[Samba] Kerberos Password Changes
Hi all, I apologize if I am getting into a subject that has been hashed and rehashed endlessly on this list, but I am just not finding exactly what I am looking for in terms of a response. At the moment, I have Linux and Solaris servers happily authenticating to my MIT Kerberos KDC, and fetching user information via an OpenLDAP server with a StartTLS connection (and authenticating to the LDAP server via their Kerberos ticket - very neat stuff, and http://aput.net/~jheiss/krbldap/ was very helpful in setting it all up, albeit with a few errors and omissions). Samba is also using the same LDAP directory to store its SAM database, including user passwords, which can thus obviously differ from their Kerberos passwords. All the Linux and UNIX systems authenticate via Kerberos (including all services running on each of the UNIX systems, such as Sendmail, Dovecot, SSH, et cetra). This leaves the Windows machines as the only ones who cannot authenticate via Kerberos AND remain part of the Samba domain. I do know that Windows 2000 and XP systems can authenticate via a MIT Kerberos server, but that also involves maintaining local user accounts on each machine, something I am not very fond of doing. I am now left with the question of how to keep the passwords in sync, considering there is no better option (that I know of, anyway - enlightenment here would be welcome if it can be offered). The one thought I had was to write a script that would invoke kadmin with a principal that had change password privileges (and the password for said principal saved within that script), and then change it that way. I do not particularly care for the idea of saving a password that has such capabilities in a script, even if owned by root and chmod'ed 700, but I cannot think of any better options, particularly at 2:45 AM EST. :-) If anyone has any tips or scripts that they would be willing to contribute, that would be fantastic. I am hoping to present a presentation on LDAP, Kerberos, and Samba integration for one of the Virginia Tech Linux UNIX User's Group meetings this semester, and this is really the only stumbling block left. Oh, and just out of curiosity, and if anyone has a second or two, any ideas for how/if Samba4 will handle external LDAP and Kerberos data sources? Lastly, I am still amazed at how smoothly all of this stuff works, especially combined - as always, a round of applause to all the Samba developers, Jason Heiss for writing a terrific how-to on implementing Kerberos and OpenLDAP, and the IDEALX guys for their how-to as well. -- +-+ | Sean Elble | | Virginia Tech, Class of 2008 | | Vice President, VTLUUG | | E-Mail: [EMAIL PROTECTED]| | Web: http://www.sessys.com/~elbles/ | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba storing filenames as utf8
samba 3.0.22 debian woody. linux charset: iso8859-15 windows charset iso8859-15 tested parameters: unix charset = ISO_8859-15 display charset = ISO_8859-15 unix charset = ISO-8859-15 unix charset = iso8859-15 unix charset = utf8 unix charset = UTF8 unix charset = LOCALE problem: files are seen in windows correct iso8859 named. if i look at the linux server, there are encrypted special characters in the filenames. (e.g. Entwürfe looks like EntwÃ1/4rfe) i've tested a long time and today i've tried to convert the filename: sv01samba:/# echo EntwÃ1/4rfe | iconv -f utf8 -t iso8859-15 Entwürfe in my view, it seems, that samba ignores the given unix charset parameter. -- -- greetings, kurt, austria. (http://www.kwnet.at) === this is a posting from a samba *user* - not a samba developer. the posting is created on the base of experiences an may be faulty. so, if contains any mistakes, please feel free to correct it === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Join samba to W2K server
On Friday 12 January 2007 08:24, Winanjaya - CBN wrote: I followed the instructions on suggested link .. I met this: [EMAIL PROTECTED] etc]# net ads join -U Administrator Administrator's password: [2007/01/12 09:19:29, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos database [2007/01/12 09:19:29, 0] utils/net_ads.c:ads_startup(191) ads_connect: Client not found in Kerberos database [EMAIL PROTECTED] etc]# any comment? Had you have tried kinit before net ads? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba box comment in NLS
How can I read correctly box comments (analogs server string= in smb.conf for Windows), described in national language (i.e. in Russian) and how can I setup server string= appropriate way? I have tried server string in KOI8, also as in Windows-1251, but never reached a result. -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Repost: Can't connect to my smb share from Win machine
Hello list, could somebody please point me to the information (tutorial) how to configure this properly, or where is the problem? I need to access the share without authentication (it's an isolated home network)... It used to work on FC3 but I can't figure it out on FC6 :-( By the way, there's a typo in the original post: the windows machine is W98 not 95. thanks Marek --- Marc [EMAIL PROTECTED] wrote: Hello, I have the following setup: Fedora Core 6: cheeky (192.168.0.11/24, kernel 2.6.18-1.2869.fc6), trying to share dir /home/cheeky/Desktop/Documents and a printer. [EMAIL PROTECTED] ~]# smbclient -L localhost -U% Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.23c-2] Sharename Type Comment - --- Documents Disk directory on Cheeky IPC$IPC IPC Service (Samba Server) DeskJet_930CPrinter DeskJet_930C Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.23c-2] Server Comment ---- CHEEKY Samba Server WorkgroupMaster ---- WORKGROUPCHEEKY Windows95 PC (192.168.0.10/24) trying to access the share. C:\net view \\192.168.0.11 Shared resources at \\192.168.0.11 SharenameTypeComment DeskJet_930C Print DeskJet_930C DocumentsDiskdirectory on Cheeky The command was completed successfully. but I can't access the share (I use a passwordless 'smbguest' account): [EMAIL PROTECTED] ~]# smbclient //192.168.0.11/Documents Password: Server not using user level security and no password supplied. tree connect failed: Call returned zero bytes (EOF) from the Windows machine I can see both the printer and the 'Documents' folder, but when I try to open the folder I get: Cannot access \\CHEEKY\Documents The network name is neither not found on the running network, or is incorrect. C:\net use e: \\192.168.0.11\Documents Error 67: The specified shared directory cannot be found. Make sure you have specified the network name correctly. If the problem persists, contact your network administrator. Here is my smb.conf: [global] workgroup = workgroup server string = Samba Server security = share null passwords = yes hosts allow = 192.168.0.10 127.0.0.1 load printers = yes cups options = raw guest account = smbguest log file = /var/log/samba/%m.log max log size = 50 interfaces = 192.168.0.11/24 local master = yes domain master = yes preferred master = yes wins support = yes dns proxy = no guest ok = yes guest account = smbguest [printers] comment = All Printers path = /usr/spool/samba browseable = yes public = yes guest ok = yes printable = yes [Documents] path = /home/cheeky/Desktop/Documents writeable = yes case sensitive = no strict locking = no comment = directory on Cheeky guest account = smbguest browseable = yes guest ok = yes public = yes Thanks in advance for any pointers. Marek Send instant messages to your online friends http://uk.messenger.yahoo.com ___ New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes. http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Write list options Dont work
Hi i have a shre like this: [DATOS] path = /data/datos comment = QAQC y SHA locking = no admin users = zulloa2 write list = @qaqc, zulloa2 browseable = yes public = yes guest ok = yes force create mode = 775 force directory mode = 775 read only = yes force group = qaqc but some time, some files appears in read only for the user zulloa2, this user is in the write list as you can see abve. what can i do thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.10 - Invalid Value!!!
I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10. Everytime a Windows XP workstation logs off the Macintosh Xserve server, the following shows up in the log.smbd (located at var/log/samba): [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! [2007/01/11 14:24:17, 0] /SourceCache/samba/samba-100.5/samba/source/rpc_server/srv_util.c:get_alias_user_groups(206) get_alias_user_groups: gid of user Bob doesn't exist. Check your /etc/passwd and /etc/group files My question is: Why is this happening and how can I resolve it so that my log does not fill up with these mesages everytime a user logs off the server. I have noticed these log entries occur no matter who logs off the server. I have run testparm smb.conf and receive only this error message: Load smb config files from smb.conf Processing section [netlogon] Processing section [homes] Processing section [Shared] Processing section [Home] Processing section [Public] Processing section [profiles] Loaded services file OK. Invalid combination of parameters for service homes. Level II oplocks can only be set if oplocks are also set. Invalid combination of parameters for service Shared. Level II oplocks can only be set if oplocks are also set. Invalid combination of parameters for service Home. Level II oplocks can only be set if oplocks are also set. Invalid combination of parameters for service Public. Level II oplocks can only be set if oplocks are also set. What could be causing the INVALID VALUE!!! messages above? Thanks, Niatross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 - Invalid Value!!!
On Thu, Jan 11, 2007 at 03:20:39PM -0800, Niatross wrote: I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10. Everytime a Windows XP workstation logs off the Macintosh Xserve server, the following shows up in the log.smbd (located at var/log/samba): [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! pdb_ods.c is not in the original Samba sources, I would expect that this is a modification that Apple has made. You should contact your Apple support for help on this topic. Best regards, Volker pgprpvHJOpQOG.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS domain member issues
This is a repost. Hi, I am having problems configuring my Centos 4 server as an ADS domain member of our 2003 AD. I've followed the instructions on samba.org and did quite a bit of Google'ing and haven't found an answer to the problems. Basically I used the configuration illustrated in this section of the howto, and of course a number of other suggestions I've found along the way: http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm Here's the installed software versions: rpm -qa | grep samba samba-common-3.0.10-1.4E samba-swat-3.0.10-1.4E.9 samba-client-3.0.10-1.4E samba-3.0.10-1.4E.9 rpm -qa | grep krb5 krb5-libs-1.3.4-33 krb5-devel-1.3.4-33 pam_krb5-2.1.8-1 krb5-workstation-1.3.4-33 What happens is that I am able to join the domain successfully: net ads join -U Administrator%pass [2006/12/12 19:16:25, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for development already exists - modifying old account Using short domain name -- B2LLC Joined 'DEVELOPMENT' to realm 'B2LLC.LOCAL' As far as the tests from the article go: *wbinfo -u, and wbinfo -g seem to work fine *getent passwd and getent group doesn't work as described in the article. It simply lists my local users. I have gotten it to work by modifying krb5.conf, but I can't seem to find the magic configuration for that as it seems to be touch and go. *net ads info and net ads status -UAdministrator% both work fine *When I go to the one of my domain controllers I can see the computer listed, but when I try to manage it and click on the shares I get a You do not have permissions to see the list of shares from Windows clients error. *When I try to browse to the machine from one of the computers on the domain it simply prompts me for a password dialog, and none of the domain or machine passwords work. *When I check the errors for the IP address of the computer I tried it from I usually get one of these two errors: [2006/12/12 17:44:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username B2LLC\crobin01 is invalid on this system [2006/12/12 17:44:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! I've tried the exact same configuration files on multiple machines and I seem to get different results depending on the server even though they all run Centos 4 (although there could be some dot level version differences, I do use their most updated Samba and Kerberos packages). I have one machine that the config files are actually working on, although the rights don't work the way I would expect them to work...not a big deal though for my needs. Any help would be greatly appreciated. If I've been going down the wrong path altogether I'm more than happy to RTFM if someone would be so kind to point me in the right direction. Thanks very much for any assistance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File Lock Timeout
Hi, I've seen posts (but no answers) about clearing a file lock on a Samba share. Presumably this kind of thing happens when the program abnormally terminates and doesn't close its open files. I've got a file that smbstatus reports as: 1216 DENY_WRITE 0x20089 RDONLY NONE /shares/share1/Files/december.xls Fri Jan 12 12:51:30 2007 Trying to open this in Excel says it's locked for editing by the user who reports that they definitely don't have it open. So I'm guessing this lock will eventually time out. But after how long? I can't find any documentation on this. But it looks like it's longer than 2 hours! Thanks for any help, Leon... ** Information in this message may contain confidential and privileged information. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. NHSmail is used daily by over 100,000 staff in the NHS. Over a million messages are sent every day by the system. To find out why more and more NHS personnel are switching to this NHS Connecting for Health system please visit www.connectingforhealth.nhs.uk/nhsmail ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Lock Timeout
