[Samba] smbpasswd
Dear all, How can I convert the Linux users password (/etc/shadow) to Samba users password (.../private/smbpasswd)? Best Brazilian regards -- Rodrigo Noroaldo de Castro Fernandes [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Choosing hardware for a Samba based home media server
I am considering obtaining a PC to host Samba as a home media server. The server will hold: * music files (about 6000, mostly mp3) * images (about 4000, mostly jpg) * the odd video (about 15, mostly music videos) It will be used to stream media to no more than 5 PCs (i.e. one in the living room to handle 'My Picture' slideshows, and playing music files, etc). Most of the client machines will have no hard drive and will boot from a Compact Flash card. My questions are: 1. Is Samba the right choice of software for this type of application? 2. What hardware would I need for this machine? (Obviously, plenty of disk storage (scsi/raid?), but what about processor and memory?) Thanks... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd
If I have correctly understood what you want to do, the simple answer is: you can't. The passwords stored in shadow file and in smbpasswd, though they may be the same (in clear text), are encrypted with two different one way hash functions. In order to put in smbpasswd the same user passwords than in shadow, you need to compute the hash string from the passwords in clear text. The only reasonable way to achieve this is to implement some solution that keeps unix passwords and samba passwords synchronized (such as what can be done in smb.conf with unix password sync and passwd program but there are many other solutions) and to ask users to change their passwords once, so that shadow and smbpasswd hash strings are computed from the same password. Le mer 29/12/2004 à 13:26, Rodrigo Noroaldo de Castro Fernandes a écrit : --ms080602000709060800080902 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Dear all, How can I convert the Linux users password (/etc/shadow) to Samba users password (.../private/smbpasswd)? Best Brazilian regards -- Olivier Navas Groupement Informatique et Télécommunications SDIS 33 - Humor in the Court: Q: Are you qualified to give a urine sample? A: Yes, I have been since early childhood. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Choosing hardware for a Samba based home media server
Matt Roper wrote: * music files (about 6000, mostly mp3) * images (about 4000, mostly jpg) * the odd video (about 15, mostly music videos) Seems like a pretty light-weight load to me. I dare say a 1GHz CPU and IDE disk could do that! XFS filesystem will be a plus for any server, media server included. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Choosing hardware for a Samba based home media server
Seems like a pretty light-weight load to me. I dare say a 1GHz CPU and IDE disk could do that! XFS filesystem will be a plus for any server, media server included. -- Michael Lueck Lueck Data Systems Couldn't help myself but why is XFS a plus for any server? Why do you recomend XFS specifically? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Share reversal
Currently, I am using Mandrake Linux 10.1 (download edition) for Samba version (3.0.7). Again, thank you for all or any of your help. [global] workgroup = MSHOME server string = MSHOME Server printcap name = cups load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 map to guest = bad user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes [MP3] path = /home/MP3 comment = MP3 Share browseable = yes writable = yes create mode = 744 directory mask = 750 [Software] path = /home/SOFTWARE comment = Software Share browseable = yes writable = yes [SHARED_FILES] path = /home/SHARED_FILES comment = Share Files browseable = yes writable = yes create mode = 777 directory mask = 777 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 [pdf-gen] path = /var/tmp guest ok = No printable = Yes comment = PDF Generator (only valid users) printing = bsd printcap name = cups #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP print command = /usr/share/samba/scripts/print-pdf %s %H //%L/%u %m %I %J lpq command = /bin/true -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Choosing hardware for a Samba based home media server
Chris Roubekas wrote: Couldn't help myself but why is XFS a plus for any server? Why do you recomend XFS specifically? Adam's presentation on XFS should clear up some of those questions... ftp://ftp.kalamazoolinux.org/pub/pdf/XFS.pdf 1) Fast for lots of files 2) Fast for big files 2) Native ACL support 3) Samba team recommended 4) Built in storage management tools - backup / restore Just as a start... I switched to XFS exclusively - workstations and servers. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smb_add_request times out
I've been trying to copy a folder (My Documents, actually) from a Win2K machine to a Linux machine running Samba. I can mount the folder under Linux using smbmount, but when I attempt the copy, using either rsync or cp, I get repeated messages like this after some files have been copied correctly: smb_add_request: request [cd403380, mid=797] timed out! On further investigation I determined that the copy was hanging up on a particular file -- a .ppt file of about 2.8MB. The preceding files were all much smaller. I was able to copy that file onto a different Win machine with no difficulty at all, so the problem clearly lies with some interaction between Samba and Win2K. I doubt if the particular contents or nature of the troublesome file are relevant. The file is large but hardly huge. I'm running Samba 3.0.9-2.1.5, packaged as a SuSE rpm, under SuSE 9.1 Linux. If it's relevant, I also have open-ldap2-client 2.2.6-34 installed. What is worse is that if I do the full rsync copy and just let it run, eventually the entire Linux machine freezes and must be rebooted. Ideas, anyone? Paul Abrahams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Choosing hardware for a Samba based home media server
Seems like a pretty light-weight load to me. I dare say a 1GHz CPU and IDE disk could do that! XFS filesystem will be a plus for any server, media server included. Couldn't help myself but why is XFS a plus for any server? Why do you recomend XFS specifically? ftp://ftp.kalamazoolinux.org/pub/pdf/XFS.pdf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Choosing hardware for a Samba based home media server
Adam's presentation on XFS should clear up some of those questions... ftp://ftp.kalamazoolinux.org/pub/pdf/XFS.pdf 1) Fast for lots of files 2) Fast for big files 2.5) Efficient for very small files 2) Native ACL support 3) Samba team recommended 4) Built in storage management tools - backup / restore -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting INTERNAL ERROR: Signal 10 in Solaris 9
Hello all, I have compiled a Samba 3.0.10 in a Solaris 9 box with OpenLDAP 2.2.17. The options i've compiled with are the following: ./configure --prefix=/opt/samba3 --without-readline --enable-shared=yes --enable-static=yes --with-acl-support --with-smbwrapper --with-sys-quotas=no --without-winbind --with-ldapsam This Samba is PDC of a windows mixed environment (95/98/XP). Sometimes a user in a XP box can't be logged in the domain (message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found). The reason seems to be that the daemon crash with the message: [2004/12/29 16:12:53, 0] lib/fault.c:fault_report(36) === [2004/12/29 16:12:53, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 10 in pid 9210 (3.0.10) Please read the appendix Bugs of the Samba HOWTO collection [2004/12/29 16:12:53, 0] lib/fault.c:fault_report(39) === [2004/12/29 16:12:53, 0] lib/util.c:smb_panic2(1482) PANIC: internal error Somebody knows anything about this, is there any problem with solaris or i've lost something. My configuration and the level 5 smbd log is attached. TIA = . , , |\ ,__ |\ \/ `. \ `-.:. `\ `-.__ `\=| /=`'/ ^_\ .' /\ .=) .-' .'| '-(/_| .' __( \ .'` /_.'` `. |` ricky \ | |/ __ Renovamos el Correo Yahoo!: ¡250 MB GRATIS! Nuevos servicios, más seguridad http://correo.yahoo.es-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting INTERNAL ERROR: Signal 10 in Solaris 9
Sorry, but the attachments seems to be deleted in the list. So i put the files directly in the mail: --- smb.conf --- # Samba config file created using SWAT # from 1.1.15.2 (1.1.15.2) # Date: 2004/12/29 16:13:43 # Global parameters [global] workgroup = ARATEST server string = Pruebas SAMBA passdb backend = ldapsam:ldap://andorra log level = 5 log file = /opt/samba3/var/log.