Re: [Samba] samba probleme
Bonjour, Pour info ceci est une Mailing List anglophone (même si tout serait tellement mieux en Français..:) . Also speak english here. Try this allow host parametter : allow hosts = 192.168.2. 127.0.0.1 Most computer user don't know what is a dream box. You can explain what it is in your Post. Is it that : http://www.dream-multimedia-tv.de/english/products_dm7000.php ?? Regards. Julien [EMAIL PROTECTED] a écrit : bonjour, je tente de faire fonctionner samba sur une dreambox. Voici les erreurs dans le log: Got device type ? 2005/10/27 22:25:41 Denied connection from THIERRY_SIDONIE (192.168.2.34) to hdd 2005/10/27 22:25:41 error packet at line 165 cmd=117 (SMBtconX) eclass=2 ecode=4 voici le fichier smb.conf: [global] log file = /media/hdd/log/samba/log.%m socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 netbios name = dreambox server string = dreambox username map = /etc/user.map guest ok = yes guest account = root encrypt passwords = yes smb passwd file = /etc/passwd wins support = yes local master = yes domain master = yes password server = none security = share #wins server = 192.168.2.3 #interfaces = 192.168.2.3 remote announce = 192.168.2.1/vorms.ch workgroup = Mshome debug level =7 os level = 0 [hdd] comment = HDD on Dreambox writeable = yes path = /media/hdd guest ok = yes browseable = yes valid users = root, nobody, guest, invite, Thierry, Administrateur allow hosts = 192.168.2./255.255.255.0,127.0.0.1 public = yes [root] comment = Root on Dreambox ( Attention ! ) path = / writeable = yes browseable = yes guest ok = yes valid users = root, nobody, guest, invite, Thierry, ftpUser,Administrateur allow hosts = 192.168.2./255.255.255.0,127.0.0.1 public = yes user.map root = root Thierry invite guest Administrateur THIERRY_SIDONIE nobody = guest pcguest smbguest Thierry hosts 127.0.0.1 localhost.localdomainlocalhost 192.168.2.3 dreambox 192.168.2.34 THIERRY_SIDONIE Merci beaucoup pour toute suggestion qui pourrait m'aider Thierry Vorms -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Ce message est protégé par les règles relatives au secret des correspondances. Il est donc établi à destination exclusive de son destinataire. Celui-ci peut donc contenir des informations confidentielles. La divulgation de ces informations est à ce titre rigoureusement interdite. Si vous avez reçu ce message par erreur, merci de le renvoyer à l'expéditeur dont l'adresse e-mail figure ci-dessus et de détruire le message ainsi que toute pièce jointe. This message is protected by the secrecy of correspondence rules. Therefore, this message is intended solely for the attention of the addressee. This message may contain privileged or confidential information, as such the disclosure of these informations is strictly forbidden. If, by mistake, you have received this message, please return this message to the addressser whose e-mail address is written above and destroy this message and all files attached.-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] two different logins?
Hey, im using samba version 3.0.20pre2-1 and w2k as workstation. Domain logins work fine. But when i try to open a share (e.g. \\server\share) it aks for a user/pass. Thats okay because the user doesnt have the permissions. So i try to login with an admin user. But then i get the error The specified logon information is in conflict to the existing logon information. So is there any chance to open a share with a different user? Or does Windows have a problem with that? Best regards and thanks in advance __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot change File Attributes
Hi list, i've upgraded Samba 3.0.14a to 3.0.20b (debian package) and ran into following problem: I cannot change the file-attribute (read-only, hidden, archive) from a file via the windows explorer as an ordinary user. The error access denied occurs. The file has following permissions on Unix: -rwxrw 1 root Massen 0 2005-10-28 08:17 Neu Textdatei.txt The user is named ewlun and is member of the Group Massen. The share where the user writes this file has following settings: [Programme] comment = Programme path = /home/samba/Programme read only = No create mask = 0770 directory mask = 0750 acl group control = Yes inherit owner = Yes inherit permissions = Yes If the Administrator-user is trying to change the file-attributes, this works in following way: Before set to read only: -rwxrw 1 root Massen 0 2005-10-28 08:17 Neu Textdatei.txt After set to read only: -r--r- 1 root Massen 0 2005-10-28 08:17 Neu Textdatei.txt BUT: It is possible to edit the file (f.e. via 'Notepad')! After saving the file has following permissions again: -rwxrw 1 root Massen 18 2005-10-28 08:27 Neu Textdatei.txt This behaviour is new in 3.0.20b, with 3.0.14a this was working as expected. -- M. Kaindl Holzindustrie Kaindlstraße 2 A-5071 Wals/Salzburg Andreas Schlager, IT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Dear Members - Samba Problem
Dear Members, I have install samba 3.0.10 d # ./smbstatus Sessionid.tdb not initialised /usr/local/samba/var/locks/connections.tdb not initialised This is normal if an SMB client has never connected to your server. Failed to open byte range locking database ERROR: Failed to initialise locking database Can't initialise locking module - exiting # But the var/locks directory doesn't exits Also when I run ./testparm ERROR: lock directory /usr/local/samba/var/locks does not exis ERROR: pid directory /usr/local/samba/var/locks does not exist Please Thanks Regards Nagendra KV Nagendra KV | Technology (STS) | M P H A S I S Architecting Value | IT SERVICES #139/1, Hosur Road, Koramangala, Bangalore - 560095, | Tel: (80) 25522713/14 Ext-1016| Fax: (80) 25522719| www.mphasis.com http://www.mphasis.com/ Information transmitted by this e-mail is proprietary to MphasiS and/ or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and delete this mail from your records -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dear Members - Samba Problem
Hi Nagendra, suggest following: mkdir -p /usr/local/samba/var/locks Regards, Andreas. Nagendra KV schrieb: Dear Members, [...] But the var/locks directory doesn't exits Also when I run ./testparm ERROR: lock directory /usr/local/samba/var/locks does not exis ERROR: pid directory /usr/local/samba/var/locks does not exist [...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE RE [Samba] Could not get RealPath CORDAF/* (It's a URGENT problem)
Hi, user2 is member of 32 groups. I found the error, that's the limit of kernel 2.4, thanks --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 26/10/2005 21:22:07 : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, could you verify the number of group which user2 is member ? [EMAIL PROTECTED] a écrit : Hi, I have two users which have this problem For the user1, I have deleted and recreated the user and is work fine, no problem. For user2, I make the same thing but, don't work. Note that this user have two laptop : - one with XP - one with 2000. When I recreate the user I verified that it's work with two 2000 laptop, but when the XP is reconnected Windows Xp could cuase some problem ? could you help me, the user2 is my director. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 24/10/2005 11:41:24 : A other user have the same problem, but : I copied the directory with the same ACL on my test server and work fine : [2005/10/24 10:25:47, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(1041,1041) gid=(0,513) [2005/10/24 10:25:47, 3] smbd/trans2.c:call_trans2findfirst(1629) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2005/10/24 10:25:47, 5] smbd/filename.c:unix_convert(108) unix_convert called on file CORPLA/* [2005/10/24 10:25:47, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [CORPLA/*] [2005/10/24 10:25:47, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [CORPLA] - [CORPLA] [2005/10/24 10:25:47, 5] smbd/filename.c:unix_convert(175) unix_convert begin: name = CORPLA/*, dirpath = CORPLA, start = * [2005/10/24 10:25:47, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2005/10/24 10:25:47, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2005/10/24 10:25:47, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2005/10/24 10:25:47, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2005/10/24 10:25:47, 5] smbd/filename.c:unix_convert(324) New file * [2005/10/24 10:25:47, 8] lib/util.c:is_in_path(1671) is_in_path: CORPLA/* [2005/10/24 10:25:47, 8] lib/util.c:is_in_path(1692) is_in_path: match not found [2005/10/24 10:25:47, 5] smbd/trans2.c:call_trans2findfirst(1683) dir=CORPLA, mask = * [2005/10/24 10:25:47, 5] smbd/dir.c:dptr_create(391) dptr_create dir=CORPLA [2005/10/24 10:25:47, 8] lib/util.c:is_in_path(1671) is_in_path: CORPLA [2005/10/24 10:25:47, 8] lib/util.c:is_in_path(1692) is_in_path: match not found [2005/10/24 10:25:47, 3] smbd/dir.c:dptr_create(511) creating new dirptr 256 for path CORPLA, expect_close = 1 [2005/10/24 10:25:47, 4] smbd/trans2.c:call_trans2findfirst(1740) dptr_num is 256, wcard = *, attr = 22 [2005/10/24 10:25:47, 8] smbd/trans2.c:call_trans2findfirst(1745) dirpath=CORPLA dontdescend= [2005/10/24 10:25:47, 8] smbd/trans2.c:get_lanman2_dir_entry(1077) get_lanman2_dir_entry:readdir on dirptr 0x803ad4c0 now at offset 0 [2005/10/24 10:25:47, 8] smbd/dosmode.c:dos_mode(294) dos_mode: CORPLA/. [2005/10/24 10:25:47, 10] smbd/posix_acls.c:check_posix_acl_group_write(4027) check_posix_acl_group_write: file CORPLA/. match on group 1016 - can write. [2005/10/24 10:25:47, 10] smbd/posix_acls.c:check_posix_acl_group_write(4078) check_posix_acl_group_write: file CORPLA/. returning (ret = 1). [2005/10/24 10:25:47, 8] smbd/dosmode.c:dos_mode_from_sbuf(162) dos_mode_from_sbuf returning d [2005/10/24 10:25:47, 8] smbd/dosmode.c:dos_mode(328) dos_mode returning d [2005/10/24 10:25:47, 5] smbd/trans2.c:get_lanman2_dir_entry(1167) get_lanman2_dir_entry found CORPLA/. fname=. [2005/10/24 10:25:47, 10] smbd/trans2.c:get_lanman2_dir_entry(1308) get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO And on the produc server : [2005/10/24 11:04:56, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2005/10/24 11:04:56, 3] smbd/trans2.c:call_trans2findfirst(1629) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2005/10/24 11:04:56, 5] smbd/filename.c:unix_convert(108) unix_convert called on file CORPLA/* [2005/10/24 11:04:56, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [CORPLA/*] [2005/10/24 11:04:56, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for
Re: [Samba] Dear Members - Samba Problem
Hi Nagendra, in smb.conf there is a parameter called socket options which defaults to TCP_NODELAY. As stated in smb.conf documentation: ou may find that on some systems Samba will say Unknown socket option when you supply an option. This means you either incorrectly typed it or you need to add an include file to includes.h for your OS. Maybe you have to do something on your OS. Regards, -Andreas. Nagendra KV schrieb: Hi Andreas, Thanks, the issue is eliminated , but when I tried see the shared files ./smbclient -L servername Unknown socket option TCP_NODELAY protocol negotiation failed Need help on this Thanks Regards Nagendra KV -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDB MDB Trouble on Ubuntu
Hi! Actually a weird Problem: Access MDB on a Samba Share. Access from XP Machines. First User with DOUBLECLICK Open - OK N-Th User with Doubleclick - Nothing Happens (e.g. Access wont open / no error though) Opening Access File-Open-Database works without Problems. Whats the Point with that? LDB Problem? :-/ Thanks Marco Samba 3.0.14aUbuntu on 2.6.12-9-686 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS member.
Hi all, I don't have understand if I have to set PAM module to authenticate my windows users ADS to a share on Samba ADS member. If I'm right only If i have to connect by a linux client, is it alright? Also is posssible to force NTLM authentication by W2K client to W3K ADServer operating in native mode, so escluding kerberos authentication? Is it possible that it cause me some problems related ACL? Thanks. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] what is the signification of this message ?
