RE: [Samba] Browsning problems from Vista
I have got it to almost work when all computers are in the same workgroup. When browsing on the vista computer I see three computers, vista, linux running samba and a 2k machine connected to the linux machine and the second interface. The problem is that I cannot browse the 2k machine. I can access it using IP but when doing a nmblookup on the linux machine it cannot resolve the name using wins. The log file, log.nmbd, contains the name query request but not the answer of it. Anyone got any hints on how to troubleshoot this? -Original Message- I have a setup where a Vista machine that is behind a NAT connects to a Linux (debian) machine to access SMB shares on that machine. The connection is made with VPN using L2TP/IPSec. I have configured the Linux machine to act as WINS server and PPP will give the Vista machine a new IP on the same subnet and also tell Vista that the WINS server is the Linux machine. I have added one share named samba and I can connect it using either IP\Samba or Debian\Samba where debian is the name of the Linux machine. What I'm missing is that Vista cannot find the shares unless I know they exists, i.e I cannot find that network and browse it using the network explorer. Since I can write Debian to connect I guess WINS is somewhat working. What more do I need to configure for Vista to be able to browse the network connected with the VPN. Is it something with workgroups? I do not want to change to workgroup on vista and I think it should be possible to browse other workgroups as long as you belong to the same subnet. Any ideas on this? /Bengt Werstén -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
My understanding is that vampire will NOT work with a Windows 2k server, only an NT4 server... That's my understanding too. Samba (3.x) can't act as a AD domain server. It can be a member of an AD domain, thou. I've never actually tried this myself, so take it with a grain of salt, but isn't 2k capable or running in two different modes? One where it is pure AD and one where it is compatible with NT4? If it was in NT4 mode then might not vampire have a chance? Or am I thinking of some 2k-2k3 change maybe? *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.2.4 CreateDirectory panic
Hi, For some reason I am not able to send the level 10 debug output as an attachment to the list. Therefore, I have prepared a download link: http://www.wzb.eu/wzb/dv/downloads/log.smbd.gz Cheers, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users and file permissions
I believe you'd need to add a line: write list = parents write list = mum dad I'm not sure if the top would work, anyone is samba group aware? The bottom should work but the problem would be if the members of the group were to change you'd have to change the smb.conf file too which isn't the cleanest solution. On Oct 20, 2008, at 11:37 PM, Kyle wrote: Hi people, I'd like to understand valid users and file permissions better. I have a share which is not behaving as I expect. [family] path = /home/shares/family create mask = 0664 directory mask = 0775 force group = parental guest ok = No valid users = @parental, @family writeable = Yes in Group parental are mum dad; in group family are mum, dad and offspring. With file permissions of 0664 and force group parental, I would expect the offspring to be able to browse the share but not write to or delete from it. Unfortunately, they can both write and delete. How do I achieve this please? -- Kind Regards Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Create user home directory or user-own folder on samba server on first login to samba
Hello, I'd like to create user home directory or user-own folder on samba server on first login to samba without using PAM, so how could I do this? Thank you, Denis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba + kerberos
Hello I set samba to use kerberos password backend (without ldap) use kerberos keytab = yes security = user realm = DOM.COM encrypt passwords = yes unix password sync = no And generally it works ... when (on the linux client) I put kinit and type the password and then smbclient -k //smbserv/files I am logged in and I can see the files But I would like to mount it automatically (for ex. in /etc/fstab) so how to do it? In usual samba without kerberos I can write password and username in mount options - but it is different situation. And next question - what if I would like to use windows client? thanks for any help MarO -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
WG: [Samba] Create user home directory or user-own folder on sambaserver on first login to samba
Hello In the [homes] section at first with root preexec=/path/to/script Ex: [homes] Root preexec=/scripts/./firstlogon In the firstlogon this could be: #!/bin/bash #probe if $1=user exist and his home share If test -d /users/$1 Then #write only to log file Echo $1 User and Share exist /somewhere/logfile #if not exist make it Else Mkdir /users/$1 Chmod -R 700 /users/S1 Chown -R $1:Domain Users /users/$1 Echo made /users/$1 /somewhere/logfile Fi This is my way suite it to your needs Greetings Daniel -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Ðóñàêîâ Äåíèñ Gesendet: Dienstag, 21. Oktober 2008 12:08 An: samba@lists.samba.org Betreff: [Samba] Create user home directory or user-own folder on sambaserver on first login to samba Hello, I'd like to create user home directory or user-own folder on samba server on first login to samba without using PAM, so how could I do this? Thank you, Denis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Tuesday October 21 2008 05:03:05 Michael Heydon wrote: My understanding is that vampire will NOT work with a Windows 2k server, only an NT4 server... That's my understanding too. Samba (3.x) can't act as a AD domain server. It can be a member of an AD domain, thou. I've never actually tried this myself, so take it with a grain of salt, but isn't 2k capable or running in two different modes? One where it is pure AD and one where it is compatible with NT4? If it was in NT4 mode then might not vampire have a chance? Mixed and native modes. I don't know this for sure but AFAIK w2k in mixed mode can only be a BDC for a NT4-style domain. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Remote announce
I have a Samba server on debian acting as a WINS server as well. It is the master browser and all connected machines can see and browse the network of 192.168.1.X. When I connect to this network using a L2TP VPN connection from Vista I cannot browse the network. A new interface, ppp0, is created fro the VPN connection for the new ip 192.168.1.128. The problem seems to be that all packets sent from SAMBA is sent only to eth1 (the 192.168.1.x). I tried to add remote announce= 192.168.1.128 But I don't get all the information, only one host announcement at samba startup and then nothing. Is there anything else that I need to add or could debian be confgiured to send multicast traffic on mutiple interfaces so that a broadcast (192.168.1.255) get to both eth1 and ppp0. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users and file permissions
Yes, you just have to precede the group name with an '@', i.e. write list = @parents --Dennis Quoting Mike Gallamore [EMAIL PROTECTED]: I believe you'd need to add a line: write list = parents write list = mum dad I'm not sure if the top would work, anyone is samba group aware? The bottom should work but the problem would be if the members of the group were to change you'd have to change the smb.conf file too which isn't the cleanest solution. On Oct 20, 2008, at 11:37 PM, Kyle wrote: Hi people, I'd like to understand valid users and file permissions better. I have a share which is not behaving as I expect. [family] path = /home/shares/family create mask = 0664 directory mask = 0775 force group = parental guest ok = No valid users = @parental, @family writeable = Yes in Group parental are mum dad; in group family are mum, dad and offspring. With file permissions of 0664 and force group parental, I would expect the offspring to be able to browse the share but not write to or delete from it. Unfortunately, they can both write and delete. How do I achieve this please? -- Kind Regards Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Remote announce
Is there anything else that I need to add or could debian be confgiured to send multicast traffic on mutiple interfaces so that a broadcast (192.168.1.255) get to both eth1 and ppp0. 192.168.1.255 is the broadcast address on 192.168.1.0/255.255.255.0 network. Your ppp0 interface is a point-to-point address 192.168.1.128/255.255.255.255 in a completely different network (despite sharing its ip address with one in your existing network). Broadcasts for one network are not going to appear on another... Cheers Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba idmap ldap backend
Hello all
First of all Sorry for the long e-mail
I am trying to get samba working as a domain member and store the idmap in a
ldap database.
The join is successful and all commands are working like it should wbinfo –u,
wbinfo –g kinit enz
But the id administrator command gives me the following
# id administrator
id: administrator: no such user
If I do not use the ldap backend it works well.
This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43
I did do all the things mentioned in chapter 7 of the by example doc.
Also the smbpasswd –w 12345
I am working on this for over 3 days now but my ldap understanding is not that
much I guess.
What am I forgetting or doing wrong.
Best regards,
Johan Hendriks
My slapd.conf file
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 256
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
###
# BDB database definitions
###
databasebdb
suffix dc=double-l,dc=local
rootdn cn=Manager,dc=double-l,dc=local
rootpw = 12345
directory /usr/local/var/db/openldap-data
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index sambaDomainName eq
index default sub
my ldap.con and nss_ldap.conf file
base dc=double-l,dc=local
binddn cn=Manager,dc=double-l,dc=local
bindpw 12345
pam_password exop
bind_policy soft
bind_timelimit 10
host 127.0.0.1
idle_timelimit 3600
ldap_version 3
nss_base_group ou=Groups,dc=double-l,dc=local?one
nss_base_passwd ou=People,dc=double-l,dc=local?one
nss_base_shadow ou=People,dc=double-l,dc=local?one
nss_connect_policy persist
nss_paged_results yes
pagesize 1000
port 389
timelimit 30
my vi /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
my idmap.ldiff file
dn: dc=snowshow,dc=com
objectClass: dcObject
objectClass: organization
dc: snowshow
o: The Greatest Snow Show in Singapore.
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=snowshow,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=snowshow,dc=com
objectClass: organizationalUnit
ou: idmap
and finally my smb.conf file
[global]
workgroup = DOUBLE-L
netbios name = BEASTY
realm = DOUBLE-L.LOCAL
server string = Samba Server
security = ADS
log level = 1 ads:10 auth:10 sam:10 rpc:10
ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL
ldap idmap suffix = ou=Idmap
ldap suffix = dc=DOUBLE-L,dc=LOCAL
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 15-55
idmap gid = 15-55
template shell = /usr/local/bin/bash
winbind use default domain = Yes
[share1]
comment = Data Directory
path = /mnt
#write list = @mr70
read only = no
create mask = 0777
directory mask = 0777
and my /etc/krb5.conf file
[libdefaults]
default_realm = DOUBLE-l.LOCAL
clockskew = 300
[realms]
DOUBLE-l.LOCAL = {
kdc = w2003s01.double-l.local
}
[domain_realm]
.double-l.local = DOUBLE-l.LOCAL
This is a part of my slapd.log file after a restart of samba and a id
administrator command
Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from
IP=127.0.0.1:58176 (IP=127.0.0.1:389)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND
dn=cn=Manager,dc=double-l,dc=local method=128
Oct 21 16:47:35 beasty
[Samba] read only issue
I have a XP machine using a xcopy scribe with /r option (over right read only files) to a debain machine via samba Every once in a while a file becomes read only from the windows side. I look at the linux side and it still shows as read, writeable It does not happen often about once a month I can not attrib +r to fix it. The only way to fix it is to login on linux box and chmod the file and rerun the batch How can I fix this issue or have a work around so it does not happen Thanks Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba idmap ldap backend
In nsswitch.conf, replace ldap by winbind
2008/10/21 Johan Hendriks [EMAIL PROTECTED]:
Hello all
First of all Sorry for the long e-mail
I am trying to get samba working as a domain member and store the idmap in a
ldap database.