On Fri, Jan 12, 2007 at 03:21:10PM +, Stringer Leon (West Midlands Ambulance Service NHS Trust) wrote: I've seen posts (but no answers) about clearing a file lock on a Samba share. Presumably this kind of thing happens when the program abnormally terminates and doesn't close its open files. I've got a file that smbstatus reports as: 1216 DENY_WRITE 0x20089 RDONLY NONE /shares/share1/Files/december.xls Fri Jan 12 12:51:30 2007 Trying to open this in Excel says it's locked for editing by the user who reports that they definitely don't have it open. So I'm guessing this lock will eventually time out. But after how long? I can't find any documentation on this. But it looks like it's longer than 2 hours! If the client who is being served by process 1216 is still around you should ask the user sitting at that box to close the file. If not, kill pid 1216 and the problem should solve itself. If this happens frequently to you, you might want to read about the option 'reset on zero vc' in the manpage of smb.conf. Volker pgp1zyjTtvwq7.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net rpc group members timeout
I set up an NIS slave on the Samba server, and this appears to fix the problem. On 1/5/07, Matt Proud [EMAIL PROTECTED] wrote: Hello, Occasionally when I perform net rpc group members (group a), I get a timeout. When I do net rpc group members (group b), I always get a timeout. I get the following error: [2007/01/05 16:36:18, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine 127.0.0.1 pipe \samr fnum 0x72cdreturned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/01/05 16:36:18, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x72cd to machine 127.0.0.1. Error was Call timed out: server did not respond after 1 milliseconds Everything looks appropriate when looking at net groupmap list. We are using NIS (I have begun a phased transition to LDAP and Kerberos), and NIS sometimes times out. Still, I overrode nsswitch and PAM to use LDAP and Kerberos respectively and no NIS, but this only marginally helps things. Can this timeout be raised? Is there some other underlying problem? We are using NSCD. There are a lot of user accounts. I have seen this problem discussed elsewhere, but nobody has proffered any solutions. Version: 3.0.22-1ubuntu3.1 Here's a copy of the Samba configuration: [global] netbios name = COPPER workgroup = blah server string = %h via SAMBA # passdb backend = smbpasswd passdb backend = tdbsam:/var/lib/samba/passdb.tdb security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts lmhosts wins support = yes domain master = yes local master = yes domain logons = yes preferred master = yes os level = 255 printcap = cups printing = cups load printers = yes #logon drive = H: logon script = logon.bat logon path = #logon path = \\%N\profile\%U #logon home = \\%L\ #log level = 0 printdrivers:10 rpc_srv:10 rpc_cli:10 smb:10 #log level = 0 smb:10 passdb:10 tbd:10 lanman:10 acls:10 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 deadtime = 120 time server = yes hide dot files = yes hide unreadable = yes guest ok = no guest account = nobody admin users = @newadm #domain admin group = @newadm #domain admin users = root encrypt passwords = yes null passwords = yes #unix password sync = yes #passwd program = /usr/bin/yppasswd %u #passwd chat = *old\spassword:* %o\n *new\spassword:** %n\n *new\spassword:** %n *changed* . #obey pam restrictions = yes unix charset = ISO8859-1 add machine script = /var/lib/samba/scripts/smb-add-machine %u map to guest = nobody preserve case = yes short preserve case = yes #All blah subnets should be enumerated here. #remote announce = 128.101.10.252/NT_blah 192.168.116.192/NT_blah enable privileges = yes printer admin = blah\Domain Admins # Experimental # These settings should either be inverted to the formerly noted defaults # or removed entirely. strict locking = no # Was no kernel oplocks = no # Was no oplocks = no # Was unset locking = no [printers] comment = All Printers browseable = no path = /tmp printable = yes public = yes writeable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes writeable = no public = yes write list = root, @newadm [netlogon] comment = Remote Login path = /var/lib/samba/netlogon writeable = no browseable = no admin users = root, @newadm write list = root, @newadm #[profile] # comment = Roaming Profiles # path = /var/lib/samba/profiles # create mode = 0600 # directory mode = 0700 # writable = yes # default case = lower # preserve case = no # short preserve case = no # case sensitive = no # #write list = root @blah # csc policy = disable # browseable = no # force user = %U # #profile acls = yes # #valid users = %U@Domain Admins [homes] comment = UNIX Home Directory volume = %u browseable = no writeable = yes guest ok = no inherit permissions = yes #valid users = root @blah valid users = %S invalid users = guest nobody create mask = 0644 directory mask = 0755 public = no locking = no [staff] comment = blah Staff Files --- Privileged volume = Staff browseable = no path = /srv/staff public = no writeable = yes create mask = 0770 directory mask = 2770 force group = +newstaff valid users = @newstaff [accounting] comment = blah Accounting Files --- Privileged volume = Accounting browseable = no path = /srv/accounting public = no writeable = yes create mask = 0770 directory mask = 2770 force group = +blah_acct valid users = @blah_acct [software] comment =
Re: [Samba] File Lock Timeout
From: Volker Lendecke [EMAIL PROTECTED] On Fri, Jan 12, 2007 at 03:21:10PM +, Stringer Leon (West Midlands Ambulance Service NHS Trust) wrote: I've seen posts (but no answers) about clearing a file lock on a Samba share. Presumably this kind of thing happens when the program abnormally terminates and doesn't close its open files. I've got a file that smbstatus reports as: 1216 DENY_WRITE 0x20089 RDONLY NONE /shares/share1/Files/december.xls Fri Jan 12 12:51:30 2007 So I'm guessing this lock will eventually time out. But after how long? I can't find any documentation on this. But it looks like it's longer than 2 hours! If the client who is being served by process 1216 is still around you should ask the user sitting at that box to close the file. If not, kill pid 1216 and the problem should solve itself. Thanks for your reply. Unfortunately that doesn't help as the user is one of many on a terminal server and all files for that box are listed with pid 1216. So killing that would cause a lot of problems (I assume). If this happens frequently to you, you might want to read about the option 'reset on zero vc' in the manpage of smb.conf. I'll check that out... ** Information in this message may contain confidential and privileged information. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. NHSmail is used daily by over 100,000 staff in the NHS. Over a million messages are sent every day by the system. To find out why more and more NHS personnel are switching to this NHS Connecting for Health system please visit www.connectingforhealth.nhs.uk/nhsmail ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Lock Timeout
On Fri, Jan 12, 2007 at 04:02:37PM +, Stringer Leon (West Midlands Ambulance Service NHS Trust) wrote: Thanks for your reply. Unfortunately that doesn't help as the user is one of many on a terminal server and all files for that box are listed with pid 1216. So killing that would cause a lot of problems (I assume). But then the file is still being held open by some process on the file server. If this happens frequently to you, you might want to read about the option 'reset on zero vc' in the manpage of smb.conf. I'll check that out... Won't help in your case. Volker pgpldQ9hy7EqK.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Lock Timeout
From: Volker Lendecke [EMAIL PROTECTED] On Fri, Jan 12, 2007 at 04:02:37PM +, Stringer Leon (West Midlands Ambulance Service NHS Trust) wrote: Thanks for your reply. Unfortunately that doesn't help as the user is one of many on a terminal server and all files for that box are listed with pid 1216. So killing that would cause a lot of problems (I assume). But then the file is still being held open by some process on the file server. Yes, so either I have to wait for a timeout so the one user can edit their file or I can kill the process removing the locks for everyone else. So I have to wait, which was my original question, how long for? The lock has gone now, but this problem has happened before and is bound to happen again. If I remember correctly, Windows allows you to close the locks on individual files, it would be nice if Samba did this too... ** Information in this message may contain confidential and privileged information. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. NHSmail is used daily by over 100,000 staff in the NHS. Over a million messages are sent every day by the system. To find out why more and more NHS personnel are switching to this NHS Connecting for Health system please visit www.connectingforhealth.nhs.uk/nhsmail ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA-LDAP - Group permissions
Hi, Do you want them to be admins from out of the Windows Tools Usermanager/Servermanager? Have a look at the privileges. (Samba Howto Collection chapter 15) Another chance is to put some access controll lists in your slapd.conf file and make the admins to use an ldap browser of their choice. Good luck Stefan Allysson Steve Mota Lacerda schrieb: Hi folks. I have a functional Samba-LDAP server running as a PDC with Windows 2003 clients. I'm changing the structure of my LDAP tree and I want to give administrator's permissions to a branch (i.e. ou=teachers,dc=domain,dc=com). Is there a way to do this automatically (i.e. by using an argument in smb.conf)? Ah... I tried to use admin users in smb.conf to give permissions to a single user but it didn't function. Thanks a lot. My smb.conf: [global] workgroup = FACOMP netbios name = FACOMP01 server string = Controlador de Dominio domain master = yes preferred master = yes local master = yes domain logons = yes enable privileges = yes encrypt passwords = yes ldap passwd sync = yes admin users = rodrigoqueiroz passdb backend = ldapsam:ldap://localhost smbpasswd guest ldap suffix = dc=facomp,dc=edu,dc=br ldap machine suffix = ou=Computadores ldap user suffix = ou=Usuarios ldap group suffix = ou=Grupos ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br ldap ssl = no logon script = netlogon.bat logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U security = user os level = 256 interfaces = 192.168.0.1 log level = 3 veto files = /*.mp3/*.wma/*.wmv/*.avi/*.mpg/*.wav/*.rmvb/ delete veto files = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrate machine-passwords from smbpasswd to ldap?
Hi Peter, I didnt test it but pdbedit -i smbpasswd:/etc/smbpasswd -e ldapsam should do the job! Ther is also a parameter -g wich applies to group mappings (Are they available in Samba 2 ???). Good luck. peter pilsl schrieb: I'm just migrating a whole samba-installations ffrom old 2.2 to 3.0 with LDAP. I was successfully able to migrate all useraccounts with smbldap-useradd but now I'm stuck with the machine-accounts. All machines are part of the domain and they should be able to logon the new server without noticing any difference. I can add them with smbldap-useradd -w but the resulting ldap-entry does not have any samba-attributes, especially the sambaNTpassword and sambaLMpassword-fields are not set !! I think that these passwords are essential to keep the trustrelation between server and machines. I'm not sure about some details also: 1) the machines still have the $ as last name, so the machine dummy should be in the ldap-structure with uid=dummy$ ?! 2) am I right that sambaNTPassword and sambaLMPassword needs to be the same on the new installation than the old one to let the machines stay in the domain without needing to leave and rejoin? 3) what about sambaSID for the existing machine? How do I get the correct sambaSID? Is the same than with users? domainSID-1000+2*uid ? 4) Do I need to add a machine as normal user first and then as machine, cause when I try to add the machine with pdbedit I get the following error: #pdbedit -a -m -u ihf23$ 21 doing parameter max log size = 1 pm_process() returned Yes Searching for:[((objectClass=sambaDomain)(sambaDomainName=IHF))] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected Searching for:[((objectClass=sambaDomain)(sambaDomainName=IHF))] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected ldapsam_add_sam_account: Adding new user init_ldap_from_sam: Setting entry for user: ihf23$ ldapsam_modify_entry: Failed to add user dn= uid=ihf23$,ou=smbComputers,dc=ihf,dc=local with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ldapsam_add_sam_account: failed to modify/add user with uid = ihf23$ (dn = uid=ihf23$,ou=smbComputers,dc=ihf,dc=local) Unable to add machine! (does it already exist?) thnx, peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Lock Timeout
On Fri, Jan 12, 2007 at 04:20:56PM +, Stringer Leon (West Midlands Ambulance Service NHS Trust) wrote: But then the file is still being held open by some process on the file server. Yes, so either I have to wait for a timeout so the one user can edit their file or I can kill the process removing the locks for everyone else. So I have to wait, which was my original question, how long for? This particular kind of lock (a share mode) does not have a timeout, this is completely client-driven. The lock has gone now, but this problem has happened before and is bound to happen again. If I remember correctly, Windows allows you to close the locks on individual files, it would be nice if Samba did this too... Yep. Can you file a bug at bugzilla.samba.org with prio enhancement so that it does not get forgotten? Thanks, Volker pgp6sDiNUlmZK.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 - Invalid Value!!!