Hello, I work in a small Linux machine based on a dreambox (power PC) Can anybody explain me what this message means ? Got device type ? In the log file I have an other message: 2005/10/27 22:25:41 Denied connection from ...(192.168.2.34) to hdd Is that means the socket is closed be the remote host (PC: 192.168.2.34) or by the linux host ? And the third message: 2005/10/27 22:25:41 error packet at line 165 cmd=117 (SMBtconX) eclass=2 ecode=4 Is that a transmition error ? Thanks a lot for your help Thierry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20b seems to ignore ldap user suffix
Excerpts from smb.conf: passdb backend = ldapsam:ldap://localhost ldap admin dn = cn=admin,dc=arch,dc=uni-karlsruhe,dc=de ldap group suffix = ou=groups ldap machine suffix = ou=computer ldap suffix = o=archipool,dc=arch,dc=uni-karlsruhe,dc=de ldap ssl = no ldap user suffix = ou=aktiv,ou=Accounts The system wide ldap suffix is a different one (ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de). Samba, however, should only search for users in the specified user suffix, since not all system users are supposed to be able to use samba. slapd.log: Oct 28 12:17:30 far-poolserver64 slapd[9499]: SRCH o=archipool,dc=arch,dc=uni-karlsruhe,dc=de 2 3 [debug output snipped] Oct 28 12:17:30 far-poolserver64 slapd[9499]: filter: ((uid=dummy) (objectClass=sambaSamAccount)) Should I file a bug report, does anybody spot a config error or is more info needed? Regards, Jonas Jochum archIT - Faculty of Architecture -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
LS, I've been trying to set up Samba 3.0.20b on a Debian server. It all works ok, except for IIS 6. I am using a W2K3Std Server to connect to a Samba domain. This is necessary because of the way IIS authorises it's users. Every website has it's own user and uses that user to log on to a home directory in which the website resides. So far, everything is okay. When I browse to a website, I get the site presented in no-time. If I let the site idle for a while (say 5 mins or so at least) it's dead... no such file or directory Stopping and restarting the website in IIS manager works immediatly, but it is not the way I'd like to work (:P) When I check the samba errorlog after refreshing or visiting a 'dead' site, I see the next line: [2005/10/28 10:55:43, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Does anybody have any idea what is causing this problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain groups with spaces in their names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 28 Oct 2005, Jeremy wrote: I have a Samba file server which I have successfully joined to a domian controlled by a Windows 2003 domian controller. I cannot get the server to allow access to users who are members of a group with spaces in its name. I have the same problem with Samba version 3.20b. What is interesting is that groups with spaces in the name work through Winbind (ie. apache with mod_auth_pam), but don't work from within Samba (ie. the smb.conf file). Is this currently being resolved, and/or is there a work around? valid users = @spaced users Should be valid users = +DOMAIN\spaced users The key is that domain users and groups have to be fully qualified. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFDYhWJIR7qMdg1EfYRAnPAAKCFQgNLg/i2JGl2gwiWk7Rj9x0dOACfUXNR YHq072tpiECeZ8+PBSk3yTo= =Mc9t -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] dns queries from samba?
hi, i played around with ethereal a bit, looks like samba is trying to resolve GANDALF, the ethereal entry: source: my ip, dest: nameserver, protocol: dns info: standard query A GANDALF im very sure i've used the name GANDALF for nothing else except my netbios name. My dns server awnsers with: Standard query response, Server failure[Short Frame] Is this really samba and if it is, why? my smb.conf: [global] workgroup = MIDEARTH netbios name = GANDALF security = SHARE bind interfaces only = yes interfaces = eth0 lo passdb backend = tdbsam guest account = nobody #logging log file = /tmp/samba.log log level = 1 [data] comment = Data -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20b seems to ignore ldap user suffix
On Fri, 2005-10-28 at 13:36 +0200, Jonas Jochum wrote: Excerpts from smb.conf: passdb backend = ldapsam:ldap://localhost ldap admin dn = cn=admin,dc=arch,dc=uni-karlsruhe,dc=de ldap group suffix = ou=groups ldap machine suffix = ou=computer ldap suffix = o=archipool,dc=arch,dc=uni-karlsruhe,dc=de ldap ssl = no ldap user suffix = ou=aktiv,ou=Accounts The system wide ldap suffix is a different one (ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de). Samba, however, should only search for users in the specified user suffix, since not all system users are supposed to be able to use samba. slapd.log: Oct 28 12:17:30 far-poolserver64 slapd[9499]: SRCH o=archipool,dc=arch,dc=uni-karlsruhe,dc=de 2 3 [debug output snipped] Oct 28 12:17:30 far-poolserver64 slapd[9499]: filter: ((uid=dummy) (objectClass=sambaSamAccount)) Should I file a bug report, does anybody spot a config error or is more info needed? does this match what is in padl's ldap.conf ? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group membership limitation
Hi all. I've made this question over and over, but still no answer till now. So here goes again, maybe I have better luck this time. Is there any limitation to the number of groups a samba user may belong? I've found out that if the user belongs to more than 60 to 70 groups, group-based share access stop working. From another post in this ml, i've found out that kernel 2.4.xx had a 32 group membership limitation, but i'm using 2.6.xx which has a 65536 groups limit. Is there any place in samba where I shoulb be looking? Any info/pointers would be much appreciated. Fedora Core 2 with: Samba-3.0.14a Ldap backend with openldap-2.2.13-2 Best regards, Bruno Guerreiro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: can smbmount access paths in shares?
Bill Kearney skrev: Can a linux machine running samba mount a pathname within a share into a local path? I'm runing samba-3.0.20b-1 on a centos 4.1 (rhel4) box. I've tried this and it fails: smbmount //servername/home/media /mnt/media/server/ -o username=myuser,password=mypass The error is: 8465: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) When I omit the last portion of the service path it works just fine: smbmount //servername/home /mnt/media/server/ -o username=myuser,password=mypass Trouble is, I don't want to mout the 'root' of the share, I want to mount a subdirectory within it. On a w2k box this syntax works fine: 'net use m: \\server\home\media' and it properly mounts the path as the m: drive. I do recall that win9x boxes could not mount subdirectories of shares. Is samba likewise crippled? So what gives here? Can smbmount not mount from a pathname within a service? Or am I missing the n necessary magical command line incantation? Late reply, but anyway: What you *can* is the following: smbmount //servername/home /tmp/foo -o username=myuser,password=mypass mount --bind /tmp/foo/media /mnt/media/server umount /tmp/foo Or at least it works for me, at least with CIFS mounts. -- Magnus Holmgren [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows lost Samba server
The system logs really don't say much that I can decipher about this problem. I can get to it with the IP address from Windows or another Linux box, but I can't access the shares from Windows via the IP address. UPDATE: I have one lab machine on the same workgroup as the problem Samba box. When I shut it down, suddenly everyone can see and connect properly to the Samba server. I guess I have some type of browser conflict. Michael julius Junghans told me on 10/27/2005 12:22: Michael Barnes wrote: I have two Samba servers on a local network. One is to eventually become the new system file server. The original server is on the domain/workgroup MCALLEN, the new server is on the domain/workgroup WRNHQ. Everything was moving along smoothly. I could see both workgroups on various Windows machines (both 98 and 2K), I could see the shares, permissions seemed good, etc. I was working on fine tuning the logon scripts for WRNHQ. An unexpected power failure rebooted WRNHQ. (Machines on the bench are not on UPS) Since the reboot, the Windows machines cannot see WRNHQ. They can still see MCALLEN with no problem. Searching for computers in Network Places/Neighborhood finds everything but WRNHQ. Samba is running fine, no errors found. Nothing was being edited, nor were any files open when the reboot occurred. I'm totally lost on what to check. Ideas appreciated. BTW, WRNHQ is CentOS4 running Samba 3. Thanks, Michael Hi, im a samba/networking newbie, but i would first take a look at the system logs. Is the machine reachable with ping (interface up)? is samba listening on the lan interface? greets Julius -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20b seems to ignore ldap user suffix
Am Friday 28 October 2005 16:00 schrieb Craig White: does this match what is in padl's ldap.conf ? Do you mean pam_ldap.conf? No, it doesn't: base ou=aktiv,ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de libnss-ldap.conf uses base o=archipool,dc=arch,dc=uni-karlsruhe,dc=de The reason for this is that we're temporarily moving disabled accounts to ou=inakt,ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de. Due to samba using the wrong search base, they're still able to log in (don't tell me to use sambaAcctFlags - I know they can be used for accomplishing the same thing). Bye, Jonas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: can smbmount access paths in shares?
Let me see if I understand this right. You have a Windows box with a share of (for example) D:\home\media. You have gone to the D:\home folder and selected full sharing. However, from your Linux box, you don't want to mount D:\home, you want to mount D:\home\media and not have the contents of D:\home visible. You can only use smbmount to mount folders that are listed as a share. Subfolders do not inherit the sharability (?) of the parent. Hence, you must set each folder you want to mount as a share unto itself. You do not have to set anything above that folder as a share. So, if you go into the properties of D:\home\media and set the media folder to full share, you may then use smbmount //servername/media /mnt/media/server/ to mount the media folder. At least if I understand things right, this is how it works, at least it has for me. If I am wrong, I'm sure someone will correct me. Michael Magnus Holmgren told me on 10/28/2005 09:52: Bill Kearney skrev: Can a linux machine running samba mount a pathname within a share into a local path? I'm runing samba-3.0.20b-1 on a centos 4.1 (rhel4) box. I've tried this and it fails: smbmount //servername/home/media /mnt/media/server/ -o username=myuser,password=mypass The error is: 8465: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) When I omit the last portion of the service path it works just fine: smbmount //servername/home /mnt/media/server/ -o username=myuser,password=mypass Trouble is, I don't want to mout the 'root' of the share, I want to mount a subdirectory within it. On a w2k box this syntax works fine: 'net use m: \\server\home\media' and it properly mounts the path as the m: drive. I do recall that win9x boxes could not mount subdirectories of shares. Is samba likewise crippled? So what gives here? Can smbmount not mount from a pathname within a service? Or am I missing the n necessary magical command line incantation? Late reply, but anyway: What you *can* is the following: smbmount //servername/home /tmp/foo -o username=myuser,password=mypass mount --bind /tmp/foo/media /mnt/media/server umount /tmp/foo Or at least it works for me, at least with CIFS mounts. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can i change the pwd bby parameter with pdbedit?
hello, i need to change the password of my users using an script, not by prompt, but y tried the pdbedit and smbpasswd commands and didn't work, they prompt for password, is there a flag or something to set the password in the command to avoid the prompt? i read man pages of these commands and there are nothing to do what i need. thank you -- Rodrigo De la Peña Soporte Corporativo Calipso Comunicaciones -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication problem with Mysql backend
thann you Andrew for your help, it works fine i add the users an open the tcp 139 and 445 and udp 137 and everything went fine. On Thu, 2005-10-27 at 10:23 +1000, Andrew Bartlett wrote: On Wed, 2005-10-26 at 14:44 -0500, Rodrigo De la Pena wrote: i'm using samba-3.0.20b, did you create the unix user-account aswell ?? do i have to create the accounts in the OS to use them with mysql? i create the account rodelapena whith its passwd and it failed by NT_STATUS_BAD_NETWORK_NAME, in theory the authentication worked, but it wont be necessary to create an OS account to could use it in mysql, am i wrong??. i made the changes to the smb.conf that you suggested me before the creation of the OS account and authentication failed again. Yes, all Samba users must exist in the OS. This is why I am mystified by the number of people who want to use MySQL to back Samba :-) I strongly suggest following the pdb_ldap route, and use nss_ldap to provide the users to the OS. Andrew Bartlett -- Rodrigo De la Peña Soporte Corporativo Calipso Comunicaciones -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can i change the pwd bby parameter with pdbedit?
Am Friday 28 October 2005 17:40 schrieb Rodrigo De la Pena: i need to change the password of my users using an script, not by prompt, but y tried the pdbedit and smbpasswd commands and didn't work, they prompt for password, is there a flag or something to set the password in the command to avoid the prompt? i read man pages of these commands and there are nothing to do what i need. [EMAIL PROTECTED]:~$ smbpasswd -h When run by root: smbpasswd [options] [username] otherwise: smbpasswd [options] options: -L local mode (must be first option) -h print this usage message -s use stdin for password prompt that's the option you want to use... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 2 TB Limit and Windows XP Pro?
Does anyone know if Windows XP Pro (Service Pack 2) will have difficulty using a Samba share that is larger than 2 TB? Windows seems to be able to read and write from a share that is larger than 2 TB -- for instance, Windows will tell me that a share is 4 TBs in size, and if I have 1.5 TBs stored on it, it will tell me that 2.5 TB are free. But as soon as 2 TB of data have been written to the share, Windows reports that the share is full and won't write any more. Is this expected behavior? If so, is there any Samba setting to get around this? Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net ads join - working in the morning but not now
In the logs it says: cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds The server is working fine with windows machines. Isn't a bug in winbindd ? []'s On 10/27/05, Guilherme Oliveira [EMAIL PROTECTED] wrote: Can someone help me because I don't how this ha+ppening without messing it ? /var/log/samba/log.wb-COMPANY cli_rpc_open failed on pipe \NETLOGON to machine SRV01. Error was Write error: Broken pipe [2005/10/27 12:15:01, 0] rpc_client/cli_pipe.c:cli_rpc_close(1767) cli_rpc_open failed on pipe \NETLOGON to machine SRV01. Error was Write error: Broken pipe [2005/10/27 12:15:01, 0] nsswitch/winbindd_cm.c:cm_prepare_connection(234) cm_prepare_connection: Socket is not connected $ net ads join -U goliveira goliveira's password: [2005/10/27 17:48:52, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown error -1765328332 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Overloaded samba server. Is it a bug?