The join is successful and all commands are working like it should wbinfo –u,
wbinfo –g kinit enz
But the id administrator command gives me the following
# id administrator
id: administrator: no such user
If I do not use the ldap backend it works well.
This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43
I did do all the things mentioned in chapter 7 of the by example doc.
Also the smbpasswd –w 12345
I am working on this for over 3 days now but my ldap understanding is not
that much I guess.
What am I forgetting or doing wrong.
Best regards,
Johan Hendriks
My slapd.conf file
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 256
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
###
# BDB database definitions
###
databasebdb
suffix dc=double-l,dc=local
rootdn cn=Manager,dc=double-l,dc=local
rootpw = 12345
directory /usr/local/var/db/openldap-data
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index sambaDomainName eq
index default sub
my ldap.con and nss_ldap.conf file
base dc=double-l,dc=local
binddn cn=Manager,dc=double-l,dc=local
bindpw 12345
pam_password exop
bind_policy soft
bind_timelimit 10
host 127.0.0.1
idle_timelimit 3600
ldap_version 3
nss_base_group ou=Groups,dc=double-l,dc=local?one
nss_base_passwd ou=People,dc=double-l,dc=local?one
nss_base_shadow ou=People,dc=double-l,dc=local?one
nss_connect_policy persist
nss_paged_results yes
pagesize 1000
port 389
timelimit 30
my vi /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
my idmap.ldiff file
dn: dc=snowshow,dc=com
objectClass: dcObject
objectClass: organization
dc: snowshow
o: The Greatest Snow Show in Singapore.
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=snowshow,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=snowshow,dc=com
objectClass: organizationalUnit
ou: idmap
and finally my smb.conf file
[global]
workgroup = DOUBLE-L
netbios name = BEASTY
realm = DOUBLE-L.LOCAL
server string = Samba Server
security = ADS
log level = 1 ads:10 auth:10 sam:10 rpc:10
ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL
ldap idmap suffix = ou=Idmap
ldap suffix = dc=DOUBLE-L,dc=LOCAL
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 15-55
idmap gid = 15-55
template shell = /usr/local/bin/bash
winbind use default domain = Yes
[share1]
comment = Data Directory
path = /mnt
#write list = @mr70
read only = no
create mask = 0777
directory mask = 0777
and my /etc/krb5.conf file
[libdefaults]
default_realm = DOUBLE-l.LOCAL
clockskew = 300
[realms]
DOUBLE-l.LOCAL = {
kdc = w2003s01.double-l.local
}
[domain_realm]
.double-l.local = DOUBLE-l.LOCAL
This is a part of my slapd.log file after a restart of samba and a id
administrator command
Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from
Re: [Samba] Closing sessions and smbstatus
On Tue, Oct 21, 2008 at 12:21:12AM -0200, Norberto Bensa wrote: Quoting Jeremy Allison [EMAIL PROTECTED]: On Mon, Oct 20, 2008 at 10:03:46PM -0200, Norberto Bensa wrote: Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 747 4036 DENY_ALL 0x2019f RDWR NONE /home/mjoddone .Correo/retina/addr2a3a.pmr Thu Oct 16 17:44:15 2008 Can you gdb and break at print_share_mode() and see why the call at : Hm. I'm affraid I don't know gdb good enough, and BTW, and correct me if I'm wrong, but shouldn't I be running a debug-enabled binary of smbstatus to do what you're asking me for? Yes, but I already assumed that, sorry :-). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple IP addresses in DNS record
I have a samba server running on Linux that has two ethernet cards (eth0 eth1) that are bonded into a single virtual interface (bond0). This virtual interface is connected to the corporate LAN and I have another ethernet card (eth2) that is connected to another server that is used for making incremental backups. The problem that I am having is that no matter what I do, the command net ads dns register -P' causes both the bond0 and eth2 IP addresses to show up in the DNS record on the corporate domain controller. I have tried to force samba and winbind to use interface = bond0 and bind interfaces only = yes and it doesn't seem to help this situation. If anyone can shed some light on what I am doing wrong, I would really appreciate it. BTW, I am using samba 3.0.28a -- Jarrod Hyder [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Save-As in Photoshop/InDesign on a samba server.
Hi, I have a quite interesting problem on a samba server: We (or better: our client) had a WinXP-system with a shared folder with lots of data, which has been replaced with a dedicated fileserver using Samba (on Linux). All data has been migrated and everything seemed to be fine, however Photoshop (CS3) and InDesign have some problems on WinXP: - files can be opened and modified just fine (using Save) - however when the user tries to use Save as, he is unable to save (user says that he can browse directories just fine, however Save is grayed out). - CS3 on Vista works. - Saving the file locally and moving it with explorer works too. - Behaviour is not consistent across directories, i.e. there is a Folder Projects with ~30 subfolders. Saving to the first 4 works, the others do not work. - On the old WinXP server, everything worked I have currently no / only limited control on the server. (I'm not on-site currently, I have only remote-access by ssh to the server) Has anybody an idea what this can be? cu Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
Hi! Somebody knows how can i fix this error? My squid allways show user/pass popup in ADS+Squid authentication scheme (auth_proxy). I got a lot of winbindd: Exceeding 200 client connections, no idle connection found message in winbind.log -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Save-As in Photoshop/InDesign on a samba server.
I have a quite interesting problem on a samba server: We (or better: our client) had a WinXP-system with a shared folder with lots of data, which has been replaced with a dedicated fileserver using Samba (on Linux). All data has been migrated and everything seemed to be fine, however Photoshop (CS3) and InDesign have some problems on WinXP: - files can be opened and modified just fine (using Save) - however when the user tries to use Save as, he is unable to save (user says that he can browse directories just fine, however Save is grayed out). - CS3 on Vista works. - Saving the file locally and moving it with explorer works too. - Behaviour is not consistent across directories, i.e. there is a Folder Projects with ~30 subfolders. Saving to the first 4 works, the others do not work. - On the old WinXP server, everything worked I have currently no / only limited control on the server. (I'm not on-site currently, I have only remote-access by ssh to the server) Has anybody an idea what this can be? Maybe In CS in the save dialog box, bottom left I think there is a button says something like use OS save and if you press it again use adobe save, I think OS save is the way to go. I have quite a few CS users using samba. -Kristian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.2, Samba 3.3 release planning
Hi, i visited wiki.samba.org and read the Release Planning for Samba 3.2 information and the Release Planning for Samba 3.3 information. So my question is: Is samba 3.2 development stopped and all concentration given to Samba 3.3 ? Because there isnt any further release note available for 3.2, but instead there are some notes for 3.3 ? Bye and thanks for your information :-) Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bad passwords from Vampire / NT migration
I started looking at all the password hashes using pdbedit -Lw, and found the following: * There are no LanMan password hashes (all set to ...) * Most machine accounts have neither LanMan nor NT password hashes: WS6$:576:: :[W ]:LCT-48D8EC0E: * The NT hashes for the user accounts appear to be incorrect. Can anyone tell me why net rpc samdump gets the correct LM and NT password hashes, but net rpc vampire gets incorrect hashes? What's funny is that vampire seems to produce consistent results, but they're consistently wrong. Is it possible that the NT PDC doesn't trust the Samba server so it gives it bad hashes? If there was an easy way to update the NT password hashes in the passdb tdb file then I would do it. I could import the samdump via the pdbedit import feature, but then I have to remap SIDs, which I have been unable to do. Perhaps using tdbtool I could locate the NT hash bytes and replace them, but this would be tedious. Any thoughts? Suggestions? thanks, Cooper -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2, Samba 3.3 release planning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Is samba 3.2 development stopped and all concentration given to Samba 3.3 ? Because there isnt any further release note available for 3.2, but instead there are some notes for 3.3 ? Any future Samba 3.2.x release will be bug fix releases only. New develeopment is on-going in the 3.3 branch which is due for release mid-december. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/iN2IR7qMdg1EfYRAinOAJ9XqGIi8selGvRTrPAfTumNJxTupwCgwn1K +6VSHinH8qJkRl9/FnlxURA= =+eBo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba server authenticating to W2k3 ADS
I am looking for some info on an issue I have authenticating Samba
3.0(Centos 5) to a W2k3 AD.
Server info:
Samba server: HP DL 365, Centos 5 linux:
samba-3.0.28-1.el5_2.1
samba-common-3.0.28-1.el5_2.1
pam_krb5-2.2.11-1
krb5-workstation-1.6.1-25.el5_2.1
krb5-libs-1.6.1-25.el5_2.1
pam_krb5-2.2.11-1
krb5-libs-1.6.1-25.el5_2.1
KRB libs were installed and then updated via YUM.
Windows server: Same hardware, Win2k3 R2 Ent.