%m logon script = startup.bat logon path = \\TAUSTE\netlogon domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes ldap server = andorra ldap admin dn = cn=Directory Manager ldap group suffix = ou=Group,ou=posix ldap machine suffix = ou=computers,ou=posix ldap suffix = o=aragon.es,o=root ldap ssl = no ldap user suffix = ou=people [test] comment = For testing only, please path = /export/home1/samba3/test read only = No [netlogon] comment = Net Logon Service path = /opt/samba3/var/netlogon write list = ntadmin guest ok = Yes browseable = No csc policy = disable locking = No share modes = No [profiles] path = /opt/samba3/var/profiles read only = No create mask = 0600 directory mask = 0700 [homes] read only = No browseable = No [printers] path = /tmp printable = Yes browseable = No [corporat] comment = /home1/corporat mount point path = /home1/corporat create mask = 0777 [vertical] comment = /home1/vertical mount point path = /home1/vertical [user] comment = /home1/user mount point path = /home1/user read only = No create mask = 0777 [datablq] comment = /home1/datablq mount point path = /home1/datablq read only = No create mask = 0777 [winaply] comment = /home1/winaply mount point path = /home1/winaply create mask = 0777 [temporal] comment = /export/temporal mount point path = /export/temporal read only = No create mask = 0755 [volcados] comment = /volcados mount point path = /volcados read only = No create mask = 0700 --- log.smbd --- [2004/12/29 16:12:53, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 244 [2004/12/29 16:12:53, 5] lib/util.c:show_msg(464) [2004/12/29 16:12:53, 5] lib/util.c:show_msg(474) size=240 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=9536 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 240 (0xF0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]=0 (0x0) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]=0 (0x0) smb_vwv[ 7]= 79 (0x4F) smb_vwv[ 8]=0 (0x0) smb_vwv[ 9]=0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=181 [2004/12/29 16:12:53, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 9210) conn 0x0 [2004/12/29 16:12:53, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/12/29 16:12:53, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/12/29 16:12:53, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/12/29 16:12:53, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/12/29 16:12:53, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2004/12/29 16:12:53, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/12/29 16:12:53, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2004/12/29 16:12:53, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2004/12/29 16:12:53, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/12/29 16:12:53, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 45 [2004/12/29 16:12:53, 5] auth/auth.c:make_auth_context_subsystem(477) Making default auth method list for DC, security=user, encrypt passwords = yes [2004/12/29 16:12:53, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match guest [2004/12/29 16:12:53, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method guest has a valid init [2004/12/29 16:12:53, 5] auth/auth.c:load_auth_module(384) load_auth_module: Attempting to find an auth method to match sam [2004/12/29 16:12:53, 5] auth/auth.c:load_auth_module(409) load_auth_module: auth method sam has a valid
[Samba] User authentication to AD200X, need local users?
I am trying to get user authentication in a 200X AD to have domain users see the samba shares (RH ES3, samba 3.0.9-1). I can see the shares, but when I try to access any of the shares, I get prompted for a username and password and this is what shows up in the log.winbindd file --- [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'robl' does not exist [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'ROBL' does not exist [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'luser-ibmlptp2$' does not exist [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'luser-ibmlptp2$' does not exist [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'LUSER-IBMLPTP2$' does not exist - robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name. I can get a listing of the domain users from the linux machine with the wbinfo command: - [EMAIL PROTECTED] samba]# wbinfo -u TESTER+Administrator TESTER+Guest TESTER+SUPPORT_388945a0 TESTER+TEST1$ TESTER+krbtgt TESTER+pauld TESTER+robl TESTER+tester1 TESTER+tester2 TESTER+tester3 TESTER+TEST2$ TESTER+gort$ TESTER+LUSER-IBMLPTP2$ -- It may be that I have to config another file in pam.d. here is my pam.d/samba and pam.d/login files (respectively) #%PAM-1.0 auth sufficient pam_winbind.so auth required pam_unix.so nullok accountsufficient pam_winbind.so accountrequired pam_unix.so sessionrequired pam_unix.so password required pam_unix.so -- #%PAM-1.0 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so --- and smb.conf... - [global] netbios name = Gort server string = Gort workgroup = TESTER os level = 20 encrypt passwords = yes security = ADS password server = test1.tester.randd.com realm = TESTER.RANDD.COM winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum groups = yes winbind enum users = yes [space] comment = Test Share browseable = yes writeable = yes public = yes any input would be great. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: pdc dont save the profile
the problem was the client. the owner played to much with the admin rights the settings r completly changed. but perhaps u can tell my what u mean with profile share? It looks like from your config file that the logon path directive is \\SAMBA_PDC\profiles\%U. This means that profiles would be stored on server SAMBA_PDC, on share profiles, in a subdirectory that is the same as However, you do not have a profiles share defined. The standard profiles share looks something like this: [profiles] comment = Roaming profile share path = /profiles read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba share problem
If a user belong to group 'a' logs into the windows PC he can access the folder ab but he can also see the shared cd folder. If he tries to access this cd folder he is asked with username and pasword. If he gives the correct username/password of a broup 'b' user he is not able to get into the cd folder. How can I make samba to allow users belonging to group 'a' to access cd folder when he gives the userame password of a group 'b' user. I don't believe Windows will allow you to connect to the same server with two different usernames. In order to connect to the CD chare, the user would first have to clear his connections to the AB share first. To test this, try mapping drives using the windows net use command: 1st, net use * \\server\ab /user:auser /persistent:no 2nd, net use * \\server\cd /user:buser /persistent:no If the 2nd command fails with Multiple connections not allowed then that is the problem. Your best bet is to make another group of AB users that should also be allowed access to CD stuff. Then add that group to the valid users directive. All the best! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading Samba Print Server
This weekend I'm planning on replacing my exisiting Print Server with shiny new hardware. (YEA!!!) But I'm concerned about the 50+ users that I have connected to the 10 printers this machine shares. Is there anything I need to do to make this a quick/easy/painless process? I know I'll have to re-create the printer definitions in the CUPS manager, which should be no problem. But I'm more concerned about having to touch every workststation *after* the upgrade to reconnect to the printers. I need to know whatever I need to avoid having to do that. Currently the server is running Red Hat Enterprise 3 + Samba 3.0.9 + CUPS and is a member server in my Samba+LDAP domain. I'm going to be replacing it with Debian Sid + Samba 3.0.10 + CUPS. Any help, tidbits of wisdom, or other info will be welcomed... -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Share reversal
Hello group, I have setup 3 simple shares from *nix with 3 Windoze clients. The shares work perfect when first created, however, after 10~15 minutes of usage the shares are returned to their default permissions and the clients lose their ability to connect to the shares. I did an ls -l on the shares and noticed that their permissions changed after the time with no user or administrator interaction. Currently, I am using Mandrake Linux 10.1 (download edition) and Samba version (3.0.7). Again, thank you for all or any of your help. And I apologize for the incomplete posting from earlier. Example: Before dwrdwr--- MP3 MP3 dwrxwr--FOO FOO After 10~15 minutes dwr-- MP3 MP3 dwr-- FOO FOO [global] workgroup = MSHOME server string = MSHOME Server printcap name = cups load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 map to guest = bad user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes [MP3] path = /home/MP3 comment = MP3 Share browseable = yes writable = yes create mode = 744 directory mask = 750 [Software] path = /home/SOFTWARE comment = Software Share browseable = yes writable = yes [SHARED_FILES] path = /home/SHARED_FILES comment = Share Files browseable = yes writable = yes create mode = 777 directory mask = 777 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 [pdf-gen] path = /var/tmp guest ok = No printable = Yes comment = PDF Generator (only valid users) printing = bsd printcap name = cups #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP print command = /usr/share/samba/scripts/print-pdf %s %H //%L/%u %m %I %J lpq command = /bin/true -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied based on Netbios Alias
Every week or so, Samba stops answering to a server's FQ host name via Netbios. However, it will continue to answer on an alias declared at netbios aliases in smb.conf. net view \\name01 will result in Access Denied, and net view \\name0 is successful. To be clear, both aliases point to the same machine. Restarting the smbd service fixes the problem temporarily. Both aliases function via DNS, and WINS resolution is correct for both aliases. Does any have any ideas? FQ host name: name01 [smb.conf] (global-only) workgroup = windomain netbios aliases = name0 security = server encrypt passwords = yes password server = windowsdc02, windowsdc01 smb passwd file = /etc/samba/smbpasswd mangle case = no interfaces = xxx.xxx.xxx.xxx wins server = xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx server string = name01 template shell = /bin/false log file = /var/log/samba/%m.log max log size = 200 log level = 2 announce version = 4.0 dns proxy = no name resolve order = hosts wins bcast socket options = TCP_NODELAY read raw = yes getwd cache = yes invalid users = root username map = /etc/samba/usermap time server = yes TIA, Casey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SUMMARY:Re: User authentication to AD200X, need local users?