On 12/01/07, Volker Lendecke [EMAIL PROTECTED] wrote: On Thu, Jan 11, 2007 at 03:20:39PM -0800, Niatross wrote: I have a Macintosh Xserve running OS 10.4.8 and it's running Samba 3.0.10. Everytime a Windows XP workstation logs off the Macintosh Xserve server, the following shows up in the log.smbd (located at var/log/samba): [2007/01/11 14:24:17, 0] pdb_ods.c:make_a_mod(2045) make_a_mod: INVALID VALUE!!! pdb_ods.c is not in the original Samba sources, I would expect that this is a modification that Apple has made. You should contact your Apple support for help on this topic. See http://developer.apple.com/bugreporter/ for how to open an Apple bug. They'll probably ask for a packet trace of this. -- James Peach | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Lock Timeout
From: Volker Lendecke [EMAIL PROTECTED] On Fri, Jan 12, 2007 at 04:20:56PM +, Stringer Leon (West Midlands Ambulance Service NHS Trust) wrote: The lock has gone now, but this problem has happened before and is bound to happen again. If I remember correctly, Windows allows you to close the locks on individual files, it would be nice if Samba did this too... Yep. Can you file a bug at bugzilla.samba.org with prio enhancement so that it does not get forgotten? Sure: https://bugzilla.samba.org/show_bug.cgi?id=4338 Many thanks for your help! ** Information in this message may contain confidential and privileged information. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. NHSmail is used daily by over 100,000 staff in the NHS. Over a million messages are sent every day by the system. To find out why more and more NHS personnel are switching to this NHS Connecting for Health system please visit www.connectingforhealth.nhs.uk/nhsmail ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error setting up Samba with LDAP
I am following the Samba 3 How To and Samba 3 By Example to set up a Samba PDC. I have everything configured as shown, but when I run the command: /net getlocalsid/ I get this error: /Failed to issue the StartTLS instruction: Connect error Connection to LDAP server failed for the 1 try! / I'll post configs on Monday. Just wondered if anyone has encountered this and could shed some light. Thanks. -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to get Soft Links to work
I am running Samba on a Solaris 8.x box and my Samba (Win XP) users can't see or make any softlinks work that are on the unix filesystem. I've seen opinions that one needs to set the 's' sticky bit on but that doesn't seem to work. Any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] read only share problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2007 02:22 PM, [EMAIL PROTECTED] escreveu: HI, I have setup a samba share called DATOS it look like this: [DATOS] path = /data/datos comment = QAQC y SHA locking = no admin users = zulloa2 write list = @qaqc, zulloa2 browseable = yes public = yes guest ok = yes force create mode = 775 force directory mode = 775 read only = yes force group = qaqc Your share is a little bit messy. You have public and guest ok, they are synonyms, you only need one of them. Besides that, it seems to have the configuration that you are imagining, a read only directory which a few people are able to write. in linux debian samba Version 3.0.14a-Debian it work good, opening the documents read only for every one, and can write with the user zulloa2 or the users in sha group. The problem is, some time some files in this share appear in read only mode for the user zulloa2... In a hard guess I would say that you have problems with your filesystem permissions. all the files in the share are in 775 this is the smbstatus when the file appear in readonly tipecasrv:~# smbstatus -u zulloa2 Samba version 3.0.14a-Debian PID Username Group Machine --- 14974 zulloa2 zulloa2 sha (192.168.0.3) Service pid machine Connected at --- DATOS14974 sha Thu Jan 11 07:01:38 2007 PUBLICO 14974 sha Thu Jan 11 07:01:38 2007 IPC$ 14974 sha Thu Jan 11 12:12:01 2007 GESTION 14974 sha Thu Jan 11 07:01:38 2007 CALIDADySHA 14974 sha Thu Jan 11 07:01:38 2007 Locked files: PidDenyMode Access R/WOplock Name -- 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/CONTINUACION.ppt Thu Jan 11 11:41:02 2007 14974 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /data/datos/QAQC/ITOPMT.doc Thu Jan 11 12:13:06 2007 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/PGT.doc Thu Jan 11 12:00:32 2007 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/Copia de SISTEMA QAQC.pps Thu Jan 11 11:40:57 2007 Can you send a full smbstatus, with logs of the access from the user? look that not all the files appears read only but is the same share an folder... Investigate the filesystem permissions. There are more users accessing this share? what happend? how can i do ? when i do a /etc/init.d/samba restart so i can write them with zulloa2 user, but hours later the read only show again... Thanks Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFqCd5Cj65ZxU4gPQRAuBdAJ94cR8mtP6T8+w+sIe26MCrKEvMZgCffQZr RRGiF43kEuaIHl0bLzMHjJM= =8fKN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rename or mv not possible when unix write mode not set
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2007 06:21 PM, Kevin Longfellow escreveu: Hi, I'm wondering if anyone knows of a workaround or fix for the below issue. The Samba server is running on: Red Hat Enterprise Linux AS release 3 (Taroon Update 4) kernel=2.4.21-27.0.2.1.9.ELsmp Samba version = 3.0.20b chmod and mv are from the MKS toolkit. Do you mean that you are using chmod and mv provided by MKS under windows, or are you saying something else? The question/issue: In unix I can do: touch kltest chmod 544 kltest mv kltest kltest3 If I create a directory on the samba server and share it as below the above fails with permission denied from my Windows XP system. Any idea what the problem is and how to fix this? I know the obvious chmod 644 but the 544 permission is not in my control. It is created by a source control system, so I cannot change the permission. Did you try to add vfs full audit and check what's going on under the bridge? And also, what the log says when you try to execute the same thing? Doing that over the smbfs or CIFS is not _exactly_ the same thing as when you are on the unix filesystem. Share information: [ade_dnv_txn] comment = read only = no path = /ade_dnv_txn public = yes valid users = @st-dnv-smbusers printable = no create mask = 0777 directory mask = 0777 preserve case = yes short preserve case = yes Thanks, Kevin Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFqChtCj65ZxU4gPQRAgS/AKDChmn8gk84JBkeFdyEXozrOd1z+gCeMlMS bpKBhgzQuN8G9NbBxB5uBH8= =LH1e -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2007 05:31 PM, Jason Baker escreveu: Greetings, I am running samba-3.0.10-1.4E.9 installed from rpm on CentOS 4.4. Just as a side note, you should update your samba, the 3.0.14 and the 3.0.2x series have great improvements and lots of bugfixes. I have it configured as a PDC. It is using the /passdb backend = tdbsam/ backend. I am using /pdbedit/ to make some configuration changes to user passwords. I would like to expire a users password, so that they are required to change it the next time they log in. You should set zero to the MustChange field. From all that I have read in on-line resources (including the Samba How To), it says to run the following command (this should effect the individual user). /pdbedit --pwd-must-change-time=2007-01-01 --time-format=%y-%m-%d test / Instead of doing that, try to just set '0' to the field, it should require that the user 'test' change the password on next logon. BTW, if I'm not wrong, you should use an uppercase y for year: %Y-%m-%d. It however only returns: / /test:501:Victor Aluicious Laan. If I enter /pdbedit -Lv/ test, I see the following: /[EMAIL PROTECTED] ~]# pdbedit -Lv test/ /Unix username:test/ /NT username:/ /Account Flags:[U ]/ /User SID: S-1-5-21-3030426004-1519544323-488087672-2002/ /Primary Group SID:S-1-5-21-3030426004-1519544323-488087672-2003/ /Full Name:Victor Aluicious Laan/ /Home Directory: \\aster\test/ /HomeDir Drive:U:/ /Logon Script: test.bat/ /Profile Path: \\aster\profiles\test/ /Domain: GLASTENDERNET/ /Account desc:/ /Workstations:/ /Munged dial:/ /Logon time: 0/ /Logoff time: Mon, 18 Jan 2038 22:14:07 GMT/ /Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT/ /Password last set:Thu, 11 Jan 2007 12:54:40 GMT/ /Password can change: Thu, 11 Jan 2007 12:54:40 GMT/ /Password must change: Mon, 18 Jan 2038 22:14:07 GMT/ /Last bad password : Thu, 11 Jan 2007 12:49:51 GMT/ /Bad password count : 2/ /Logon hours : FF/ I can run: /pdbedit -r --fullname=Change to Test test /and it will indeed change the Full Name, so I know it is working in some form. /[EMAIL PROTECTED] ~]# pdbedit -Lv test/ /Unix username:test/ /NT username:/ /Account Flags:[U ]/ /User SID: S-1-5-21-3030426004-1519544323-488087672-2002/ /Primary Group SID:S-1-5-21-3030426004-1519544323-488087672-2003/ /Full Name:Change to Test/ /Home Directory: \\aster\test cut / I have searched the Samba mailing list archives and have found a few other's who have asked this same question, but haven't found any resolutions. Is there an easier way to instantly make a samba password expired so that a user has to change their password on the next login? There is always helper tools like Samba Console, SWAT or the MS Windows usrmgr. I know many of you will answer that I should change to LDAP, that may be so, but the documentation claims this should work in /tdbsam/ but yet it seems to not work. Any advice would be helpful. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFqCm/Cj65ZxU4gPQRAiXNAKCgZOMKhhlkpwfYEHOKHnD1j+IFrACdGYBf 4ctcw4yurDTss/FCRiuCz8w= =Fa3A -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to verify incoming ticket
I am running samba 3.0.23d on Gentoo. I have a particularly problematic server that is a domain member of our AD domain. After joining the domain, shares are available and user credentials work just fine. Then, suddenly for no apparent reason, it stops working. And, then again, just as quickly as the problem starts, it goes away. I have looked at this thing as many ways as I can possibly think of, but have not yet found the culprit. From everything I've seen, the issue points to Kerberos. I used a plain vanilla approach to join it to the domain: Installed samba, winbind, mit-krb5, and pam modules: USE=ldap kerberos winbind pam emerge samba Edited krb5.conf (see below) and ran - kinit administrator klist reveals: klist: You have no tickets cached Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 01/12/07 19:46:02 01/12/07 20:26:02 krbtgt/[EMAIL PROTECTED] Edited nsswitch.conf (see below). Edited smb.conf (see below) and ran - net ads join -U adminstrator and got: Using short domain name -- MYDOMAIN Joined 'TESTBOX' to realm 'MYDOMAIN.COM' I started samba: /etc/init.d/samba start * samba - start: smbd ...[ ok ] * samba - start: nmbd ...[ ok ] * samba - start: winbind ... [ ok ] However, accessing a share from a windows machine (doesn't appear to matter the version), I get prompted for credentials. Upon entering them, I get Logon failed. As I write this, I have a XP box that is allowing me to access the share, but a 2K3 server that fails - same credentials. If I use the ip address, it succeeds every time. In the samba client logs I see: [2007/01/12 19:56:48, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! Occasionally in log.winbind I get: [2007/01/12 19:22:18, 1] nsswitch/winbindd_ads.c:query_user_list(218) Not a user account? atype=0x3000 I also see some weirdness with wbinfo. When displaying users, I see only user accounts, while on my other servers, I see user and computer accounts. KRB5.CONF: == [libdefaults] default_realm = MYDOMAIN.COM ticket_lifetime = 2400 clockskew = 300 default_tkt_enctypes= des-cbc-crc des-cbc-md5 default_tgs_enctypes= des-cbc-crc des-cbc-md5 forwardable = true dns_lookup_kdc = false dns_lookup_realm= false kdc_timesync= true [realms] MYDOMAIN.COM = { kdc = dcm.mydomain.com admin_server= dcm.mydomain.com default_domain = mydomain.com } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [logging] kdc = FILE:/var/log/krb5kdc.log admin_server= FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log SMB.CONF: = [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM netbios name = TESTBOX server string = TESTBOX interfaces = 192.168.1.28 127. bind interfaces only = yes security = ADS log file = /var/log/samba/log.%m max log size = 8164 name resolve order = hosts wins bcast socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 os level = 5 preferred master = no local master = no domain master = no dns proxy = no wins proxy = no wins server = 192.168.1.124 template shell = /bin/bash unix extensions = no template home dir = /home/%D/%U winbind enum users = yes winbind uid = 1-2 winbind gid = 1-2 winbind enum groups = yes winbind separator = + winbind use default domain = yes encrypt passwords = yes hosts allow = 192.168. 127. load printers = no smb ports = 139 NSSWITCH.CONF: == passwd: compat winbind shadow: compat group: compat winbind hosts: files dns wins networks:files dns services:db files protocols: db files rpc: db files ethers: db files netmasks:files netgroup:files bootparams: files automount: files aliases: files -- Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error setting up Samba with LDAP
On Friday 12 January 2007 16:27, Jason Baker wrote: I am following the Samba 3 How To and Samba 3 By Example to set up a Samba PDC. I have everything configured as shown, but when I run the command: /net getlocalsid/ I get this error: /Failed to issue the StartTLS instruction: Connect error Connection to LDAP server failed for the 1 try! / I'll post configs on Monday. Just wondered if anyone has encountered this and could shed some light. Thanks. Please let me know precisely which step in the Samba-3 By Example book is failing. Did you follow the letter of the example - or did you ad-lib along the way? - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] fam inconsistent in noticing changes
