initialize(NULL); - return NT_STATUS_OK; } @@ -737,6 +731,11 @@ { ADS_STRUCT *ads_internal = NULL; + /* Only do query if we are online */ + if (idmap_is_offline()) { + return NT_STATUS_FILE_IS_OFFLINE; + } + /* We are assuming that the internal ADS_STRUCT is for the same forest as the incoming *ads pointer */
svn commit: samba r22393 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra Date: 2007-04-19 23:25:37 + (Thu, 19 Apr 2007) New Revision: 22393 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22393 Log: fix cutpaste error Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-04-19 23:15:33 UTC (rev 22392) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-04-19 23:25:37 UTC (rev 22393) @@ -923,7 +923,7 @@ _make_remark(pamh, ctrl, PAM_ERROR_MSG, Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable); _pam_log_debug(pamh, ctrl, LOG_DEBUG, - User %s logged on using cached account\n, username); + User %s logged on using cached credentials\n, username); } }
svn commit: samba r22342 - in branches/SAMBA_3_0_25/source: include nsswitch
Author: idra Date: 2007-04-18 20:49:59 + (Wed, 18 Apr 2007) New Revision: 22342 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22342 Log: This patch tries to fix a number of problems with the offline code. So far I have tested it only with idmap_tdb, idmap_ad testing is next. Fixes: - The code returned an error on any idmap call if winbindd was put offline before the idmap code was initialized. - The code denied consulting any backend, even local ones like idmap_tdb when offline, correct the situation by handling offline decisions in the backends Simo. Modified: branches/SAMBA_3_0_25/source/include/idmap.h branches/SAMBA_3_0_25/source/include/smb.h branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_25/source/nsswitch/idmap_cache.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c branches/SAMBA_3_0_25/source/nsswitch/idmap_nss.c branches/SAMBA_3_0_25/source/nsswitch/idmap_passdb.c branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c Changeset: Sorry, the patch is too large (1193 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22342
svn commit: samba r22343 - in branches/SAMBA_3_0/source: include nsswitch
Author: idra Date: 2007-04-18 21:10:37 + (Wed, 18 Apr 2007) New Revision: 22343 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22343 Log: Commit to 3_0 as well after adapting the patch. (tdb_delete_bystring instead of tdb_delete is used here) Modified: branches/SAMBA_3_0/source/include/idmap.h branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0/source/nsswitch/idmap_cache.c branches/SAMBA_3_0/source/nsswitch/idmap_ldap.c branches/SAMBA_3_0/source/nsswitch/idmap_nss.c branches/SAMBA_3_0/source/nsswitch/idmap_passdb.c branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c Changeset: Sorry, the patch is too large (1197 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22343
svn commit: samba r22347 - in branches/SAMBA_3_0_25/source/nsswitch: .
Author: idra Date: 2007-04-18 22:20:13 + (Wed, 18 Apr 2007) New Revision: 22347 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22347 Log: Better message. This string is displayed both at login and when unlocking the screen. Modified: branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c 2007-04-18 22:16:34 UTC (rev 22346) +++ branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c 2007-04-18 22:20:13 UTC (rev 22347) @@ -921,9 +921,9 @@ } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, - Logging on using cached account. Network resources can be unavailable); + Domain Controller unreachable, using cached credentials. Network resources may be unavailable); _pam_log_debug(pamh, ctrl, LOG_DEBUG, - User %s logged on using cached account\n, username); + User %s logged on using cached credentials\n, username); } }
svn commit: samba r22348 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra Date: 2007-04-18 22:25:17 + (Wed, 18 Apr 2007) New Revision: 22348 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22348 Log: 3_0 as well Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-04-18 22:20:13 UTC (rev 22347) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-04-18 22:25:17 UTC (rev 22348) @@ -921,7 +921,7 @@ } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, - Logging on using cached account. Network resources can be unavailable); + Domain Controller unreachable, using cached credentials. Network resources may be unavailable); _pam_log_debug(pamh, ctrl, LOG_DEBUG, User %s logged on using cached account\n, username); }
svn commit: samba r22230 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-04-15 23:58:39 + (Sun, 15 Apr 2007) New Revision: 22230 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22230 Log: Let's just cast here, the 2 calls have different allocation mechanisms. We just let domname and name hang on the mem ctx until the call returns, and the context will be destroyed. Simo. Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/nsswitch/idmap.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-15 21:14:37 UTC (rev 9) +++ branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-15 23:58:39 UTC (rev 22230) @@ -811,7 +811,7 @@ { NTSTATUS ret; struct idmap_domain *dom; - const char *domname, *name; + char *domname, *name; enum lsa_SidType sid_type; BOOL wbret; @@ -825,14 +825,16 @@ /* by default calls to winbindd are disabled the following call will not recurse so this is safe */ winbind_on(); - wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); + wbret = winbind_lookup_sid(ctx, map-sid, + (const char **)domname, + (const char **)name, + sid_type); winbind_off(); } else { - char *tmp_dom, *tmp_name; - wbret = winbindd_lookup_name_by_sid(ctx, map-sid, tmp_dom, - tmp_name, sid_type); - domname = tmp_dom; - name = tmp_name; + wbret = winbindd_lookup_name_by_sid(ctx, map-sid, + domname, + name, + sid_type); } /* check if this is a valid SID and then map it */ Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-15 21:14:37 UTC (rev 9) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-15 23:58:39 UTC (rev 22230) @@ -811,7 +811,7 @@ { NTSTATUS ret; struct idmap_domain *dom; - const char *domname, *name; + char *domname, *name; enum lsa_SidType sid_type; BOOL wbret; @@ -825,10 +825,16 @@ /* by default calls to winbindd are disabled the following call will not recurse so this is safe */ winbind_on(); - wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); + wbret = winbind_lookup_sid(ctx, map-sid, + (const char **)domname, + (const char **)name, + sid_type); winbind_off(); } else { - wbret = winbindd_lookup_name_by_sid(ctx, map-sid, domname, name, sid_type); + wbret = winbindd_lookup_name_by_sid(ctx, map-sid, + domname, + name, + sid_type); } /* check if this is a valid SID and then map it */
svn commit: samba r22204 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-04-12 21:10:06 + (Thu, 12 Apr 2007) New Revision: 22204 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22204 Log: Workaround to quickly close bug #4508 This hack makes thing work, but we will need to try again to make the getpw* calls fully async, that's the real fix. Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/nsswitch/winbindd.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/nsswitch/winbindd.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -84,6 +84,24 @@ return NULL; } +/* part of a quick hack to avoid loops, need to be sorted out correctly later on */ +static BOOL idmap_in_own_child; + +static BOOL idmap_is_in_own_child(void) +{ + return idmap_in_own_child; +} + +void reset_idmap_in_own_child(void) +{ + idmap_in_own_child = False; +} + +void set_idmap_in_own_child(void) +{ + idmap_in_own_child = True; +} + /** Allow a module to register itself as a method. **/ @@ -801,13 +819,18 @@ if ( ! NT_STATUS_IS_OK(ret)) { return NT_STATUS_NONE_MAPPED; } - - /* by default calls to winbindd are disabled - the following call will not recurse so this is safe */ - winbind_on(); - wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); - winbind_off(); + /* quick hack to make things work, will need proper fix later on */ + if (idmap_is_in_own_child()) { + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); + wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); + winbind_off(); + } else { + wbret = winbindd_lookup_name_by_sid(ctx, map-sid, domname, name, sid_type); + } + /* check if this is a valid SID and then map it */ if (wbret) { switch (sid_type) { @@ -1395,3 +1418,4 @@ return ret; } + Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -1010,6 +1010,9 @@ namecache_enable(); + /* quick hack to avoid a loop in idmap, proper fix later */ + reset_idmap_in_own_child(); + /* Winbind daemon initialisation */ if ( ! NT_STATUS_IS_OK(idmap_init_cache()) ) { Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -921,6 +921,9 @@ child); } + /* quick hack to avoid a loop in idmap, proper fix later */ + set_idmap_in_own_child(); + while (1) { int ret; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -84,6 +84,24 @@ return NULL; } +/* part of a quick hack to avoid loops, need to be sorted out correctly later on */ +static BOOL idmap_in_own_child; + +static BOOL idmap_is_in_own_child(void) +{ + return idmap_in_own_child; +} + +void reset_idmap_in_own_child(void) +{ + idmap_in_own_child = False; +} + +void set_idmap_in_own_child(void) +{ + idmap_in_own_child = True; +} + /** Allow a module to register itself as a method. **/ @@ -801,13 +819,18 @@ if ( ! NT_STATUS_IS_OK(ret)) { return NT_STATUS_NONE_MAPPED; } - - /* by default calls to winbindd are disabled - the following call will not recurse so this is safe */ - winbind_on(); - wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); - winbind_off
svn commit: samba-docs r1096 - in trunk/manpages-3: .