getent passwd gave me local users only. In my nsswitch.conf file I had passwd: winbind compat shadow: winbind compat group: winbind compat I changed that to passwd: files winbind shadow: files group: files winbind and everything is happy. thanks jht for the brain-jar On Wed, 29 Dec 2004 08:26:51 -0800, spike1197 [EMAIL PROTECTED] wrote: I am trying to get user authentication in a 200X AD to have domain users see the samba shares (RH ES3, samba 3.0.9-1). I can see the shares, but when I try to access any of the shares, I get prompted for a username and password and this is what shows up in the log.winbindd file --- [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'robl' does not exist [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'ROBL' does not exist [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'luser-ibmlptp2$' does not exist [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'luser-ibmlptp2$' does not exist [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'LUSER-IBMLPTP2$' does not exist - robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name. I can get a listing of the domain users from the linux machine with the wbinfo command: - [EMAIL PROTECTED] samba]# wbinfo -u TESTER+Administrator TESTER+Guest TESTER+SUPPORT_388945a0 TESTER+TEST1$ TESTER+krbtgt TESTER+pauld TESTER+robl TESTER+tester1 TESTER+tester2 TESTER+tester3 TESTER+TEST2$ TESTER+gort$ TESTER+LUSER-IBMLPTP2$ -- It may be that I have to config another file in pam.d. here is my pam.d/samba and pam.d/login files (respectively) #%PAM-1.0 auth sufficient pam_winbind.so auth required pam_unix.so nullok accountsufficient pam_winbind.so accountrequired pam_unix.so sessionrequired pam_unix.so password required pam_unix.so -- #%PAM-1.0 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so --- and smb.conf... - [global] netbios name = Gort server string = Gort workgroup = TESTER os level = 20 encrypt passwords = yes security = ADS password server = test1.tester.randd.com realm = TESTER.RANDD.COM winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum groups = yes winbind enum users = yes [space] comment = Test Share browseable = yes writeable = yes public = yes any input would be great. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied based on Netbios Alias cont.
smbd version = 2.2.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mounting as a regular user
Hi, This may not be a Samba specific issue I am having but it came up when working with samba shares specificaly so I thought I would ask here first. Please feel free to redirect me to more appropriate sites if needed. I am running Samba version 3.0.4 on Slackware 10. I am running into a problem with being able to allow a normal non-root user to either mount samba shares or regular disk shares but not both. I have made my smbmnt suid and have no fstab entries for the samba shares. Without any other changes I can mount samba shares as my normal user. Problem starts when I try to also allow the same user to mount disk partitions. In order to have the same user mount disk partitions I have added the following lines to my fstab file as per documentation I have found: /dev/hdb1/backup/staging reiserfsuser,noauto 0 0 /dev/sda1 /backup/mediareiserfsuser,noauto 0 0 Now this doesn't seem to work until I chmod u+s /bin/mount and chmod u+s /bin/umount. Once those have been suid(ed) the mounting of samba shares breaks with the mount: only root can do that message. What I find odd is that I need to apply the suid bit on the binaries even with the user definition in the fstab file. If this is more of a mount and fstab configuration issue please let me know. I am happy to provide more information if needed too. I'm sure that there is a way to allow a regular user to mount both samba shares and disk partitions but how to do that is unfortunatly escaping me for the moment. Thanks for the help. Chris -- Number 41 Media Corporation Suite 103 - 645 Fort Street Victoria BC V8W 1G2 T 250.414.0410 F 250.414.0411 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: [Samba] mounting as a regular user]
Thank you for the reply Joe. Which smb.conf files would you want to see? I am trying to mount shares from 2 FreeBSD, 1 RH9 (linux) and 2 Windows servers to a directory structure on my system. To give an idea my mount script is as follows (with some info removed): # Smeagol (FreeBSD Domain Controler/Profile Server) # mount -t smbfs -o username=$user,password=$pass,ro //smeagol/home-dir$ /backup/smb-mounts/smeagol/home-dir mount -t smbfs -o username=$user,password=$pass,ro //smeagol/samba-shares$ /backup/smb-mounts/smeagol/samba-shares # # Aragorn (FreeBSD Dev Server) # mount -t smbfs -o username=$user,password=$pass,ro //aragorn/accounting /backup/smb-mounts/aragorn/accounting mount -t smbfs -o username=$user,password=$pass,ro //aragorn/everyone /backup/smb-mounts/aragorn/everyone mount -t smbfs -o username=$user,password=$pass,ro //aragorn/mysql-data$ /backup/smb-mounts/aragorn/mysql-data mount -t smbfs -o username=$user,password=$pass,ro //aragorn/webroot /backup/smb-mounts/aragorn/webroot # # Boromor (Win2K Dev Server) # mount -t smbfs -o username=$user,password=$pass,ro //boromir/websites /backup/smb-mounts/boromir/websites mount -t smbfs -o username=$user,password=$pass,ro //boromir/wwwroot /backup/smb-mounts/boromir/wwwroot # # Necromancer (Linux JSP/Oracle Server) # mount -t smbfs -o username=$user,password=$pass,ro //necromancer/webroot-tomcat /backup/smb-mounts/necromancer/webroot-tomcat mount -t smbfs -o username=$user,password=$pass,ro //necromancer/oracle$ /backup/smb-mounts/necromancer/oracle # # Saruman (Win2K Exchange Server) # mount -t smbfs -o username=$user,password=$pass,ro //saruman/exchange-backup$ /backup/smb-mounts/saruman/exchange-backup # I can provide smb.conf files if needed for the FreeBSD and linux systems. Also for the local system I am trying to mount these shares too (Sauron). Wasn't exactly sure which smb.conf file you were asking to see :-) Thanks again for replying!! Chris -- Number 41 Media Corporation Suite 103 - 645 Fort Street Victoria BC V8W 1G2 T 250.414.0410 F 250.414.0411 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issues with Solaris 9, and ADS
I have been working with this for a little over a month now, and here's where we are at: We have 3 domains, 2 of them are sending SIDs to the Solaris box, and Kerbos is compiled and working (we can authenticate to any of the 3 domains), we can get user IDs from any of the 3 domains, however none of the users can gain access to the share unless we give them a Unix account. Samba was compiled with ADS support, and the make file shows that krb5 and ADS are both 1, however when we add the 'realm =' to the config file we get an error with Samba claiming it does not understand the realm setting. We are using 3.0.9, and the exact error is that the AD user is not found, yet wbinfo can find the user accounts just fine. The AD is a 2000 AD. We have followed steps in the docs, and on more mailing lists than I care to remember at this point. If anyone could point out any possible flaw, I'd appreciate it. I apologize for not having cut and paste messages and such, but I'm not anywhere near the machine at the moment, however I could post anything that would be useful later. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login script Query