First of all, why run SuSe when CentOS is free, runs faster and is more up to date? I have basically the same setup you have except our system is a quad xeon system and CentOS runs flawlessly 24/7. We used to experiment with SuSe but it is not good for a corporate environment. Just a heads up as I have been doing this for 17 years and CentOS is the cream of the crop for the money. Martin Scandroli wrote: Experts, We've just migrated from samba 2.2.8a to samba 3.0.20b in a very large corporate environment. Everything was really fine in our lab, but we began experiment serious load problems on the productive servers the morning after the procedure took place. I'll try (briefly) to describe the characteristics of the scenario: Resources: Old Environment: Hardware: Dell PowerEdge 2650 Intel Xeon Processor 2 GB Ram Raid 5 (via perc raid controller) on 10k scsi disks Software: SuSE Linux Enterprise Server 8 Samba 2.2.8a Servers cups printing service openldap2 as backend (with replicas all over the country, about 3000 objects in the tree) HeartBeat as high availability Service Everything was charming here!! New Environment Hardware: Dell PowerEdge 2850 Servers 2 Intel Xeon 3.2 GHz (HT i think... i see 4 of them) Processors 4 GB Ram Raid 5 (via Perc raid controller) on 15k scsi disks Software SuSE Linux Enterprise Server 9 Samba 3.0.20b Servers cups printing service Novell eDirectory 8.7.3.4 as backend (Very distributed too, about 4000 objects in the tree) HeartBeat as high availability Service drbd to keep samba configuracion replicated among the cluster nodes. Problems we're having (or had, just as a usefull comment): eDirectory turned out to be much slower than openldap2 when responding to nss_ldap queries (i mean about 7 or 8 times slower) so queries asking for members of large groups (i.e: groups with about 1500 users and above) were usually terminated with an RPC timeout Everything started to work when we added the ldapsam:trusted=yes parameter. It dramatically reduced the response times and affected queries began to work. The implementation of this feature produced some other problems (we've found workarrounds but i'll comment them just to provide some feedback). 1) The samba server used to die seconds after it was started. Something about the nobody user and it's primary group prevented it from working in a proper manner. We solved this inconvinient by adding de user nobody and it's corresponding primary group to the backend. 2) Root user was no longer recognized, (we still trying to figure out why, the user's been added to the tree, but nothing changed) so we used the new role based administration provided by samba 3 as a workarround (SeMachinAccount...), and no more troubles about it. 3)THIS ISSUE IS KILLING US!!! Something happens in a determined moment of the day (rush hour). Everything is running smoothly (0.3 - 0.4 of load average) when the load start to grow indefinitely!!. It raises from 0.3 to 50 in a matter of seconds!, and it keeps growing till the server dies. We couldn't find the reason of this, but it happens in a two hors interval. Before and after this interval, there are no errors of any kind. I'll paste some log errors (just the ones i saw). I don't think they're the cause of our problems, buy you're the experts. Any clue? do you need me to gather some kind of information? any DoS bug reported for this samba version? Any help will be highly appreciated Regards, Martin -- from /var/log/messages Oct 25 04:34:15 srvsmb01 smbd[2961]: [2005/10/25 04:34:15, 0] lib/util_sock.c:send_smb(762) Oct 25 04:34:15 srvsmb01 smbd[2961]: Error writing 4 bytes to client. -1. (Connection reset by peer) Oct 25 04:40:36 srvsmb01 smbd[2983]: [2005/10/25 04:40:36, 0] lib/util_sock.c:get_peer_addr(1222) Oct 25 04:40:36 srvsmb01 smbd[2983]: getpeername failed. Error was Transport endpoint is not connected Oct 25 04:40:36 srvsmb01 smbd[2983]: [2005/10/25 04:40:36, 0] lib/util_sock.c:write_data(554) Oct 25 04:40:36 srvsmb01 smbd[2983]: write_data: write failure in writing to client 167.252.104.98. Error Connection reset by peer (this happens very often) From /var/log/samba/log.nmbd tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959) is already open in this process [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959) is already open in this process [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767) tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959) is already open in this process [2005/10/26
RE: [Samba] Overloaded samba server. Is it a bug?
First of all, why run SuSe when CentOS is free, runs faster and is more snipped the rest This is the samba list and he was asking for samba help, not for a suggestion that he should change his, possibly corporately mandated, platform choice . Regardless of your personal or tested *opinions*, it was not asked for here. People have reasons for running what they do, some of which are out of their control. By the way, your Mozilla install is horribly out of date. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP: What has changed between 3.0.11 and 3.0.20
Hi, I recently upgraded our PDC to Samba 3.0.20 from 3.0.11. Unfortunately the user manager (usrmgr.exe) does not show all the users anymore. I cannot find the real culprit yet, but: Oct 28 19:18:08 [slapd] conn=2886 op=8 SRCH base=ou=people,dc=aub.nl,dc=aub,dc=nl scope=2 deref=0 filter=((uid=*)(objectClass=sambaSamAccount))_ Oct 28 19:18:08 [slapd] conn=2886 op=8 SRCH attr=uid sambaSid displayName description sambaAcctFlags_ Oct 28 19:18:08 [slapd] conn=2886 op=8 SEARCH RESULT tag=101 err=0 nentries=117 text=_ Oct 28 19:18:08 [slapd] conn=2886 op=9 SRCH base=dc=aub.nl,dc=aub,dc=nl scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(sambaGroupType=4))_ Oct 28 19:18:08 [slapd] conn=2886 op=9 SRCH attr=cn sambaSid displayName description sambaGroupType_ shows that all entries are initially returned. After that Samba goes out to find the groups. It seems to me that something goes wrong here but I am not sure. Did something change so dramatically between 3.0.11 and 3.0.20, that I should have adjusted my config or directory (I am not using ldap filter) or is this something else? Kind regards, B. de Bruin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] A few recurring errors, please help.
Howdy, My samba works pretty well I should say. I access my linux box's shares from 3 different XP machines quiet nicely. But I just noticed today that Im getting quite a bit of errors dumping in, and wondered A) if it may be affecting the performance of Samba, or B) if I could maybe fix them through some simple configuring, etc. They're pretty unchanging, and the interval is... not really steady enough to say its a rythm. Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/util_sock.c:get_peer_addr(1000) Oct 28 17:47:23 gwydserver smbd[12005]: getpeername failed. Error was Transport endpoint is not connected Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/access.c:check_access(328) Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/util_sock.c:get_peer_addr(1000) Oct 28 17:47:23 gwydserver smbd[12005]: getpeername failed. Error was Transport endpoint is not connected Oct 28 17:47:23 gwydserver smbd[12005]: Denied connection from (0.0.0.0) Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/util_sock.c:get_peer_addr(1000) Oct 28 17:47:23 gwydserver smbd[12005]: getpeername failed. Error was Transport endpoint is not connected Oct 28 17:47:23 gwydserver smbd[12005]: Connection denied from 0.0.0.0 Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/util_sock.c:write_socket_data(430) Oct 28 17:47:23 gwydserver smbd[12005]: write_socket_data: write failure. Error = Connection reset by peer Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/util_sock.c:write_socket(455) Oct 28 17:47:23 gwydserver smbd[12005]: write_socket: Error writing 5 bytes to socket 24: ERRNO = Connection reset by peer Oct 28 17:47:23 gwydserver smbd[12005]: [2005/10/28 17:47:23, 0] lib/util_sock.c:send_smb(647) Oct 28 17:47:23 gwydserver smbd[12005]: Error writing 5 bytes to client. -1. (Connection reset by peer) If you can help me, that'd be awesome. Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Overloaded samba server. Is it a bug?
I am running Suse 9.2 Pro in a corporate environment with 3.0.14a and it works great. Just my 0.02... Well, when Samba is running before the load begins to rise, it's around 0.50 (with aproximately 1000 users logued in and 500 in high activity) If you truly think this is a samba problem try a different version to either replicate the issue or to have it point to a different piece of the puzzle. What is your complete config? We are using the Samba 3.0.20b because we need a new feature included in this version. (SeTakeOwnerShipPrivilege) We haven't been able to use root user as administrator of extended file system ACLs because the ldapsam:trusted is preventing us from using it. (NT_STATUS_UNSUCCESSFUL) You said the load went sky high in a matter of seconds...do you see which process is running wild (smbd, nmbd, winbindd...). We've done an strace to the partent process of all smbds (it follows all the forks) and we didn't see nothing relevant. Here is our smb.conf, and winbindd is not being used. srvsmb02:~ # cat /etc/samba/smb.conf [global] workgroup = DOMAIN passdb backend = ldapsam:ldap://10.10.6.130 netbios name = SRVSMBFS netbios aliases = SRVSMBPS ldap admin dn = cn=admin,o=domain ldap suffix = ou=ar,o=domain ldap group suffix = ou=grupos_openldap ldap machine suffix = ou=maquinas ldap timeout = 2 idmap backend = ldap:ldap://10.10.6.130 idmap uid = 1-4 idmap gid = 1-4 unix charset = ISO8859-15 add machine script = /usr/local/sbin/smbldap-useradd -w %u domain logons = yes domain master = yes local master = yes show add printer wizard = no bind interfaces only = yes interfaces = 10.10.6.75/24 username level = 15 username map = /etc/samba/smbusers ldapsam:trusted = yes preferred master = yes ldap ssl = no wins support = yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = logon home = \\%L\%U\.9xprofile logon drive = H: os level = 255 log level = 3 socket options = IPTOS_LOWDELAY TCP_NODELAY cups server = 10.10.6.78 veto files = /*.eml/*.nws/riched20.dll/*.{*}/aquota.user/aquota.group/.msprofile/lost+found/ hide files = /aquota.user/aquota.group/.msprofile/ enable privileges = yes acl group control = yes logon script = ARRANQUE.BAT inherit owner = yes inherit acls = yes disable spoolss = yes log file = /var/log/samba/machines/log.%m [homes] comment = Home Directories valid users = %S browseable = No read only = No [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 browseable = no [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [netlogon] comment = netlogon service path = /var/lib/samba/netlogon browseable = no guest ok = . Continue ---8---8 Thanks for your interest, Martín -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 28, 2005 12:48 PM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Overloaded samba server. Is it a bug? First of all, why run SuSe when CentOS is free, runs faster and is more up to date? I have basically the same setup you have except our system is a quad xeon system and CentOS runs flawlessly 24/7. We used to experiment with SuSe but it is not good for a corporate environment. Just a heads up as I have been doing this for 17 years and CentOS is the cream of the crop for the money. Martin Scandroli wrote: Experts, We've just migrated from samba 2.2.8a to samba 3.0.20b in a very large corporate environment. Everything was really fine in our lab, but we began experiment serious load problems on the productive servers the morning after the procedure took place. I'll try (briefly) to describe the characteristics of the scenario: Resources: Old Environment: Hardware: Dell PowerEdge 2650 Intel Xeon Processor 2 GB Ram Raid 5 (via perc raid controller) on 10k scsi disks Software: SuSE Linux Enterprise Server 8 Samba 2.2.8a Servers cups printing service openldap2 as backend (with replicas all over the country, about 3000 objects in the tree) HeartBeat as high
Re: [Samba] Migration from Windows 2003 server to samba 3
To my knowledge, it's not possible to migrate the passwords from Windows to Samba, and vice-versa. This is because Windows and Linux both use one-way hashes to encrypt the password; there's no way to decrypt the password. Unfortunately, Windows and Linux use different algorithms to encrypt the password, so you can't just copy the encrypted password between systems, like you could if you were going Windows-to-Windows or Linux-to-Linux. What I'd recommend is assigning the passwords on paper ahead of time, getting them out to people with appropriate instructions , and then requiring the password be changed at the first logon once you go live with it. (Sample instructions: You have been assigned the temporary password of RgYx7e# -- you must use this temporary password on or after such-and-such date; after this date your old password WILL NOT WORK. When you log in with the temporary password on or after such-and-such date, you will be required to change it before you will gain access to your desktop. After you change the password you will use the new password you create from then on -- your old password and the temporary password will no longer work) If I'm wrong, I hope I'll be corrected. ~Jonathan M.R.Niranjan wrote: Hi all I have windows 2003 server with Active directory users , there are about 500 users. I have an Linux Server with Redhat Enterprise Linux Advanced server 3 With samba 3.0 installed in . I would like to migrate all active directory users to samba 3.0 making it a primary domain controller and shut down the Windows system. But I would like to know, how do I migrate users passwords from Active directory to samba 3.0. I would like to retain the same username and Passwords as in windows. So how do get the passwords from windows to samba 3.0 Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2 TB Limit and Windows XP Pro?