Author: idra Date: 2007-04-11 21:50:59 + (Wed, 11 Apr 2007) New Revision: 1096 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1096 Log: Auth info for idmap_ldap net idmap Modified: trunk/manpages-3/idmap_ldap.8.xml trunk/manpages-3/net.8.xml Changeset: Modified: trunk/manpages-3/idmap_ldap.8.xml === --- trunk/manpages-3/idmap_ldap.8.xml 2007-04-11 21:00:50 UTC (rev 1095) +++ trunk/manpages-3/idmap_ldap.8.xml 2007-04-11 21:50:59 UTC (rev 1096) @@ -37,6 +37,14 @@ /varlistentry varlistentry + termldap_user_dn = DN/term + listitempara + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + /para/listitem + /varlistentry + + varlistentry termldap_url = ldap://server//term listitempara Specifies the LDAP server to use when searching for existing @@ -73,6 +81,14 @@ /varlistentry varlistentry + termldap_user_dn = DN/term + listitempara + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + /para/listitem + /varlistentry + + varlistentry termldap_url = ldap://server//term listitempara Specifies the LDAP server to which modify/add/delete requests should @@ -121,6 +137,17 @@ /programlisting /refsect1 +refsynopsisdiv + titleNOTE/title + + paraIn order to use authentication against ldap servers you may + need to provide a DN and a password. To avoid exposing the password + in plain text in the configuration file we store it into a security + store. The quot;net idmap quot; command is used to store a secret + for the DN specified in a specific idmap domain. + /para +/refsynopsisdiv + refsect1 titleAUTHOR/title Modified: trunk/manpages-3/net.8.xml === --- trunk/manpages-3/net.8.xml 2007-04-11 21:00:50 UTC (rev 1095) +++ trunk/manpages-3/net.8.xml 2007-04-11 21:50:59 UTC (rev 1096) @@ -1147,6 +1147,35 @@ /refsect2 refsect2 +titleIDMAP DUMP lt;output filegt;/title + +para +Dumps the mappings in the specified output file. +/para + +/refsect2 + +refsect2 +titleIDMAP RESTORE [input file]/title + +para +Restore the mappings from the specified file or stdin. +/para + +/refsect2 + +refsect2 +titleIDMAP SECRET lt;DOMAINgt;|ALLOC lt;secretgt;/title + +para +Store a secret for the sepcified domain, used primarily for domains +that use idmap_ldap as a backend. In this case the secret is used +as the password for the user DN used to bind to the ldap server. +/para + +/refsect2 + +refsect2 titleUSERSHARE/title paraStarting with version 3.0.23, a Samba server now supports the ability for
svn commit: samba-docs r1090 - in trunk/manpages-3: .
Author: idra Date: 2007-04-07 14:09:17 + (Sat, 07 Apr 2007) New Revision: 1090 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1090 Log: Document the net sam options Modified: trunk/manpages-3/net.8.xml Changeset: Modified: trunk/manpages-3/net.8.xml === --- trunk/manpages-3/net.8.xml 2007-04-07 05:28:53 UTC (rev 1089) +++ trunk/manpages-3/net.8.xml 2007-04-07 14:09:17 UTC (rev 1090) @@ -912,6 +912,241 @@ /refsect2 refsect2 +titleSAM CREATEBUILTINGROUP lt;NAMEgt;/title + +para +(Re)Create a BUILTIN group. +Only a wellknown set of BUILTIN groups can be created with this command. +This is the list of currently recognized group names: Administrators, +Users, Guests, Power Users, Account Operators, Server Operators, Print +Operators, Backup Operators, Replicator, RAS Servers, Pre-Windows 2000 +ompatible Access. + +This command requires a running Winbindd with idmap allocation properly +configured. The group gid will be allocated out of the winbindd range. +/para + +/refsect2 + +refsect2 +titleSAM CREATELOCALGROUP lt;NAMEgt;/title + +para +Create a LOCAL group (also known as Alias). + +This command requires a running Winbindd with idmap allocation properly +configured. The group gid will be allocated out of the winbindd range. +/para + +/refsect2 + +refsect2 +titleSAM MAPUNIXGROUP lt;NAMEgt;/title + +para +Map an existing Unix group and make it a Domain Group, the domain group +will have the same name. +/para + +/refsect2 + +refsect2 +titleSAM ADDMEM lt;GROUPgt; lt;MEMBERgt;/title + +para +Add a member to a Local group. The group can be specified only by name, +the member can be specified by name or SID. +/para + +/refsect2 + +refsect2 +titleSAM DELMEM lt;GROUPgt; lt;MEMBERgt;/title + +para +Remove a member from a Local group. The group and the member must be +specified by name. +/para + +/refsect2 + +refsect2 +titleSAM LISTMEM lt;GROUPgt;/title + +para +List Local group members. The group must be specified by name. +/para + +/refsect2 + +refsect2 +titleSAM LIST lt;users|groups|localgroups|builtin|workstationsgt; [verbose]/title + +para +List the specified set of accounts by name. If verbose is specified, +the rid and description is also provided for each account. +/para + +/refsect2 + +refsect2 +titleSAM SHOW lt;NAMEgt;/title + +para +Show the full DOMAIN\\NAME the SID and the type for the corrisponding +account. +/para + +/refsect2 + +refsect2 +titleSAM SET HOMEDIR lt;NAMEgt; lt;DIRECTORYgt;/title + +para +Set the home directory for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET PROFILEPATH lt;NAMEgt; lt;PATHgt;/title + +para +Set the profile path for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET COMMENT lt;NAMEgt; lt;COMMENTgt;/title + +para +Set the comment for a user or group account. +/para + +/refsect2 + +refsect2 +titleSAM SET FULLNAME lt;NAMEgt; lt;FULL NAMEgt;/title + +para +Set the full name for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET LOGONSCRIPT lt;NAMEgt; lt;SCRIPTgt;/title + +para +Set the logon script for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET HOMEDRIVE lt;NAMEgt; lt;DRIVEgt;/title + +para +Set the home drive for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET WORKSTATIONS lt;NAMEgt; lt;WORKSTATIONSgt;/title + +para +Set the workstations a user account is allowed to log in from. +/para + +/refsect2 + +refsect2 +titleSAM SET DISABLE lt;NAMEgt;/title + +para +Set the disabled flag for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET PWNOTREQ lt;NAMEgt;/title + +para +Set the password not required flag for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET AUTOLOCK lt;NAMEgt;/title + +para +Set the autolock flag for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET PWNOEXP lt;NAMEgt;/title + +para +Set the password do not expire flag for a user account. +/para + +/refsect2 + +refsect2 +titleSAM SET PWMUSTCHANGENOW lt;NAMEgt; [yes|no]/title + +para +Set or unset the password must change flag fro a user account. +/para + +/refsect2 + +refsect2 +titleSAM POLICY LIST/title + +para +List the avilable account policies. +/para + +/refsect2 + +refsect2 +titleSAM POLICY SHOW lt;account policygt;/title + +para +Show the account policy value. +/para + +/refsect2 + +refsect2 +titleSAM POLICY SET lt;account policygt; lt;valuegt;/title + +para +Set a value for the account policy. +Valid values can be: forever, never, off, or a number. +/para + +/refsect2 + +refsect2 +titleSAM PROVISION/title + +para +Only available if ldapsam:editposix is set and winbindd is running. +Properly populates the ldap tree with the basic accounts (Administrator) +and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree. +/para + +/refsect2 + +refsect2 titleUSERSHARE/title paraStarting with version 3.0.23, a Samba server now supports the ability for