I have a login script to mount some folders to the clients PC. I use the login script as login script = logon.bat [netlogon] path = /home/%u Then i create .bat file for each group of users in the /home dir. Then create a symbolic link in each users home dir to their respective group batch file in /home. I thought of using login script = %g, which will do the same. I have one more requirement like if a user belongs to two group will this %g run both the groups batch file? How can I implement this? Plz help me = Regards, AnandhG __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from Samba 2.2.8 to 3.x on different machine
On Tue, 2004-12-28 at 14:40 +0100, Jorick Astrego wrote: Hi all! Samba 2.x has been running for a while now but now it's time to upgrade. I tried everything (Google, Books, HOWTO's, etc.) but for the last month I've been unable to perform a succesfull migration. Maybe I try to do to many things at once but I cannot get the following to work: - Move the samba domain from a 2.x server to 3.x on a different machine - switch to a ldap backend - change the domain name (our company name has changed) You will loose all your machine account trusts in this process. NT Domains cannot be renamed, without rejoining all the machines. - rename all the users from firstname to first initial + lastname I installed and configured a 3.x server on the machine with OpenLdap as backend, then I tried to join the old Samba domain so I could use net vampire but I get the message: error setting trust account password: NT_ACCESS_DENIED Vampire is only for Windows servers. You cannot vampire a Samba domain - and there is no need anyway, you have the user database in an open format already, Look into the account database migration tools (pdbedit -i -e) in Samba 3.0 after you first get Samba 3.0 managing your new domain. Also read the documentation on maintaining a consistent domain SID during the process. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r4390 - in branches/SAMBA_4_0/source: gtk/tools include lib/registry/common
Author: jelmer Date: 2004-12-29 12:28:35 + (Wed, 29 Dec 2004) New Revision: 4390 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4390 Log: Registry value and key names are case-insensitive Nicer menu layout in gregedit Modified: branches/SAMBA_4_0/source/gtk/tools/gregedit.c branches/SAMBA_4_0/source/include/registry.h branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c Changeset: Modified: branches/SAMBA_4_0/source/gtk/tools/gregedit.c === --- branches/SAMBA_4_0/source/gtk/tools/gregedit.c 2004-12-29 07:28:03 UTC (rev 4389) +++ branches/SAMBA_4_0/source/gtk/tools/gregedit.c 2004-12-29 12:28:35 UTC (rev 4390) @@ -379,6 +379,16 @@ registry_load_hive(root); } +static void on_open_local_activate(GtkMenuItem *menuitem, gpointer user_data) +{ + WERROR error = reg_open_local(registry); + if(!W_ERROR_IS_OK(error)) { + gtk_show_werror(mainwin, error); + return; + } + registry_load_root(); +} + static void on_open_remote_activate(GtkMenuItem *menuitem, gpointer user_data) { char *tmp; @@ -661,6 +671,7 @@ GtkWidget *open_w95; GtkWidget *open_gconf; GtkWidget *open_remote; + GtkWidget *open_local; GtkWidget *separatormenuitem1; GtkWidget *quit; GtkWidget *men_key; @@ -694,6 +705,25 @@ menu_file_menu = gtk_menu_new (); gtk_menu_item_set_submenu (GTK_MENU_ITEM (menu_file), menu_file_menu); + open_local = gtk_menu_item_new_with_mnemonic (Open _Local); + gtk_container_add (GTK_CONTAINER (menu_file_menu), open_local); + g_signal_connect ((gpointer) open_local, activate, + G_CALLBACK (on_open_local_activate), NULL); + + if(reg_has_backend(rpc)) { + open_remote = gtk_menu_item_new_with_mnemonic (Open _Remote); + gtk_container_add (GTK_CONTAINER (menu_file_menu), open_remote); + + g_signal_connect ((gpointer) open_remote, activate, + G_CALLBACK (on_open_remote_activate), + NULL); + } + + separatormenuitem1 = gtk_menu_item_new (); + gtk_container_add (GTK_CONTAINER (menu_file_menu), separatormenuitem1); + gtk_widget_set_sensitive (separatormenuitem1, FALSE); + + if(reg_has_backend(nt4)) { open_nt4 = gtk_image_menu_item_new_with_mnemonic(Open _NT4 file); gtk_container_add (GTK_CONTAINER (menu_file_menu), open_nt4); @@ -721,15 +751,6 @@ NULL); } - if(reg_has_backend(rpc)) { - open_remote = gtk_menu_item_new_with_mnemonic (Open _Remote); - gtk_container_add (GTK_CONTAINER (menu_file_menu), open_remote); - - g_signal_connect ((gpointer) open_remote, activate, - G_CALLBACK (on_open_remote_activate), - NULL); - } - if(reg_has_backend(ldb)) { open_ldb = gtk_image_menu_item_new_with_mnemonic(Open _LDB file); gtk_container_add (GTK_CONTAINER (menu_file_menu), open_ldb); Modified: branches/SAMBA_4_0/source/include/registry.h === --- branches/SAMBA_4_0/source/include/registry.h2004-12-29 07:28:03 UTC (rev 4389) +++ branches/SAMBA_4_0/source/include/registry.h2004-12-29 12:28:35 UTC (rev 4390) @@ -98,6 +98,9 @@ * - just one hive (example: nt4, w95) * - several hives (example: rpc). * + * Backends should always do case-insensitive compares + * (everything is case-insensitive but case-preserving, + * just like the FS) */ struct hive_operations { Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c === --- branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c 2004-12-29 07:28:03 UTC (rev 4389) +++ branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c 2004-12-29 12:28:35 UTC (rev 4390) @@ -119,7 +119,7 @@ int i; for (i = 0; predef_names[i].name; i++) { - if (!strcmp(predef_names[i].name, name)) return reg_get_predefined_key(ctx, predef_names[i].handle, key); + if (!strcasecmp(predef_names[i].name, name)) return reg_get_predefined_key(ctx, predef_names[i].handle, key); } DEBUG(1, (No predefined key with name '%s'\n, name)); @@ -347,7 +347,7 @@ } else if(key-hive-functions-get_subkey_by_index) { for(i = 0; W_ERROR_IS_OK(error); i++) { error = reg_key_get_subkey_by_index(mem_ctx, key, i, subkey); -
svn commit: samba r4391 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-29 12:41:27 + (Wed, 29 Dec 2004) New Revision: 4391 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4391 Log: bring the default ACL inline with what w2k3 uses Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_fileinfo.