On Fri, Oct 28, 2005 at 12:44:04PM -0400, [EMAIL PROTECTED] wrote: Does anyone know if Windows XP Pro (Service Pack 2) will have difficulty using a Samba share that is larger than 2 TB? Windows seems to be able to read and write from a share that is larger than 2 TB -- for instance, Windows will tell me that a share is 4 TBs in size, and if I have 1.5 TBs stored on it, it will tell me that 2.5 TB are free. But as soon as 2 TB of data have been written to the share, Windows reports that the share is full and won't write any more. Do you have a trace or log of this ? (Yes I will get to these traces, I'm just drowning in stuff right now). That would help. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with Acl`s
Helo All. I need help to use Samba with Acl`s in Linux. In my shares, our users create any folders all time, its a problem for me. I want to block this with Samba + Acl´s per user ? Is possible to make this ? Thanks -- Alexandre Andrade São Paulo - SP BSD User: 051253 Linux User: 390467 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Acl`s
Funny, I was just looking at this stuff here are some links I found helpful. http://wiki.kaspersandberg.com/doku.php?id=howtos:acl http://www.suse.de/~agruen/acl/linux-acls/online/ and of course the man pages for setfacl and getfacl are helpful. Alexandre Andrade wrote: Helo All. I need help to use Samba with Acl`s in Linux. In my shares, our users create any folders all time, its a problem for me. I want to block this with Samba + Acl´s per user ? Is possible to make this ? Thanks -- Alexandre Andrade São Paulo - SP BSD User: 051253 Linux User: 390467 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Message size is incompatible with encryption type
Hello all, I have a nice dual Opteron server with a lot of disk space I'd like to let Windows ADS groups use. I am running FreeBSD (AMD64) 5.4-RELEASE-p1 with samba-3.0.20,1 I joined the ADS domain. Smbclient works perfectly. Server shows up in My Network Places When I click on it, I get a login box and no credentials will authenticate me. Read some of the samba docs, and found it amusing that many times the scenario of departments/personnel/politics etc were explained before a config was given. (See my first sentence!) The only other piece to the puzzle is how do I grant rights to the UNIX/Samba shares?? E.g. Want the ADS group Archives to have read only access to the Archives, but ADS Domain admins can have read/write to samba share Archives. I looked around on the net and I'm not sure what is wrong. Thanks much list! Eric Smb.conf: [global] workgroup = WORKGROUP realm = DOMAIN.COM server string = 64bit FreeBSD Samba Box security = ADS auth methods = winbind password server = 192.168.x.x passdb backend = tdbsam log level = 3 log file = /var/log/samba/log.%m max log size = 50 load printers = No preferred master = No local master = No domain master = No dns proxy = No wins server = 192.168.X.X ldap ssl = no idmap uid = 1-2 idmap gid = 2-3 winbind use default domain = Yes winbind trusted domains only = Yes invalid users = root acl group control = Yes inherit permissions = Yes inherit acls = Yes hosts allow = 192.168.X., 127. hosts deny = ALL [Archives] comment = Archives path = /usr/Archives read only = Yes guest ok = Yes /var/log/samba/workstation-Log (all happened in less than a second) 2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1380) open_oplock_ipc: opening loopback UDP socket. [2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1380) open_oplock_ipc: opening loopback UDP socket. [2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1411) open_oplock ipc: pid = 98079, global_oplock_port = 57632 [2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1411) open_oplock ipc: pid = 98080, global_oplock_port = 58261 [2005/10/28 15:20:06, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/10/28 15:20:06, 2] lib/access.c:check_access(324) Allowed connection from (192.168.X.X) [2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114) Transaction 0 of length 72 [2005/10/28 15:20:06, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/10/28 15:20:06, 2] lib/access.c:check_access(324) Allowed connection from (192.168.X.X) [2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114) Transaction 0 of length 137 [2005/10/28 15:20:06, 2] smbd/reply.c:reply_special(448) netbios connect: name1=RODAN name2=ERIC-AMD-4200X2 [2005/10/28 15:20:06, 2] smbd/reply.c:reply_special(455) netbios connect: local=rodan remote=eric-amd-4200x2, name type = 0 [2005/10/28 15:20:06, 3] smbd/process.c:switch_message(900) switch message SMBnegprot (pid 98080) conn 0x0 [2005/10/28 15:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LANMAN1.0] [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [Windows for Workgroups 3.1a] [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LM1.2X002] [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LANMAN2.1] [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [NT LM 0.12] [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_nt1(337) using SPNEGO [2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(559) Selected protocol NT LM 0.12 [2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114) Transaction 1 of length 1572 [2005/10/28 15:20:06, 3] smbd/process.c:switch_message(900) switch message SMBsesssetupX (pid 98080) conn 0x0 [2005/10/28 15:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/28 15:20:06, 3] smbd/sesssetup.c:reply_sesssetup_and_X(751) wct=12 flg2=0xc807 [2005/10/28 15:20:06, 2] smbd/sesssetup.c:setup_new_vc_session(704) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/10/28 15:20:06, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(588) Doing spnego session setup [2005/10/28 15:20:06, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/10/28 15:20:06, 3]
[Samba] Newbie question about security
Dear Samba users, I have just set up a home network consisting of two XP computers and a linux box running FC4. The linux box is currently acting as my webserver. The whole network lies behind a router (belkin) with a hardware firewall and each of the computers are running software firewalls. OK all is well and everything works. I wish to use my XP pc to edit files on the linux webserver, so i figured that samba was the right option. I have it set up and can access my files on the webserver. I am just concerned about security. On the XP machines we do not use a password to login so I have had to set the samba password to no characters in order to access the samba share. Since the only machines on the local network are trustworthy (ie I control them and only me and my wife have direct console access) IS THIS A SAFE SITUATION, can anyone get to my samba share from outside the local network? I have restricted access to the IP addresses of my two loacl machines on a 192.168.2. type network. The only two ports that are specifically open to my linux box from the outside world are 80 for the webserver and 22 for ssh access. Any ideas suggestions are appreciated. Can I use a password to access my samba share without having to use a password in windows??? Thanks Martyn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] why samba doesn't work ?
Hello, I try to install Sambo on a Dreambox (Linux 2.6 based on a small PowerPC) I place in attachement the log file Please help me ! Thank you very much for your help Thierry Vorms -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Debian Binary Packages from samba.org
I'm reshaping Binary_Packages/Debian directory to allow us to release binary packages for both Woody and Sarge. You may expect some problems downloading our debs, while I try out the new trees. The good news are that there you will find samba 3.0.20b packages for Woody and Sarge as soon as our mirrors get in sync. I must thank Debian Samba maintainers, Eloy and Steve, for their work on Debian packaging from which I derive the samba.org packages. I will shortly update the debian packaging directories in the main SVN tree too (up to unstable). Any suggestion is very welcome, feel free to write me, or keep me in Cc as I often miss [EMAIL PROTECTED] threads. cheers, Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Overloaded samba server. Is it a bug?
On Thu, 2005-10-27 at 03:12 -0300, Martin Scandroli wrote: Experts, The implementation of this feature produced some other problems (we've found workarrounds but i'll comment them just to provide some feedback). 1) The samba server used to die seconds after it was started. Something about the nobody user and it's primary group prevented it from working in a proper manner. We solved this inconvinient by adding de user nobody and it's corresponding primary group to the backend. Yep, this is a known requirement for that feature. I'm not sure it should die, but it can't work without all the accounts it will deal with in LDAP. (Otherwise we have to use the slower method, which is why you turned this on in the first place). 2) Root user was no longer recognized, (we still trying to figure out why, the user's been added to the tree, but nothing changed) so we used the new role based administration provided by samba 3 as a workarround (SeMachinAccount...), and no more troubles about it. Yep. 3)THIS ISSUE IS KILLING US!!! Something happens in a determined moment of the day (rush hour). Everything is running smoothly (0.3 - 0.4 of load average) when the load start to grow indefinitely!!. It raises from 0.3 to 50 in a matter of seconds!, and it keeps growing till the server dies. We couldn't find the reason of this, but it happens in a two hors interval. Before and after this interval, there are no errors of any kind. I'll paste some log errors (just the ones i saw). I don't think they're the cause of our problems, buy you're the experts. Any clue? do you need me to gather some kind of information? any DoS bug reported for this samba version? My guess is this: Your LDAP server is getting backed up because of a bug, perhaps invoving a lock in the database. Then Samba processes start backing up, trying to access LDAP, which is wedged. They keep hammering at the ldap server in the backoff pattern, then fail (causing the client to try again). Because the questions are not being answered, the load goes though the roof, and this causes the LDAP sever more pain. One option is to separate your LDAP server from your samba server, and have more than one LDAP server available per Samba server. This allows Samba to use the other server, with the local one recovers (assuming some short-term lock). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind capabilities
Hi all: I'm looking for a solution to integrate 150+ existing linux sysems into an Active Directory (Win Server 2003) domain. These systems are currently using NIS for directory/authenitication services, and all users (2000+) have existing UIDs/GIDs that need to be maintained (due to being spread out all over the place; we don't think we could do any kind of controlled migration of this data, etc). Our directory schema already has the msSFU30 schema added. I've done extensive research, and it seems my options are: 1) implement services for unix on a windows server 2) use straight LDAP auth (LDAP NSS, LDAP pam) 3) use LDAP in NSS and kerb in pam 4) use LDAP in NSS and winbind in pam From what I undrestand, there is no feesable way of implementing winbind in NSS and maintaining existing UID/GID mappings. #1 doesn't really work for us (we want to ditch NIS for a number of reasons and we can't adequately secure NIS running under SFU). #2 doesn't really work due to security constraints and strikes me as a BadThing in general. My first real question to the list is what does #4 get me over #3? Some other requirements for our environment: We need group membership to work (e.g, have users as members of groups on the unix side) We also need a mechanism for restricting login on workstations to a specific list of users (on workstation a, only users b,c, and d can log in, on workstation b, members of group alpha can log in, etc). Currently we implement this through netgroups on NIS. The implementation is not important as long as it does the job. In the perfect world, all these services would be provided in a way where our helpdesk staff could create/maintain accounts and workstation access lists using only Active Directory Users and Computers or other windows managment tools. This is not a requirement, just a preference. Now into the truely unkown relm: We are investagating means for offering strong protection on our network shares. By this, I mean enforcing permissions to the point where if a user has not logged into that station with a username and password, then they do not get to access any remote files belonging to that username. For example, user A logs into a workstation. She can access all her files on our network filer and other network shares. Then this user su's to root, and then to user B. While we can't stop her from obtaining user B's credentials for local file access, she has not authenticated as user B, and thus doesn't have a ticket for user B, etc. If she tries to do anything requring user B's credentials on the network (i.e, delete user B's files from his home directory), she will be unable to do so (permission denied). By default, windows gives this protection. Their kerberos ticket authorizes all netowrk shares, and logging on as local administrator or any other local user will not authorize them to access any network resources without authenticating as a domain user. We would like to implement something like this on our linux stations. We don't really know how to; we're in the brainstorming phase. One possibility I had was mount their home directory via CIFS; another was NFSv4 with kerberos. Does anyone have any suggestions? Are there any cool ways to do this with samba/winbind/samba tools? Thanks in advance! --Jim Kusznir Unix System Admin Washington State University, School of EECS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Overloaded samba server. Is it a bug?