svn commit: samba r22109 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-04-06 19:55:45 + (Fri, 06 Apr 2007) New Revision: 22109 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22109 Log: Readonly is automatically set in the generic init code, let's just log the fact there and remove the specific, but redundant, code in idmap_ad.c Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-06 19:38:35 UTC (rev 22108) +++ branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-06 19:55:45 UTC (rev 22109) @@ -407,6 +407,7 @@ /* check the set_mapping function exists otherwise mark the module as readonly */ if ( ! dom-methods-set_mapping) { + DEBUG(5, (Forcing to readonly, as ithis module can't store arbitrary mappings.\n)); dom-readonly = True; } Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-04-06 19:38:35 UTC (rev 22108) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-04-06 19:55:45 UTC (rev 22109) @@ -194,11 +194,6 @@ } } - if ( !dom-readonly ) { - DEBUG(1, (WARNING: forcing to readonly, as idmap_ad can't write on AD.\n)); - dom-readonly = true; - } - dom-private_data = ctx; talloc_free(config_option); Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-06 19:38:35 UTC (rev 22108) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-06 19:55:45 UTC (rev 22109) @@ -407,6 +407,7 @@ /* check the set_mapping function exists otherwise mark the module as readonly */ if ( ! dom-methods-set_mapping) { + DEBUG(5, (Forcing to readonly, as ithis module can't store arbitrary mappings.\n)); dom-readonly = True; } Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-04-06 19:38:35 UTC (rev 22108) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-04-06 19:55:45 UTC (rev 22109) @@ -194,11 +194,6 @@ } } - if ( !dom-readonly ) { - DEBUG(1, (WARNING: forcing to readonly, as idmap_ad can't write on AD.\n)); - dom-readonly = true; - } - dom-private_data = ctx; talloc_free(config_option);
svn commit: samba r22002 - in branches: SAMBA_3_0/source/client SAMBA_3_0_25/source/client
Author: idra Date: 2007-03-28 14:16:34 + (Wed, 28 Mar 2007) New Revision: 22002 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22002 Log: Fix bug #3974, there are still open issues with -N behavior (doc fix next) and -T argument parsing behavior (which is just insane but a separate bug) Modified: branches/SAMBA_3_0/source/client/client.c branches/SAMBA_3_0_25/source/client/client.c Changeset: Modified: branches/SAMBA_3_0/source/client/client.c === --- branches/SAMBA_3_0/source/client/client.c 2007-03-28 13:34:59 UTC (rev 22001) +++ branches/SAMBA_3_0/source/client/client.c 2007-03-28 14:16:34 UTC (rev 22002) @@ -3891,6 +3891,8 @@ char *p; int rc = 0; fstring new_workgroup; + BOOL tar_opt = False; + BOOL service_opt = False; struct poptOption long_options[] = { POPT_AUTOHELP @@ -3937,13 +3939,43 @@ x_setbuf( dbf, NULL ); } - pc = poptGetContext(smbclient, argc, (const char **) argv, long_options, - POPT_CONTEXT_KEEP_FIRST); + /* skip argv(0) */ + pc = poptGetContext(smbclient, argc, (const char **) argv, long_options, 0); poptSetOtherOptionHelp(pc, service password); in_client = True; /* Make sure that we tell lp_load we are */ while ((opt = poptGetNextOpt(pc)) != -1) { + + /* if the tar option has been called previouslt, now we need to eat out the leftovers */ + /* I see no other way to keep things sane --SSS */ + if (tar_opt == True) { + while (poptPeekArg(pc)) { + poptGetArg(pc); + } + tar_opt = False; + } + + /* if the service has not yet been specified lets see if it is available in the popt stack */ + if (!service_opt poptPeekArg(pc)) { + pstrcpy(service, poptGetArg(pc)); + /* Convert any '/' characters in the service name to '\' characters */ + string_replace(service, '/','\\'); + + if (count_chars(service,'\\') 3) { + d_printf(\n%s: Not enough '\\' characters in service\n,service); + poptPrintUsage(pc, stderr, 0); + exit(1); + } + service_opt = True; + } + + /* if the service has already been retrieved then check if we have also a password */ + if (service_opt (!cmdline_auth_info.got_pass) poptPeekArg(pc)) { + pstrcpy(cmdline_auth_info.password, poptGetArg(pc)); + cmdline_auth_info.got_pass = True; + } + switch (opt) { case 'M': /* Messages are sent to NetBIOS name type 0x3 @@ -3998,13 +4030,9 @@ poptPrintUsage(pc, stderr, 0); exit(1); } - /* Now we must eat (optnum - i) options - they have -* been processed by tar_parseargs(). -*/ - optnum -= i; - for (i = 0; i optnum; i++) - poptGetOptArg(pc); } + /* this must be the last option, mark we have parsed it so that we know we have */ + tar_opt = True; break; case 'D': pstrcpy(base_directory,poptGetOptArg(pc)); @@ -4015,8 +4043,34 @@ } } - poptGetArg(pc); + /* We may still have some leftovers after the last popt option has been called */ + if (tar_opt == True) { + while (poptPeekArg(pc)) { + poptGetArg(pc); + } + tar_opt = False; + } + /* if the service has not yet been specified lets see if it is available in the popt stack */ + if (!service_opt poptPeekArg(pc)) { + pstrcpy(service, poptGetArg(pc)); + /* Convert any '/' characters in the service name to '\' characters */ + string_replace(service, '/','\\'); + + if (count_chars(service,'\\') 3) { + d_printf(\n%s: Not enough '\\' characters in service\n,service); + poptPrintUsage(pc, stderr, 0); + exit(1); + } + service_opt = True; + } + + /* if the service has already been retrieved then check if we have also a password
svn commit: samba-web r1097 - in trunk/DTD: .