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c2004-12-29 12:28:35 UTC (rev 4390) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c2004-12-29 12:41:27 UTC (rev 4391) @@ -69,10 +69,8 @@ { struct security_descriptor *sd; NTSTATUS status; - struct security_ace aces[4]; + struct security_ace ace; mode_t mode; - struct dom_sid *sid; - int i; sd = security_descriptor_initialise(req); if (sd == NULL) { @@ -90,97 +88,64 @@ sd-type |= SEC_DESC_DACL_PRESENT; + mode = name-st.st_mode; + /* - we provide 4 ACEs - - Administrator + we provide up to 4 ACEs - Owner - Group - Everyone + - Administrator */ - aces[0].access_mask = SEC_RIGHTS_FILE_ALL; - aces[1].access_mask = 0; - aces[2].access_mask = 0; - aces[3].access_mask = 0; - mode = name-st.st_mode; + /* setup owner ACE */ + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.flags = 0; + ace.trustee = *sd-owner_sid; + ace.access_mask = 0; + if (mode S_IRUSR) { - aces[1].access_mask |= - SEC_FILE_READ_DATA | - SEC_FILE_READ_EA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE | - SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL; + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode S_IWUSR) { - aces[1].access_mask |= - SEC_FILE_WRITE_DATA | - SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | - SEC_FILE_WRITE_ATTRIBUTE | - SEC_STD_DELETE; + ace.access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE; } + if (ace.access_mask) { + security_descriptor_dacl_add(sd, ace); + } + + /* setup group ACE */ + ace.trustee = *sd-group_sid; + ace.access_mask = 0; if (mode S_IRGRP) { - aces[2].access_mask |= - SEC_FILE_READ_DATA | - SEC_FILE_READ_EA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE | - SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL; + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode S_IWGRP) { - aces[2].access_mask |= - SEC_FILE_WRITE_DATA | - SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | - SEC_FILE_WRITE_ATTRIBUTE; + ace.access_mask |= SEC_RIGHTS_FILE_WRITE; } + if (ace.access_mask) { + security_descriptor_dacl_add(sd, ace); + } + /* setup other ACE */ + ace.trustee = *dom_sid_parse_talloc(req, SID_WORLD); + ace.access_mask = 0; if (mode S_IROTH) { - aces[3].access_mask |= - SEC_FILE_READ_DATA | - SEC_FILE_READ_EA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE | - SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL; + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode S_IWOTH) { - aces[3].access_mask |= - SEC_FILE_WRITE_DATA | - SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | - SEC_FILE_WRITE_ATTRIBUTE; + ace.access_mask |= SEC_RIGHTS_FILE_WRITE; } - - sid = dom_sid_parse_talloc(sd, SID_BUILTIN_ADMINISTRATORS); - if (sid == NULL) return NT_STATUS_NO_MEMORY; - - aces[0].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[0].flags = 0; - aces[0].trustee = *sid; - - aces[1].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[1].flags = 0; - aces[1].trustee = *sd-owner_sid; - - aces[2].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[2].flags = 0; - aces[2].trustee = *sd-group_sid; - - sid = dom_sid_parse_talloc(sd, SID_WORLD); - if (sid == NULL) return NT_STATUS_NO_MEMORY; - - aces[3].type = SEC_ACE_TYPE_ACCESS_ALLOWED; -
svn commit: samba r4392 - in branches/SAMBA_4_0/source: librpc/idl torture/rpc
Author: vlendec Date: 2004-12-29 13:20:17 + (Wed, 29 Dec 2004) New Revision: 4392 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4392 Log: Fix samr_GetAliasMembership idl Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl branches/SAMBA_4_0/source/torture/rpc/xplogin.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/samr.idl === --- branches/SAMBA_4_0/source/librpc/idl/samr.idl 2004-12-29 12:41:27 UTC (rev 4391) +++ branches/SAMBA_4_0/source/librpc/idl/samr.idl 2004-12-29 13:20:17 UTC (rev 4392) @@ -318,9 +318,9 @@ } samr_Ids; NTSTATUS samr_GetAliasMembership( - [in,ref] policy_handle *alias_handle, + [in,ref] policy_handle *domain_handle, [in,ref] lsa_SidArray *sids, - [out] samr_Ids *rids + [out,ref] samr_Ids *rids ); // Modified: branches/SAMBA_4_0/source/torture/rpc/xplogin.c === --- branches/SAMBA_4_0/source/torture/rpc/xplogin.c 2004-12-29 12:41:27 UTC (rev 4391) +++ branches/SAMBA_4_0/source/torture/rpc/xplogin.c 2004-12-29 13:20:17 UTC (rev 4392) @@ -920,7 +920,7 @@ struct samr_GetAliasMembership ga; int i; - ga.in.alias_handle = builtin_handle; + ga.in.domain_handle = builtin_handle; sids.num_sids = g.out.rids-count+2; sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, @@ -940,7 +940,7 @@ return status; if (includeDomain) { - ga.in.alias_handle = domain_handle; + ga.in.domain_handle = domain_handle; status = dcerpc_samr_GetAliasMembership(p, mem_ctx, ga); if (!NT_STATUS_IS_OK(status))
svn commit: samba r4394 - in branches/SAMBA_4_0/source/rpc_server/epmapper: .
Author: jelmer Date: 2004-12-29 15:36:45 + (Wed, 29 Dec 2004) New Revision: 4394 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4394 Log: Use 'raw' protocol towers in the lists in the endpoint rather then dcerpc_binding structs. Modified: branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c === --- branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c 2004-12-29 13:22:00 UTC (rev 4393) +++ branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c 2004-12-29 15:36:45 UTC (rev 4394) @@ -34,7 +34,7 @@ /* a endpoint combined with an interface description */ struct dcesrv_ep_iface { const char *name; - struct dcerpc_binding ep_description; + struct epm_tower ep; }; /* @@ -58,11 +58,13 @@ { struct dcesrv_endpoint *d; uint32_t total = 0; + NTSTATUS status; *eps = NULL; for (d=endpoint_list; d; d=d-next) { struct dcesrv_if_list *iface; + struct dcerpc_binding description; for (iface=d-interface_list;iface;iface=iface-next) { (*eps) = talloc_realloc_p(mem_ctx, @@ -73,9 +75,16 @@ return 0; } (*eps)[total].name = iface-iface.name; - (*eps)[total].ep_description = d-ep_description; - GUID_from_string(iface-iface.uuid, (*eps)[total].ep_description.object); - (*eps)[total].ep_description.object_version = iface-iface.if_version; + + description = d-ep_description; + GUID_from_string(iface-iface.uuid, description.object); + description.object_version = iface-iface.if_version; + + status = dcerpc_binding_build_tower(mem_ctx, description, (*eps)[total].ep); + if (NT_STATUS_IS_ERR(status)) { + DEBUG(1, (Unable to build tower for %s\n, iface-iface.name)); + continue; + } total++; } } @@ -110,7 +119,6 @@ struct dcesrv_ep_iface *e; } *eps; uint32_t num_ents; - NTSTATUS status; int i; h = dcesrv_handle_fetch(dce_call-conn, r-in.entry_handle, HTYPE_LOOKUP); @@ -158,11 +166,7 @@ if (!r-out.entries[i].tower) { return EPMAPPER_STATUS_NO_MEMORY; } - - status = dcerpc_binding_build_tower(mem_ctx, eps-e[i].ep_description, r-out.entries[i].tower-tower); - if (NT_STATUS_IS_ERR(status)) { - return EPMAPPER_STATUS_NO_MEMORY; - } + r-out.entries[i].tower-tower = eps-e[i].ep; } eps-count -= num_ents; @@ -184,7 +188,6 @@ struct dcesrv_ep_iface *eps; struct epm_floor *floors; enum dcerpc_transport_t transport; - NTSTATUS status; count = build_ep_list(mem_ctx, dce_call-conn-dce_ctx-endpoint_list, eps); @@ -206,8 +209,7 @@ floors = r-in.map_tower-tower.floors; - if (floors[0].lhs.protocol != EPM_PROTOCOL_UUID || - floors[1].lhs.protocol != EPM_PROTOCOL_UUID || + if (floors[1].lhs.protocol != EPM_PROTOCOL_UUID || guid_cmp(mem_ctx, floors[1].lhs.info.uuid.uuid, NDR_GUID) != 0 || floors[1].lhs.info.uuid.version != NDR_GUID_VERSION) { goto failed; @@ -222,26 +224,17 @@ } goto failed; } - + for (i=0;icount;i++) { - struct epm_tower t; - if (!GUID_equal(floors[0].lhs.info.uuid.uuid, eps[i].ep_description.object) || - floors[0].lhs.info.uuid.version != eps[i].ep_description.object_version) { + if (!GUID_equal(r-in.map_tower-tower.floors[0].lhs.info.uuid.uuid, + eps[i].ep.floors[0].lhs.info.uuid.uuid) || + r-in.map_tower-tower.floors[0].lhs.info.uuid.version != + eps[i].ep.floors[0].lhs.info.uuid.version || + transport != dcerpc_transport_by_tower(eps[i].ep)) { continue; } - - if (transport != eps[i].ep_description.transport) { - continue; - } - status = dcerpc_binding_build_tower(mem_ctx, - eps[i].ep_description, - t); - - if (NT_STATUS_IS_ERR(status)) { - return EPMAPPER_STATUS_NO_MEMORY; -