On Oct 28, 2005 02:11 PM, MJBarber wrote: I am running Suse 9.2 Pro in a corporate environment with 3.0.14a and it works great.Just my 0.02... Well, when Samba is running before the load begins to rise, it's around 0.50 (with aproximately 1000 users logued in and 500 in high activity) If you truly think this is a samba problem try a different version to either replicate the issue or to have it point to a different piece of the puzzle. What is your complete config? We are using the Samba 3.0.20b because we need a new feature included in this version. (SeTakeOwnerShipPrivilege) We haven't been able to use root user as administrator of extended file system ACLs because the ldapsam:trusted is preventing us from using it. (NT_STATUS_UNSUCCESSFUL) You said the load went sky high in a matter of seconds...do you see which process is running wild (smbd, nmbd, winbindd...). We've done an strace to the partent process of all smbds (it follows all the forks) and we didn't see nothing relevant. Here is our smb.conf, and winbindd is not being used. srvsmb02:~ # cat /etc/samba/smb.conf [global] workgroup = DOMAIN passdb backend = ldapsam:ldap://10.10.6.130 netbios name = SRVSMBFS netbios aliases = SRVSMBPS ldap admin dn = cn=admin,o=domain ldap suffix = ou=ar,o=domain ldap group suffix = ou=grupos_openldap ldap machine suffix = ou=maquinas ldap timeout = 2 idmap backend = ldap:ldap://10.10.6.130 idmap uid = 1-4 idmap gid = 1-4 unix charset = ISO8859-15 add machine script = /usr/local/sbin/smbldap-useradd -w %u domain logons = yes domain master = yes local master = yes show add printer wizard = no bind interfaces only = yes interfaces = 10.10.6.75/24 username level = 15 username map = /etc/samba/smbusers ldapsam:trusted = yes preferred master = yes ldap ssl = no wins support = yes printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = logon home = \\%L\%U\.9xprofile logon drive = H: os level = 255 log level = 3 socket options = IPTOS_LOWDELAY TCP_NODELAY cups server = 10.10.6.78 veto files = /*.eml/*.nws/riched20.dll/*.{*}/aquota.user/aquota.group/.msprofile/lost+found/ hide files = /aquota.user/aquota.group/.msprofile/ enable privileges = yes acl group control = yes logon script = ARRANQUE.BAT inherit owner = yes inherit acls = yes disable spoolss = yes log file = /var/log/samba/machines/log.%m [homes] comment = Home Directories valid users = %S browseable = No read only = No [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 browseable = no [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [netlogon] comment = netlogon service path = /var/lib/samba/netlogon browseable = no guest ok = . Continue ---8---8 Thanks for your interest, Martín -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Overloaded samba server. Is it a bug?
On Fri Oct 28 14:44:02 GMT 2005 Bruno Guerreiro wrote: I've made this question over and over, but still no answer till now. So here goes again, maybe I have better luck this time. Is there any limitation to the number of groups a samba user may belong? I've found out that if the user belongs to more than 60 to 70 groups, group-based share access stop working. From another post in this ml, i've found out that kernel 2.4.xx had a 32 group membership limitation, but i'm using 2.6.xx which has a 65536 groups limit. Is there any place in samba where I shoulb be looking? Any info/pointers would be much appreciated. Have you check with getent command if your platform response correctly? try getent group GROUP_WITH_A_LOT_OF_USERS_FROM_YOUR_LDAP_BACKEND It should returns a members list like a line from /etc/group. If it does not work, check your entry in nsswitch.conf and replace passwd compat by passwd ldap (do the same for the group and maybe for shadow) Another thing you could try is use the recently ldapsam:trusted = yes option... take care of the considerations to make it work! Saludos, Martín -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group membership limitation
On Fri Oct 28 14:44:02 GMT 2005 Bruno Guerreiro wrote: I've made this question over and over, but still no answer till now. So here goes again, maybe I have better luck this time. Is there any limitation to the number of groups a samba user may belong? I've found out that if the user belongs to more than 60 to 70 groups, group-based share access stop working. From another post in this ml, i've found out that kernel 2.4.xx had a 32 group membership limitation, but i'm using 2.6.xx which has a 65536 groups limit. Is there any place in samba where I shoulb be looking? Any info/pointers would be much appreciated. Have you check with getent command if your platform response correctly? try getent group GROUP_WITH_A_LOT_OF_USERS_FROM_YOUR_LDAP_BACKEND It should returns a members list like a line from /etc/group. If it does not work, check your entry in nsswitch.conf and replace passwd compat by passwd ldap (do the same for the group and maybe for shadow) Another thing you could try is use the recently ldapsam:trusted = yes option... take care of the considerations to make it work! Saludos, Martín -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r11361 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-10-28 06:44:24 + (Fri, 28 Oct 2005) New Revision: 11361 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11361 Log: Test [EMAIL PROTECTED] userPrincipalNames Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/drsuapi_cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/drsuapi_cracknames.c === --- branches/SAMBA_4_0/source/torture/rpc/drsuapi_cracknames.c 2005-10-28 05:57:35 UTC (rev 11360) +++ branches/SAMBA_4_0/source/torture/rpc/drsuapi_cracknames.c 2005-10-28 06:44:24 UTC (rev 11361) @@ -215,6 +215,7 @@ const char *realm_canonical; const char *realm_canonical_ex; const char *user_principal_name; + char *user_principal_name_short; const char *service_principal_name; const char *canonical_name; const char *canonical_ex_name; @@ -398,6 +399,12 @@ canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn); user_principal_name = talloc_asprintf(mem_ctx, [EMAIL PROTECTED], test_dc, dns_domain); + + /* form up a [EMAIL PROTECTED] */ + user_principal_name_short = talloc_asprintf(mem_ctx, [EMAIL PROTECTED], test_dc, nt4_domain); + /* variable nt4_domain includs a trailing \ */ + user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0'; + service_principal_name = talloc_asprintf(mem_ctx, HOST/%s, test_dc); { @@ -418,6 +425,13 @@ .status = DRSUAPI_DS_NAME_STATUS_OK }, { + .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, + .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + .str = user_principal_name_short, + .expected_str = FQDN_1779_name, + .status = DRSUAPI_DS_NAME_STATUS_OK + }, + { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .str = service_principal_name,
svn commit: samba r11362 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tpot Date: 2005-10-28 06:51:44 + (Fri, 28 Oct 2005) New Revision: 11362 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11362 Log: Remove attempt to decode uint8 array as a security descriptor. Pidl thinks that because it is an array, the import should also be an array, i.e of security descriptors. Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.cnf Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.cnf === --- branches/SAMBA_4_0/source/librpc/idl/winreg.cnf 2005-10-28 06:44:24 UTC (rev 11361) +++ branches/SAMBA_4_0/source/librpc/idl/winreg.cnf 2005-10-28 06:51:44 UTC (rev 11362) @@ -50,5 +50,3 @@ HF_RENAME hf_winreg_winreg_OpenHKDD_handle hf_winreg_handle HF_RENAME hf_winreg_winreg_OpenHKPT_handle hf_winreg_handle HF_RENAME hf_winreg_winreg_OpenHKPN_handle hf_winreg_handle - -IMPORT KeySecurityData.data if (((dcerpc_info *)pinfo-private_data)-conformant_run) return offset; offset = dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, FALSE, -1, NULL);
svn commit: samba r11363 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: tridge Date: 2005-10-28 07:00:52 + (Fri, 28 Oct 2005) New Revision: 11363 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11363 Log: fixed a problem with provisioning when hklm already exists (the problem is really caused by hklm not having objectclass attributes on its records, but this is a workaround) Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2005-10-28 06:51:44 UTC (rev 11362) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2005-10-28 07:00:52 UTC (rev 11363) @@ -157,7 +157,7 @@ for (i=0;ires.length;i++) { ldb.del(res[i].dn); } - res = ldb.search((objectclass=*), attrs); + res = ldb.search((|(objectclass=*)(dn=*)), attrs); if (res.length != 0) { ldb_delete(ldb); return; @@ -165,7 +165,6 @@ assert(res.length == 0); } - /* setup a ldb in the private dir */
svn commit: samba r11364 - in branches/SAMBA_4_0/source/lib/ldb: common include ldb_tdb
Author: tridge Date: 2005-10-28 07:05:32 + (Fri, 28 Oct 2005) New Revision: 11364 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11364 Log: added a ldb_attr_dn() function for testing if an attribute name is dn or distinguishedName. This makes us a bit more consistent Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2005-10-28 07:00:52 UTC (rev 11363) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2005-10-28 07:05:32 UTC (rev 11364) @@ -87,8 +87,7 @@ struct ldb_parse_tree *tree, enum ldb_scope scope) { - - if (ldb_attr_cmp(tree-u.present.attr, distinguishedName) == 0) { + if (ldb_attr_dn(tree-u.present.attr) == 0) { return 1; } @@ -151,8 +150,7 @@ struct ldb_dn *valuedn; int ret; - if (ldb_attr_cmp(tree-u.equality.attr, dn) == 0 || - ldb_attr_cmp(tree-u.equality.attr, distinguishedName) == 0) { + if (ldb_attr_dn(tree-u.equality.attr) == 0) { valuedn = ldb_dn_explode_casefold(ldb, (char *)tree-u.equality.value.data); if (valuedn == NULL) { Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c 2005-10-28 07:00:52 UTC (rev 11363) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c 2005-10-28 07:05:32 UTC (rev 11364) @@ -80,3 +80,15 @@ { return ldb_caseless_cmp(attr1, attr2); } + +/* + we accept either 'dn' or 'distinguishedName' for a distinguishedName +*/ +int ldb_attr_dn(const char *attr) +{ + if (ldb_attr_cmp(attr, dn) == 0 || + ldb_attr_cmp(attr, distinguishedName) == 0) { + return 0; + } + return -1; +} Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb.h === --- branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2005-10-28 07:00:52 UTC (rev 11363) +++ branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2005-10-28 07:05:32 UTC (rev 11364) @@ -391,7 +391,8 @@ /* useful functions for ldb_message structure manipulation */ int ldb_dn_cmp(struct ldb_context *ldb, const char *dn1, const char *dn2); -int ldb_attr_cmp(const char *dn1, const char *dn2); +int ldb_attr_cmp(const char *attr1, const char *attr2); +int ldb_attr_dn(const char *attr); char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value); /* create an empty message */ Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2005-10-28 07:00:52 UTC (rev 11363) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2005-10-28 07:05:32 UTC (rev 11364) @@ -321,8 +321,7 @@ if (ldb_attr_cmp(tree-u.equality.attr, LTDB_OBJECTCLASS) == 0) { return ltdb_index_dn_objectclass(module, tree, index_list, list); } - if (ldb_attr_cmp(tree-u.equality.attr, distinguishedName) == 0 || - ldb_attr_cmp(tree-u.equality.attr, dn) == 0) { + if (ldb_attr_dn(tree-u.equality.attr) == 0) { list-dn = talloc_array(list, char *, 1); if (list-dn == NULL) { ldb_oom(module-ldb);
svn commit: samba r11365 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: tridge Date: 2005-10-28 07:05:56 + (Fri, 28 Oct 2005) New Revision: 11365 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11365 Log: fixed a comment typo Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c 2005-10-28 07:05:32 UTC (rev 11364) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_string.c 2005-10-28 07:05:56 UTC (rev 11365) @@ -93,7 +93,7 @@ usage: list = split(., a.foo.bar); - NOTE: does not take a regular expression, unlink perl split() + NOTE: does not take a regular expression, unlike perl split() */ static int ejs_split(MprVarHandle eid, int argc, char **argv) {
svn commit: samba r11366 - in branches/SAMBA_4_0/source: auth auth/ntlmssp rpc_server/netlogon
Author: abartlet Date: 2005-10-28 08:54:37 + (Fri, 28 Oct 2005) New Revision: 11366 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11366 Log: Pass around the flags which indicate if we should support plaintext logins and NTLM machine account logins. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/auth.h branches/SAMBA_4_0/source/auth/auth_sam.c branches/SAMBA_4_0/source/auth/ntlm_check.c branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/auth/auth.h === --- branches/SAMBA_4_0/source/auth/auth.h 2005-10-28 07:05:56 UTC (rev 11365) +++ branches/SAMBA_4_0/source/auth/auth.h 2005-10-28 08:54:37 UTC (rev 11366) @@ -51,6 +51,8 @@ const char *workstation_name; const char *remote_host; + uint32_t logon_parameters; + BOOL mapped_state; /* the values the client gives us */ struct { Modified: branches/SAMBA_4_0/source/auth/auth_sam.c === --- branches/SAMBA_4_0/source/auth/auth_sam.c 2005-10-28 07:05:56 UTC (rev 11365) +++ branches/SAMBA_4_0/source/auth/auth_sam.c 2005-10-28 08:54:37 UTC (rev 11366) @@ -105,7 +105,8 @@ break; case AUTH_PASSWORD_RESPONSE: - status = ntlm_password_check(mem_ctx, auth_context-challenge.data, + status = ntlm_password_check(mem_ctx, user_info-logon_parameters, +auth_context-challenge.data, user_info-password.response.lanman, user_info-password.response.nt, user_info-mapped.account_name, @@ -133,6 +134,7 @@ (ie not disabled, expired and the like). / static NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, + uint32_t logon_parameters, uint16_t acct_flags, NTTIME acct_expiry, NTTIME must_change_time, @@ -204,20 +206,23 @@ return NT_STATUS_INVALID_WORKSTATION; } } - + if (acct_flags ACB_DOMTRUST) { DEBUG(2,(sam_account_ok: Domain trust account %s denied by server\n, user_info-mapped.account_name)); return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; } - - if (acct_flags ACB_SVRTRUST) { - DEBUG(2,(sam_account_ok: Server trust account %s denied by server\n, user_info-mapped.account_name)); - return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; + + if (!(logon_parameters MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) { + if (acct_flags ACB_SVRTRUST) { + DEBUG(2,(sam_account_ok: Server trust account %s denied by server\n, user_info-mapped.account_name)); + return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; + } } - - if (acct_flags ACB_WSTRUST) { - DEBUG(4,(sam_account_ok: Wksta trust account %s denied by server\n, user_info-mapped.account_name)); - return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; + if (!(logon_parameters MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) { + if (acct_flags ACB_WSTRUST) { + DEBUG(4,(sam_account_ok: Wksta trust account %s denied by server\n, user_info-mapped.account_name)); + return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; + } } return NT_STATUS_OK; @@ -381,7 +386,9 @@ workstation_list = samdb_result_string(msgs[0], userWorkstations, NULL); - nt_status = authsam_account_ok(mem_ctx, acct_flags, + nt_status = authsam_account_ok(mem_ctx, + user_info-logon_parameters, + acct_flags, acct_expiry, must_change_time, last_set_time, Modified: branches/SAMBA_4_0/source/auth/ntlm_check.c === --- branches/SAMBA_4_0/source/auth/ntlm_check.c 2005-10-28 07:05:56 UTC (rev 11365) +++ branches/SAMBA_4_0/source/auth/ntlm_check.c 2005-10-28 08:54:37 UTC (rev 11366) @@ -23,6 +23,7 @@ #include includes.h #include lib/crypto/crypto.h #include librpc/gen_ndr/ndr_samr.h +#include librpc/gen_ndr/ndr_netlogon.h / Core of smb password checking routine. @@
svn commit: samba r11367 - in branches/SAMBA_4_0/source/smb_server: .