Author: idra Date: 2007-03-28 14:49:57 + (Wed, 28 Mar 2007) New Revision: 1097 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1097 Log: Clarify what happens when both -N is specified and a password is provided on command line. This is based on smbclient behavior. Simo. Modified: trunk/DTD/samba.entities Changeset: Modified: trunk/DTD/samba.entities === --- trunk/DTD/samba.entities2007-03-22 12:56:00 UTC (rev 1096) +++ trunk/DTD/samba.entities2007-03-28 14:49:57 UTC (rev 1097) @@ -339,7 +339,11 @@ paraUnless a password is specified on the command line or this parameter is specified, the client will request a -password./para/listitem +password./para + +paraIf a password is specified on the command line and this +option is also defined the password on the command line will +be silently ingnored and no password will be used./para/listitem /varlistentry' !ENTITY pct #37;
svn commit: samba-docs r1080 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 20:56:27 + (Wed, 21 Mar 2007) New Revision: 1080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1080 Log: mention idmap domains Modified: trunk/manpages-3/winbindd.8.xml Changeset: Modified: trunk/manpages-3/winbindd.8.xml === --- trunk/manpages-3/winbindd.8.xml 2007-03-21 20:51:40 UTC (rev 1079) +++ trunk/manpages-3/winbindd.8.xml 2007-03-21 20:56:27 UTC (rev 1080) @@ -202,17 +202,17 @@ is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command. The allocated unix ids are stored - in a database file under the Samba lock directory and will be - remembered. /para + in a database and will be remembered. /para paraWARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd. If this - file is deleted or corrupted, there is no way for winbindd to + store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids. /para paraSee the smbconfoptionnameidmap -backend/name/smbconfoption parameter in +domains/name/smbconfoption or the old smbconfoptionnameidmap + backend/name/smbconfoption parameters in filenamesmb.conf/filename for options for sharing this database, such as via LDAP./para /refsect1
svn commit: samba r21919 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-03-21 21:10:59 + (Wed, 21 Mar 2007) New Revision: 21919 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21919 Log: now that the local passdb abd BUILTIN have been blacklisted and they always point to the passdb module, remove this comment and move the explanation in the dimap_ad man page. Simo. Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-03-21 21:08:15 UTC (rev 21918) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-03-21 21:10:59 UTC (rev 21919) @@ -194,21 +194,6 @@ } } - /* idmap AD can work well only if it is the default module (trusts) -* with additional BUILTIN and alloc using TDB */ - if ( ! dom-default_domain) { - DEBUG(1, (WARNING: idmap_ad is not configured as the default domain.\n - For best results we suggest you to configure this module as\n - default and configure BULTIN to use idmap_tdb\n - ex: idmap domains = BUILTIN %s\n - idmap alloc config: range = 5000 - \n - idmap config %s: default = yes\n - idmap config %s: backend = ad\n - idmap config %s: range = 1 - 1000 #this is optional\n - NOTE: make sure the ranges do not overlap\n, - dom-name, dom-name, dom-name, dom-name)); - } - if ( !dom-readonly ) { DEBUG(1, (WARNING: forcing to readonly, as idmap_ad can't write on AD.\n)); dom-readonly = true; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-03-21 21:08:15 UTC (rev 21918) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-03-21 21:10:59 UTC (rev 21919) @@ -194,21 +194,6 @@ } } - /* idmap AD can work well only if it is the default module (trusts) -* with additional BUILTIN and alloc using TDB */ - if ( ! dom-default_domain) { - DEBUG(1, (WARNING: idmap_ad is not configured as the default domain.\n - For best results we suggest you to configure this module as\n - default and configure BULTIN to use idmap_tdb\n - ex: idmap domains = BUILTIN %s\n - idmap alloc config: range = 5000 - \n - idmap config %s: default = yes\n - idmap config %s: backend = ad\n - idmap config %s: range = 1 - 1000 #this is optional\n - NOTE: make sure the ranges do not overlap\n, - dom-name, dom-name, dom-name, dom-name)); - } - if ( !dom-readonly ) { DEBUG(1, (WARNING: forcing to readonly, as idmap_ad can't write on AD.\n)); dom-readonly = true;
svn commit: samba-docs r1082 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 21:26:02 + (Wed, 21 Mar 2007) New Revision: 1082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1082 Log: CopyPaste leftover for the example description, fix it. Modified: trunk/manpages-3/idmap_nss.8.xml Changeset: Modified: trunk/manpages-3/idmap_nss.8.xml === --- trunk/manpages-3/idmap_nss.8.xml2007-03-21 21:23:17 UTC (rev 1081) +++ trunk/manpages-3/idmap_nss.8.xml2007-03-21 21:26:02 UTC (rev 1082) @@ -29,9 +29,8 @@ titleEXAMPLES/title para - The follow sets of a LDAP configuration which uses a slave server - running on localhost for fetching SID/gid/uid mappings while - sending update requests to the directory master server. + This example shows how to use idmap_nss to check the local accounts for its + own domain while using allocation to create new mappings for trusted domains /para programlisting
svn commit: samba r21776 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_25/source/utils