I'm running Samba-3.0.23d on CentOS4.4 servers. We have a process where people can upload files (from WinXP) to a directory over Samba, and then a Unix cronjob picks those files up, moves them to another directory (outside of Samba) and does things to them. The problem is that when the file moves occur, WinXP doesn't show the files have disappeared. Even days later the files show up as still being in that directory - unless the WinXP user hits F5 of course. i.e. FAM/dnotify isn't telling Windows a change has occurred. I have done some simple manual testing and can't easily repeat the problem on the same boxes. I can go to a directory (under WinXP), create a file/dir, then (under Unix) move that directory out - and it disappears within seconds under WinXP. What should I be looking for to diagnose the problem further? Are there some condition under which FAM/etc becomes a bit dodgy? (e.g. does that lack of a TTY in cron trigger something?) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] read only share problem
Felipe Augusto van de Wiel escribió: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2007 02:22 PM, [EMAIL PROTECTED] escreveu: HI, I have setup a samba share called DATOS it look like this: [DATOS] path = /data/datos comment = QAQC y SHA locking = no admin users = zulloa2 write list = @qaqc, zulloa2 browseable = yes public = yes guest ok = yes force create mode = 775 force directory mode = 775 read only = yes force group = qaqc Your share is a little bit messy. You have public and guest ok, they are synonyms, you only need one of them. Besides that, it seems to have the configuration that you are imagining, a read only directory which a few people are able to write. in linux debian samba Version 3.0.14a-Debian it work good, opening the documents read only for every one, and can write with the user zulloa2 or the users in sha group. The problem is, some time some files in this share appear in read only mode for the user zulloa2... In a hard guess I would say that you have problems with your filesystem permissions. all the files in the share are in 775 this is the smbstatus when the file appear in readonly tipecasrv:~# smbstatus -u zulloa2 Samba version 3.0.14a-Debian PID Username Group Machine --- 14974 zulloa2 zulloa2 sha (192.168.0.3) Service pid machine Connected at --- DATOS14974 sha Thu Jan 11 07:01:38 2007 PUBLICO 14974 sha Thu Jan 11 07:01:38 2007 IPC$ 14974 sha Thu Jan 11 12:12:01 2007 GESTION 14974 sha Thu Jan 11 07:01:38 2007 CALIDADySHA 14974 sha Thu Jan 11 07:01:38 2007 Locked files: PidDenyMode Access R/WOplock Name -- 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/CONTINUACION.ppt Thu Jan 11 11:41:02 2007 14974 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /data/datos/QAQC/ITOPMT.doc Thu Jan 11 12:13:06 2007 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/PGT.doc Thu Jan 11 12:00:32 2007 14974 DENY_WRITE 0x20089 RDONLY NONE /data/datos/QAQC/Copia de SISTEMA QAQC.pps Thu Jan 11 11:40:57 2007 Can you send a full smbstatus, with logs of the access from the user? look that not all the files appears read only but is the same share an folder... Investigate the filesystem permissions. There are more users accessing this share? what happend? how can i do ? when i do a /etc/init.d/samba restart so i can write them with zulloa2 user, but hours later the read only show again... Thanks Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFqCd5Cj65ZxU4gPQRAuBdAJ94cR8mtP6T8+w+sIe26MCrKEvMZgCffQZr RRGiF43kEuaIHl0bLzMHjJM= =8fKN -END PGP SIGNATURE- mister as you can see the file premission are set trhought samba: force create mode = 775 force directory mode = 775 force group = qaqc So all the share, i mean chmod -R 775 /data/datos and, chown -R root:sha /data/datos/ are set up with 755 permissions with sha group as write enabled read all please thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Samba 2.2.8 for OpenVMS VAX 7.3 Vaxstation 4000/60
Luiz Guilherme Regis Emediato wrote: Hi, This command is commented out in SAMBA_STARTUP.COM which is run inside of SYSTARTUP_VMS.COM. I have them installed and if I remove the comment sign it works fine as a work around. However the problem with TCP/IP remains, that is, why didn't the ECO patch resolve the problem with set config enable service smbd set config enable service swat ? Because until the SAMBA_STARTUP command file is run, the logical names required by SWAT and SMBD do not exist. The SAMBA_STARTUP.COM procedure must be run after the startup procedure for the TCPIP services. If you enable the services with SET CONFIG, then all attempts to start the SMBD services will fail until the SAMBA_STARTUP.COM is run. You also may end up with data corruption because some files may not be properly initialized. -John [EMAIL PROTECTED] Personal Opinion Only -- Need a senior system engineer? I am looking for employment. http://encompasserve.org/~malmberg/MALMBERG_CS1_RESUME.TXT PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r20699 - in branches/SAMBA_3_0/source/smbd: .
Author: vlendec Date: 2007-01-12 08:49:09 + (Fri, 12 Jan 2007) New Revision: 20699 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20699 Log: This is an attempt to fix bug 4326. James, can you please confirm this and merge it to 3_0_24? For me it fixes the segfault. Thanks, Volker Modified: branches/SAMBA_3_0/source/smbd/notify_fam.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/notify_fam.c === --- branches/SAMBA_3_0/source/smbd/notify_fam.c 2007-01-12 05:47:00 UTC (rev 20698) +++ branches/SAMBA_3_0/source/smbd/notify_fam.c 2007-01-12 08:49:09 UTC (rev 20699) @@ -432,7 +432,8 @@ * request. */ -if (info-generation == global_fc_generation) { +if ((FAMCONNECTION_GETFD(global_fc) != -1) +(info-generation == global_fc_generation)) { DEBUG(FAM_TRACE, (removing FAM notification for request %d\n, info-req.reqnum)); FAMCancelMonitor(global_fc, (info-req));
svn commit: samba r20700 - in branches/SAMBA_3_0/source/smbd: .
Author: vlendec Date: 2007-01-12 09:29:44 + (Fri, 12 Jan 2007) New Revision: 20700 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20700 Log: In the main processing loop we select() on the fam socket. If it fires, it might be possible that we hang in the receive_smb() although that socket is not the reason for the select() to return. This immediately reacts to the fam socket to become readable, and goes into the select loop again. This fixes delays in files showing up in Windows. Jeremy, James please review this and merge to 3_0_24 if appropriate. Thanks, Volker Modified: branches/SAMBA_3_0/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/process.c === --- branches/SAMBA_3_0/source/smbd/process.c2007-01-12 08:49:09 UTC (rev 20699) +++ branches/SAMBA_3_0/source/smbd/process.c2007-01-12 09:29:44 UTC (rev 20700) @@ -514,6 +514,19 @@ */ goto again; } + + if ((change_notify_fd() = 0) FD_ISSET(change_notify_fd(), fds)) { + + process_pending_change_notify_queue((time_t)0); + + /* +* Same comment as for oplock processing applies here. We +* might have done I/O on the client socket. +*/ + + goto again; + } + return receive_smb(smbd_server_fd(), buffer, 0); }
svn commit: samba r20701 - in branches/SAMBA_4_0/source: heimdal/lib/hx509 kdc
Author: metze Date: 2007-01-12 12:54:20 + (Fri, 12 Jan 2007) New Revision: 20701 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20701 Log: ignore generated files metze Modified: branches/SAMBA_4_0/source/heimdal/lib/hx509/ branches/SAMBA_4_0/source/kdc/ Changeset: Property changes on: branches/SAMBA_4_0/source/heimdal/lib/hx509 ___ Name: svn:ignore - *.x hx509_err.c hx509_err.h ocsp_asn1.h ocsp_asn1_files pkcs10_asn1.h pkcs10_asn1_files + *.x hx509_err.c hx509_err.h ocsp_asn1.h ocsp_asn1_files pkcs10_asn1.h pkcs10_asn1_files asn1_*.c Property changes on: branches/SAMBA_4_0/source/kdc ___ Name: svn:ignore - .sconsign *.d + pac_glue.h *.d
svn commit: samba r20702 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2007-01-12 12:55:30 + (Fri, 12 Jan 2007) New Revision: 20702 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20702 Log: fix spelling metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2007-01-12 12:54:20 UTC (rev 20701) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2007-01-12 12:55:30 UTC (rev 20702) @@ -431,7 +431,7 @@ uint32 u2; [range(0,0x10)] uint32 count; uint32 u3; - [size_is(count)] drsuapi_DsReplicaCursor2 coursors[]; + [size_is(count)] drsuapi_DsReplicaCursor2 cursors[]; } drsuapi_DsReplicaCursor2CtrEx; /* Generic DATA_BLOB values */
svn commit: samba r20703 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: metze Date: 2007-01-12 13:00:55 + (Fri, 12 Jan 2007) New Revision: 20703 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20703 Log: fix minor memory leak metze Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-01-12 12:55:30 UTC (rev 20702) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-01-12 13:00:55 UTC (rev 20703) @@ -1165,6 +1165,7 @@ if (ret) { goto failed; } + talloc_steal(tmp_ctx, root_res); if (root_res-count != 1) { goto failed;
svn commit: samba r20704 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: metze Date: 2007-01-12 13:08:06 + (Fri, 12 Jan 2007) New Revision: 20704 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20704 Log: add functions to get and set the ntds objectGUID and invocationId metze Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-01-12 13:00:55 UTC (rev 20703) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-01-12 13:08:06 UTC (rev 20704) @@ -1190,6 +1190,192 @@ } /* + work out the ntds settings invocationId for the current open ldb +*/ +const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb) +{ + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { invocationId, NULL }; + int ret; + struct ldb_result *res; + struct GUID *invocation_id; + + /* see if we have a cached copy */ + invocation_id = ldb_get_opaque(ldb, cache.invocation_id); + if (invocation_id) { + return invocation_id; + } + + tmp_ctx = talloc_new(ldb); + if (tmp_ctx == NULL) { + goto failed; + } + + ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, res); + if (ret) { + goto failed; + } + talloc_steal(tmp_ctx, res); + + if (res-count != 1) { + goto failed; + } + + invocation_id = talloc(tmp_ctx, struct GUID); + if (!invocation_id) { + goto failed; + } + + *invocation_id = samdb_result_guid(res-msgs[0], invocationId); + + /* cache the domain_sid in the ldb */ + if (ldb_set_opaque(ldb, cache.invocation_id, invocation_id) != LDB_SUCCESS) { + goto failed; + } + + talloc_steal(ldb, invocation_id); + talloc_free(tmp_ctx); + + return invocation_id; + +failed: + DEBUG(1,(Failed to find our own NTDS Settings invocationId in the ldb!\n)); + talloc_free(tmp_ctx); + return NULL; +} + +bool samdb_set_ntds_invocation_id(struct ldb_context *ldb, const struct GUID *invocation_id_in) +{ + TALLOC_CTX *tmp_ctx; + struct GUID *invocation_id_new; + struct GUID *invocation_id_old; + + /* see if we have a cached copy */ + invocation_id_old = ldb_get_opaque(ldb, cache.invocation_id); + + tmp_ctx = talloc_new(ldb); + if (tmp_ctx == NULL) { + goto failed; + } + + invocation_id_new = talloc(tmp_ctx, struct GUID); + if (!invocation_id_new) { + goto failed; + } + + *invocation_id_new = *invocation_id_in; + + /* cache the domain_sid in the ldb */ + if (ldb_set_opaque(ldb, cache.invocation_id, invocation_id_new) != LDB_SUCCESS) { + goto failed; + } + + talloc_steal(ldb, invocation_id_new); + talloc_free(tmp_ctx); + talloc_free(invocation_id_old); + + return true; + +failed: + DEBUG(1,(Failed to set our own cached invocationId in the ldb!\n)); + talloc_free(tmp_ctx); + return false; +} + +/* + work out the ntds settings objectGUID for the current open ldb +*/ +const struct GUID *samdb_ntds_objectGUID(struct ldb_context *ldb) +{ + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { objectGUID, NULL }; + int ret; + struct ldb_result *res; + struct GUID *ntds_guid; + + /* see if we have a cached copy */ + ntds_guid = ldb_get_opaque(ldb, cache.ntds_guid); + if (ntds_guid) { + return ntds_guid; + } + + tmp_ctx = talloc_new(ldb); + if (tmp_ctx == NULL) { + goto failed; + } + + ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE, NULL, attrs, res); + if (ret) { + goto failed; + } + talloc_steal(tmp_ctx, res); + + if (res-count != 1) { + goto failed; + } + + ntds_guid = talloc(tmp_ctx, struct GUID); + if (!ntds_guid) { + goto failed; + } + + *ntds_guid = samdb_result_guid(res-msgs[0], objectGUID); + + /* cache the domain_sid in the ldb */ + if (ldb_set_opaque(ldb, cache.ntds_guid, ntds_guid) != LDB_SUCCESS) { + goto failed; + } + + talloc_steal(ldb, ntds_guid); + talloc_free(tmp_ctx); + + return ntds_guid; + +failed: + DEBUG(1,(Failed to find our own NTDS Settings objectGUID in the ldb!\n)); + talloc_free(tmp_ctx); + return NULL; +} + +bool samdb_set_ntds_objectGUID(struct ldb_context *ldb, const struct GUID *ntds_guid_in) +{ + TALLOC_CTX *tmp_ctx; + struct GUID *ntds_guid_new; + struct GUID *ntds_guid_old; + + /* see if we have a cached copy */ + ntds_guid_old = ldb_get_opaque(ldb,
svn commit: samba r20705 - in branches/SAMBA_4_0/source: dsdb/repl dsdb/samdb dsdb/samdb/ldb_modules torture/libnet
Author: metze Date: 2007-01-12 13:17:25 + (Fri, 12 Jan 2007) New Revision: 20705 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20705 Log: store the replUpToDateVector attribute in DSDB_EXTENDED_REPLICATED_OBJECTS metze Modified: branches/SAMBA_4_0/source/dsdb/repl/replicated_objects.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c branches/SAMBA_4_0/source/dsdb/samdb/samdb.h branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c Changeset: Sorry, the patch is too large (509 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20705
svn commit: samba r20706 - in branches/SAMBA_4_0/source: .