I have followed the instructions that I found on samba.org and seem to have
the krb stuff working and I am pretty sure the first time that I tried
joining the domain I got no error, but it did not seem to complete.And
when I try to join the domain again I get the following error:
[EMAIL PROTECTED] ~]# net ads join -U Administrator
Administrator's password:
[2008/10/21 18:38:52, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Failed to join domain: Invalid credentials
Although I have confirmed the creditials repeatedly...and KRB seems to be
working:
[EMAIL PROTECTED] ~]# kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] ~]#
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =JPRINC.NET
[realms]
JPRINC.NET = {
kdc = ad1.jprinc.net
}
[domain_realm]
.kerberos.server = JPRINC.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
And smb.conf:
#
# smb.conf - configuration to allow for all MPR file sharing requirements
#
[global]
large readwrite = no
workgroup = JPRINC.NET
realm = JPRINC.NET
netbios name = AD1
preferred master = no
server string = %h Linux File Server (Samba)
log file = /var/log/samba/log.%m
log level = 5
max log size = 1000
security = ADS
password server = ad1.jprinc.net
encrypt passwords = yes
winbind separator = -
printcap name = cups
printing = cups
idmap uid = 1-2
idmap gid = 1-2
[public]
comment = Marketplace Rewards Public Share
writable = yes
path = /fileshare/public
public = yes
guest account = nobody
map to guest = bad user
only guest = yes
browsable = yes
[homes]
comment = User Home Directories
valid users = %S
browseable = No
read only = No
writable = Yes
I seem to have some sort of connectivity to the domain because the info
below is correct:
[EMAIL PROTECTED] ~]# net ads info
LDAP server: A.B.C.D
LDAP server name: ad1.jprinc.net
Realm: JPRINC.NET
Bind Path: dc=JPRINC,dc=NET
LDAP port: 389
Server time: Tue, 21 Oct 2008 18:39:58 UTC
KDC server: A.B.C.D
Server time offset: -108
--
Matthew Arguin
Production Support
Jackpotrewards, Inc.
275 Grove St
Newton, MA 02466
617-795-2850 x 2325
www.jackpotrewards.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Tue, Oct 21, 2008 at 02:40:55PM -0300, Elder Souza wrote: Hi! Somebody knows how can i fix this error? My squid allways show user/pass popup in ADS+Squid authentication scheme (auth_proxy). I got a lot of winbindd: Exceeding 200 client connections, no idle connection found message in winbind.log What Samba version are you using ? This is something that has been fixed in the 3.2.4 release. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
Linux CentOS 5 Final with: - samba-common-3.0.25b-1.el5_1.4 - samba-client-3.0.25b-1.el5_1.4 - samba-3.0.25b-1.el5_1.4 Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 4:11 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Tue, Oct 21, 2008 at 02:40:55PM -0300, Elder Souza wrote: Hi! Somebody knows how can i fix this error? My squid allways show user/pass popup in ADS+Squid authentication scheme (auth_proxy). I got a lot of winbindd: Exceeding 200 client connections, no idle connection found message in winbind.log What Samba version are you using ? This is something that has been fixed in the 3.2.4 release. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Tue, Oct 21, 2008 at 05:17:19PM -0300, Elder Souza wrote: Linux CentOS 5 Final with: - samba-common-3.0.25b-1.el5_1.4 - samba-client-3.0.25b-1.el5_1.4 - samba-3.0.25b-1.el5_1.4 Elder Souza (71) 9972-7573 / (71) 8801-5734 Ancient. Please upgrade to at least 3.0.32. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
Ok, but it's a production server and I will create another and test 3.2.4 version. Another question: Why winbind can't free connections and how can I set/change a timeout value for these connections? Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 5:19 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Tue, Oct 21, 2008 at 05:17:19PM -0300, Elder Souza wrote: Linux CentOS 5 Final with: - samba-common-3.0.25b-1.el5_1.4 - samba-client-3.0.25b-1.el5_1.4 - samba-3.0.25b-1.el5_1.4 Elder Souza (71) 9972-7573 / (71) 8801-5734 Ancient. Please upgrade to at least 3.0.32. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Tue, Oct 21, 2008 at 05:33:09PM -0300, Elder Souza wrote: Ok, but it's a production server and I will create another and test 3.2.4 version. If you want to stay on 3.0.x 3.0.32 is the latest version. Another question: Why winbind can't free connections and how can I set/change a timeout value for these connections? It's a bug that has been fixed. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
It has been fixed after what version? Do you know? Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 5:41 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Tue, Oct 21, 2008 at 05:33:09PM -0300, Elder Souza wrote: Ok, but it's a production server and I will create another and test 3.2.4 version. If you want to stay on 3.0.x 3.0.32 is the latest version. Another question: Why winbind can't free connections and how can I set/change a timeout value for these connections? It's a bug that has been fixed. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Tue, Oct 21, 2008 at 05:44:05PM -0300, Elder Souza wrote: It has been fixed after what version? Do you know? Don't have the time to check the release notes right now, but it's definately fixed in 3.0.32 and 3.2.4. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
No prob Jeremy, thanx for your help! Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 5:47 PM, Jeremy Allison [EMAIL PROTECTED] wrote: On Tue, Oct 21, 2008 at 05:44:05PM -0300, Elder Souza wrote: It has been fixed after what version? Do you know? Don't have the time to check the release notes right now, but it's definately fixed in 3.0.32 and 3.2.4. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows not being able to see all samba groups
Hi there, I´m working on a samba server 3.0.24 based on openldap 2.3.30, instaled onde Debian Etch 64 fully updated. This installation have been working fine about 2 years and lately I´m trying to find some groups on my Windows file server and it doesn´t find them. Some groups show up others don´t. Since I can list all my groups using smbldap-groupshow or with getent group I believe it´s not exactly an ldap issue. When looking for some debug information on ldap logs I don´t see any errors. The groups are retrieved fine from ldap. Samba doesn´t show any errors too. Any idea about what could be happening? Thank´s in advance. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2, Samba 3.3 release planning
Original message Date: Tue, 21 Oct 2008 13:46:14 -0500 From: Gerald (Jerry) Carter [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.2, Samba 3.3 release planning To: Andreas Ladanyi [EMAIL PROTECTED] Cc: samba@lists.samba.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Is samba 3.2 development stopped and all concentration given to Samba 3.3 ? Because there isnt any further release note available for 3.2, but instead there are some notes for 3.3 ? Any future Samba 3.2.x release will be bug fix releases only. New develeopment is on-going in the 3.3 branch which is due for release mid-december. I love that releases are moving very quickly now. My only concern is keeping up with and determining what is appropriate as I continue to maintain AIX binaries on my web page. Presently I have already dropped the 3.0 series and have 3.2.4 available with the clustering option for AIX 5.3 and 6.1. I am trying to determine how best to support a 3.2 and 3.3 parallel set or if I should just drop 3.2 after 3.3.1 is released or some other arbitrary schedule. :-) :-) How long after 3.3 is released to production does the Samba team anticipate supporting the 3.2 line? Much appreciation and thanks to all on the Team! Cheers, Bill cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/iN2IR7qMdg1EfYRAinOAJ9XqGIi8selGvRTrPAfTumNJxTupwCgwn1K +6VSHinH8qJkRl9/FnlxURA= =+eBo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2, Samba 3.3 release planning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Jojo wrote: I love that releases are moving very quickly now. My only concern is keeping up with and determining what is appropriate as I continue to maintain AIX binaries on my web page. Presently I have already dropped the 3.0 series and have 3.2.4 available with the clustering option for AIX 5.3 and 6.1. I am trying to determine how best to support a 3.2 and 3.3 parallel set or if I should just drop 3.2 after 3.3.1 is released or some other arbitrary schedule. :-) :-) How long after 3.3 is released to production does the Samba team anticipate supporting the 3.2 line? That has not bee decided yet. The 3.0.x releases are in maintenance mode (transitioned as soon as 3.2.0 was released). The 3.0.x series will reach EOL on Jul 1, 2009. I expect that 3.2.x will be moved to maintenance mode as soon as 3.3.0 is released. maintenance == only critical bug fixes and security issues What we've not stated is how long it would be until v3.2.x reaches EOL. Based on past data, I expect 6 - 12 months, but that is just a guess and not really up to me. If I were packaging Samba, I would only focus on the latest production release. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/laiIR7qMdg1EfYRAmcbAJ4pcc9a2mJvpMhvB29WapolX6YH9wCgtu6y TXcKxtS7V/Gt+G0Vo1LUhy0= =nkM3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Create user home directory or user-own folder on samba server on first login to samba
Русаков Денис wrote:
I'd like to create user home directory or user-own folder on samba server on
first login to samba without using PAM
I use this along with a root preexec (and preexec close) setting on
the homes share.
*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
/*
* Program Name: smbmkhome
* Version: 1.0
* Author: Michael Heydon
* Purpose: This program is designed to be run by samba prior to a user
* accessing their home directory. Since the users are set up in LDAP
* it is possible (probable) that their home directory was not created
* when their account was. This program will create the user's home
* directory and fix ownership and permissions if necessary.
*
* The program should be called with 1 parameter
*
* smbmkhome username
*
* username is the user to create/fix the home directory for.
*
* smbmkhome will return: 0 - success
* 1 - incorrect parameters
* 2 - invalid user
* 3 - home exists but is not a directory
* 4 - mkdir/chown failed
*
* Notes: compile with gcc -o smbmkhome smbmkhome.c
* tested under slackware linux 10.2
* requires cpio to copy skel when creating a directory
*/
#include stdio.h
#include stdlib.h
#include strings.h
#include sys/types.h
#include sys/stat.h
#include unistd.h
#include pwd.h
void printUsage(char* argv0);
int createHomeDir(struct passwd* user, char* skel);
void fixPerms(struct passwd* user);
int main (int argc, char* argv[]) {
char* skel = /etc/skel;
struct passwd* userpw = 0;
struct stat dirstat;
char* homedir = 0;
int returnval = 0;
if ( argc != 2 ) {
printUsage(argv[0]);
returnval = 1;
} else {
userpw = getpwnam(argv[1]);
if ( userpw != 0 ) {
homedir = userpw-pw_dir;
} else {
// Since this is unlikely to occur if the program is being called by
// samba as I intended we will allow a little bit of user interaction
// here.
printf (%s: User does not exist.\n, argv[0]);
returnval = 2;
}
}
if ( returnval == 0 )
if ( stat(homedir, dirstat) == 0 ) {
if ( (dirstat.st_mode S_IFMT) == S_IFDIR ) {
// Make sure the user and the users primary group are the owners of the
// home directory and make sure at least the user has RWX permissions.