Author: idra Date: 2007-03-09 16:55:56 + (Fri, 09 Mar 2007) New Revision: 21776 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21776 Log: fix bugs #4438 #4440 Modified: branches/SAMBA_3_0/source/utils/net_sam.c branches/SAMBA_3_0_25/source/utils/net_sam.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_sam.c === --- branches/SAMBA_3_0/source/utils/net_sam.c 2007-03-09 15:34:12 UTC (rev 21775) +++ branches/SAMBA_3_0/source/utils/net_sam.c 2007-03-09 16:55:56 UTC (rev 21776) @@ -1043,6 +1043,7 @@ d_fprintf(stderr, Failed to add Domain Users group to ldap directory\n); } } else { + domusers_gid = gmap.gid; d_printf(found!\n); } @@ -1096,6 +1097,7 @@ d_fprintf(stderr, Failed to add Domain Admins group to ldap directory\n); } } else { + domadmins_gid = gmap.gid; d_printf(found!\n); } @@ -1124,7 +1126,7 @@ d_printf(Adding the Administrator user.\n); if (domadmins_gid == -1) { - d_fprintf(stderr, Can't create Administrtor user, Domain Admins group not available!\n); + d_fprintf(stderr, Can't create Administrator user, Domain Admins group not available!\n); goto done; } if (!winbind_allocate_uid(uid)) { @@ -1238,8 +1240,12 @@ smbldap_set_mod(mods, LDAP_MOD_ADD, displayName, pwd-pw_name); smbldap_set_mod(mods, LDAP_MOD_ADD, uidNumber, uidstr); smbldap_set_mod(mods, LDAP_MOD_ADD, gidNumber, gidstr); - smbldap_set_mod(mods, LDAP_MOD_ADD, homeDirectory, pwd-pw_dir); - smbldap_set_mod(mods, LDAP_MOD_ADD, loginShell, pwd-pw_shell); + if ((pwd-pw_dir != NULL) (pwd-pw_dir[0] != '\0')) { + smbldap_set_mod(mods, LDAP_MOD_ADD, homeDirectory, pwd-pw_dir); + } + if ((pwd-pw_shell != NULL) (pwd-pw_shell[0] != '\0')) { + smbldap_set_mod(mods, LDAP_MOD_ADD, loginShell, pwd-pw_shell); + } smbldap_set_mod(mods, LDAP_MOD_ADD, sambaSID, sid_string_static(sid)); smbldap_set_mod(mods, LDAP_MOD_ADD, sambaAcctFlags, pdb_encode_acct_ctrl(ACB_NORMAL|ACB_DISABLED, @@ -1261,7 +1267,7 @@ pwd = getpwnam_alloc(NULL, lp_guestaccount()); if (!pwd) { d_fprintf(stderr, Failed to find just created Guest account!\n -Is nssswitch properly configured?!\n); +Is nss properly configured?!\n); goto failed; } Modified: branches/SAMBA_3_0_25/source/utils/net_sam.c === --- branches/SAMBA_3_0_25/source/utils/net_sam.c2007-03-09 15:34:12 UTC (rev 21775) +++ branches/SAMBA_3_0_25/source/utils/net_sam.c2007-03-09 16:55:56 UTC (rev 21776) @@ -1043,6 +1043,7 @@ d_fprintf(stderr, Failed to add Domain Users group to ldap directory\n); } } else { + domusers_gid = gmap.gid; d_printf(found!\n); } @@ -1096,6 +1097,7 @@ d_fprintf(stderr, Failed to add Domain Admins group to ldap directory\n); } } else { + domadmins_gid = gmap.gid; d_printf(found!\n); } @@ -1124,7 +1126,7 @@ d_printf(Adding the Administrator user.\n); if (domadmins_gid == -1) { - d_fprintf(stderr, Can't create Administrtor user, Domain Admins group not available!\n); + d_fprintf(stderr, Can't create Administrator user, Domain Admins group not available!\n); goto done; } if (!winbind_allocate_uid(uid)) { @@ -1238,8 +1240,12 @@ smbldap_set_mod(mods, LDAP_MOD_ADD, displayName, pwd-pw_name); smbldap_set_mod(mods, LDAP_MOD_ADD, uidNumber, uidstr); smbldap_set_mod(mods, LDAP_MOD_ADD, gidNumber, gidstr); - smbldap_set_mod(mods, LDAP_MOD_ADD, homeDirectory, pwd-pw_dir); - smbldap_set_mod(mods, LDAP_MOD_ADD, loginShell, pwd-pw_shell); + if ((pwd-pw_dir != NULL) (pwd-pw_dir[0] != '\0')) { + smbldap_set_mod(mods, LDAP_MOD_ADD, homeDirectory, pwd-pw_dir); + } + if ((pwd-pw_shell != NULL) (pwd-pw_shell[0] != '\0')) { + smbldap_set_mod(mods, LDAP_MOD_ADD, loginShell, pwd-pw_shell); + } smbldap_set_mod(mods, LDAP_MOD_ADD
svn commit: samba r21606 - in branches: SAMBA_3_0/source/lib SAMBA_3_0/source/libads SAMBA_3_0/source/nsswitch SAMBA_3_0/source/passdb SAMBA_3_0/source/printing SAMBA_3_0/source/utils SAMBA_3_0_25/sou
Author: idra Date: 2007-03-01 00:49:28 + (Thu, 01 Mar 2007) New Revision: 21606 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21606 Log: Implement escaping function for ldap RDN values Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's concistency commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs (\, becomes \5c,) is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. Modified: branches/SAMBA_3_0/source/lib/ldap_escape.c branches/SAMBA_3_0/source/lib/smbldap_util.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libads/ldap_user.c branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/utils/net_ads.c branches/SAMBA_3_0/source/utils/net_ads_gpo.c branches/SAMBA_3_0_25/source/lib/ldap_escape.c branches/SAMBA_3_0_25/source/lib/smbldap_util.c branches/SAMBA_3_0_25/source/libads/ldap.c branches/SAMBA_3_0_25/source/libads/ldap_user.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0_25/source/passdb/pdb_ldap.c branches/SAMBA_3_0_25/source/printing/nt_printing.c branches/SAMBA_3_0_25/source/utils/net_ads.c branches/SAMBA_3_0_25/source/utils/net_ads_gpo.c Changeset: Sorry, the patch is too large (1033 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21606
svn commit: samba r21607 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_25/source/utils
Author: idra Date: 2007-03-01 00:50:56 + (Thu, 01 Mar 2007) New Revision: 21607 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21607 Log: While committing I saw I had not newline terminated this string ... Modified: branches/SAMBA_3_0/source/utils/net_ads_gpo.c branches/SAMBA_3_0_25/source/utils/net_ads_gpo.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads_gpo.c === --- branches/SAMBA_3_0/source/utils/net_ads_gpo.c 2007-03-01 00:49:28 UTC (rev 21606) +++ branches/SAMBA_3_0/source/utils/net_ads_gpo.c 2007-03-01 00:50:56 UTC (rev 21607) @@ -351,7 +351,7 @@ if (argc 2) { printf(usage: net ads gpo addlink linkdn gpodn [options]\n); - printf(note: DNs must be provided properly escaped.\n See RFC 4514 for details); + printf(note: DNs must be provided properly escaped.\n See RFC 4514 for details\n); return -1; } Modified: branches/SAMBA_3_0_25/source/utils/net_ads_gpo.c === --- branches/SAMBA_3_0_25/source/utils/net_ads_gpo.c2007-03-01 00:49:28 UTC (rev 21606) +++ branches/SAMBA_3_0_25/source/utils/net_ads_gpo.c2007-03-01 00:50:56 UTC (rev 21607) @@ -351,7 +351,7 @@ if (argc 2) { printf(usage: net ads gpo addlink linkdn gpodn [options]\n); - printf(note: DNs must be provided properly escaped.\n See RFC 4514 for details); + printf(note: DNs must be provided properly escaped.\n See RFC 4514 for details\n); return -1; }
svn commit: samba r21623 - in branches/SAMBA_3_0/source/nsswitch: .