svn commit: samba r4395 - in branches/SAMBA_4_0/source: . script
Author: jelmer Date: 2004-12-29 21:21:14 + (Wed, 29 Dec 2004) New Revision: 4395 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4395 Log: Generate newhklm.ldb using provision.pl Added: branches/SAMBA_4_0/source/hklm.ldif Removed: branches/SAMBA_4_0/source/registry.ldif Modified: branches/SAMBA_4_0/source/script/provision.pl Changeset: Copied: branches/SAMBA_4_0/source/hklm.ldif (from rev 4369, branches/SAMBA_4_0/source/registry.ldif) Deleted: branches/SAMBA_4_0/source/registry.ldif === --- branches/SAMBA_4_0/source/registry.ldif 2004-12-29 15:36:45 UTC (rev 4394) +++ branches/SAMBA_4_0/source/registry.ldif 2004-12-29 21:21:14 UTC (rev 4395) @@ -1,29 +0,0 @@ -dn: key=control,key=currentcontrolset,key=system,hive= -key: control - -dn: key=services,key=control,key=currentcontrolset,key=system,hive= -key: services - -dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive= -value: ProductType -data: WinNT -type: 1 - -dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive= -key: productoptions - -dn: key=system,hive= -key: system - -dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive= -key: netlogon - -dn: key=services,key=currentcontrolset,key=system,hive= -key: services - -dn: key=print,key=control,key=currentcontrolset,key=system,hive= -key: print - -dn: key=currentcontrolset,key=system,hive= -key: currentcontrolset - Modified: branches/SAMBA_4_0/source/script/provision.pl === --- branches/SAMBA_4_0/source/script/provision.pl 2004-12-29 15:36:45 UTC (rev 4394) +++ branches/SAMBA_4_0/source/script/provision.pl 2004-12-29 21:21:14 UTC (rev 4395) @@ -383,10 +383,22 @@ FileSave($dnsdomain.zone, $res); -print done +print done\n; +unlink(newhklm.ldb); + +print creating newhklm.ldb ... \n; + +system(ldbadd -H newhklm.ldb hklm.ldif); + +print done\n; + +print + Installation: - Please move newsam.ldb to sam.ldb in the private/ directory of your Samba4 installation - Please use $dnsdomain.zone to in BIND dns server ; + +
svn commit: samba r4396 - in branches/SAMBA_4_0/source/script: .
Author: jelmer Date: 2004-12-29 21:41:17 + (Wed, 29 Dec 2004) New Revision: 4396 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4396 Log: Generate newrootdse.ldb in provision.pl as well Modified: branches/SAMBA_4_0/source/script/provision.pl Changeset: Modified: branches/SAMBA_4_0/source/script/provision.pl === --- branches/SAMBA_4_0/source/script/provision.pl 2004-12-29 21:21:14 UTC (rev 4395) +++ branches/SAMBA_4_0/source/script/provision.pl 2004-12-29 21:41:17 UTC (rev 4396) @@ -364,6 +364,14 @@ print done\n; +unlink(newrootdse.ldb); + +print creating newrootdse.ldb ...\n; + +system(ldbadd -H newrootdse.ldb rootdse.ldif); + +print done\n; + print generating dns zone file ...\n; $data = FileLoad(provision.zone) || die Unable to load provision.zone\n; @@ -398,6 +406,8 @@ Installation: - Please move newsam.ldb to sam.ldb in the private/ directory of your Samba4 installation +- Please move newrootdse.ldb to rootdse.ldb in the private/ directory + of your Samba4 installation - Please use $dnsdomain.zone to in BIND dns server ;
svn commit: samba r4397 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: vlendec Date: 2004-12-29 22:25:46 + (Wed, 29 Dec 2004) New Revision: 4397 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4397 Log: Fix a bug where '((objectclass=domain)(!(objectclass=builtindomain)))' fell back to a full search. Volker Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2004-12-29 21:41:17 UTC (rev 4396) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2004-12-29 22:25:46 UTC (rev 4397) @@ -526,6 +526,7 @@ return -1; } + ret = 0; if (ltdb_message_match(module, msg, tree, base, scope) == 1) { ret = ltdb_add_attr_results(module, msg, attrs, count, res); }
svn commit: samba r4399 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: vlendec Date: 2004-12-29 22:57:20 + (Wed, 29 Dec 2004) New Revision: 4399 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4399 Log: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c === --- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2004-12-29 22:54:24 UTC (rev 4398) +++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2004-12-29 22:57:20 UTC (rev 4399) @@ -1155,7 +1155,87 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetAliasMembership *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct dcesrv_handle *h; + struct samr_domain_state *d_state; + struct ldb_message **res; + struct dom_sid *domain_sid; + int i, count = 0; + + DCESRV_PULL_HANDLE(h, r-in.domain_handle, SAMR_HANDLE_DOMAIN); + + d_state = h-data; + + if (r-in.sids-num_sids 0) { + const char *filter; + const char * const attrs[2] = { objectSid, NULL }; + + filter = talloc_asprintf(mem_ctx, +((|(grouptype=%s)(grouptype=%s)) +(objectclass=group)(|, +ldb_hexstr(mem_ctx, + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), +ldb_hexstr(mem_ctx, + GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); + if (filter == NULL) + return NT_STATUS_NO_MEMORY; + + for (i=0; ir-in.sids-num_sids; i++) { + const char *sidstr, *memberdn; + + sidstr = dom_sid_string(mem_ctx, + r-in.sids-sids[i].sid); + if (sidstr == NULL) + return NT_STATUS_NO_MEMORY; + + memberdn = samdb_search_string(d_state-sam_ctx, + mem_ctx, NULL, dn, + (objectSid=%s), + sidstr); + + if (memberdn == NULL) + continue; + + filter = talloc_asprintf(mem_ctx, %s(member=%s), +filter, memberdn); + if (filter == NULL) + return NT_STATUS_NO_MEMORY; + } + + count = samdb_search(d_state-sam_ctx, mem_ctx, +d_state-domain_dn, res, attrs, +%s)), filter); + if (count 0) + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + r-out.rids-count = 0; + r-out.rids-ids = talloc_array_p(mem_ctx, uint32_t, count); + if (r-out.rids-ids == NULL) + return NT_STATUS_NO_MEMORY; + + domain_sid = dom_sid_parse_talloc(mem_ctx, d_state-domain_sid); + if (domain_sid == NULL) + return NT_STATUS_NO_MEMORY; + + for (i=0; icount; i++) { + struct dom_sid *alias_sid; + + alias_sid = samdb_result_dom_sid(mem_ctx, res[i], objectSid); + + if (alias_sid == NULL) { + DEBUG(0, (Could not find objectSid\n)); + continue; + } + + if (!dom_sid_in_domain(domain_sid, alias_sid)) + continue; + + r-out.rids-ids[r-out.rids-count] = + alias_sid-sub_auths[alias_sid-num_auths-1]; + r-out.rids-count += 1; + } + + return NT_STATUS_OK; } @@ -2717,7 +2797,68 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetGroupsForUser *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct dcesrv_handle *h; + struct samr_account_state *a_state; + struct samr_domain_state *d_state; + struct ldb_message **res; + const char * const attrs[2] = { objectSid, NULL }; + struct samr_RidArray *array; + int count; + + DCESRV_PULL_HANDLE(h, r-in.user_handle, SAMR_HANDLE_USER); + + a_state = h-data; + d_state = a_state-domain_state; + + count = samdb_search(a_state-sam_ctx, mem_ctx, NULL, res, attrs, +((member=%s)(grouptype=%s)(objectclass=group)), +
svn commit: samba r4400 - in branches/SAMBA_4_0/source/script: .