//
// The last comparison isn't terrible intuitive it just happens that
// the bitmask S_IRWXU is exactly equal to the bits we want set. Rather
// than or'ing together the bits for RWX to get exactly the same value
// I decided to use the mask itself.
if ( (dirstat.st_uid != userpw-pw_uid) || \
(dirstat.st_gid != userpw-pw_gid) || \
( (dirstat.st_mode S_IRWXU) != S_IRWXU) )
fixPerms(userpw);
} else {
// stat returned, meaning the home directory exists on the FS, but
// the st_mode variable indicates that its not a directory. Oops :/
// We won't try and force things because this could be used by admins
// to stop a particular user from having a home directory (guest users
// etc).
returnval = 3;
}
} else {
// home directory does not exist at all, try and create it and chown it
// to the user and their primary group. copy skel to the new home dir if
// possible but dont worry if that bit fails.
if ( ! createHomeDir(userpw, skel) == 0 )
returnval=4;
}
return returnval;
}
void printUsage (char* argv0) {
printf (Usage: %s username\n\n, argv0);
printf (Create/fix a user's home directory (prior to accessing via
samba).\n);
}
int createHomeDir(struct passwd* user, char* skel) {
int returnval=0;
char command[255];
if ( (mkdir(user-pw_dir, 0755) == 0) ) {
returnval=chown(user-pw_dir, user-pw_uid, user-pw_gid);
} else {
returnval=1;
}
if ( returnval == 0 ) {
// Don't worry if this fails, the directory exists and is owned by the user
// this is really just a courtesy.
sprintf(command, cd %s find . -print | cpio -pd %s 21 /dev/null
,skel, user-pw_dir);
system(command);
sprintf(command, chown -R %s. %s, user-pw_name, user-pw_dir);
system(command);
}
return returnval;
}
void fixPerms(struct passwd* user) {
// We don't return anything here, since the directory already exists its
// possible that who ever created the directory set things up in such a way
// that this function fails but the share works the way they want, we don't
// want to tell samba to drop the user's connection just because their admin
// is being wierd :)
if ( (chmod(user-pw_dir, 0755) == 0) ) {
chown(user-pw_dir, user-pw_uid, user-pw_gid);
}
Re: [Samba] Multiple IP addresses in DNS record
On Tue, 2008-10-21 at 13:34 -0400, Jarrod Hyder wrote: I have a samba server running on Linux that has two ethernet cards (eth0 eth1) that are bonded into a single virtual interface (bond0). This virtual interface is connected to the corporate LAN and I have another ethernet card (eth2) that is connected to another server that is used for making incremental backups. The problem that I am having is that no matter what I do, the command net ads dns register -P' causes both the bond0 and eth2 IP addresses to show up in the DNS record on the corporate domain controller. I have tried to force samba and winbind to use interface = bond0 and bind interfaces only = yes and it doesn't seem to help this situation. If anyone can shed some light on what I am doing wrong, I would really appreciate it. BTW, I am using samba 3.0.28a -- Jarrod Hyder [EMAIL PROTECTED] Jarrod, Not sure how much help I can be, but give this a try - add the -d # flag to your 'net ads dns ...' command where # can be something up to 10 (more debug output). This can at the very least confirm the smb.conf file being read as well as perhaps point you in a better direction. If nothing else, posted the somewhat cleansed output here; it may help others here to see where your problem lies. Regards, Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Closing sessions and smbstatus
On Mon, Oct 20, 2008 at 12:52:57PM -0700, Steve Rippl wrote:
But checking our server I find that the processes DO still exist!
So
I'm getting a user session in smbstatus with a specific PID and when
I
ps -ef | grep PID there is the smbd process still running, yet the
user
has long since logged out (days ago)?! It's not just that the .tbd
file
hasn't been updated, it's that the /usr/local/bin/smbd process is
still
running. A restart of Samba clears them all up immediately, but why
are
they hanging around when the client is gone? Is this just happening
to
me on our particular setup or is this normal behavior?
No, that's not normal behavior, but it does explain why
the session id's are hanging around. Once the client
terminates the TCP session the smbd should die (and
clean up all resources such as session id's etc.).
When you find a process in this state attach using
strace -p pid (on Linux) to see what it's up to.
Jeremy.
So after one day I have ~50 left-over sessions. Running strace as above
I seem to usually get...
select(32, [5 23 31], [], NULL, {43, 45}) = 0 (Timeout)
gettimeofday({1224652458, 61107}, NULL) = 0
geteuid() = 0
getegid() = 0
setgroups(0, [])= 0
setresgid(4294967295, 0, 4294967295)= 0
getegid() = 0
setresuid(0, 0, 4294967295) = 0
geteuid() = 0
write(23, \205\0\0\0, 4) = 4
gettimeofday({1224652458, 61549}, NULL) = 0
geteuid() = 0
fstat(25, {st_mode=S_IFREG|0644, st_size=894111, ...}) = 0
gettimeofday({1224652458, 61698}, NULL) = 0
select(32, [5 23 31], [], NULL, {60, 0} unfinished ...
although a couple of time I got more go by...
...[cut-off]...
getegid() = 0
setgroups(0, [])= 0
setresgid(4294967295, 0, 4294967295)= 0
getegid() = 0
setresuid(0, 0, 4294967295) = 0
geteuid() = 0
fcntl(8, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=244, len=1}) =
0
fcntl(8, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=244, len=1}) =
0
stat(/etc/pam.d, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open(/etc/pam.d/samba, O_RDONLY) = 25
fstat(25, {st_mode=S_IFREG|0644, st_size=69, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f2f8db98000
read(25, @include [EMAIL PROTECTED] co..., 4096) = 69
stat(/etc/pam.d, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open(/etc/pam.d/common-auth, O_RDONLY) = 29
fstat(29, {st_mode=S_IFREG|0644, st_size=484, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f2f8db97000
read(29, #\n# /etc/pam.d/common-auth - aut..., 4096) = 484
open(/lib/security/pam_unix.so, O_RDONLY) = 30
read(30, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\260*\0\0...,
832) = 832
fstat(30, {st_mode=S_IFREG|0644, st_size=50568, ...}) = 0
mmap(NULL, 2195080, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 30,
0) = 0x7f2f892fd000
mprotect(0x7f2f89309000, 2093056, PROT_NONE) = 0
mmap(0x7f2f89508000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 30, 0xb000) = 0x7f2f89508000
mmap(0x7f2f89509000, 48776, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2f89509000
close(30) = 0
open(/etc/ld.so.cache, O_RDONLY) = 30
fstat(30, {st_mode=S_IFREG|0644, st_size=45774, ...}) = 0
mmap(NULL, 45774, PROT_READ, MAP_PRIVATE, 30, 0) = 0x7f2f8db8b000
close(30) = 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)
open(/lib/libselinux.so.1, O_RDONLY) = 30
read(30, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\240Q\0\0...,
832) = 832
fstat(30, {st_mode=S_IFREG|0644, st_size=109368, ...}) = 0
mmap(NULL, 2209176, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 30,
0) = 0x7f2f888d4000
mprotect(0x7f2f888ed000, 2097152, PROT_NONE) = 0
mmap(0x7f2f88aed000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 30, 0x19000) = 0x7f2f88aed000
mmap(0x7f2f88aef000, 1432, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2f88aef000
close(30) = 0
open(/etc/selinux/config, O_RDONLY) = -1 ENOENT (No such file or
directory)
statfs(/selinux, 0x7fff960e0250) = -1 ENOENT (No such file or
directory)
open(/proc/mounts, O_RDONLY) = 30
fstat(30, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f2f8db8a000
read(30, rootfs / rootfs rw 0 0\nnone /sys..., 1024) = 1024
read(30, dered 0 0\n/dev/mapper/group-mate..., 1024) = 649
read(30, , 1024) = 0
close(30) = 0
munmap(0x7f2f8db8a000, 4096)= 0
munmap(0x7f2f8db8b000, 45774) = 0
[SCM] Samba Shared Repository - branch master updated - b11f3a60fd8a06870ec12f8d153fd9a60ae820c5
The branch, master has been updated
via b11f3a60fd8a06870ec12f8d153fd9a60ae820c5 (commit)
from f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b11f3a60fd8a06870ec12f8d153fd9a60ae820c5
Author: Günther Deschner [EMAIL PROTECTED]
Date: Tue Oct 21 01:19:49 2008 +0200
s3-lsa-server: fix _lsa_GetUserName.
Guenther
---
Summary of changes:
source3/rpc_server/srv_lsa_nt.c | 29 +
source3/rpcclient/cmd_lsarpc.c |3 ++-
2 files changed, 23 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 317c1c1..e307533 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1462,6 +1462,16 @@ NTSTATUS _lsa_GetUserName(pipes_struct *p,
struct lsa_String *account_name = NULL;
struct lsa_String *authority_name = NULL;
+ if (r-in.account_name
+ *r-in.account_name) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (r-in.authority_name
+ *r-in.authority_name) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (p-server_info-guest) {
/*
* I'm 99% sure this is not the right place to do this,
@@ -1477,21 +1487,24 @@ NTSTATUS _lsa_GetUserName(pipes_struct *p,
domname = pdb_get_domain(p-server_info-sam_account);
}
- account_name = TALLOC_ZERO_P(p-mem_ctx, struct lsa_String);
+ account_name = TALLOC(p-mem_ctx, struct lsa_String);
if (!account_name) {
return NT_STATUS_NO_MEMORY;
}
+ init_lsa_String(account_name, username);
- authority_name = TALLOC_ZERO_P(p-mem_ctx, struct lsa_String);
- if (!authority_name) {
- return NT_STATUS_NO_MEMORY;
+ if (r-out.authority_name) {
+ authority_name = TALLOC(p-mem_ctx, struct lsa_String);
+ if (!authority_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_String(authority_name, domname);
}
- init_lsa_String(account_name, username);
- init_lsa_String(authority_name, domname);
-
*r-out.account_name = account_name;
- *r-out.authority_name = authority_name;
+ if (r-out.authority_name) {
+ *r-out.authority_name = authority_name;
+ }
return NT_STATUS_OK;
}
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 3f79310..aa8662c 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -1182,7 +1182,8 @@ static NTSTATUS cmd_lsa_get_username(struct
rpc_pipe_client *cli,
/* Print results */
printf(Account Name: %s, Authority Name: %s\n,
- account_name-string, authority_name-string);
+ account_name-string, authority_name ? authority_name-string :
+ );
rpccli_lsa_Close(cli, mem_ctx, pol);
done:
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 9f46669871fa245fe41c465e85dcf4db98634058
The branch, master has been updated
via 9f46669871fa245fe41c465e85dcf4db98634058 (commit)
from b11f3a60fd8a06870ec12f8d153fd9a60ae820c5 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9f46669871fa245fe41c465e85dcf4db98634058
Author: Günther Deschner [EMAIL PROTECTED]
Date: Tue Oct 21 12:26:05 2008 +0200
s3-build: fix the build.