Author: idra Date: 2007-03-01 05:17:33 + (Thu, 01 Mar 2007) New Revision: 21623 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21623 Log: Fix copy/paste error Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-03-01 04:58:52 UTC (rev 21622) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-03-01 05:17:33 UTC (rev 21623) @@ -573,8 +573,8 @@ winbindd_flush_negative_conn_cache(domain); set_domain_online_request(domain); - /* Send an offline message to the idmap child when our - primary domain goes offline */ + /* Send an online message to the idmap child when our + primary domain comes back online */ if ( domain-primary ) { struct winbindd_child *idmap = idmap_child();
svn commit: samba r21625 - in branches/SAMBA_3_0_25/source/nsswitch: .
Author: idra Date: 2007-03-01 05:45:45 + (Thu, 01 Mar 2007) New Revision: 21625 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21625 Log: .25 as well Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_dual.c 2007-03-01 05:21:31 UTC (rev 21624) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_dual.c 2007-03-01 05:45:45 UTC (rev 21625) @@ -573,8 +573,8 @@ winbindd_flush_negative_conn_cache(domain); set_domain_online_request(domain); - /* Send an offline message to the idmap child when our - primary domain goes offline */ + /* Send an online message to the idmap child when our + primary domain comes back online */ if ( domain-primary ) { struct winbindd_child *idmap = idmap_child();
svn commit: samba r21508 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-02-22 21:59:54 + (Thu, 22 Feb 2007) New Revision: 21508 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21508 Log: Fix memleak in new idmap_tdb, thanks Herb. Jerry please check. Simo. Modified: branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c 2007-02-22 20:52:27 UTC (rev 21507) +++ branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c 2007-02-22 21:59:54 UTC (rev 21508) @@ -1049,19 +1049,11 @@ /* Delete previous mappings. */ - data = tdb_fetch(ctx-tdb, ksid); - if (data.dptr) { - DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); - tdb_delete(ctx-tdb, ksid); - SAFE_FREE(data.dptr); - } + DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); + tdb_delete(ctx-tdb, ksid); - data = tdb_fetch(ctx-tdb, kid); - if (data.dptr) { - DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); - tdb_delete(ctx-tdb, kid); - SAFE_FREE(data.dptr); - } + DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); + tdb_delete(ctx-tdb, kid); tdb_chainunlock(ctx-tdb, ksid); ret = NT_STATUS_OK; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c 2007-02-22 20:52:27 UTC (rev 21507) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c 2007-02-22 21:59:54 UTC (rev 21508) @@ -1049,19 +1049,11 @@ /* Delete previous mappings. */ - data = tdb_fetch(ctx-tdb, ksid); - if (data.dptr) { - DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); - tdb_delete(ctx-tdb, ksid); - SAFE_FREE(data.dptr); - } + DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); + tdb_delete(ctx-tdb, ksid); - data = tdb_fetch(ctx-tdb, kid); - if (data.dptr) { - DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); - tdb_delete(ctx-tdb, kid); - SAFE_FREE(data.dptr); - } + DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); + tdb_delete(ctx-tdb, kid); tdb_chainunlock(ctx-tdb, ksid); ret = NT_STATUS_OK;
svn commit: samba r21418 - in branches/SAMBA_4_0/source/torture/local: .
Author: idra Date: 2007-02-18 02:12:50 + (Sun, 18 Feb 2007) New Revision: 21418 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21418 Log: Return the ratio as well Modified: branches/SAMBA_4_0/source/torture/local/dbspeed.c Changeset: Modified: branches/SAMBA_4_0/source/torture/local/dbspeed.c === --- branches/SAMBA_4_0/source/torture/local/dbspeed.c 2007-02-18 01:31:50 UTC (rev 21417) +++ branches/SAMBA_4_0/source/torture/local/dbspeed.c 2007-02-18 02:12:50 UTC (rev 21418) @@ -28,6 +28,7 @@ #include lib/db_wrap.h #include torture/torture.h +float tdb_speed; static BOOL tdb_add_record(struct tdb_wrap *tdbw, const char *fmt1, const char *fmt2, int i) { @@ -110,7 +111,8 @@ free(data.dptr); } - torture_comment(torture, tdb speed %.2f ops/sec\n, count/timeval_elapsed(tv)); + tdb_speed = count/timeval_elapsed(tv); + torture_comment(torture, tdb speed %.2f ops/sec\n, tdb_speed); unlink(test.tdb); @@ -164,6 +166,7 @@ struct ldb_ldif *ldif; const char *init_ldif = dn: @INDEXLIST\n \ @IDXATTR: UID\n; + float ldb_speed; unlink(./test.ldb); @@ -227,7 +230,10 @@ torture_fail(torture, memory leak in ldb search); } - torture_comment(torture, ldb speed %.2f ops/sec\n, count/timeval_elapsed(tv)); + ldb_speed = count/timeval_elapsed(tv); + torture_comment(torture, ldb speed %.2f ops/sec\n, ldb_speed); + + torture_comment(torture, ldb/tdb speed ratio is %.2f%%\n, (100*ldb_speed/tdb_speed)); unlink(./test.ldb);
svn commit: samba r21419 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: idra Date: 2007-02-18 02:21:21 + (Sun, 18 Feb 2007) New Revision: 21419 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21419 Log: Give some more clue about what's going on Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c 2007-02-18 02:12:50 UTC (rev 21418) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c 2007-02-18 02:21:21 UTC (rev 21419) @@ -185,7 +185,7 @@ length = strlen(orig); if (start_offset 0) start_offset += strlen(orig); if (start_offset 0 || start_offset strlen(orig)) { - ejsSetErrorMsg(eid, substr arg 2 out of bounds); + ejsSetErrorMsg(eid, substr arg 2 out of bounds ([%s], %d), orig, start_offset); return -1; } @@ -193,7 +193,7 @@ length = mprToInt(argv[2]); if (length 0) length += strlen(orig) - start_offset; if (length 0 || length+start_offset strlen(orig)) { - ejsSetErrorMsg(eid, substr arg 3 out of bounds); + ejsSetErrorMsg(eid, substr arg 3 out of bounds ([%s], %d, %d), orig, start_offset, length); return -1; } }
svn commit: samba r21366 - in branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse: .