Author: abartlet Date: 2005-10-28 09:14:16 + (Fri, 28 Oct 2005) New Revision: 11367 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11367 Log: Ensure to intialise the new logon_parameters (0 for session setups). Andrew Bartlett Modified: branches/SAMBA_4_0/source/smb_server/sesssetup.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/sesssetup.c === --- branches/SAMBA_4_0/source/smb_server/sesssetup.c2005-10-28 08:54:37 UTC (rev 11366) +++ branches/SAMBA_4_0/source/smb_server/sesssetup.c2005-10-28 09:14:16 UTC (rev 11367) @@ -78,6 +78,7 @@ } user_info-mapped_state = False; + user_info-logon_parameters = 0; user_info-flags = 0; user_info-client.account_name = sess-old.in.user; user_info-client.domain_name = sess-old.in.domain; @@ -187,6 +188,7 @@ } user_info-mapped_state = False; + user_info-logon_parameters = 0; user_info-flags = 0; user_info-client.account_name = sess-nt1.in.user; user_info-client.domain_name = sess-nt1.in.domain;
svn commit: samba r11368 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: vlendec Date: 2005-10-28 09:15:27 + (Fri, 28 Oct 2005) New Revision: 11368 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11368 Log: Remove a memleak that just cost me half an hour: If we terminate inside a message handler, the list of messages from retrieve_all_messages is not properly freed. Not important, just confusing :-) Volker Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c trunk/source/nsswitch/winbindd.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd.c 2005-10-28 09:14:16 UTC (rev 11367) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.c 2005-10-28 09:15:27 UTC (rev 11368) @@ -213,7 +213,7 @@ /* React on 'smbcontrol winbindd shutdown' in the same way as on SIGTERM*/ static void msg_shutdown(int msg_type, struct process_id src, void *buf, size_t len) { - terminate(); + do_sigterm = True; } static struct winbindd_dispatch_table { Modified: trunk/source/nsswitch/winbindd.c === --- trunk/source/nsswitch/winbindd.c2005-10-28 09:14:16 UTC (rev 11367) +++ trunk/source/nsswitch/winbindd.c2005-10-28 09:15:27 UTC (rev 11368) @@ -213,7 +213,7 @@ /* React on 'smbcontrol winbindd shutdown' in the same way as on SIGTERM*/ static void msg_shutdown(int msg_type, struct process_id src, void *buf, size_t len) { - terminate(); + do_sigterm = True; } static struct winbindd_dispatch_table {
svn commit: samba r11369 - in branches/SAMBA_4_0/source: include lib/socket libcli libcli/ldap libcli/raw libcli/smb_composite
Author: vlendec Date: 2005-10-28 11:02:42 + (Fri, 28 Oct 2005) New Revision: 11369 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11369 Log: Implement socket_connect_multi: Connect to multiple ipv4 tcp ports in sequence, with a 2-millisecond timeout between firing the syn packets. Build smbcli_sock_connect_send upon that. Volker Added: branches/SAMBA_4_0/source/lib/socket/connect_multi.c Removed: branches/SAMBA_4_0/source/libcli/smb_composite/connect_multi.c Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/lib/socket/config.mk branches/SAMBA_4_0/source/lib/socket/socket.h branches/SAMBA_4_0/source/libcli/cliconnect.c branches/SAMBA_4_0/source/libcli/config.mk branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c branches/SAMBA_4_0/source/libcli/raw/clisocket.c branches/SAMBA_4_0/source/libcli/smb_composite/connect.c Changeset: Sorry, the patch is too large (1091 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11369
svn commit: samba r11370 - in branches/SAMBA_4_0/source: auth rpc_server/netlogon torture/rpc
Author: abartlet Date: 2005-10-28 11:20:48 + (Fri, 28 Oct 2005) New Revision: 11370 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11370 Log: Samba4 now passes it's own RPC-SAMLOGON test again. This avoids the nasty [EMAIL PROTECTED] test for now, as it has very odd semantics with NTLMv2. Allow only user accounts to do an interactive login. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/auth.h branches/SAMBA_4_0/source/auth/auth_sam.c branches/SAMBA_4_0/source/auth/ntlm_check.c branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c branches/SAMBA_4_0/source/torture/rpc/samlogon.c Changeset: Modified: branches/SAMBA_4_0/source/auth/auth.h === --- branches/SAMBA_4_0/source/auth/auth.h 2005-10-28 11:02:42 UTC (rev 11369) +++ branches/SAMBA_4_0/source/auth/auth.h 2005-10-28 11:20:48 UTC (rev 11370) @@ -39,6 +39,7 @@ #define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */ #define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */ #define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* dont check unix account status */ +#define USER_INFO_INTERACTIVE_LOGON 0x08 /* dont check unix account status */ enum auth_password_state { AUTH_PASSWORD_RESPONSE, Modified: branches/SAMBA_4_0/source/auth/auth_sam.c === --- branches/SAMBA_4_0/source/auth/auth_sam.c 2005-10-28 11:02:42 UTC (rev 11369) +++ branches/SAMBA_4_0/source/auth/auth_sam.c 2005-10-28 11:20:48 UTC (rev 11370) @@ -370,6 +370,13 @@ return NT_STATUS_ACCOUNT_LOCKED_OUT; } + /* You can only do an interactive login to normal accounts */ + if (user_info-flags USER_INFO_INTERACTIVE_LOGON) { + if (!(acct_flags ACB_NORMAL)) { + return NT_STATUS_NO_SUCH_USER; + } + } + nt_status = samdb_result_passwords(mem_ctx, msgs[0], lm_pwd, nt_pwd); NT_STATUS_NOT_OK_RETURN(nt_status); Modified: branches/SAMBA_4_0/source/auth/ntlm_check.c === --- branches/SAMBA_4_0/source/auth/ntlm_check.c 2005-10-28 11:02:42 UTC (rev 11369) +++ branches/SAMBA_4_0/source/auth/ntlm_check.c 2005-10-28 11:20:48 UTC (rev 11370) @@ -245,6 +245,9 @@ username)); return NT_STATUS_WRONG_PASSWORD; } + if (strchr_m(username, '@')) { + return NT_STATUS_NOT_FOUND; + } if (memcmp(client_lanman-hash, stored_lanman-hash, sizeof(stored_lanman-hash)) == 0) { return NT_STATUS_OK; @@ -254,6 +257,9 @@ return NT_STATUS_WRONG_PASSWORD; } } + if (strchr_m(username, '@')) { + return NT_STATUS_NOT_FOUND; + } return NT_STATUS_WRONG_PASSWORD; } @@ -304,20 +310,27 @@ (memcmp(challenge-data, zeros, challenge-length) == 0 )) { struct samr_Password client_nt; struct samr_Password client_lm; - uint8_t dospwd[14]; + uint8_t dospwd[15]; + char *unix_pw; DEBUG(4,(ntlm_password_check: checking plaintext passwords for user %s\n, username)); mdfour(client_nt.hash, nt_response-data, nt_response-length); ZERO_STRUCT(dospwd); - memcpy(dospwd, lm_response-data, MIN(lm_response-length, sizeof(dospwd))); + convert_string_talloc(mem_ctx, CH_DOS, CH_UNIX, + lm_response-data, lm_response-length, + (void **)unix_pw); + /* Only the fisrt 14 chars are considered, password need not be null terminated. */ + push_ascii(dospwd, unix_pw, sizeof(dospwd), STR_UPPER); /* we *might* need to upper-case the string here */ E_P16((const uint8_t *)dospwd, client_lm.hash); - return hash_password_check(mem_ctx, client_lm, client_nt, + return hash_password_check(mem_ctx, + lm_response-length ? client_lm : NULL, + nt_response-length ? client_nt : NULL, username, stored_lanman, stored_nt); } @@ -424,6 +437,9 @@ } else if (!stored_lanman) { DEBUG(3,(ntlm_password_check: NO LanMan password set for user %s (and no NT password supplied)\n, username)); + } else if (strchr_m(username, '@')) { +
svn commit: samba r11375 - in branches/SAMBA_3_0/source: .
Author: paulg Date: 2005-10-28 16:17:46 + (Fri, 28 Oct 2005) New Revision: 11375 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11375 Log: Update to the latest config.guess and config.sub files. Modified: branches/SAMBA_3_0/source/config.guess branches/SAMBA_3_0/source/config.sub Changeset: Sorry, the patch is too large (1593 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11375
svn commit: samba r11378 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: vlendec Date: 2005-10-28 19:14:46 + (Fri, 28 Oct 2005) New Revision: 11378 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11378 Log: Fix an uninitialized variable warning. Tridge, I'm 99.999% sure this was a simple cutpaste error, but you might recheck this. Volker Modified: branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c === --- branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2005-10-28 18:26:26 UTC (rev 11377) +++ branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2005-10-28 19:14:46 UTC (rev 11378) @@ -232,7 +232,7 @@ { time_t t1, t2; t1 = ldb_string_to_time((char *)v1-data); - t1 = ldb_string_to_time((char *)v1-data); + t2 = ldb_string_to_time((char *)v2-data); return (int)t2 - (int)t1; }
RE: svn commit: samba r11376 - in trunk/source: .
Ooops. Thanks. Will try not to forget this in the future. PG -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 28, 2005 12:54 PM To: [EMAIL PROTECTED] Subject: svn commit: samba r11376 - in trunk/source: . Author: jra Date: 2005-10-28 16:54:18 + (Fri, 28 Oct 2005) New Revision: 11376 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samb arev=11376 Log: Janitor for paulg - ensure the HEAD versions are updated also. Jeremy. Modified: trunk/source/config.guess trunk/source/config.sub Changeset: Sorry, the patch is too large (1593 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samb arev=11376
svn commit: samba r11379 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2005-10-28 20:36:21 + (Fri, 28 Oct 2005) New Revision: 11379 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11379 Log: Remove external dependencies from sharemodes library. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_share_modes.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_share_modes.c === --- branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2005-10-28 19:14:46 UTC (rev 11378) +++ branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2005-10-28 20:36:21 UTC (rev 11379) @@ -3,6 +3,12 @@ Used by non-Samba products needing access to the Samba share mode db. Copyright (C) Jeremy Allison 2005. + + sharemodes_procid functions (C) Copyright (C) Volker Lendecke 2005 + + ** NOTE! The following LGPL license applies to this module only. + ** This does NOT imply that all of Samba is released + ** under the LGPL This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -27,6 +33,16 @@ #undef malloc #endif +static BOOL sharemodes_procid_equal(const struct process_id *p1, const struct process_id *p2) +{ + return (p1-pid == p2-pid); +} + +static pid_t sharemodes_procid_to_pid(const struct process_id *proc) +{ + return proc-pid; +} + /* * open/close sharemode database. */ @@ -122,7 +138,7 @@ static int share_mode_entry_equal(const struct smb_share_mode_entry *e_entry, const struct share_mode_entry *entry) { - return (procid_equal(e_entry-pid, entry-pid) + return (sharemodes_procid_equal(e_entry-pid, entry-pid) e_entry-file_id == (uint32_t)entry-share_file_id e_entry-open_time.tv_sec == entry-time.tv_sec e_entry-open_time.tv_usec == entry-time.tv_usec @@ -202,7 +218,7 @@ struct process_id pid = share-pid; /* Check this process really exists. */ - if (kill(procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { + if (kill(sharemodes_procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { continue; /* No longer exists. */ } @@ -372,7 +388,7 @@ struct process_id pid = share-pid; /* Check this process really exists. */ - if (kill(procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { + if (kill(sharemodes_procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { continue; /* No longer exists. */ } @@ -447,7 +463,7 @@ struct process_id pid = share-pid; /* Check this process really exists. */ - if (kill(procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { + if (kill(sharemodes_procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { continue; /* No longer exists. */ }
svn commit: samba r11380 - in trunk/source/libsmb: .