Author: abartlet Date: 2004-12-29 22:59:28 + (Wed, 29 Dec 2004) New Revision: 4400 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4400 Log: Pass rootdse.ldif past the subst code. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/provision.pl Changeset: Modified: branches/SAMBA_4_0/source/script/provision.pl === --- branches/SAMBA_4_0/source/script/provision.pl 2004-12-29 22:57:20 UTC (rev 4399) +++ branches/SAMBA_4_0/source/script/provision.pl 2004-12-29 22:59:28 UTC (rev 4400) @@ -364,11 +364,28 @@ print done\n; +$data = FileLoad(rootdse.ldif) || die Unable to load rootdse.ldif\n; + +$res = ; + +print applying substitutions ...\n; + +while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= $1$sub; + $data = $3; +} +$res .= $data; + +print saving ldif to newrootdse.ldif ...\n; + +FileSave(newrootdse.ldif, $res); + unlink(newrootdse.ldb); print creating newrootdse.ldb ...\n; -system(ldbadd -H newrootdse.ldb rootdse.ldif); +system(ldbadd -H newrootdse.ldb newrootdse.ldif); print done\n; @@ -408,6 +425,8 @@ Samba4 installation - Please move newrootdse.ldb to rootdse.ldb in the private/ directory of your Samba4 installation +- Please move newhklm.ldb to hklm.ldb in the private/ directory + of your Samba4 installation - Please use $dnsdomain.zone to in BIND dns server ;
svn commit: samba r4401 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge Date: 2004-12-30 02:22:03 + (Thu, 30 Dec 2004) New Revision: 4401 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4401 Log: stricter test for correct ACL inheritance in RAW-ACLS Modified: branches/SAMBA_4_0/source/torture/raw/acls.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/acls.c === --- branches/SAMBA_4_0/source/torture/raw/acls.c2004-12-29 22:59:28 UTC (rev 4400) +++ branches/SAMBA_4_0/source/torture/raw/acls.c2004-12-30 02:22:03 UTC (rev 4401) @@ -954,7 +954,7 @@ } if (q.query_secdesc.out.sd-dacl == NULL || - q.query_secdesc.out.sd-dacl-num_aces 1 || + q.query_secdesc.out.sd-dacl-num_aces != 1 || q.query_secdesc.out.sd-dacl-aces[0].access_mask != SEC_FILE_WRITE_DATA || !dom_sid_equal(q.query_secdesc.out.sd-dacl-aces[0].trustee, sd_orig-owner_sid)) { @@ -999,7 +999,7 @@ } if (q.query_secdesc.out.sd-dacl == NULL || - q.query_secdesc.out.sd-dacl-num_aces 1 || + q.query_secdesc.out.sd-dacl-num_aces != 1 || q.query_secdesc.out.sd-dacl-aces[0].access_mask != SEC_FILE_WRITE_DATA || !dom_sid_equal(q.query_secdesc.out.sd-dacl-aces[0].trustee, sd_orig-owner_sid)) {
svn commit: samba r4402 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge Date: 2004-12-30 02:22:29 + (Thu, 30 Dec 2004) New Revision: 4402 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4402 Log: use __location__ instead of __LINE__ in the RAW-RENAME test Modified: branches/SAMBA_4_0/source/torture/raw/rename.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/rename.c === --- branches/SAMBA_4_0/source/torture/raw/rename.c 2004-12-30 02:22:03 UTC (rev 4401) +++ branches/SAMBA_4_0/source/torture/raw/rename.c 2004-12-30 02:22:29 UTC (rev 4402) @@ -23,16 +23,16 @@ #define CHECK_STATUS(status, correct) do { \ if (!NT_STATUS_EQUAL(status, correct)) { \ - printf((%d) Incorrect status %s - should be %s\n, \ - __LINE__, nt_errstr(status), nt_errstr(correct)); \ + printf((%s) Incorrect status %s - should be %s\n, \ + __location__, nt_errstr(status), nt_errstr(correct)); \ ret = False; \ goto done; \ }} while (0) #define CHECK_VALUE(v, correct) do { \ if ((v) != (correct)) { \ - printf((%d) Incorrect %s %d - should be %d\n, \ - __LINE__, #v, (int)v, (int)correct); \ + printf((%s) Incorrect %s %d - should be %d\n, \ + __location__, #v, (int)v, (int)correct); \ ret = False; \ }} while (0)
svn commit: samba r4403 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 02:25:20 + (Thu, 30 Dec 2004) New Revision: 4403 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4403 Log: - added ACL inheritance in the pvfs backend. ACLs are now inherited on file and directory creation via ntcreatex. pvfs now passes the inheritance test in RAW-ACLS - cleaned up the error handling a bit in pvfs_open() Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c Changeset: Sorry, the patch is too large (464 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4403
svn commit: samba r4404 - in branches/SAMBA_4_0/source/libcli/security: .