Author: idra Date: 2007-02-15 14:48:47 + (Thu, 15 Feb 2007) New Revision: 21366 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21366 Log: Until we have a schema enforcing module (which will make it impossible to add object without an objectclass), we need to use the default ldb search filter (an empty one), to retrieve all objects, and all record contents. Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js Changeset: Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js 2007-02-15 14:09:39 UTC (rev 21365) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js 2007-02-15 14:48:47 UTC (rev 21366) @@ -311,7 +311,7 @@ } // Build the search expression - var searchExpr = (objectclass=*); + var searchExpr = ; // Get our module descriptor var module = fsm.getObject(swat.main.module); @@ -415,7 +415,7 @@ baseDN = hierarchy.reverse().join(,); // Build the search expression - var searchExpr = (objectclass=*); + var searchExpr = ; // Get our module descriptor var module = fsm.getObject(swat.main.module);
svn commit: samba r21367 - in branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse: .
Author: idra Date: 2007-02-15 14:49:35 + (Thu, 15 Feb 2007) New Revision: 21367 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21367 Log: Clear out the table with a deleted object contents after the record is deleted. Could be confusing otherwise. Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js Changeset: Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-15 14:48:47 UTC (rev 21366) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-15 14:49:35 UTC (rev 21367) @@ -517,15 +517,18 @@ var result = rpcRequest.getUserData(result); var tree = module.fsm.getObject(tree); - var node = tree.getDataModel().getData()[tree.getSelectedNodes()[0].parentNodeId]; + var dataModel = tree.getDataModel(); + var node = dataModel.getData()[tree.getSelectedNodes()[0].parentNodeId]; - tree.getDataModel().prune(node.nodeId, false); + dataModel.prune(node.nodeId, false); node.bOpened = false; tree.toggleOpened(node); alert(Object Successfully deleted!); this._ldbmod.setBase(); + // just clear the attribute/value table. + dataModel.setData([ ]); }; qx.Proto._displaySearchResults = function(module, rpcRequest)
svn commit: samba r21370 - in branches/SAMBA_3_0_25/source/smbd: .
Author: idra Date: 2007-02-15 16:51:30 + (Thu, 15 Feb 2007) New Revision: 21370 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21370 Log: check into 3.0.25 as well Modified: branches/SAMBA_3_0_25/source/smbd/dfree.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/dfree.c === --- branches/SAMBA_3_0_25/source/smbd/dfree.c 2007-02-15 16:50:14 UTC (rev 21369) +++ branches/SAMBA_3_0_25/source/smbd/dfree.c 2007-02-15 16:51:30 UTC (rev 21370) @@ -66,7 +66,7 @@ SMB_BIG_UINT sys_disk_free(connection_struct *conn, const char *path, BOOL small_query, SMB_BIG_UINT *bsize,SMB_BIG_UINT *dfree,SMB_BIG_UINT *dsize) { - int dfree_retval; + SMB_BIG_UINT dfree_retval; SMB_BIG_UINT dfree_q = 0; SMB_BIG_UINT bsize_q = 0; SMB_BIG_UINT dsize_q = 0;
svn commit: samba r21371 - in branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse: .
Author: idra Date: 2007-02-15 18:48:37 + (Thu, 15 Feb 2007) New Revision: 21371 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21371 Log: Ehmm I was reseting the wrong dataModel... Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js Changeset: Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-15 16:51:30 UTC (rev 21370) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-15 18:48:37 UTC (rev 21371) @@ -527,8 +527,10 @@ alert(Object Successfully deleted!); this._ldbmod.setBase(); + // just clear the attribute/value table. - dataModel.setData([ ]); + var tableModel = module.fsm.getObject(tableModel:browse); + tableModel.setData([]); }; qx.Proto._displaySearchResults = function(module, rpcRequest)
svn commit: samba r21348 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: idra Date: 2007-02-14 19:59:30 + (Wed, 14 Feb 2007) New Revision: 21348 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21348 Log: Fix the build. Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.idl === --- branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2007-02-14 19:30:05 UTC (rev 21347) +++ branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2007-02-14 19:59:30 UTC (rev 21348) @@ -217,7 +217,7 @@ /* Function: 0x10 */ WERROR winreg_QueryInfoKey( [in,ref] policy_handle *handle, - [in,out,ref] winreg_String *class, + [in,out,ref] winreg_String *class_in, [out,ref] uint32 *num_subkeys, [out,ref] uint32 *max_subkeylen, [out,ref] uint32 *max_subkeysize,
svn commit: samba r21351 - in branches/SAMBA_4_0: source/scripting/ejs source/scripting/libjs source/setup testprogs/ejs
Author: idra Date: 2007-02-14 21:55:29 + (Wed, 14 Feb 2007) New Revision: 21351 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21351 Log: Change ldb ejs bindings return codes. We were returning just true/false and discarding error number and string. This checking probably breaks swat, will fix it in next round as swat is what made me look into this as I had no way to get back error messages to show to the users. Simo. Modified: branches/SAMBA_4_0/source/scripting/ejs/mprutil.c branches/SAMBA_4_0/source/scripting/ejs/smbcalls.h branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/setpassword branches/SAMBA_4_0/testprogs/ejs/ldap.js branches/SAMBA_4_0/testprogs/ejs/ldb.js branches/SAMBA_4_0/testprogs/ejs/minschema.js branches/SAMBA_4_0/testprogs/ejs/samba3sam.js Changeset: Sorry, the patch is too large (3061 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21351
svn commit: samba r21328 - in branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse: .