Author: jra Date: 2005-10-28 20:36:27 + (Fri, 28 Oct 2005) New Revision: 11380 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11380 Log: Remove external dependencies from sharemodes library. Jeremy. Modified: trunk/source/libsmb/smb_share_modes.c Changeset: Modified: trunk/source/libsmb/smb_share_modes.c === --- trunk/source/libsmb/smb_share_modes.c 2005-10-28 20:36:21 UTC (rev 11379) +++ trunk/source/libsmb/smb_share_modes.c 2005-10-28 20:36:27 UTC (rev 11380) @@ -3,6 +3,12 @@ Used by non-Samba products needing access to the Samba share mode db. Copyright (C) Jeremy Allison 2005. + + sharemodes_procid functions (C) Copyright (C) Volker Lendecke 2005 + + ** NOTE! The following LGPL license applies to this module only. + ** This does NOT imply that all of Samba is released + ** under the LGPL This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -27,6 +33,16 @@ #undef malloc #endif +static BOOL sharemodes_procid_equal(const struct process_id *p1, const struct process_id *p2) +{ + return (p1-pid == p2-pid); +} + +static pid_t sharemodes_procid_to_pid(const struct process_id *proc) +{ + return proc-pid; +} + /* * open/close sharemode database. */ @@ -122,7 +138,7 @@ static int share_mode_entry_equal(const struct smb_share_mode_entry *e_entry, const struct share_mode_entry *entry) { - return (procid_equal(e_entry-pid, entry-pid) + return (sharemodes_procid_equal(e_entry-pid, entry-pid) e_entry-file_id == (uint32_t)entry-share_file_id e_entry-open_time.tv_sec == entry-time.tv_sec e_entry-open_time.tv_usec == entry-time.tv_usec @@ -202,7 +218,7 @@ struct process_id pid = share-pid; /* Check this process really exists. */ - if (kill(procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { + if (kill(sharemodes_procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { continue; /* No longer exists. */ } @@ -372,7 +388,7 @@ struct process_id pid = share-pid; /* Check this process really exists. */ - if (kill(procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { + if (kill(sharemodes_procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { continue; /* No longer exists. */ } @@ -447,7 +463,7 @@ struct process_id pid = share-pid; /* Check this process really exists. */ - if (kill(procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { + if (kill(sharemodes_procid_to_pid(pid), 0) == -1 (errno == ESRCH)) { continue; /* No longer exists. */ }
svn commit: samba r11381 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: vlendec Date: 2005-10-28 21:08:31 + (Fri, 28 Oct 2005) New Revision: 11381 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11381 Log: Correctly connect to 445 and 139 after a successful getdcname. Volker Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c trunk/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-10-28 20:36:27 UTC (rev 11380) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2005-10-28 21:08:31 UTC (rev 11381) @@ -766,10 +766,17 @@ result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; if ((strlen(domain-dcname) 0) - NT_STATUS_IS_OK(check_negative_conn_cache(domain-name, - domain-dcname))) { + NT_STATUS_IS_OK(check_negative_conn_cache( + domain-name, domain-dcname)) + (resolve_name(domain-dcname, domain-dcaddr.sin_addr, + 0x20))) { int dummy; - if (!open_any_socket_out(domain-dcaddr, 1, 1, + struct sockaddr_in addrs[2]; + addrs[0] = domain-dcaddr; + addrs[0].sin_port = htons(445); + addrs[1] = domain-dcaddr; + addrs[1].sin_port = htons(139); + if (!open_any_socket_out(addrs, 2, 1, dummy, fd)) { fd = -1; } Modified: trunk/source/nsswitch/winbindd_cm.c === --- trunk/source/nsswitch/winbindd_cm.c 2005-10-28 20:36:27 UTC (rev 11380) +++ trunk/source/nsswitch/winbindd_cm.c 2005-10-28 21:08:31 UTC (rev 11381) @@ -766,10 +766,17 @@ result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; if ((strlen(domain-dcname) 0) - NT_STATUS_IS_OK(check_negative_conn_cache(domain-name, - domain-dcname))) { + NT_STATUS_IS_OK(check_negative_conn_cache( + domain-name, domain-dcname)) + (resolve_name(domain-dcname, domain-dcaddr.sin_addr, + 0x20))) { int dummy; - if (!open_any_socket_out(domain-dcaddr, 1, 1, + struct sockaddr_in addrs[2]; + addrs[0] = domain-dcaddr; + addrs[0].sin_port = htons(445); + addrs[1] = domain-dcaddr; + addrs[1].sin_port = htons(139); + if (!open_any_socket_out(addrs, 2, 1, dummy, fd)) { fd = -1; }
svn commit: samba r11382 - in branches/SAMBA_4_0/source: auth/gensec build/m4 build/smb_build gtk gtk/tools heimdal_build kdc lib lib/ldb lib/registry lib/replace/repdir lib/samba3 lib/socket libnet s
Author: jelmer Date: 2005-10-28 21:13:30 + (Fri, 28 Oct 2005) New Revision: 11382 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11382 Log: Require number of required M4 macros Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM Add some more PUBLIC_HEADERS Modified: branches/SAMBA_4_0/source/auth/gensec/config.m4 branches/SAMBA_4_0/source/auth/gensec/config.mk branches/SAMBA_4_0/source/build/m4/public.m4 branches/SAMBA_4_0/source/build/smb_build/input.pm branches/SAMBA_4_0/source/build/smb_build/main.pl branches/SAMBA_4_0/source/build/smb_build/output.pm branches/SAMBA_4_0/source/gtk/config.m4 branches/SAMBA_4_0/source/gtk/config.mk branches/SAMBA_4_0/source/gtk/tools/gregedit.c branches/SAMBA_4_0/source/heimdal_build/config.m4 branches/SAMBA_4_0/source/kdc/config.m4 branches/SAMBA_4_0/source/lib/basic.mk branches/SAMBA_4_0/source/lib/ldb/config.m4 branches/SAMBA_4_0/source/lib/registry/config.m4 branches/SAMBA_4_0/source/lib/replace/repdir/config.m4 branches/SAMBA_4_0/source/lib/samba3/config.mk branches/SAMBA_4_0/source/lib/socket/config.m4 branches/SAMBA_4_0/source/libnet/config.mk branches/SAMBA_4_0/source/smbd/process_model.m4 Changeset: Sorry, the patch is too large (499 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11382
svn commit: samba r11383 - in branches/SAMBA_3_0/source/lib: .
Author: jra Date: 2005-10-28 22:22:23 + (Fri, 28 Oct 2005) New Revision: 11383 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11383 Log: Patch from Alex Masterov [EMAIL PROTECTED] to fix XATTR calls on *BSD systems (bug #3218). Jeremy. Modified: branches/SAMBA_3_0/source/lib/system.c Changeset: Modified: branches/SAMBA_3_0/source/lib/system.c === --- branches/SAMBA_3_0/source/lib/system.c 2005-10-28 21:13:30 UTC (rev 11382) +++ branches/SAMBA_3_0/source/lib/system.c 2005-10-28 22:22:23 UTC (rev 11383) @@ -1367,7 +1367,7 @@ /** Wrappers for extented attribute calls. Based on the Linux package with - support for IRIX also. Expand as other systems have them. + support for IRIX and (Net|Free)BSD also. Expand as other systems have them. / ssize_t sys_getxattr (const char *path, const char *name, void *value, size_t size) @@ -1376,10 +1376,22 @@ return getxattr(path, name, value, size); #elif defined(HAVE_EXTATTR_GET_FILE) char *s; + ssize_t retval; int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + /* +* The BSD implementation has a nasty habit of silently truncating +* the returned value to the size of the buffer, so we have to check +* that the buffer is large enough to fit the returned value. +*/ + retval = extattr_get_file(path, attrnamespace, attrname, NULL, 0); + if(retval size) { + errno = ERANGE; + return -1; + } + return extattr_get_file(path, attrnamespace, attrname, value, size); #elif defined(HAVE_ATTR_GET) int retval, flags = 0; @@ -1403,10 +1415,18 @@ return lgetxattr(path, name, value, size); #elif defined(HAVE_EXTATTR_GET_LINK) char *s; + ssize_t retval; int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + retval = extattr_get_link(path, attrnamespace, attrname, NULL, 0); + + if(retval size) { + errno = ERANGE; + return -1; + } + return extattr_get_link(path, attrnamespace, attrname, value, size); #elif defined(HAVE_ATTR_GET) int retval, flags = ATTR_DONTFOLLOW; @@ -1430,10 +1450,18 @@ return fgetxattr(filedes, name, value, size); #elif defined(HAVE_EXTATTR_GET_FD) char *s; + ssize_t retval; int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + retval = extattr_get_fd(filedes, attrnamespace, attrname, NULL, 0); + + if(retval size) { + errno = ERANGE; + return -1; + } + return extattr_get_fd(filedes, attrnamespace, attrname, value, size); #elif defined(HAVE_ATTR_GETF) int retval, flags = 0; @@ -1747,7 +1775,24 @@ int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; - + if (flags) { + /* Check attribute existence */ + retval = extattr_get_file(path, attrnamespace, attrname, NULL, 0); + if (retval 0) { + /* REPLACE attribute, that doesn't exist */ + if (flags XATTR_REPLACE errno == ENOATTR) { + errno = ENOATTR; + return -1; + } + } + else { + /* CREATE attribute, that already exists */ + if (flags XATTR_CREATE) { + errno = EEXIST; + return -1; + } + } + } retval = extattr_set_file(path, attrnamespace, attrname, value, size); return (retval 0) ? -1 : 0; #elif defined(HAVE_ATTR_SET) @@ -1775,6 +1820,24 @@ int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + if (flags) { + /* Check attribute existence */ + retval = extattr_get_link(path, attrnamespace, attrname, NULL, 0); + if (retval 0) { + /* REPLACE attribute,
svn commit: samba r11384 - in trunk/source/lib: .
Author: jra Date: 2005-10-28 22:22:30 + (Fri, 28 Oct 2005) New Revision: 11384 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11384 Log: Patch from Alex Masterov [EMAIL PROTECTED] to fix XATTR calls on *BSD systems (bug #3218). Jeremy. Modified: trunk/source/lib/system.c Changeset: Modified: trunk/source/lib/system.c === --- trunk/source/lib/system.c 2005-10-28 22:22:23 UTC (rev 11383) +++ trunk/source/lib/system.c 2005-10-28 22:22:30 UTC (rev 11384) @@ -1367,7 +1367,7 @@ /** Wrappers for extented attribute calls. Based on the Linux package with - support for IRIX also. Expand as other systems have them. + support for IRIX and (Net|Free)BSD also. Expand as other systems have them. / ssize_t sys_getxattr (const char *path, const char *name, void *value, size_t size) @@ -1376,10 +1376,22 @@ return getxattr(path, name, value, size); #elif defined(HAVE_EXTATTR_GET_FILE) char *s; + ssize_t retval; int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + /* +* The BSD implementation has a nasty habit of silently truncating +* the returned value to the size of the buffer, so we have to check +* that the buffer is large enough to fit the returned value. +*/ + retval = extattr_get_file(path, attrnamespace, attrname, NULL, 0); + if(retval size) { + errno = ERANGE; + return -1; + } + return extattr_get_file(path, attrnamespace, attrname, value, size); #elif defined(HAVE_ATTR_GET) int retval, flags = 0; @@ -1403,10 +1415,18 @@ return lgetxattr(path, name, value, size); #elif defined(HAVE_EXTATTR_GET_LINK) char *s; + ssize_t retval; int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + retval = extattr_get_link(path, attrnamespace, attrname, NULL, 0); + + if(retval size) { + errno = ERANGE; + return -1; + } + return extattr_get_link(path, attrnamespace, attrname, value, size); #elif defined(HAVE_ATTR_GET) int retval, flags = ATTR_DONTFOLLOW; @@ -1430,10 +1450,18 @@ return fgetxattr(filedes, name, value, size); #elif defined(HAVE_EXTATTR_GET_FD) char *s; + ssize_t retval; int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + retval = extattr_get_fd(filedes, attrnamespace, attrname, NULL, 0); + + if(retval size) { + errno = ERANGE; + return -1; + } + return extattr_get_fd(filedes, attrnamespace, attrname, value, size); #elif defined(HAVE_ATTR_GETF) int retval, flags = 0; @@ -1747,7 +1775,24 @@ int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; - + if (flags) { + /* Check attribute existence */ + retval = extattr_get_file(path, attrnamespace, attrname, NULL, 0); + if (retval 0) { + /* REPLACE attribute, that doesn't exist */ + if (flags XATTR_REPLACE errno == ENOATTR) { + errno = ENOATTR; + return -1; + } + } + else { + /* CREATE attribute, that already exists */ + if (flags XATTR_CREATE) { + errno = EEXIST; + return -1; + } + } + } retval = extattr_set_file(path, attrnamespace, attrname, value, size); return (retval 0) ? -1 : 0; #elif defined(HAVE_ATTR_SET) @@ -1775,6 +1820,24 @@ int attrnamespace = (strncmp(name, system, 6) == 0) ? EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER; const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : s + 1; + if (flags) { + /* Check attribute existence */ + retval = extattr_get_link(path, attrnamespace, attrname, NULL, 0); + if (retval 0) { + /* REPLACE attribute, that doesn't exist */ + if (flags
svn commit: samba r11385 - in branches/SAMBA_4_0/source/lib: .