Author: metze Date: 2007-01-12 14:05:07 + (Fri, 12 Jan 2007) New Revision: 20706 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20706 Log: the '@' chars should only be in front of each line, but here the line is wrapped with '\' ... metze Modified: branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2007-01-12 13:17:25 UTC (rev 20705) +++ branches/SAMBA_4_0/source/main.mk 2007-01-12 14:05:07 UTC (rev 20706) @@ -394,17 +394,17 @@ @echo Compiling $ @-mkdir -p `dirname [EMAIL PROTECTED] @$(COMPILE) exit 0 ; \ - @echo The following command failed: 12;\ - @echo $(COMPILE) 12;\ - @$(COMPILE) /dev/null 21 + echo The following command failed: 12;\ + echo $(COMPILE) 12;\ + $(COMPILE) /dev/null 21 .c.ho: @echo Compiling $ with host compiler @-mkdir -p `dirname [EMAIL PROTECTED] @$(HCOMPILE) exit 0;\ - @echo The following command failed: 12;\ - @echo $(HCOMPILE) 12;\ - @$(HCOMPILE) /dev/null 21 + echo The following command failed: 12;\ + echo $(HCOMPILE) 12;\ + $(HCOMPILE) /dev/null 21 .h.h.gch: @echo Precompiling $
svn commit: samba r20707 - in branches/SAMBA_3_0/source/passdb: .
Author: vlendec Date: 2007-01-12 14:16:30 + (Fri, 12 Jan 2007) New Revision: 20707 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20707 Log: Clean up pdb_interface.c a bit -- patch from Michael Adam [EMAIL PROTECTED] Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c === --- branches/SAMBA_3_0/source/passdb/pdb_interface.c2007-01-12 14:05:07 UTC (rev 20706) +++ branches/SAMBA_3_0/source/passdb/pdb_interface.c2007-01-12 14:16:30 UTC (rev 20707) @@ -961,6 +961,18 @@ return pdb-lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs); } +/* + * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere + * in the samba code. + * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually + * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time, + * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come + * down to are pdb_getsampwnam and pdb_getgrnam instead of + * pdb_lookup_names. + * But in principle, it the call belongs to the API and might get + * used in this context some day. + */ +#if 0 NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, int num_names, const char **names, @@ -970,6 +982,7 @@ struct pdb_methods *pdb = pdb_get_methods(); return pdb-lookup_names(pdb, domain_sid, num_names, names, rids, attrs); } +#endif BOOL pdb_get_account_policy(int policy_index, uint32 *value) { @@ -1368,11 +1381,11 @@ return ret; } -NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - const DOM_SID *group, - uint32 **pp_member_rids, - size_t *p_num_members) +static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const DOM_SID *group, + uint32 **pp_member_rids, + size_t *p_num_members) { gid_t gid; uid_t *uids; @@ -1410,12 +1423,12 @@ return NT_STATUS_OK; } -NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - struct samu *user, - DOM_SID **pp_sids, - gid_t **pp_gids, - size_t *p_num_groups) +static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct samu *user, + DOM_SID **pp_sids, + gid_t **pp_gids, + size_t *p_num_groups) { size_t i; gid_t gid; @@ -1549,12 +1562,12 @@ return False; } -NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, -const DOM_SID *domain_sid, -int num_rids, -uint32 *rids, -const char **names, -enum lsa_SidType *attrs) +static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, + const DOM_SID *domain_sid, + int num_rids, + uint32 *rids, + const char **names, + enum lsa_SidType *attrs) { int i; NTSTATUS result; @@ -1612,12 +1625,13 @@ return result; } -NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, - const DOM_SID *domain_sid, - int num_names, - const char **names, - uint32 *rids, - enum lsa_SidType *attrs) +#if 0 +static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, +const DOM_SID *domain_sid, +int num_names, +const char **names, +uint32 *rids, +enum lsa_SidType *attrs) { int i; NTSTATUS result; @@ -1668,6 +1682,7 @@
svn commit: samba r20708 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2007-01-12 14:26:08 + (Fri, 12 Jan 2007) New Revision: 20708 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20708 Log: fix crash bug! we can't use stack memory for async requests... jelmer: please take more care when you fix pidl warnings:-) metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-01-12 14:16:30 UTC (rev 20707) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-01-12 14:26:08 UTC (rev 20708) @@ -1618,15 +1618,18 @@ struct composite_context *c = s-creq; struct rpc_request *req; struct drsuapi_DsGetNCChanges *r; - int32_t level; r = talloc(s, struct drsuapi_DsGetNCChanges); if (composite_nomem(r, c)) return; - r-in.level = level; + r-in.level = talloc(r, int32_t); + if (composite_nomem(r-in.level, c)) return; + r-out.level = talloc(r, int32_t); + if (composite_nomem(r-out.level, c)) return; + r-in.bind_handle = drsuapi_h-bind_handle; if (drsuapi_h-remote_info28.supported_extensions DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) { - level = 8; + *r-in.level= 8; r-in.req.req8.destination_dsa_guid = partition-destination_dsa_guid; r-in.req.req8.source_dsa_invocation_id = partition-source_dsa_invocation_id; r-in.req.req8.naming_context = partition-nc; @@ -1642,7 +1645,7 @@ r-in.req.req8.mapping_ctr.num_mappings = 0; r-in.req.req8.mapping_ctr.mappings = NULL; } else { - level = 5; + *r-in.level= 5; r-in.req.req5.destination_dsa_guid = partition-destination_dsa_guid; r-in.req.req5.source_dsa_invocation_id = partition-source_dsa_invocation_id; r-in.req.req5.naming_context = partition-nc;
svn commit: samba r20709 - in branches/SAMBA_4_0/source: dsdb/repl dsdb/samdb dsdb/samdb/ldb_modules torture/libnet
Author: metze Date: 2007-01-12 16:02:10 + (Fri, 12 Jan 2007) New Revision: 20709 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20709 Log: pass a repsFromTo1 struct down as it contains all needed info for the source dsa and the highwater mark vector metze Modified: branches/SAMBA_4_0/source/dsdb/repl/replicated_objects.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c branches/SAMBA_4_0/source/dsdb/samdb/samdb.h branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/repl/replicated_objects.c === --- branches/SAMBA_4_0/source/dsdb/repl/replicated_objects.c2007-01-12 14:26:08 UTC (rev 20708) +++ branches/SAMBA_4_0/source/dsdb/repl/replicated_objects.c2007-01-12 16:02:10 UTC (rev 20709) @@ -183,8 +183,7 @@ const struct drsuapi_DsReplicaObjectListItemEx *first_object, uint32_t linked_attributes_count, const struct drsuapi_DsReplicaLinkedAttribute *linked_attributes, - const struct GUID *source_dsa_invocation_id, - const struct drsuapi_DsReplicaHighWaterMark *new_highwatermark, + const struct repsFromTo1 *source_dsa, const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector, TALLOC_CTX *mem_ctx, struct dsdb_extended_replicated_objects **_out) @@ -205,9 +204,8 @@ out-partition_dn = ldb_dn_new(out, ldb, partition_dn); W_ERROR_HAVE_NO_MEMORY(out-partition_dn); - out-source_dsa_invocation_id = source_dsa_invocation_id; - out-new_highwatermark = new_highwatermark; - out-uptodateness_vector= uptodateness_vector; + out-source_dsa = source_dsa; + out-uptodateness_vector= uptodateness_vector; out-num_objects= object_count; out-objects= talloc_array(out, Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c 2007-01-12 14:26:08 UTC (rev 20708) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c 2007-01-12 16:02:10 UTC (rev 20709) @@ -677,6 +677,9 @@ return replmd_replicated_request_error(ar, ret); } + /* +* first create the new replUpToDateVector +*/ ouv_value = ldb_msg_find_ldb_val(ar-sub.search_msg, replUpToDateVector); if (ouv_value) { nt_status = ndr_pull_struct_blob(ouv_value, ar-sub.mem_ctx, ouv, @@ -743,7 +746,7 @@ */ found = false; for (j=0; j ni; j++) { - if (!GUID_equal(ar-objs-source_dsa_invocation_id, + if (!GUID_equal(ar-objs-source_dsa-source_dsa_invocation_id, nuv.ctr.ctr2.cursors[j].source_dsa_invocation_id)) { continue; } @@ -757,7 +760,7 @@ * and use the tmp_highest_usn because this is what we have just applied * to our ldb */ - nuv.ctr.ctr2.cursors[j].highest_usn = ar-objs-new_highwatermark-tmp_highest_usn; + nuv.ctr.ctr2.cursors[j].highest_usn = ar-objs-source_dsa-highwatermark.tmp_highest_usn; nuv.ctr.ctr2.cursors[j].last_sync_success = now; break; } @@ -769,8 +772,8 @@ * and use the tmp_highest_usn because this is what we have just applied * to our ldb */ - nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= *ar-objs-source_dsa_invocation_id; - nuv.ctr.ctr2.cursors[ni].highest_usn= ar-objs-new_highwatermark-tmp_highest_usn; + nuv.ctr.ctr2.cursors[ni].source_dsa_invocation_id= ar-objs-source_dsa-source_dsa_invocation_id; + nuv.ctr.ctr2.cursors[ni].highest_usn= ar-objs-source_dsa-highwatermark.tmp_highest_usn; nuv.ctr.ctr2.cursors[ni].last_sync_success = now; ni++; } Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.h === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.h2007-01-12 14:26:08 UTC (rev 20708) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.h2007-01-12 16:02:10 UTC (rev 20709) @@ -50,8 +50,7 @@ struct dsdb_extended_replicated_objects { struct ldb_dn
svn commit: samba r20710 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: metze Date: 2007-01-12 17:02:55 + (Fri, 12 Jan 2007) New Revision: 20710 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20710 Log: update or create the repsFrom values after applying replicated objects metze Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c 2007-01-12 16:02:10 UTC (rev 20709) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c 2007-01-12 17:02:55 UTC (rev 20710) @@ -651,7 +651,11 @@ struct replUpToDateVectorBlob nuv; struct ldb_val nuv_value; struct ldb_message_element *nuv_el = NULL; - struct GUID *our_invocation_id; + const struct GUID *our_invocation_id; + struct ldb_message_element *orf_el = NULL; + struct repsFromToBlob nrf; + struct ldb_val *nrf_value = NULL; + struct ldb_message_element *nrf_el = NULL; uint32_t i,j,ni=0; uint64_t seq_num; bool found = false; @@ -836,6 +840,93 @@ } nuv_el-flags = LDB_FLAG_MOD_REPLACE; + /* +* now create the new repsFrom value from the given repsFromTo1 structure +*/ + ZERO_STRUCT(nrf); + nrf.version = 1; + nrf.ctr.ctr1= *ar-objs-source_dsa; + /* and fix some values... */ + nrf.ctr.ctr1.consecutive_sync_failures = 0; + nrf.ctr.ctr1.last_success = now; + nrf.ctr.ctr1.last_attempt = now; + nrf.ctr.ctr1.result_last_attempt= WERR_OK; + nrf.ctr.ctr1.highwatermark.highest_usn = nrf.ctr.ctr1.highwatermark.tmp_highest_usn; + + /* +* first see if we already have a repsFrom value for the current source dsa +* if so we'll later replace this value +*/ + orf_el = ldb_msg_find_element(ar-sub.search_msg, repsFrom); + if (orf_el) { + for (i=0; i orf_el-num_values; i++) { + struct repsFromToBlob *trf; + + trf = talloc(ar-sub.mem_ctx, struct repsFromToBlob); + if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM); + + nt_status = ndr_pull_struct_blob(orf_el-values[i], trf, trf, + (ndr_pull_flags_fn_t)ndr_pull_repsFromToBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar, ntstatus_to_werror(nt_status)); + } + + if (trf-version != 1) { + return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } + + /* +* we compare the source dsa objectGUID not the invocation_id +* because we want only one repsFrom value per source dsa +* and when the invocation_id of the source dsa has changed we don't need +* the old repsFrom with the old invocation_id +*/ + if (!GUID_equal(trf-ctr.ctr1.source_dsa_obj_guid, + ar-objs-source_dsa-source_dsa_obj_guid)) { + talloc_free(trf); + continue; + } + + talloc_free(trf); + nrf_value = orf_el-values[i]; + break; + } + + /* +* copy over all old values to the new ldb_message +*/ + ret = ldb_msg_add_empty(msg, repsFrom, 0, nrf_el); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + *nrf_el = *orf_el; + } + + /* +* if we haven't found an old repsFrom value for the current source dsa +* we'll add a new value +*/ + if (!nrf_value) { + struct ldb_val zero_value; + ZERO_STRUCT(zero_value); + ret = ldb_msg_add_value(msg, repsFrom, zero_value, nrf_el); + if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); + + nrf_value = nrf_el-values[nrf_el-num_values - 1]; + } + + /* we now fill the value which is already attached to ldb_message */ + nt_status = ndr_push_struct_blob(nrf_value, msg, nrf, + (ndr_push_flags_fn_t)ndr_push_repsFromToBlob); + if (!NT_STATUS_IS_OK(nt_status)) { + return replmd_replicated_request_werror(ar,
svn commit: samba r20711 - in branches/SAMBA_3_0_24/source/smbd: .