Author: idra Date: 2007-02-14 05:16:05 + (Wed, 14 Feb 2007) New Revision: 21328 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21328 Log: Ok, now we can successfully modify the ldb and refresh the tree but ... - we have a problem with removeAll() in ldbmodify - we seem to not properly cactch errors, we always return a success alert even if the operation is not successful :( Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js Changeset: Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-14 04:47:15 UTC (rev 21327) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-14 05:16:05 UTC (rev 21328) @@ -138,10 +138,16 @@ this._displaySearchResults(module, rpcRequest); break; + case modify: +this._displayModifyResults(module, rpcRequest); +break; + case add: - case modify: +this._displayAddResults(module, rpcRequest); +break; + case delete: -this._displayCommitResults(module, rpcRequest, requestType); +this._displayDeleteResults(module, rpcRequest); break; case tree_open: @@ -475,34 +481,51 @@ qx.Proto._confirmDeleteRecord = function() { - //this._newb.setEnabled(false); - //this._modb.setEnabled(false); - //this._delb.setEnabled(false); this._ldbmod.showConfirmDelete(); }; -qx.Proto._displayCommitResults = function(module, rpcRequest, type) +qx.Proto._displayModifyResults = function(module, rpcRequest) { + var tree = module.fsm.getObject(tree); + tree.createDispatchDataEvent(changeSelection, tree.getSelectedNodes()); + + alert(Object successfully modified!); + + this._switchToNormal(); + //this._ldbmod.postCleanUp(); +} + +qx.Proto._displayAddResults = function(module, rpcRequest) +{ var result = rpcRequest.getUserData(result); - switch (type) { - case add: -alert(Object successfully added!); -break; + var tree = module.fsm.getObject(tree); + var node = tree.getSelectedNodes()[0]; + + tree.getDataModel().prune(node.nodeId, false); + node.bOpened = false; + tree.toggleOpened(node); - case modify: -alert(Object successfully modified!); -break; + alert(Object successfully added!); - case delete: -alert(Object Successfully deleted!); -break; - } - this._switchToNormal(); + //this._ldbmod.postCleanUp(); +}; - //TODO: reload tree after add or delete +qx.Proto._displayDeleteResults = function(module, rpcRequest, type) +{ + var result = rpcRequest.getUserData(result); + var tree = module.fsm.getObject(tree); + var node = tree.getDataModel().getData()[tree.getSelectedNodes()[0].parentNodeId]; + + tree.getDataModel().prune(node.nodeId, false); + node.bOpened = false; + tree.toggleOpened(node); + + alert(Object Successfully deleted!); + + this._ldbmod.setBase(); }; qx.Proto._displaySearchResults = function(module, rpcRequest) @@ -559,12 +582,14 @@ var parentNode = rpcRequest.getUserData(parentNode); var attributes = rpcRequest.getUserData(attributes); + // Remove any existing children, they will be replaced by the result of this call (refresh) + dataModel.setData(); + // Any children? if (! result || result[length] == 0) { // Nope. Remove parent's expand/contract button. dataModel.setState(parentNode.nodeId, { bHideOpenClose : true }); -dataModel.setData(); return; } Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js 2007-02-14 04:47:15 UTC (rev 21327) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js 2007-02-14 05:16:05 UTC (rev 21328) @@ -97,8 +97,7 @@ if (this._active) { if (this._type == add) { - this._basedn.setValue(this.basedn); - this._basedn.setWidth(8 * this.basedn.length); + this._basedn.setHtml(this.basedn); } } } @@ -113,6 +112,12 @@ this._setExitCallback(callback, obj); + if (this.basedn == ) { +alert(Please select the parent node in the tree first!); +this._callExitCallback(); +return; + } + this._active = true; this._type = add; @@ -130,8 +135,7 @@ // The basedn of the object // TODO: add validator - this._basedn = new qx.ui.form.TextField(this.basedn); - this._basedn.setWidth(8 * this.basedn.length); + this._basedn = new qx.ui.basic.Label(this.basedn); hlayout.add(dnlabel, this._rdn, dnsep, this._basedn); @@ -211,18 +215,14 @@ this._mainArea.removeAll(); this._active = false; this._type = null; - return
svn commit: samba r21266 - in branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse: .
Author: idra Date: 2007-02-09 23:43:42 + (Fri, 09 Feb 2007) New Revision: 21266 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21266 Log: Add/Modify/Delete operations seem to work correctly now Still no refresh, so the results may seem confusing Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js Changeset: Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js 2007-02-09 23:14:23 UTC (rev 21265) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Fsm.js 2007-02-09 23:43:42 UTC (rev 21266) @@ -85,7 +85,10 @@ Transition_Idle_to_AwaitRpcResult_via_search, commit : - Transition_Idle_to_AwaitRpcResult_via_commit + Transition_Idle_to_AwaitRpcResult_via_commit, + +delete : + Transition_Idle_to_AwaitRpcResult_via_delete }, // If a previously unexpanded tree node is expanded, issue a request @@ -210,6 +213,45 @@ /* * Transition: Idle to AwaitRpcResult * + * Cause: execute on OK button + * + * Action: + * Delete a record from ldb + */ + var trans = new qx.util.fsm.Transition( +Transition_Idle_to_AwaitRpcResult_via_delete, +{ + nextState : +State_AwaitRpcResult, + + ontransition : +function(fsm, event) +{ + // Get our module descriptor + var module = fsm.getObject(swat.main.module); + + // Retrieve the database handle + var dbHandle = module.dbHandle; + + // Retrieve the ldbmod object + var ldbmod = fsm.getObject(ldbmod); + + // Issue a Search call + var request = _this.callRpc(fsm, + samba.ldb, + del, + [ dbHandle, ldbmod.getBase() ]); + + // When we get the result, we'll need to know what type of request + // we made. + request.setUserData(requestType, delete); +} +}); + state.addTransition(trans); + + /* + * Transition: Idle to AwaitRpcResult + * * Cause: treeOpenWhileEmpty on tree * * Action: Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-09 23:14:23 UTC (rev 21265) +++ branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/Gui.js 2007-02-09 23:43:42 UTC (rev 21266) @@ -139,7 +139,9 @@ break; case add: -this._displayCommitResults(module, rpcRequest, add); + case modify: + case delete: +this._displayCommitResults(module, rpcRequest, requestType); break; case tree_open: @@ -478,52 +480,11 @@ qx.Proto._confirmDeleteRecord = function() { - - var main = qx.ui.core.ClientDocument.getInstance(); - - if (this._dmw == null) { - -this._dmw = new qx.ui.window.Window(New Attribute Name); -this._dmw.set({ - width: 200, - height: 100, - modal: true, - centered: true, - restrictToPageOnOpen: true, - showMinimize: false, - showMaximize: false, - showClose: false, - resizeable: false -}); - -var warningLabel = new qx.ui.basic.Label(Are you sure you want to delete record name here ?); -this._dmw.add(warningLabel); - -var cancelButton = new qx.ui.form.Button(Cancel); -cancelButton.addEventListener(execute, function() { - this._dmw.close(); -}, this); -cancelButton.set({ top: 45, left: 32 }); -this._dmw.add(cancelButton); - -this._dmw.addEventListener(appear,function() { - cancelButton.focus(); -}, this._dmw); - -main.add(this._dmw); -var okButton = new qx.ui.form.Button(OK); -okButton.addEventListener(execute, function() { - //TODO: call search.addEventListener(execute, fsm.eventListener, fsm); - - this._dmw.close(); -}, this); -okButton.set({ top: 45, right: 32 }); -this._dmw.add(okButton); - -main.add(this._dmw); - } - - this._dmw.open(); + + //this._newb.setEnabled(false); + //this._modb.setEnabled(false); + //this._delb.setEnabled(false); + this._ldbmod.showConfirmDelete(); }; qx.Proto._displayCommitResults = function(module, rpcRequest, type) Modified: branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js === --- branches/SAMBA_4_0/webapps/swat/source/class/swat/module/ldbbrowse/LdbModify.js 2007