Author: jelmer Date: 2005-10-28 22:32:22 + (Fri, 28 Oct 2005) New Revision: 11385 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11385 Log: Fix issues in module.c. Calling function should pass in path to directory rather then subsystem name now. Modified: branches/SAMBA_4_0/source/lib/basic.mk branches/SAMBA_4_0/source/lib/module.c Changeset: Modified: branches/SAMBA_4_0/source/lib/basic.mk === --- branches/SAMBA_4_0/source/lib/basic.mk 2005-10-28 22:22:30 UTC (rev 11384) +++ branches/SAMBA_4_0/source/lib/basic.mk 2005-10-28 22:32:22 UTC (rev 11385) @@ -59,9 +59,6 @@ OBJ_FILES = \ gencache.o \ -[SUBSYSTEM::MODULE] -OBJ_FILES = module.o - ## # Start SUBSYSTEM LIBBASIC [SUBSYSTEM::LIBBASIC] @@ -89,7 +86,8 @@ mutex.o \ idtree.o \ db_wrap.o \ - gendb.o + gendb.o \ + module.o REQUIRED_SUBSYSTEMS = \ LIBLDB CHARSET LIBREPLACE LIBNETIF LIBCRYPTO EXT_LIB_DL LIBTALLOC \ SOCKET_WRAPPER CONFIG Modified: branches/SAMBA_4_0/source/lib/module.c === --- branches/SAMBA_4_0/source/lib/module.c 2005-10-28 22:22:30 UTC (rev 11384) +++ branches/SAMBA_4_0/source/lib/module.c 2005-10-28 22:32:22 UTC (rev 11385) @@ -19,7 +19,6 @@ */ #include includes.h -#include dynconfig.h #include system/dir.h static BOOL load_module(TALLOC_CTX *mem_ctx, const char *dir, const char *name) @@ -31,7 +30,7 @@ path = talloc_asprintf(mem_ctx, %s/%s, dir, name); - handle = dlopen(path, 0); + handle = dlopen(path, RTLD_NOW); if (handle == NULL) { DEBUG(0, (Unable to open %s: %s\n, path, dlerror())); return False; @@ -56,23 +55,16 @@ return ret; } -BOOL load_modules(const char *subsystem) +BOOL load_modules(const char *path) { DIR *dir; struct dirent *entry; - char *dir_path; BOOL ret; TALLOC_CTX *mem_ctx; mem_ctx = talloc_init(NULL); - dir_path = talloc_asprintf(mem_ctx, %s/%s, dyn_LIBDIR, subsystem); - if (!dir_path) { - talloc_free(mem_ctx); - return False; - } - - dir = opendir(subsystem); + dir = opendir(path); if (dir == NULL) { talloc_free(mem_ctx); return False; @@ -82,7 +74,7 @@ if (!strcmp(entry-d_name, .) || !strcmp(entry-d_name, ..)) continue; - ret = load_module(mem_ctx, dir_path, entry-d_name); + ret = load_module(mem_ctx, path, entry-d_name); } closedir(dir);
svn commit: samba r11386 - in branches/SAMBA_4_0/source: . pidl
Author: jelmer Date: 2005-10-28 22:40:31 + (Fri, 28 Oct 2005) New Revision: 11386 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11386 Log: Add install rule for pidl Modified: branches/SAMBA_4_0/source/main.mk branches/SAMBA_4_0/source/pidl/TODO Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2005-10-28 22:32:22 UTC (rev 11385) +++ branches/SAMBA_4_0/source/main.mk 2005-10-28 22:40:31 UTC (rev 11386) @@ -75,7 +75,7 @@ -DSWATDIR=\$(SWATDIR)\ -DPRIVATE_DIR=\$(PRIVATEDIR)\ install: showlayout installbin installdat installswat installmisc installlib \ - installheader + installheader installpidl # DESTDIR is used here to prevent packagers wasting their time # duplicating the Makefile. Remove it and you will have the privilege @@ -139,6 +139,12 @@ ctags: ctags `find $(srcdir) -name *.[ch]` +pidl/Makefile: pidl/Makefile.PL + cd pidl $(PERL) Makefile.PL + +installpidl: pidl/Makefile + cd pidl $(MAKE) install + idl_full: pidl/lib/Parse/Pidl/IDL.pm @CPP=$(CPP) PERL=$(PERL) script/build_idl.sh FULL $(PIDL_ARGS) Modified: branches/SAMBA_4_0/source/pidl/TODO === --- branches/SAMBA_4_0/source/pidl/TODO 2005-10-28 22:32:22 UTC (rev 11385) +++ branches/SAMBA_4_0/source/pidl/TODO 2005-10-28 22:40:31 UTC (rev 11386) @@ -10,7 +10,7 @@ - auto-alloc [ref] pointers for Samba4 during pull if they were NULL -- better replacement for subcontext() +- replace subcontext() with represent_as() - --explain-ndr option that dumps out parse tree
svn commit: samba r11387 - in branches/SAMBA_4_0/source: .
Author: jelmer Date: 2005-10-28 23:16:27 + (Fri, 28 Oct 2005) New Revision: 11387 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11387 Log: Remove pidl from the default 'install' target as it doesn't obey the user specified install paths. Modified: branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2005-10-28 22:40:31 UTC (rev 11386) +++ branches/SAMBA_4_0/source/main.mk 2005-10-28 23:16:27 UTC (rev 11387) @@ -75,7 +75,7 @@ -DSWATDIR=\$(SWATDIR)\ -DPRIVATE_DIR=\$(PRIVATEDIR)\ install: showlayout installbin installdat installswat installmisc installlib \ - installheader installpidl + installheader # DESTDIR is used here to prevent packagers wasting their time # duplicating the Makefile. Remove it and you will have the privilege
Build status as of Sat Oct 29 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-10-28 00:00:31.0 + +++ /home/build/master/cache/broken_results.txt 2005-10-29 00:00:32.0 + @@ -1,16 +1,16 @@ -Build status as of Fri Oct 28 00:00:01 2005 +Build status as of Sat Oct 29 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 8 2 0 -distcc 10 2 0 +distcc 9 2 0 lorikeet-heimdal 34 34 0 ppp 17 0 0 rsync36 2 0 samba3 0 0 samba-docs 0 0 0 -samba4 34 25 2 -samba_3_037 6 0 +samba4 34 31 5 +samba_3_037 8 0 smb-build24 2 0 talloc 35 14 0 tdb 35 5 0
svn commit: samba r11389 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-10-29 00:27:16 + (Sat, 29 Oct 2005) New Revision: 11389 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11389 Log: Attempt to fix bug #3212 - ignore bogus OS/2 EA set values on trans2_mkdir/trans2_open/trans2_setfilepathingo. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/trans2.c === --- branches/SAMBA_3_0/source/smbd/trans2.c 2005-10-28 23:28:37 UTC (rev 11388) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2005-10-29 00:27:16 UTC (rev 11389) @@ -804,11 +804,11 @@ } /* Any data in this call is an EA list. */ - if (total_data !lp_ea_support(SNUM(conn))) { + if (total_data (total_data != 4) !lp_ea_support(SNUM(conn))) { return ERROR_NT(NT_STATUS_EAS_NOT_SUPPORTED); } - if (total_data) { + if (total_data != 4) { if (total_data 10) { return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -828,6 +828,8 @@ talloc_destroy(ctx); return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } + } else if (IVAL(pdata,0) != 4) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } fsp = open_file_ntcreate(conn,fname,sbuf, @@ -3736,6 +3738,17 @@ TALLOC_CTX *ctx = NULL; if (total_data 10) { + + /* OS/2 workplace shell seems to send SET_EA requests of null + length. They seem to have no effect. Bug #3212. JRA */ + + if ((total_data == 4) (IVAL(pdata,0) == 4)) { + /* We're done. We only get EA info in this call. */ + SSVAL(params,0,0); + send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); + return(-1); + } + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -4489,11 +4502,17 @@ } /* Any data in this call is an EA list. */ - if (total_data !lp_ea_support(SNUM(conn))) { + if (total_data (total_data != 4) !lp_ea_support(SNUM(conn))) { return ERROR_NT(NT_STATUS_EAS_NOT_SUPPORTED); } - if (total_data) { + /* +* OS/2 workplace shell seems to send SET_EA requests of null +* length (4 bytes containing IVAL 4). +* They seem to have no effect. Bug #3212. JRA. +*/ + + if (total_data != 4) { if (total_data 10) { return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -4513,6 +4532,8 @@ talloc_destroy(ctx); return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } + } else if (IVAL(pdata,0) != 4) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (check_name(directory,conn)) {
svn commit: samba r11390 - in trunk/source/smbd: .
Author: jra Date: 2005-10-29 00:27:17 + (Sat, 29 Oct 2005) New Revision: 11390 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11390 Log: Attempt to fix bug #3212 - ignore bogus OS/2 EA set values on trans2_mkdir/trans2_open/trans2_setfilepathingo. Jeremy. Modified: trunk/source/smbd/trans2.c Changeset: Modified: trunk/source/smbd/trans2.c === --- trunk/source/smbd/trans2.c 2005-10-29 00:27:16 UTC (rev 11389) +++ trunk/source/smbd/trans2.c 2005-10-29 00:27:17 UTC (rev 11390) @@ -804,11 +804,11 @@ } /* Any data in this call is an EA list. */ - if (total_data !lp_ea_support(SNUM(conn))) { + if (total_data (total_data != 4) !lp_ea_support(SNUM(conn))) { return ERROR_NT(NT_STATUS_EAS_NOT_SUPPORTED); } - if (total_data) { + if (total_data != 4) { if (total_data 10) { return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -828,6 +828,8 @@ talloc_destroy(ctx); return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } + } else if (IVAL(pdata,0) != 4) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } fsp = open_file_ntcreate(conn,fname,sbuf, @@ -3736,6 +3738,17 @@ TALLOC_CTX *ctx = NULL; if (total_data 10) { + + /* OS/2 workplace shell seems to send SET_EA requests of null + length. They seem to have no effect. Bug #3212. JRA */ + + if ((total_data == 4) (IVAL(pdata,0) == 4)) { + /* We're done. We only get EA info in this call. */ + SSVAL(params,0,0); + send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0); + return(-1); + } + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -4489,11 +4502,17 @@ } /* Any data in this call is an EA list. */ - if (total_data !lp_ea_support(SNUM(conn))) { + if (total_data (total_data != 4) !lp_ea_support(SNUM(conn))) { return ERROR_NT(NT_STATUS_EAS_NOT_SUPPORTED); } - if (total_data) { + /* +* OS/2 workplace shell seems to send SET_EA requests of null +* length (4 bytes containing IVAL 4). +* They seem to have no effect. Bug #3212. JRA. +*/ + + if (total_data != 4) { if (total_data 10) { return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -4513,6 +4532,8 @@ talloc_destroy(ctx); return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } + } else if (IVAL(pdata,0) != 4) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (check_name(directory,conn)) {