Author: jpeach Date: 2007-01-12 17:13:51 + (Fri, 12 Jan 2007) New Revision: 20711 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20711 Log: Merge Volker's fix for bug 4326. svn merge -r 20698:20699 branches/SAMBA_3_0 Modified: branches/SAMBA_3_0_24/source/smbd/notify_fam.c Changeset: Modified: branches/SAMBA_3_0_24/source/smbd/notify_fam.c === --- branches/SAMBA_3_0_24/source/smbd/notify_fam.c 2007-01-12 17:02:55 UTC (rev 20710) +++ branches/SAMBA_3_0_24/source/smbd/notify_fam.c 2007-01-12 17:13:51 UTC (rev 20711) @@ -432,7 +432,8 @@ * request. */ -if (info-generation == global_fc_generation) { +if ((FAMCONNECTION_GETFD(global_fc) != -1) +(info-generation == global_fc_generation)) { DEBUG(FAM_TRACE, (removing FAM notification for request %d\n, info-req.reqnum)); FAMCancelMonitor(global_fc, (info-req));
Re: svn commit: samba r20699 - in branches/SAMBA_3_0/source/smbd: .
On Jan 12, 2007, at 12:49 AM, [EMAIL PROTECTED] wrote: Author: vlendec Date: 2007-01-12 08:49:09 + (Fri, 12 Jan 2007) New Revision: 20699 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20699 Log: This is an attempt to fix bug 4326. James, can you please confirm this and merge it to 3_0_24? For me it fixes the segfault. Looks good to me. -- James Peach | [EMAIL PROTECTED]
svn commit: samba r20712 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: metze Date: 2007-01-12 17:17:02 + (Fri, 12 Jan 2007) New Revision: 20712 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20712 Log: add a function to compare GUID's metze Modified: branches/SAMBA_4_0/source/librpc/ndr/uuid.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/ndr/uuid.c === --- branches/SAMBA_4_0/source/librpc/ndr/uuid.c 2007-01-12 17:13:51 UTC (rev 20711) +++ branches/SAMBA_4_0/source/librpc/ndr/uuid.c 2007-01-12 17:17:02 UTC (rev 20712) @@ -159,6 +159,31 @@ return True; } +_PUBLIC_ int GUID_compare(const struct GUID *u1, const struct GUID *u2) +{ + if (u1-time_low != u2-time_low) { + return u1-time_low - u2-time_low; + } + + if (u1-time_mid != u2-time_mid) { + return u1-time_mid - u2-time_mid; + } + + if (u1-time_hi_and_version != u2-time_hi_and_version) { + return u1-time_hi_and_version - u2-time_hi_and_version; + } + + if (u1-clock_seq[0] != u2-clock_seq[0]) { + return u1-clock_seq[0] - u2-clock_seq[0]; + } + + if (u1-clock_seq[1] != u2-clock_seq[1]) { + return u1-clock_seq[1] - u2-clock_seq[1]; + } + + return memcmp(u1-node, u2-node, 6); +} + /** its useful to be able to display these in debugging messages */
svn commit: samba r20713 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: metze Date: 2007-01-12 17:19:48 + (Fri, 12 Jan 2007) New Revision: 20713 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20713 Log: sort the cursors in replUpToDateVector by source_dsa_invocation_id, w2k3 seems to do the same. It's later useful, when we would have a large array be could use a binary search metze Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c 2007-01-12 17:17:02 UTC (rev 20712) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c 2007-01-12 17:19:48 UTC (rev 20713) @@ -641,6 +641,12 @@ #endif } +static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1, + const struct drsuapi_DsReplicaCursor2 *c2) +{ + return GUID_compare(c1-source_dsa_invocation_id, c2-source_dsa_invocation_id); +} + static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar) { NTSTATUS nt_status; @@ -823,6 +829,13 @@ nuv.ctr.ctr2.count = ni; /* +* sort the cursors +*/ + qsort(nuv.ctr.ctr2.cursors, nuv.ctr.ctr2.count, + sizeof(struct drsuapi_DsReplicaCursor2), + (comparison_fn_t)replmd_drsuapi_DsReplicaCursor2_compare); + + /* * create the change ldb_message */ msg = ldb_msg_new(ar-sub.mem_ctx);
svn commit: samba r20714 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2007-01-12 17:25:43 + (Fri, 12 Jan 2007) New Revision: 20714 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20714 Log: we can use talloc_asprintf_append() again, because strupper_talloc() creates string with the correct memory size without padding zero bytes at the end metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-01-12 17:19:48 UTC (rev 20713) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-01-12 17:25:43 UTC (rev 20714) @@ -2154,13 +2154,12 @@ if (composite_nomem(s-dest_dsa.netbios_name, c)) return c; /* Destination DSA dns_name construction */ - tmp_name= strlower_talloc(s, s-dest_dsa.netbios_name); + tmp_name= strlower_talloc(s, s-dest_dsa.netbios_name); if (composite_nomem(tmp_name, c)) return c; - s-dest_dsa.dns_name= talloc_asprintf(s, %s.%s, - tmp_name, - s-domain.dns_name); - talloc_free(tmp_name); - if (composite_nomem(s-dest_dsa.dns_name, c)) return c; + tmp_name= talloc_asprintf_append(tmp_name, .%s,s-domain.dns_name); + if (composite_nomem(tmp_name, c)) return c; + s-dest_dsa.dns_name= tmp_name; + /* Callback function pointers */ s-callbacks = r-in.callbacks;
svn commit: samba r20715 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: metze Date: 2007-01-12 17:26:55 + (Fri, 12 Jan 2007) New Revision: 20715 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20715 Log: set the dsdb_schema on the ldb_context after we have created a temporary one metze Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c === --- branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c 2007-01-12 17:25:43 UTC (rev 20714) +++ branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c 2007-01-12 17:26:55 UTC (rev 20715) @@ -264,6 +264,7 @@ struct repsFromTo1 *s_dsa; char *tmp_dns_name; uint32_t i; + int ret; s_dsa = talloc_zero(s, struct repsFromTo1); NT_STATUS_HAVE_NO_MEMORY(s_dsa); @@ -378,6 +379,11 @@ } } + ret = dsdb_set_schema(s-ldb, s-schema); + if (ret != LDB_SUCCESS) { + return NT_STATUS_FOOBAR; + } + status = dsdb_extended_replicated_objects_commit(s-ldb, c-partition-nc.dn, s-schema,
svn commit: samba r20716 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: metze Date: 2007-01-12 17:58:38 + (Fri, 12 Jan 2007) New Revision: 20716 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20716 Log: add a dsdb_cache ldb module which will load the dsdb_schema and other things on startup into memory structures in future. metze Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/dsdb_cache.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk 2007-01-12 17:26:55 UTC (rev 20715) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk 2007-01-12 17:58:38 UTC (rev 20716) @@ -23,6 +23,17 @@ +# Start MODULE ldb_dsdb_cache +[MODULE::ldb_dsdb_cache] +SUBSYSTEM = ldb +PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC +INIT_FUNCTION = dsdb_cache_module_init +OBJ_FILES = \ + dsdb_cache.o +# End MODULE ldb_dsdb_cache + + + # Start MODULE ldb_samldb [MODULE::ldb_samldb] SUBSYSTEM = ldb Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/dsdb_cache.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/dsdb_cache.c 2007-01-12 17:26:55 UTC (rev 20715) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/dsdb_cache.c 2007-01-12 17:58:38 UTC (rev 20716) @@ -0,0 +1,48 @@ +/* + Unix SMB/CIFS mplementation. + + The Module that loads some DSDB related things + into memory. E.g. it loads the dsdb_schema struture + + Copyright (C) Stefan Metzmacher 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include includes.h +#include lib/ldb/include/ldb.h +#include lib/ldb/include/ldb_errors.h +#include lib/ldb/include/ldb_private.h +#include dsdb/samdb/samdb.h +#include librpc/gen_ndr/ndr_misc.h +#include librpc/gen_ndr/ndr_drsuapi.h +#include librpc/gen_ndr/ndr_drsblobs.h + +static int dsdb_cache_init(struct ldb_module *module) +{ + /* TODO: load the schema */ + return ldb_next_init(module); +} + +static const struct ldb_module_ops dsdb_cache_ops = { + .name = dsdb_cache, + .init_context = dsdb_cache_init +}; + +int dsdb_cache_module_init(void) +{ + return ldb_register_module(dsdb_cache_ops); +}
svn commit: samba r20717 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_24/source/modules
Author: jmcd Date: 2007-01-12 21:56:25 + (Fri, 12 Jan 2007) New Revision: 20717 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20717 Log: Merge sharemode patch from Mathias Dietz [EMAIL PROTECTED]. The patch fixes the behaviour of GPFS sharemodes when the access mask is no_access. Modified: branches/SAMBA_3_0/source/modules/gpfs.c branches/SAMBA_3_0_24/source/modules/gpfs.c Changeset: Modified: branches/SAMBA_3_0/source/modules/gpfs.c === --- branches/SAMBA_3_0/source/modules/gpfs.c2007-01-12 17:58:38 UTC (rev 20716) +++ branches/SAMBA_3_0/source/modules/gpfs.c2007-01-12 21:56:25 UTC (rev 20717) @@ -52,11 +52,16 @@ DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0; allow |= (access_mask (FILE_READ_DATA|FILE_EXECUTE)) ? GPFS_SHARE_READ : 0; - deny |= (share_access (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? - 0 : GPFS_DENY_WRITE; - deny |= (share_access (FILE_SHARE_READ)) ? - 0 : GPFS_DENY_READ; + if (allow == GPFS_SHARE_NONE) { + DEBUG(10, (special case am=no_access:%x\n,access_mask)); + } + else { + deny |= (share_access (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + 0 : GPFS_DENY_WRITE; + deny |= (share_access (FILE_SHARE_READ)) ? + 0 : GPFS_DENY_READ; + } DEBUG(10, (am=%x, allow=%d, sa=%x, deny=%d\n, access_mask, allow, share_access, deny)); Modified: branches/SAMBA_3_0_24/source/modules/gpfs.c === --- branches/SAMBA_3_0_24/source/modules/gpfs.c 2007-01-12 17:58:38 UTC (rev 20716) +++ branches/SAMBA_3_0_24/source/modules/gpfs.c 2007-01-12 21:56:25 UTC (rev 20717) @@ -52,11 +52,16 @@ DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0; allow |= (access_mask (FILE_READ_DATA|FILE_EXECUTE)) ? GPFS_SHARE_READ : 0; - deny |= (share_access (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? - 0 : GPFS_DENY_WRITE; - deny |= (share_access (FILE_SHARE_READ)) ? - 0 : GPFS_DENY_READ; + if (allow == GPFS_SHARE_NONE) { + DEBUG(10, (special case am=no_access:%x\n,access_mask)); + } + else { + deny |= (share_access (FILE_SHARE_WRITE|FILE_SHARE_DELETE)) ? + 0 : GPFS_DENY_WRITE; + deny |= (share_access (FILE_SHARE_READ)) ? + 0 : GPFS_DENY_READ; + } DEBUG(10, (am=%x, allow=%d, sa=%x, deny=%d\n, access_mask, allow, share_access, deny));
svn commit: samba r20718 - in branches/SAMBA_3_0/source: printing rpc_server smbd