Guenther
---
Summary of changes:
source3/rpc_server/srv_lsa_nt.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e307533..2fa705d 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1487,14 +1487,14 @@ NTSTATUS _lsa_GetUserName(pipes_struct *p,
domname = pdb_get_domain(p-server_info-sam_account);
}
- account_name = TALLOC(p-mem_ctx, struct lsa_String);
+ account_name = TALLOC_P(p-mem_ctx, struct lsa_String);
if (!account_name) {
return NT_STATUS_NO_MEMORY;
}
init_lsa_String(account_name, username);
if (r-out.authority_name) {
- authority_name = TALLOC(p-mem_ctx, struct lsa_String);
+ authority_name = TALLOC_P(p-mem_ctx, struct lsa_String);
if (!authority_name) {
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 2ee8d29d22bcb1c350ab59d71b0aee548489bc9c
The branch, master has been updated via 2ee8d29d22bcb1c350ab59d71b0aee548489bc9c (commit) from 6069407ed1c210e12536188d60e290704b523983 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ee8d29d22bcb1c350ab59d71b0aee548489bc9c Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 14:29:38 2008 +0200 Prevent warning about directory already existing. --- Summary of changes: source4/selftest/tests.sh |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh index 42bc814..49e8c2e 100755 --- a/source4/selftest/tests.sh +++ b/source4/selftest/tests.sh @@ -61,7 +61,7 @@ samba4bindir=$samba4srcdir/bin prefix_abs=$SELFTEST_PREFIX/s4client -mkdir $prefix_abs +test -d $prefix_abs || mkdir $prefix_abs conffile=$SELFTEST_CONFFILE TORTURE_OPTIONS= -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 6069407ed1c210e12536188d60e290704b523983
The branch, master has been updated via 6069407ed1c210e12536188d60e290704b523983 (commit) from 9f46669871fa245fe41c465e85dcf4db98634058 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6069407ed1c210e12536188d60e290704b523983 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 14:23:42 2008 +0200 Fix rpcecho test. --- Summary of changes: .../scripting/python/samba/tests/dcerpc/rpcecho.py |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py index 0679073..12638e2 100644 --- a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py +++ b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py @@ -25,8 +25,7 @@ from samba.tests import RpcInterfaceTestCase class RpcEchoTests(RpcInterfaceTestCase): def setUp(self): -self.conn = echo.rpcecho(ncalrpc:, self.get_loadparm(), - self.get_credentials()) +self.conn = echo.rpcecho(ncalrpc:, self.get_loadparm()) def test_two_contexts(self): self.conn2 = echo.rpcecho(ncalrpc:, self.get_loadparm(), basis_connection=self.conn) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-4-61-gf8d4596
The branch, v3-2-stable has been updated
via f8d4596ec2b8f35dd3cc05aa7ee356abb9c0920b (commit)
via afed4929f9c707fb72b0e8dd12b1a1e8dcab9a84 (commit)
via feb057d4503118e519b5dbd9d2c3ca2c1ee55380 (commit)
via 01fd94981e322da59ac2c00055220c89de135ebe (commit)
via f3b0e219f1a7660ff275db701935eecbe053fa25 (commit)
via 520dcfffe78bb079bbdad6de5a4cdc392527f4b8 (commit)
from ec9f180390852a9356df11412bc7478f48f52b43 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -
commit f8d4596ec2b8f35dd3cc05aa7ee356abb9c0920b
Author: Günther Deschner [EMAIL PROTECTED]
Date: Mon Oct 20 20:16:03 2008 +0200
s3-samr-server: be consistent when reporting we do password complexity.
Guenther
(cherry picked from commit 7c2831c5872ad26e1e0cd7df59d6c0b88d566760)
commit afed4929f9c707fb72b0e8dd12b1a1e8dcab9a84
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Fri Oct 17 15:25:58 2008 -0700
Unify access checks for lsa server functions.
Jeremy.
(cherry picked from commit ef15ff6abec34377ab7fa75201e2799c0bb72aeb)
commit feb057d4503118e519b5dbd9d2c3ca2c1ee55380
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Thu Oct 16 21:04:18 2008 -0700
Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.
If total_data == 4 Windows doesn't care what values
are placed in that field, it just ignores them.
The System i QNTC IBM SMB client puts bad values here,
so ignore them.
Jeremy.
(cherry picked from commit 5b1d8588d01d11251541829c5a3dff211fe925fd)
commit 01fd94981e322da59ac2c00055220c89de135ebe
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Thu Oct 16 15:06:13 2008 -0700
Unify the logic in pull_ascii_base_talloc() and pull_ucs2_base_talloc().
Jeremy.
(cherry picked from commit 5109bd33719a4bb1534cb0e012c92ec778fb26df)
commit f3b0e219f1a7660ff275db701935eecbe053fa25
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Thu Oct 16 11:57:51 2008 -0700
Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses
old server.
Karolin this is a show-stopper for 3.2.5.
There was some code in pull_ucs2_base_talloc() to cope with this case which
hadn't been added to pull_ascii_base_talloc(). The older Samba returns non
unicode names which is why you are seeing this codepath being executed.
Jeremy.
(cherry picked from commit 09fa53d927436310ae3c17096d42e2fa4de1dd2e)
commit 520dcfffe78bb079bbdad6de5a4cdc392527f4b8
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Wed Oct 15 18:08:07 2008 -0700
Don't use debug level 1 to log a trivial message.
Jeremy.
(cherry picked from commit 7c53cde257515e7bfffc8f3c0b54b7c99554d240)
---
Summary of changes:
source/include/rpc_lsa.h|1 +
source/lib/charcnv.c| 50 --
source/rpc_client/cli_pipe.c|2 +-
source/rpc_server/srv_lsa_nt.c | 21 +---
source/rpc_server/srv_samr_nt.c |4 +++
source/smbd/trans2.c|7 +++--
6 files changed, 69 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h
index b4021af..1dc5ba4 100644
--- a/source/include/rpc_lsa.h
+++ b/source/include/rpc_lsa.h
@@ -39,6 +39,7 @@
#define LSA_POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\
+LSA_POLICY_VIEW_LOCAL_INFORMATION|\
LSA_POLICY_VIEW_AUDIT_INFORMATION|\
LSA_POLICY_GET_PRIVATE_INFORMATION)
diff --git a/source/lib/charcnv.c b/source/lib/charcnv.c
index cea234f..f4efcb2 100644
--- a/source/lib/charcnv.c
+++ b/source/lib/charcnv.c
@@ -1183,6 +1183,10 @@ static size_t pull_ascii_base_talloc(TALLOC_CTX *ctx,
*ppdest = NULL;
+ if (!src_len) {
+ return 0;
+ }
+
if (flags STR_TERMINATE) {
if (src_len == (size_t)-1) {
src_len = strlen((const char *)src) + 1;
@@ -1200,16 +1204,41 @@ static size_t pull_ascii_base_talloc(TALLOC_CTX *ctx,
(unsigned int)src_len);
smb_panic(msg);
}
+ } else {
+ /* Can't have an unlimited length
+* non STR_TERMINATE'd.
+*/
+ if (src_len == (size_t)-1) {
+ errno = EINVAL;
+ return 0;
+ }
}
+ /* src_len != -1 here. */
+
if (!convert_string_allocate(ctx, CH_DOS, CH_UNIX, src, src_len, dest,
- dest_len, True))
+ dest_len, True)) {
dest_len = 0;
+ }
if (dest_len dest) {
/* Did we already process the terminating zero ?