Author: tridge Date: 2004-12-30 02:27:16 + (Thu, 30 Dec 2004) New Revision: 4404 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4404 Log: check for SEC_ACE_FLAG_INHERIT_ONLY in the maximum allowed logic Modified: branches/SAMBA_4_0/source/libcli/security/access_check.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/security/access_check.c === --- branches/SAMBA_4_0/source/libcli/security/access_check.c2004-12-30 02:25:20 UTC (rev 4403) +++ branches/SAMBA_4_0/source/libcli/security/access_check.c2004-12-30 02:27:16 UTC (rev 4404) @@ -59,6 +59,10 @@ for (i = 0;isd-dacl-num_aces; i++) { struct security_ace *ace = sd-dacl-aces[i]; + if (ace-flags SEC_ACE_FLAG_INHERIT_ONLY) { + continue; + } + if (!sid_active_in_token(ace-trustee, token)) { continue; }
svn commit: samba r4405 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 02:38:44 + (Thu, 30 Dec 2004) New Revision: 4405 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4405 Log: added acl inheritance to the mkdir and t2mkdir backends. Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2004-12-30 02:27:16 UTC (rev 4404) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2004-12-30 02:38:44 UTC (rev 4405) @@ -60,6 +60,13 @@ return NT_STATUS_INTERNAL_ERROR; } + /* setup an inherited acl from the parent */ + status = pvfs_acl_inherit(pvfs, req, name, -1); + if (!NT_STATUS_IS_OK(status)) { + rmdir(name-full_name); + return status; + } + /* setup any EAs that were asked for */ status = pvfs_setfileinfo_ea_set(pvfs, name, -1, md-t2mkdir.in.num_eas, @@ -109,6 +116,13 @@ pvfs_xattr_unlink_hook(pvfs, name-full_name); + /* setup an inherited acl from the parent */ + status = pvfs_acl_inherit(pvfs, req, name, -1); + if (!NT_STATUS_IS_OK(status)) { + rmdir(name-full_name); + return status; + } + return NT_STATUS_OK; }
svn commit: samba r4406 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 03:19:27 + (Thu, 30 Dec 2004) New Revision: 4406 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4406 Log: - don't call the xattr unlink hook on unlink unless the link count is 1, otherwise the xattrs of the remaining link are removed - fix the handling of attribute set on directories Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_unlink.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c2004-12-30 02:38:44 UTC (rev 4405) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c2004-12-30 03:19:27 UTC (rev 4406) @@ -365,13 +365,11 @@ /* possibly change the attribute */ if (newstats.dos.attrib != h-name-dos.attrib) { mode_t mode = pvfs_fileperms(pvfs, newstats.dos.attrib); - if (h-name-dos.attrib FILE_ATTRIBUTE_DIRECTORY) { - /* ignore on directories for now */ - return NT_STATUS_OK; + if (!(h-name-dos.attrib FILE_ATTRIBUTE_DIRECTORY)) { + if (fchmod(h-fd, mode) == -1) { + return pvfs_map_errno(pvfs, errno); + } } - if (fchmod(h-fd, mode) == -1) { - return pvfs_map_errno(pvfs, errno); - } } *h-name = newstats; Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_unlink.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_unlink.c 2004-12-30 02:38:44 UTC (rev 4405) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_unlink.c 2004-12-30 03:19:27 UTC (rev 4406) @@ -89,9 +89,11 @@ return NT_STATUS_FILE_IS_A_DIRECTORY; } - status = pvfs_xattr_unlink_hook(pvfs, name-full_name); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (name-st.st_nlink == 1) { + status = pvfs_xattr_unlink_hook(pvfs, name-full_name); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } /* finally try the actual unlink */
svn commit: samba r4407 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge Date: 2004-12-30 05:48:32 + (Thu, 30 Dec 2004) New Revision: 4407 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4407 Log: stricter checking of parameters on hard link creation in the RAW-RENAME test Modified: branches/SAMBA_4_0/source/torture/raw/rename.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/rename.c === --- branches/SAMBA_4_0/source/torture/raw/rename.c 2004-12-30 03:19:27 UTC (rev 4406) +++ branches/SAMBA_4_0/source/torture/raw/rename.c 2004-12-30 05:48:32 UTC (rev 4407) @@ -268,6 +268,7 @@ status = smb_raw_pathinfo(cli-tree, mem_ctx, finfo); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(finfo.all_info.out.nlink, 1); + CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_NORMAL); printf(Checking copy\n); io.ntrename.in.old_name = fname1; @@ -277,6 +278,13 @@ status = smb_raw_rename(cli-tree, io); CHECK_STATUS(status, NT_STATUS_OK); + finfo.generic.level = RAW_FILEINFO_ALL_INFO; + finfo.generic.in.fname = fname1; + status = smb_raw_pathinfo(cli-tree, mem_ctx, finfo); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VALUE(finfo.all_info.out.nlink, 1); + CHECK_VALUE(finfo.all_info.out.attrib, FILE_ATTRIBUTE_NORMAL); + torture_set_file_attribute(cli-tree, fname1, FILE_ATTRIBUTE_SYSTEM); finfo.generic.level = RAW_FILEINFO_ALL_INFO;
svn commit: samba r4408 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 05:50:23 + (Thu, 30 Dec 2004) New Revision: 4408 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4408 Log: added the remaining access check hooks into pvfs. All calls should now have acl checking, and obey the various inheritance rules. Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c Changeset: Sorry, the patch is too large (367 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4408
svn commit: samba r4409 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 06:02:54 + (Thu, 30 Dec 2004) New Revision: 4409 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4409 Log: fixed handling of zero access masks for the POSITION_INFORMATION query/set levels Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c 2004-12-30 05:50:23 UTC (rev 4408) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c 2004-12-30 06:02:54 UTC (rev 4409) @@ -324,7 +324,7 @@ h = f-handle; access_needed = pvfs_fileinfo_access(info-generic.level); - if (!(f-access_mask access_needed)) { + if ((f-access_mask access_needed) != access_needed) { return NT_STATUS_ACCESS_DENIED; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c2004-12-30 05:50:23 UTC (rev 4408) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c2004-12-30 06:02:54 UTC (rev 4409) @@ -249,7 +249,7 @@ h = f-handle; access_needed = pvfs_setfileinfo_access(info-generic.level); - if (!(f-access_mask access_needed)) { + if ((f-access_mask access_needed) != access_needed) { return NT_STATUS_ACCESS_DENIED; }
svn commit: samba r4410 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 06:37:37 + (Thu, 30 Dec 2004) New Revision: 4410 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4410 Log: pvfs_rename_one() should not check for create permissions, as the rename is always in the same directory Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c 2004-12-30 06:02:54 UTC (rev 4409) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c 2004-12-30 06:37:37 UTC (rev 4410) @@ -141,21 +141,18 @@ status = pvfs_resolve_partial(pvfs, mem_ctx, dir_path, fname1, name1); if (!NT_STATUS_IS_OK(status)) { - talloc_free(mem_ctx); - return status; + goto failed; } /* make sure its matches the given attributes */ status = pvfs_match_attrib(pvfs, name1, attrib, 0); if (!NT_STATUS_IS_OK(status)) { - talloc_free(mem_ctx); - return status; + goto failed; } status = pvfs_can_rename(pvfs, name1); if (!NT_STATUS_IS_OK(status)) { - talloc_free(mem_ctx); - return status; + goto failed; } /* get a pvfs_filename dest object */ @@ -164,15 +161,11 @@ if (NT_STATUS_IS_OK(status)) { status = pvfs_can_delete(pvfs, req, name2); if (!NT_STATUS_IS_OK(status)) { - talloc_free(mem_ctx); - return status; + goto failed; } } - status = pvfs_access_check_create(pvfs, req, name2); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + status = NT_STATUS_OK; fname2 = talloc_asprintf(mem_ctx, %s/%s, dir_path, fname2); if (fname2 == NULL) { @@ -184,9 +177,9 @@ return pvfs_map_errno(pvfs, errno); } +failed: talloc_free(mem_ctx); - - return NT_STATUS_OK; + return status; }
svn commit: samba r4411 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 06:51:13 + (Thu, 30 Dec 2004) New Revision: 4411 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4411 Log: when checking for create permissions, we need to check the parent, not the child! Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c2004-12-30 06:37:37 UTC (rev 4410) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c2004-12-30 06:51:13 UTC (rev 4411) @@ -392,7 +392,7 @@ return status; } - return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); }
svn commit: samba r4412 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-12-30 07:10:31 + (Thu, 30 Dec 2004) New Revision: 4412 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4412 Log: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. This was being done in the full ACL code, but not in the unix access check code, which meant that qfileinfo was failing for some parameters Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c2004-12-30 06:51:13 UTC (rev 4411) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c2004-12-30 07:10:31 UTC (rev 4412) @@ -306,6 +306,8 @@ return NT_STATUS_ACCESS_DENIED; } + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + return NT_STATUS_OK; }