Author: jra Date: 2007-01-12 23:47:16 + (Fri, 12 Jan 2007) New Revision: 20718 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20718 Log: Sync up the filename path parsing changes from SAMBA_3_0_24. The only difference between the two trees now w.r.t file serving are the changes to smbd/open.c in this branch I need to review. Jeremy. Modified: branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c branches/SAMBA_3_0/source/smbd/dosmode.c branches/SAMBA_3_0/source/smbd/filename.c branches/SAMBA_3_0/source/smbd/msdfs.c branches/SAMBA_3_0/source/smbd/nttrans.c branches/SAMBA_3_0/source/smbd/reply.c branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Sorry, the patch is too large (2201 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20718
svn commit: samba r20719 - in branches/SAMBA_3_0_24/source: printing smbd
Author: jra Date: 2007-01-12 23:49:53 + (Fri, 12 Jan 2007) New Revision: 20719 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20719 Log: Sync up the changes in the fileserver code between SAMBA_3_0. copy now returns NTSTATUS, part of close does the same. Jeremy. Modified: branches/SAMBA_3_0_24/source/printing/nt_printing.c branches/SAMBA_3_0_24/source/smbd/close.c branches/SAMBA_3_0_24/source/smbd/nttrans.c branches/SAMBA_3_0_24/source/smbd/process.c branches/SAMBA_3_0_24/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_0_24/source/printing/nt_printing.c === --- branches/SAMBA_3_0_24/source/printing/nt_printing.c 2007-01-12 23:47:16 UTC (rev 20718) +++ branches/SAMBA_3_0_24/source/printing/nt_printing.c 2007-01-12 23:49:53 UTC (rev 20719) @@ -1743,7 +1743,6 @@ SMB_STRUCT_STAT st; int ver = 0; int i; - int err; memset(inbuf, '\0', sizeof(inbuf)); memset(outbuf, '\0', sizeof(outbuf)); @@ -1823,8 +1822,8 @@ slprintf(old_name, sizeof(old_name)-1, %s/%s, new_dir, driver-driverpath); if (ver != -1 (ver=file_version_is_newer(conn, new_name, old_name)) 0) { driver_unix_convert(new_name, conn, NULL, st); - if ( !copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False, err) ) { + if ( !NT_STATUS_IS_OK(copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| + OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { DEBUG(0,(move_driver_to_download_area: Unable to rename [%s] to [%s]\n, new_name, old_name)); *perr = WERR_ACCESS_DENIED; @@ -1839,8 +1838,8 @@ slprintf(old_name, sizeof(old_name)-1, %s/%s, new_dir, driver-datafile); if (ver != -1 (ver=file_version_is_newer(conn, new_name, old_name)) 0) { driver_unix_convert(new_name, conn, NULL, st); - if ( !copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False, err) ) { + if ( !NT_STATUS_IS_OK(copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| + OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { DEBUG(0,(move_driver_to_download_area: Unable to rename [%s] to [%s]\n, new_name, old_name)); *perr = WERR_ACCESS_DENIED; @@ -1857,8 +1856,8 @@ slprintf(old_name, sizeof(old_name)-1, %s/%s, new_dir, driver-configfile); if (ver != -1 (ver=file_version_is_newer(conn, new_name, old_name)) 0) { driver_unix_convert(new_name, conn, NULL, st); - if ( !copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False, err) ) { + if ( !NT_STATUS_IS_OK(copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| + OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { DEBUG(0,(move_driver_to_download_area: Unable to rename [%s] to [%s]\n, new_name, old_name)); *perr = WERR_ACCESS_DENIED; @@ -1876,8 +1875,8 @@ slprintf(old_name, sizeof(old_name)-1, %s/%s, new_dir, driver-helpfile); if (ver != -1 (ver=file_version_is_newer(conn, new_name, old_name)) 0) { driver_unix_convert(new_name, conn, NULL, st); - if ( !copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False, err) ) { + if ( !NT_STATUS_IS_OK(copy_file(new_name, old_name, conn, OPENX_FILE_EXISTS_TRUNCATE| + OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { DEBUG(0,(move_driver_to_download_area: Unable to rename [%s] to [%s]\n, new_name, old_name)); *perr = WERR_ACCESS_DENIED; @@ -1904,9 +1903,9 @@
Build status as of Sat Jan 13 00:00:03 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-01-12 00:00:07.0 + +++ /home/build/master/cache/broken_results.txt 2007-01-13 00:00:51.0 + @@ -1,22 +1,22 @@ -Build status as of Fri Jan 12 00:00:02 2007 +Build status as of Sat Jan 13 00:00:03 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 36 7 0 +ccache 35 7 0 ctdb 0 0 0 distcc 2 0 0 -ldb 35 3 0 -libreplace 33 2 0 -lorikeet-heimdal 32 19 0 -ppp 16 0 0 -rsync36 3 0 +ldb 34 2 0 +libreplace 32 2 0 +lorikeet-heimdal 31 18 0 +ppp 17 0 0 +rsync35 3 0 samba0 0 0 samba-docs 0 0 0 samba4 33 14 0 -samba_3_036 9 0 -smb-build33 2 0 -talloc 36 0 0 -tdb 35 2 0 +samba_3_035 9 0 +smb-build32 2 0 +talloc 35 0 0 +tdb 33 2 0
Re: svn commit: samba r20694 - in branches: SAMBA_3_0/source/lib SAMBA_3_0_24/source/lib
On Friday 12 January 2007 03:48, [EMAIL PROTECTED] wrote: Author: jra Date: 2007-01-12 02:48:37 + (Fri, 12 Jan 2007) New Revision: 20694 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20694 Log: To get this right we need to do signed 64-bit comparisons here, not unsigned as we're eventually casting into what it normall a signed 32 bit value. Guenther please check (but I think I'm right here). Jeremy. Yes, looks and works correct - at least in my tests. Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE Labs[EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpu4umvKScDy.pgp Description: PGP signature
svn commit: samba r20720 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd
Author: jra Date: 2007-01-13 01:07:39 + (Sat, 13 Jan 2007) New Revision: 20720 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20720 Log: Fix the chkpath problem, still looking at findfirst. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/filename.c branches/SAMBA_3_0/source/smbd/reply.c branches/SAMBA_3_0_24/source/smbd/filename.c branches/SAMBA_3_0_24/source/smbd/reply.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/filename.c === --- branches/SAMBA_3_0/source/smbd/filename.c 2007-01-12 23:49:53 UTC (rev 20719) +++ branches/SAMBA_3_0/source/smbd/filename.c 2007-01-13 01:07:39 UTC (rev 20720) @@ -147,7 +147,12 @@ if (name[0] == '.' (name[1] == '/' || name[1] == '\0')) { /* Start of pathname can't be . only. */ - return NT_STATUS_OBJECT_NAME_INVALID; + if (name[1] == '\0' || name[2] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } else { + /* Longer pathname starts with ./ */ + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } } /* Modified: branches/SAMBA_3_0/source/smbd/reply.c === --- branches/SAMBA_3_0/source/smbd/reply.c 2007-01-12 23:49:53 UTC (rev 20719) +++ branches/SAMBA_3_0/source/smbd/reply.c 2007-01-13 01:07:39 UTC (rev 20720) @@ -632,6 +632,13 @@ status = unix_convert(conn, name, False, NULL, sbuf); if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBchkpth); + /* Strange DOS error code semantics only for chkpth... */ + if (!(SVAL(inbuf,smb_flg2) FLAGS2_32_BIT_ERROR_CODES)) { + if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) { + /* We need to map to ERRbadpath */ + status = NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + } return ERROR_NT(status); } Modified: branches/SAMBA_3_0_24/source/smbd/filename.c === --- branches/SAMBA_3_0_24/source/smbd/filename.c2007-01-12 23:49:53 UTC (rev 20719) +++ branches/SAMBA_3_0_24/source/smbd/filename.c2007-01-13 01:07:39 UTC (rev 20720) @@ -147,7 +147,12 @@ if (name[0] == '.' (name[1] == '/' || name[1] == '\0')) { /* Start of pathname can't be . only. */ - return NT_STATUS_OBJECT_NAME_INVALID; + if (name[1] == '\0' || name[2] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } else { + /* Longer pathname starts with ./ */ + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } } /* Modified: branches/SAMBA_3_0_24/source/smbd/reply.c === --- branches/SAMBA_3_0_24/source/smbd/reply.c 2007-01-12 23:49:53 UTC (rev 20719) +++ branches/SAMBA_3_0_24/source/smbd/reply.c 2007-01-13 01:07:39 UTC (rev 20720) @@ -632,6 +632,13 @@ status = unix_convert(conn, name, False, NULL, sbuf); if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBchkpth); + /* Strange DOS error code semantics only for chkpth... */ + if (!(SVAL(inbuf,smb_flg2) FLAGS2_32_BIT_ERROR_CODES)) { + if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) { + /* We need to map to ERRbadpath */ + status = NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + } return ERROR_NT(status); }
svn commit: samba r20721 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd
Author: jra Date: 2007-01-13 01:29:10 + (Sat, 13 Jan 2007) New Revision: 20721 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20721 Log: Fix the search unix_convert error returns. Only open to go... Jeremy. Modified: branches/SAMBA_3_0/source/smbd/filename.c branches/SAMBA_3_0/source/smbd/reply.c branches/SAMBA_3_0/source/smbd/trans2.c branches/SAMBA_3_0_24/source/smbd/filename.c branches/SAMBA_3_0_24/source/smbd/reply.c branches/SAMBA_3_0_24/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/filename.c === --- branches/SAMBA_3_0/source/smbd/filename.c 2007-01-13 01:07:39 UTC (rev 20720) +++ branches/SAMBA_3_0/source/smbd/filename.c 2007-01-13 01:29:10 UTC (rev 20721) @@ -57,6 +57,38 @@ } / + Cope with the differing wildcard and non-wildcard error cases. +/ + +static NTSTATUS determine_path_error(const char *name, BOOL allow_wcard_last_component) +{ + const char *p; + + if (!allow_wcard_last_component) { + /* Error code within a pathname. */ + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + + /* We're terminating here so we +* can be a little slower and get +* the error code right. Windows +* treats the last part of the pathname +* separately I think, so if the last +* component is a wildcard then we treat +* this ./ as end of component */ + + p = strchr(name, '/'); + + if (!p (ms_has_wild(name) || ISDOT(name))) { + /* Error code at the end of a pathname. */ + return NT_STATUS_OBJECT_NAME_INVALID; + } else { + /* Error code within a pathname. */ + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } +} + +/ This routine is called to convert names from the dos namespace to unix namespace. It needs to handle any case conversions, mangling, format changes etc. @@ -150,8 +182,7 @@ if (name[1] == '\0' || name[2] == '\0') { return NT_STATUS_OBJECT_NAME_INVALID; } else { - /* Longer pathname starts with ./ */ - return NT_STATUS_OBJECT_PATH_NOT_FOUND; + return determine_path_error(name[2], allow_wcard_last_component); } } @@ -264,32 +295,11 @@ /* The name cannot have a component of . */ if (ISDOT(start)) { - if (end) { - if (allow_wcard_last_component) { - /* We're terminating here so we -* can be a little slower and get -* the error code right. Windows -* treats the last part of the pathname -* separately I think, so if the last -* component is a wildcard then we treat -* this ./ as end of component */ - - const char *p = strchr(end+1, '/'); - - if (!p ms_has_wild(end+1)) { - /* Error code at the end of a pathname. */ - return NT_STATUS_OBJECT_NAME_INVALID; - } else { - /* Error code within a pathname. */ - return NT_STATUS_OBJECT_PATH_NOT_FOUND; - } - } - /* Error code within a pathname. */ - return NT_STATUS_OBJECT_PATH_NOT_FOUND; - } else { + if (!end) { /* Error code at the end of a pathname. */ return NT_STATUS_OBJECT_NAME_INVALID; } + return determine_path_error(end+1, allow_wcard_last_component); } /* The name cannot have a wildcard if it's not Modified: branches/SAMBA_3_0/source/smbd/reply.c === --- branches/SAMBA_3_0/source/smbd/reply.c 2007-01-13 01:07:39 UTC (rev 20720) +++ branches/SAMBA_3_0/source/smbd/reply.c 2007-01-13 01:29:10 UTC (rev 20721) @@ -952,7 +952,7 @@ pstrcpy(directory,path); pstrcpy(dir2,path); -