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3100-gc560961
The branch, v3-2-test has been updated via c5609611ef2af5dee47a380003c6ce94f3781f0b (commit) from 7c2831c5872ad26e1e0cd7df59d6c0b88d566760 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit c5609611ef2af5dee47a380003c6ce94f3781f0b Author: Karolin Seeger [EMAIL PROTECTED] Date: Tue Oct 21 15:12:57 2008 +0200 WHATSNEW: Update changes. Karolin --- Summary of changes: WHATSNEW.txt |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9734119..7011594 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -31,9 +31,11 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5797: Fix moving of readonly files. * BUG 5814: Fix Winbind crash bug while doing rescan_trusted_domain. * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. +* BUG 5826: Fix truncated filenames when accessing old servers. * Fix rename_open_files. * Restructure VFS SMB traffic analyzer VFS module. * Correctly fix smbclient to terminate on eof from server. +* Unify access checks for lsa server functions. o Gerald (Jerry) Carter [EMAIL PROTECTED] @@ -44,6 +46,7 @@ o Gerald (Jerry) Carter [EMAIL PROTECTED] o Guenther Deschner [EMAIL PROTECTED] * Fix duplicate installation of cifs.upcall. * Fix _srvsvc_NetShareAdd segfault. +* Ensure consistency when reporting password complexity. o Holger Hetterich [EMAIL PROTECTED] -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-4-62-g1d86b5e
The branch, v3-2-stable has been updated via 1d86b5e003effb4bb56ef9b0444da63a909fbc3c (commit) from f8d4596ec2b8f35dd3cc05aa7ee356abb9c0920b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 1d86b5e003effb4bb56ef9b0444da63a909fbc3c Author: Karolin Seeger [EMAIL PROTECTED] Date: Tue Oct 21 15:12:57 2008 +0200 WHATSNEW: Update changes. Karolin (cherry picked from commit c5609611ef2af5dee47a380003c6ce94f3781f0b) --- Summary of changes: WHATSNEW.txt |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9734119..7011594 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -31,9 +31,11 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5797: Fix moving of readonly files. * BUG 5814: Fix Winbind crash bug while doing rescan_trusted_domain. * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. +* BUG 5826: Fix truncated filenames when accessing old servers. * Fix rename_open_files. * Restructure VFS SMB traffic analyzer VFS module. * Correctly fix smbclient to terminate on eof from server. +* Unify access checks for lsa server functions. o Gerald (Jerry) Carter [EMAIL PROTECTED] @@ -44,6 +46,7 @@ o Gerald (Jerry) Carter [EMAIL PROTECTED] o Guenther Deschner [EMAIL PROTECTED] * Fix duplicate installation of cifs.upcall. * Fix _srvsvc_NetShareAdd segfault. +* Ensure consistency when reporting password complexity. o Holger Hetterich [EMAIL PROTECTED] -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 24837959ed0972a4706f3008fe7622aa2c5f6c5e
The branch, master has been updated
via 24837959ed0972a4706f3008fe7622aa2c5f6c5e (commit)
via e858cc20830bc395f71f5f76ca68476bf798155f (commit)
via 95b13b313bb35e97e4318e229ab7773c0218abae (commit)
from 2ee8d29d22bcb1c350ab59d71b0aee548489bc9c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 24837959ed0972a4706f3008fe7622aa2c5f6c5e
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Mon Oct 20 16:30:45 2008 +0200
Create a function out of pam_sm_close_session to delete the credentials.
This is the way the creds should be deleted. Now we have back a
close_session function which can be used for other things.
commit e858cc20830bc395f71f5f76ca68476bf798155f
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Mon Oct 20 14:54:11 2008 +0200
Delete the krb5 ccname variable from the PAM environment if set.
If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
commit 95b13b313bb35e97e4318e229ab7773c0218abae
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Mon Oct 20 14:51:00 2008 +0200
Set the right return value if wbc_status is set to an error.
---
Summary of changes:
source3/nsswitch/pam_winbind.c | 242 ++--
1 files changed, 135 insertions(+), 107 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 8d8868d..1c92725 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -2285,6 +2285,135 @@ static char* winbind_upn_to_username(struct pwb_context
*ctx,
return talloc_asprintf(ctx, %s\\%s, domain, name);
}
+static int _pam_delete_cred(pam_handle_t *pamh, int flags,
+int argc, const char **argv)
+{
+ int retval = PAM_SUCCESS;
+ struct pwb_context *ctx = NULL;
+ struct wbcLogoffUserParams logoff;
+ struct wbcAuthErrorInfo *error = NULL;
+ const char *user;
+ wbcErr wbc_status;
+
+ retval = _pam_winbind_init_context(pamh, flags, argc, argv, ctx);
+ if (retval) {
+ goto out;
+ }
+
+ _PAM_LOG_FUNCTION_ENTER(_pam_delete_cred, ctx);
+
+ if (ctx-ctrl WINBIND_KRB5_AUTH) {
+
+ /* destroy the ccache here */
+
+ uint32_t wbc_flags = 0;
+ const char *ccname = NULL;
+ struct passwd *pwd = NULL;
+
+ retval = pam_get_user(pamh, user, Username: );
+ if (retval) {
+ _pam_log(ctx, LOG_ERR,
+could not identify user);
+ goto out;
+ }
+
+ if (user == NULL) {
+ _pam_log(ctx, LOG_ERR,
+username was NULL!);
+ retval = PAM_USER_UNKNOWN;
+ goto out;
+ }
+
+ _pam_log_debug(ctx, LOG_DEBUG,
+ username [%s] obtained, user);
+
+ ccname = pam_getenv(pamh, KRB5CCNAME);
+ if (ccname == NULL) {
+ _pam_log_debug(ctx, LOG_DEBUG,
+ user has no KRB5CCNAME environment);
+ }
+
+ pwd = getpwnam(user);
+ if (pwd == NULL) {
+ retval = PAM_USER_UNKNOWN;
+ goto out;
+ }
+
+ wbc_flags = WBFLAG_PAM_KRB5 |
+ WBFLAG_PAM_CONTACT_TRUSTDOM;
+
+ ZERO_STRUCT(logoff);
+
+ logoff.username = user;
+
+ wbc_status = wbcAddNamedBlob(logoff.num_blobs,
+logoff.blobs,
+ccfilename,
+0,
+(uint8_t *)ccname,
+strlen(ccname)+1);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto out;
+ }
+
+ wbc_status = wbcAddNamedBlob(logoff.num_blobs,
+logoff.blobs,
+flags,
+0,
+(uint8_t *)wbc_flags,
+sizeof(wbc_flags));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto out;
+ }
+
+ wbc_status = wbcAddNamedBlob(logoff.num_blobs,
+logoff.blobs,
+user_uid,
+0,
+
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-32-48-g98f3369
The branch, v3-0-test has been updated
via 98f3369e08f4d5bc759e93d36f3d67a3c057f40d (commit)
from cfdbe8a1f2057ad1a8886ca7445a812219648d19 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -
commit 98f3369e08f4d5bc759e93d36f3d67a3c057f40d
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Mon Oct 20 17:39:35 2008 +0200
Delete the krb5 ccname variable from the PAM environment if set.
If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
---
Summary of changes:
source/nsswitch/pam_winbind.c |8
1 files changed, 8 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 85621f0..e36733c 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -1893,6 +1893,14 @@ out:
iniparser_freedict(d);
}
+ /*
+* Delete the krb5 ccname variable from the PAM environment
+* if it was set by winbind.
+*/
+ if (ctx-ctrl WINBIND_KRB5_AUTH) {
+ pam_putenv(pamh, KRB5CCNAME);
+ }
+
_PAM_LOG_FUNCTION_LEAVE(pam_sm_close_session, pamh, ctrl, retval);
return retval;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 5cc4a84583d027b54e26a9c42a89b7b8a6b6c67d
The branch, master has been updated via 5cc4a84583d027b54e26a9c42a89b7b8a6b6c67d (commit) from 24837959ed0972a4706f3008fe7622aa2c5f6c5e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5cc4a84583d027b54e26a9c42a89b7b8a6b6c67d Author: Volker Lendecke [EMAIL PROTECTED] Date: Tue Oct 21 15:27:48 2008 +0200 Fix two trivial typos --- Summary of changes: source3/nsswitch/libwbclient/wbc_sid.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 4cfdd79..54f6e70 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -172,7 +172,7 @@ done: * @param domain Domain name (possibly ) * @param nameUser or group name * @param *sidPointer to the resolved domain SID - * @param *name_type Pointet to the SID type + * @param *name_type Pointer to the SID type * * @return #wbcErr * @@ -225,7 +225,7 @@ wbcErr wbcLookupName(const char *domain, * @param *sidPointer to the domain SID to be resolved * @param pdomain Resolved Domain name (possibly ) * @param pname Resolved User or group name - * @param *pname_type Pointet to the resolved SID type + * @param *pname_type Pointer to the resolved SID type * * @return #wbcErr * -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3101-ge7b0d1c
The branch, v3-2-test has been updated
via e7b0d1c984a37600a234c1f4c95b06e9b5898f30 (commit)
from c5609611ef2af5dee47a380003c6ce94f3781f0b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit e7b0d1c984a37600a234c1f4c95b06e9b5898f30
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Mon Oct 20 17:35:42 2008 +0200
Delete the krb5 ccname variable from the PAM environment if set.
If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
---
Summary of changes:
source/nsswitch/pam_winbind.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 95b3d23..15b33e3 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -2358,6 +2358,13 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
}
out:
+ /*
+* Delete the krb5 ccname variable from the PAM environment
+* if it was set by winbind.
+*/
+ if (ctx-ctrl WINBIND_KRB5_AUTH) {
+ pam_putenv(pamh, KRB5CCNAME);
+ }
_PAM_LOG_FUNCTION_LEAVE(pam_sm_close_session, ctx, retval);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4276-ge61a0cc
The branch, v3-3-test has been updated
via e61a0cc2cd51c97df316377f74dd6c9430c5f7cc (commit)
from 6873be9cc7a6700a5b32c140738d40112d32c229 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit e61a0cc2cd51c97df316377f74dd6c9430c5f7cc
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Mon Oct 20 17:35:42 2008 +0200
Delete the krb5 ccname variable from the PAM environment if set.
If winbind sets the KRB5CCNAME variable it should unset it when
the cache gets destroyed.
---
Summary of changes:
source/nsswitch/pam_winbind.c |7 +++
1 files changed, 7 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index beb0d47..5593114 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -2428,6 +2428,13 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
}
out:
+ /*
+* Delete the krb5 ccname variable from the PAM environment
+* if it was set by winbind.
+*/
+ if (ctx-ctrl WINBIND_KRB5_AUTH) {
+ pam_putenv(pamh, KRB5CCNAME);
+ }
_PAM_LOG_FUNCTION_LEAVE(pam_sm_close_session, ctx, retval);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - febd55b1bfb3a93d905bb1a1903fc28e88d2a497
The branch, master has been updated via febd55b1bfb3a93d905bb1a1903fc28e88d2a497 (commit) via fdf0d9bbb89155e5bd793729468dc457448054e5 (commit) via 19aec78aec846e5f66b3930a4053beea30318c4a (commit) via d4d4a9da832a4c0c5bb080eb3b7c837fc57da31d (commit) via 5209a846a9157e649fcdcb561f7eaf19c8c0e465 (commit) via 625359b2e266105022309df8985720108ecd6f67 (commit) via fcc93f68a0d87d3f938bdd6ecd6dc91c6ab648d5 (commit) via 80af62652b268c9a85fe30ede503924743cfdbde (commit) via 828b033345a93d8d4273dd32265f14b4164fc1e0 (commit) via 47868196b8f989492e0e5c47f384a713791be683 (commit) via 2a267e6da524c5dc69b3e2d97114f17461567856 (commit) via f10227958bef70df7609aeec5dcc834a601bd945 (commit) via f9d7af8569eb7163ab9fe301d759c0c35e68a9bc (commit) via 254eb51c4cc1273ada1182f052f8e66fd9124e25 (commit) via 083785c0919b635601fdfc23c6dcc9368fa14a0d (commit) via c26cb44e0328aaba1d81cb4bd09b37252c7a725b (commit) via b23c3c24c2ffa8c8fa73ae90947d7e0a01b796c0 (commit) via 5f2ab665bd8d17ca7c204a9720e06895874ad2ef (commit) via ac4808c11f1dced2757deda9ebf28c6cb4e3ba57 (commit) via e23e99764436b9a8432dd6552d12c3ad82a27362 (commit) via f58f74949d1c596a9c696dc71b325f7d4475fc5f (commit) via 036b650ee4b4b32859c8ccfa797b20bbaa9a23e6 (commit) via 1938cb1e834499aa6e6c8290861dbd233184156a (commit) via d7be73eea2c8a55b3dbe95c9c576701e4b1c7f7d (commit) via ad778c00e7307c2e14271f641d75ff05f3ec5d1e (commit) via 16ab396d526546c2a55114cbac0e779aa6420601 (commit) from 5cc4a84583d027b54e26a9c42a89b7b8a6b6c67d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit febd55b1bfb3a93d905bb1a1903fc28e88d2a497 Merge: fdf0d9bbb89155e5bd793729468dc457448054e5 5cc4a84583d027b54e26a9c42a89b7b8a6b6c67d Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 15:53:28 2008 +0200 Merge branch 'master' of ssh://git.samba.org/data/git/samba into regsrv commit fdf0d9bbb89155e5bd793729468dc457448054e5 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 15:51:04 2008 +0200 Fix double free. commit 19aec78aec846e5f66b3930a4053beea30318c4a Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 15:47:34 2008 +0200 Fix the build. commit d4d4a9da832a4c0c5bb080eb3b7c837fc57da31d Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 14:57:41 2008 +0200 Revert Registry server LDB backend: Don't make copies of the same type The original data pointer may go away so we do want to make copies in this case. This reverts commit 625359b2e266105022309df8985720108ecd6f67. commit 5209a846a9157e649fcdcb561f7eaf19c8c0e465 Merge: 625359b2e266105022309df8985720108ecd6f67 2ee8d29d22bcb1c350ab59d71b0aee548489bc9c Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 14:51:13 2008 +0200 Merge branch 'master' of ssh://git.samba.org/data/git/samba into regsrv Conflicts: source4/lib/registry/ldb.c source4/rpc_server/winreg/rpc_winreg.c commit 625359b2e266105022309df8985720108ecd6f67 Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Fri Sep 19 12:48:15 2008 +0200 Registry server LDB backend: Don't make copies of the same type commit fcc93f68a0d87d3f938bdd6ecd6dc91c6ab648d5 Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Fri Sep 19 12:39:53 2008 +0200 Registry server LDB backend REG_BINARY type: Save it directly in LDB With this patch the REG_BINARY type is saved directly in a LDB registry database rather than converted in a hex-string. commit 80af62652b268c9a85fe30ede503924743cfdbde Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Fri Sep 19 12:29:38 2008 +0200 Registry RPC server: Reintroduce the key variable for better readability The key variable points to our working key in the hive (h-data). commit 828b033345a93d8d4273dd32265f14b4164fc1e0 Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Thu Sep 18 19:52:52 2008 +0200 Registry server LDB backend REG_SZ type: Always use UTF8 encoding We should save data OS independent in the LDB files. commit 47868196b8f989492e0e5c47f384a713791be683 Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Thu Sep 18 16:51:48 2008 +0200 Registry server LDB backend REG_SZ type: Fix up the empty string problem This fixes up the empty string problem in a better way without the need of changing the character conversion code. commit 2a267e6da524c5dc69b3e2d97114f17461567856 Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Thu Sep 18 16:15:05 2008 +0200 Revert Fix for the empty string (REG_SZ) problem This reverts commit d994520885301f1dfd04363bab05c9238ce5ae05. This shouldn't be fixed in the general character
[SCM] Samba Shared Repository - branch master updated - 8fe59b9b00072dc4e12314624bbb692ceb776efd
The branch, master has been updated via 8fe59b9b00072dc4e12314624bbb692ceb776efd (commit) via 3678a98dcdb6267e0279b638d7008acfa3a0ee8b (commit) from febd55b1bfb3a93d905bb1a1903fc28e88d2a497 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8fe59b9b00072dc4e12314624bbb692ceb776efd Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 16:04:54 2008 +0200 Automatically enable merged build (for more complete 'make test') when possible during developer builds. commit 3678a98dcdb6267e0279b638d7008acfa3a0ee8b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 16:03:45 2008 +0200 Remove duplicate searching of Samba 4 directory for tags. --- Summary of changes: source3/configure.in |5 - source3/samba4.mk|8 2 files changed, 4 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index a97d535..cd84934 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -6236,7 +6236,10 @@ if test x$enable_merged_build = xauto; then AC_MSG_CHECKING([whether it would be possible to do a merged build]) AC_MSG_RESULT([$merged_build_possible]) - dnl FIXME: enable_merged_build=$merged_build_possible + # Enable merged build automatically if possible, when in developer mode + if test x$developer = xyes; then + enable_merged_build=$merged_build_possible + fi fi if test x$enable_merged_build = xyes; then diff --git a/source3/samba4.mk b/source3/samba4.mk index 93022c5..27fb210 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -161,11 +161,3 @@ modules:: $(PLUGINS) all:: basics bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 torture:: basics bin/smbtorture4 everything:: basics $(patsubst %,%4,$(BINARIES)) - - -etags:: - etags --append=yes `find $(samba4srcdir) -name *.[ch]` - -ctags:: - ctags --append=yes `find $(samba4srcdir) -name *.[ch]` - -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - ea4f764322fb3256ca11d0e206f1b39ed3c03c7c
The branch, master has been updated
via ea4f764322fb3256ca11d0e206f1b39ed3c03c7c (commit)
from 8fe59b9b00072dc4e12314624bbb692ceb776efd (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ea4f764322fb3256ca11d0e206f1b39ed3c03c7c
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 16:33:25 2008 +0200
Remove unused global variables.
---
Summary of changes:
source4/lib/samba3/smbpasswd.c |3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/samba3/smbpasswd.c b/source4/lib/samba3/smbpasswd.c
index 47c826f..502f13f 100644
--- a/source4/lib/samba3/smbpasswd.c
+++ b/source4/lib/samba3/smbpasswd.c
@@ -89,9 +89,6 @@ struct samr_Password *smbpasswd_gethexpwd(TALLOC_CTX
*mem_ctx, const char *p)
}
/*! Convert a 16-byte array into 32 hex characters. */
- struct samr_Password *lm_hash_p = NULL;
- struct samr_Password *nt_hash_p = NULL;
-
char *smbpasswd_sethexpwd(TALLOC_CTX *mem_ctx, struct samr_Password *pwd,
uint16_t acb_info)
{
char *p;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - d14244459243ec317438bb0bb06fad0094d1a5e2
The branch, master has been updated via d14244459243ec317438bb0bb06fad0094d1a5e2 (commit) via d53ff689a39ebd8b6b5dc9a13b9234ab2c8160e5 (commit) from ea4f764322fb3256ca11d0e206f1b39ed3c03c7c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d14244459243ec317438bb0bb06fad0094d1a5e2 Merge: d53ff689a39ebd8b6b5dc9a13b9234ab2c8160e5 ea4f764322fb3256ca11d0e206f1b39ed3c03c7c Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 16:58:35 2008 +0200 Merge branch 'master' of git://git.samba.org/samba commit d53ff689a39ebd8b6b5dc9a13b9234ab2c8160e5 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Oct 21 16:45:09 2008 +0200 Silence undefined variable warnings. --- Summary of changes: source3/samba4.m4 |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/samba4.m4 b/source3/samba4.m4 index 05d6552..ed49347 100644 --- a/source3/samba4.m4 +++ b/source3/samba4.m4 @@ -129,8 +129,12 @@ SMB_WRITE_MAKEVARS(samba4-config.mk, [prefix exec_prefix CPPFLAGS LDSHFLAGS POPT oldbuilddir=$builddir builddir=$builddir/../source4 +oldsrcdir=$srcdir +srcdir=$srcdir/../source4 +AC_SUBST(srcdir) SMB_WRITE_PERLVARS(../source4/build/smb_build/config.pm) builddir=$oldbuilddir +srcdir=$oldsrcdir echo configure: creating ../source4/config.mk cat ../source4/config.mkCEOF -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - fe02004865144dd5061a6cc9889bef6195de995e
The branch, master has been updated
via fe02004865144dd5061a6cc9889bef6195de995e (commit)
via ecd293325c05ab5c179403b023747baf3ee5ed37 (commit)
via 59a6e534cd64f766342546ff59bc1399a3c8237e (commit)
via dadde7e8f065e1d5c339c7b5692bd1712d35820c (commit)
via 8834b9c787dbffedfa8c0789080650b49599dd04 (commit)
via 70eba79edb3cba9432508ff3c439200e980f9468 (commit)
via 86576f0f1627bf799e422d16baac5a7057de0316 (commit)
from d14244459243ec317438bb0bb06fad0094d1a5e2 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit fe02004865144dd5061a6cc9889bef6195de995e
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 17:32:07 2008 +0200
Specify skip list to selftest.pl, make make target depend on test
binaries.