svn commit: samba r20722 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd
Author: jra Date: 2007-01-13 02:13:45 + (Sat, 13 Jan 2007) New Revision: 20722 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20722 Log: RAW-CHKPATH should now pass, build farm should go back to normal. Sorry about that. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/filename.c branches/SAMBA_3_0_24/source/smbd/filename.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/filename.c === --- branches/SAMBA_3_0/source/smbd/filename.c 2007-01-13 01:29:10 UTC (rev 20721) +++ branches/SAMBA_3_0/source/smbd/filename.c 2007-01-13 02:13:45 UTC (rev 20722) @@ -391,15 +391,24 @@ * Windows applications depend on the difference between * these two errors. */ - if (errno == ENOENT) { + + /* ENOENT and ENOTDIR both map to NT_STATUS_OBJECT_PATH_NOT_FOUND + in the filename walk. */ + + if (errno == ENOENT || errno == ENOTDIR) { return NT_STATUS_OBJECT_PATH_NOT_FOUND; } return map_nt_error_from_unix(errno); } - if (errno == ENOTDIR) { - /* Name exists but is not a directory. */ - return map_nt_error_from_unix(ENOTDIR); + /* ENOENT is the only valid error here. */ + if (errno != ENOENT) { + /* ENOENT and ENOTDIR both map to NT_STATUS_OBJECT_PATH_NOT_FOUND + in the filename walk. */ + if (errno == ENOTDIR) { + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + return map_nt_error_from_unix(errno); } /* Modified: branches/SAMBA_3_0_24/source/smbd/filename.c === --- branches/SAMBA_3_0_24/source/smbd/filename.c2007-01-13 01:29:10 UTC (rev 20721) +++ branches/SAMBA_3_0_24/source/smbd/filename.c2007-01-13 02:13:45 UTC (rev 20722) @@ -391,15 +391,24 @@ * Windows applications depend on the difference between * these two errors. */ - if (errno == ENOENT) { + + /* ENOENT and ENOTDIR both map to NT_STATUS_OBJECT_PATH_NOT_FOUND + in the filename walk. */ + + if (errno == ENOENT || errno == ENOTDIR) { return NT_STATUS_OBJECT_PATH_NOT_FOUND; } return map_nt_error_from_unix(errno); } - if (errno == ENOTDIR) { - /* Name exists but is not a directory. */ - return map_nt_error_from_unix(ENOTDIR); + /* ENOENT is the only valid error here. */ + if (errno != ENOENT) { + /* ENOENT and ENOTDIR both map to NT_STATUS_OBJECT_PATH_NOT_FOUND + in the filename walk. */ + if (errno == ENOTDIR) { + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + return map_nt_error_from_unix(errno); } /*
svn commit: samba r20723 - in branches/SAMBA_4_0: source/web_server webapps/qooxdoo-0.6.3-sdk/frontend/framework/source/class/qx/io/remote
Author: derrell Date: 2007-01-13 02:27:54 + (Sat, 13 Jan 2007) New Revision: 20723 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20723 Log: Web Application Framework - Clearly no one has ever tried to obtain the Referer from the web server before. :-) - Send the Referer from the web application, in preparation for later security updates. (These updates are not immediately necessary, as ScriptTransport is disabled and we check the content type on XmlHttpTransport. This isn't anything to worry about.) Modified: branches/SAMBA_4_0/source/web_server/http.c branches/SAMBA_4_0/webapps/qooxdoo-0.6.3-sdk/frontend/framework/source/class/qx/io/remote/XmlHttpTransport.js Changeset: Modified: branches/SAMBA_4_0/source/web_server/http.c === --- branches/SAMBA_4_0/source/web_server/http.c 2007-01-13 02:13:45 UTC (rev 20722) +++ branches/SAMBA_4_0/source/web_server/http.c 2007-01-13 02:27:54 UTC (rev 20723) @@ -456,7 +456,7 @@ } SETVAR(ESP_REQUEST_OBJ, COOKIE_SUPPORT, web-input.cookie?True:False); - SETVAR(ESP_HEADERS_OBJ, HTT_REFERER, web-input.referer); + SETVAR(ESP_HEADERS_OBJ, HTTP_REFERER, web-input.referer); SETVAR(ESP_HEADERS_OBJ, HOST, web-input.host); SETVAR(ESP_HEADERS_OBJ, ACCEPT_ENCODING, web-input.accept_encoding); SETVAR(ESP_HEADERS_OBJ, ACCEPT_LANGUAGE, web-input.accept_language); Modified: branches/SAMBA_4_0/webapps/qooxdoo-0.6.3-sdk/frontend/framework/source/class/qx/io/remote/XmlHttpTransport.js === --- branches/SAMBA_4_0/webapps/qooxdoo-0.6.3-sdk/frontend/framework/source/class/qx/io/remote/XmlHttpTransport.js 2007-01-13 02:13:45 UTC (rev 20722) +++ branches/SAMBA_4_0/webapps/qooxdoo-0.6.3-sdk/frontend/framework/source/class/qx/io/remote/XmlHttpTransport.js 2007-01-13 02:27:54 UTC (rev 20723) @@ -310,9 +310,12 @@ // -- - // Appliying request header + // Applying request header // -- + // Add a Referer header + vRequest.setRequestHeader('Referer', window.location.href); + var vRequestHeaders = this.getRequestHeaders(); for (var vId in vRequestHeaders) { vRequest.setRequestHeader(vId, vRequestHeaders[vId]);
svn commit: samba r20724 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd
Author: jra Date: 2007-01-13 02:34:43 + (Sat, 13 Jan 2007) New Revision: 20724 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20724 Log: Get closer to passing RAW-OPEN. If the client is using create disposition of FILE_CREATE then there's no need to check can_delete_file_in_directory(). Jeremy. Modified: branches/SAMBA_3_0/source/smbd/nttrans.c branches/SAMBA_3_0_24/source/smbd/nttrans.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/nttrans.c === --- branches/SAMBA_3_0/source/smbd/nttrans.c2007-01-13 02:27:54 UTC (rev 20723) +++ branches/SAMBA_3_0/source/smbd/nttrans.c2007-01-13 02:34:43 UTC (rev 20724) @@ -640,20 +640,19 @@ return UNIXERROR(ERRDOS,ERRbadpath); } -#if 0 /* This is the correct thing to do (check every time) but can_delete is expensive (it may have to read the parent directory permissions). So for now we're not doing it unless we have a strong hint the client - is really going to delete this file. */ - if ((desired_access DELETE_ACCESS) -!can_delete_file_in_directory(conn, fname)) { -#else + is really going to delete this file. If the client is forcing FILE_CREATE + let the filesystem take care of the permissions. */ + /* Setting FILE_SHARE_DELETE is the hint. */ + if (lp_acl_check_permissions(SNUM(conn)) +(create_disposition != FILE_CREATE) (share_access FILE_SHARE_DELETE) (access_mask DELETE_ACCESS) !can_delete_file_in_directory(conn, fname)) { -#endif restore_case_semantics(conn, file_attributes); END_PROFILE(SMBntcreateX); return ERROR_NT(NT_STATUS_ACCESS_DENIED); @@ -1265,20 +1264,19 @@ return UNIXERROR(ERRDOS,ERRbadpath); } -#if 0 /* This is the correct thing to do (check every time) but can_delete is expensive (it may have to read the parent directory permissions). So for now we're not doing it unless we have a strong hint the client - is really going to delete this file. */ - if ((desired_access DELETE_ACCESS) -!can_delete_file_in_directory(conn, fname)) { -#else + is really going to delete this file. If the client is forcing FILE_CREATE + let the filesystem take care of the permissions. */ + /* Setting FILE_SHARE_DELETE is the hint. */ + if (lp_acl_check_permissions(SNUM(conn)) +(create_disposition != FILE_CREATE) (share_access FILE_SHARE_DELETE) (access_mask DELETE_ACCESS) !can_delete_file_in_directory(conn, fname)) { -#endif restore_case_semantics(conn, file_attributes); return ERROR_NT(NT_STATUS_ACCESS_DENIED); } Modified: branches/SAMBA_3_0_24/source/smbd/nttrans.c === --- branches/SAMBA_3_0_24/source/smbd/nttrans.c 2007-01-13 02:27:54 UTC (rev 20723) +++ branches/SAMBA_3_0_24/source/smbd/nttrans.c 2007-01-13 02:34:43 UTC (rev 20724) @@ -640,20 +640,19 @@ return UNIXERROR(ERRDOS,ERRbadpath); } -#if 0 /* This is the correct thing to do (check every time) but can_delete is expensive (it may have to read the parent directory permissions). So for now we're not doing it unless we have a strong hint the client - is really going to delete this file. */ - if ((desired_access DELETE_ACCESS) -!can_delete_file_in_directory(conn, fname)) { -#else + is really going to delete this file. If the client is forcing FILE_CREATE + let the filesystem take care of the permissions. */ + /* Setting FILE_SHARE_DELETE is the hint. */ + if (lp_acl_check_permissions(SNUM(conn)) +(create_disposition != FILE_CREATE) (share_access FILE_SHARE_DELETE) (access_mask DELETE_ACCESS) !can_delete_file_in_directory(conn, fname)) { -#endif restore_case_semantics(conn, file_attributes); END_PROFILE(SMBntcreateX); return ERROR_NT(NT_STATUS_ACCESS_DENIED); @@ -1265,20 +1264,19 @@ return UNIXERROR(ERRDOS,ERRbadpath); } -#if 0 /* This is the correct thing to do (check every time) but can_delete is expensive (it may have to read the parent directory permissions). So for now we're not doing it unless we have a strong hint the client - is really going to delete this file. */ - if ((desired_access DELETE_ACCESS) -!can_delete_file_in_directory(conn, fname)) { -#else + is really going to delete this file. If the client is forcing FILE_CREATE + let the filesystem take care of the permissions. */