commit ecd293325c05ab5c179403b023747baf3ee5ed37
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 17:23:48 2008 +0200
Correctly report when merged-build is used in developer mode.
commit 59a6e534cd64f766342546ff59bc1399a3c8237e
Merge: d14244459243ec317438bb0bb06fad0094d1a5e2
dadde7e8f065e1d5c339c7b5692bd1712d35820c
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 17:19:23 2008 +0200
Merge branch 'selftest' of git://git.samba.org/jelmer/samba
commit dadde7e8f065e1d5c339c7b5692bd1712d35820c
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Mon Oct 20 12:09:36 2008 +0200
Make warning a bit more user-friendly.
commit 8834b9c787dbffedfa8c0789080650b49599dd04
Merge: 70eba79edb3cba9432508ff3c439200e980f9468
640847b4fc74c93dd74b2325b4ac92a001a81c92
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Mon Oct 20 11:33:44 2008 +0200
Merge branch 'master' of ssh://git.samba.org/data/git/samba into selftest
commit 70eba79edb3cba9432508ff3c439200e980f9468
Merge: 86576f0f1627bf799e422d16baac5a7057de0316
221ea78e2e1688f2e79703784b3d1d1a68057604
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Mon Oct 20 11:07:38 2008 +0200
Merge branch 'master' of ssh://git.samba.org/data/git/samba into selftest
commit 86576f0f1627bf799e422d16baac5a7057de0316
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Sun Oct 19 14:56:29 2008 +0200
Add 'selftest' target to Samba 3 that uses the perl selftest code.
---
Summary of changes:
selftest/selftest.pl |4 ++-
source3/Makefile.in|6 +
source3/m4/check_path.m4 |1 +
source3/selftest/tests.sh | 52
4 files changed, 62 insertions(+), 1 deletions(-)
create mode 100644 source3/selftest/knownfail
create mode 100644 source3/selftest/skip
create mode 100755 source3/selftest/tests.sh
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 60eabe4..b1908d4 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -434,7 +434,9 @@ if ($opt_socket_wrapper) {
$socket_wrapper_dir = SocketWrapper::setup_dir($prefix/w,
$opt_socket_wrapper_pcap);
print SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n;
} else {
- warn(Not using socket wrapper, but also not running as root. Will not
be able to listen on proper ports) unless $ == 0;
+unless ($ == 0) {
+print WARNING: Not using socket wrapper, but also not running
as root. Will not be able to listen on proper ports\n;
+}
}
my $target;
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 0e1d17f..ac330b3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -2807,6 +2807,12 @@ valgrindtest:: all torture timelimit
VALGRIND=valgrind -q --num-callers=30
--log-file=${selftest_prefix}/valgrind.log \
PERL=$(PERL) $(srcdir)/script/tests/selftest.sh ${selftest_prefix}
all ${smbtorture4_path}
+selftest:: all torture timelimit
+ @../selftest/selftest.pl --prefix=st --target=samba3 \
+ --testlist=$(srcdir)/selftest/tests.sh| \
+ --expected-failures=$(srcdir)/selftest/knownfail \
+ --exclude=$(srcdir)/selftest/skip
+
# Check for Winbind struct 32/64bit padding
test_wbpad:
@echo Testing winbind request/response structure for 32/64bit padding
diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4
index 40a97d3..9c99468 100644
--- a/source3/m4/check_path.m4
+++ b/source3/m4/check_path.m4
@@ -303,6 +303,7 @@ AC_ARG_ENABLE(debug,
debug=yes
fi])
+AC_SUBST(developer)
developer=no
AC_ARG_ENABLE(developer, [AS_HELP_STRING([--enable-developer], [Turn on
developer warnings and debugging (default=no)])],
[if eval test x$enable_developer = xyes; then
diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail
new file mode 100644
index 000..e69de29
diff --git a/source3/selftest/skip b/source3/selftest/skip
new file mode 100644
index 000..e69de29
diff --git
[SCM] Samba Shared Repository - branch master updated - f36e51617c7bd316f3ef393532bbc169895d6a66
The branch, master has been updated
via f36e51617c7bd316f3ef393532bbc169895d6a66 (commit)
via 4ba0453c3ca98ed0ac27e4aa04d36d0bdc42f9e8 (commit)
via 8ac2da0d0947c3dcfc9c1e7b38739fece395642d (commit)
via e422f638bc3b3780bf5784b1ce218d3e87d068cf (commit)
from fe02004865144dd5061a6cc9889bef6195de995e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f36e51617c7bd316f3ef393532bbc169895d6a66
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 18:49:43 2008 +0200
Don't include a (relative path) srcdir in samba4-data.mk.
commit 4ba0453c3ca98ed0ac27e4aa04d36d0bdc42f9e8
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 18:33:38 2008 +0200
Fix AC_SEARCH_LIBS_EXT() usage.
commit 8ac2da0d0947c3dcfc9c1e7b38739fece395642d
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 18:26:46 2008 +0200
Allow running individual tests in the testsuite, normalize test names, fix
some tests.
commit e422f638bc3b3780bf5784b1ce218d3e87d068cf
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Tue Oct 21 17:48:05 2008 +0200
Use socket wrapper for selftest.pl, find binaries correctly.
---
Summary of changes:
lib/replace/crypt.m4 |5 ++---
selftest/selftest.pl |9 -
source3/Makefile.in | 14 +++---
source3/samba4.m4 |2 +-
source3/samba4.mk |6 +++---
source3/selftest/skip | 15 +++
source3/selftest/tests.sh | 20 +++-
7 files changed, 55 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/replace/crypt.m4 b/lib/replace/crypt.m4
index 4e90866..684c351 100644
--- a/lib/replace/crypt.m4
+++ b/lib/replace/crypt.m4
@@ -1,7 +1,6 @@
###
# test for where we get crypt() from
AC_CHECK_HEADERS(crypt.h)
-AC_SEARCH_LIBS_EXT(crypt, [crypt],
- [test $ac_cv_search_ext_crypt = none required || CRYPT_LIBS=-lcrypt
- AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function])],
+AC_SEARCH_LIBS_EXT(crypt, [crypt], CRYPT_LIBS,
+ [ AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function]) ],
[ LIBREPLACEOBJ=${LIBREPLACEOBJ} crypt.o ])
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index b1908d4..96b58cc 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -300,14 +300,12 @@ Target Specific:
--socket-wrapper-keep-pcap keep all pcap files, not just those for tests that
failed
--socket-wrapper enable socket wrapper
+ --bindir=PATH path to target binaries
--expected-failures=FILE specify list of tests that is guaranteed to fail
Samba4 Specific:
--ldap=openldap|fedora-ds back samba onto specified ldap server
-Samba3 Specific:
- --bindir=PATH path to binaries
-
Kvm Specific:
--image=PATH path to KVM image
@@ -447,12 +445,13 @@ if ($opt_target eq samba4) {
require target::Samba4;
$target = new Samba4($opt_bindir or $srcdir/bin, $ldap,
$srcdir/setup);
} elsif ($opt_target eq samba3) {
- if ($opt_socket_wrapper and `$opt_bindir/smbd -b | grep SOCKET_WRAPPER`
eq ) {
+ my $bindir = ($opt_bindir or $srcdir/bin);
+ if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq
) {
die(You must include --enable-socket-wrapper when compiling
Samba in order to execute 'make test'. Exiting);
}
$testenv_default = dc;
require target::Samba3;
- $target = new Samba3($opt_bindir);
+ $target = new Samba3($bindir);
} elsif ($opt_target eq win) {
die(Windows tests will not run with socket wrapper enabled.)
if ($opt_socket_wrapper);
diff --git a/source3/Makefile.in b/source3/Makefile.in
index ac330b3..25c3a59 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1154,9 +1154,11 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
##
# now the rules...
##
-all:: SHOWFLAGS libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \
+all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \
$(MODULES) $(NSS_MODULES) $(PAM_MODULES) @EXTRA_ALL_TARGETS@
+basics::
+
nss_modules:: $(NSS_MODULES)
pam_modules:: $(PAM_MODULES)
@@ -1167,7 +1169,7 @@ pam_winbind: SHOWFLAGS bin/[EMAIL PROTECTED]@
gpext_modules:: $(GPEXT_MODULES)
-torture:: SHOWFLAGS $(TORTURE_PROGS)
+torture:: SHOWFLAGS basics $(TORTURE_PROGS)
smbtorture : SHOWFLAGS bin/[EMAIL PROTECTED]@
@@ -2807,11 +2809,17 @@ valgrindtest:: all torture timelimit
VALGRIND=valgrind -q --num-callers=30
--log-file=${selftest_prefix}/valgrind.log \
Build status as of Wed Oct 22 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-10-21 00:00:11.0 + +++ /home/build/master/cache/broken_results.txt 2008-10-22 00:00:47.0 + @@ -1,9 +1,9 @@ -Build status as of Tue Oct 21 00:00:02 2008 +Build status as of Wed Oct 22 00:00:02 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 32 7 0 +ccache 33 7 0 ctdb 0 0 0 distcc 1 0 0 ldb 33 32 0 @@ -13,11 +13,11 @@ ppp 13 13 0 rsync33 10 0 samba-docs 0 0 0 -samba-gtk7 7 0 -samba_3_X_devel 29 19 0 -samba_3_X_test 29 17 0 -samba_4_0_test 31 27 1 -smb-build31 6 0 +samba-gtk8 8 0 +samba_3_X_devel 30 20 0 +samba_3_X_test 29 18 0 +samba_4_0_test 32 25 1 +smb-build30 6 0 talloc 33 32 0 tdb 33 12 0
[SCM] CTDB repository - branch master updated - ctdb-1.0.62-8-g1a7ff45
The branch, master has been updated
via 1a7ff4577d33f0dd470f7465c7d0e875c962f54e (commit)
via 403c68f96e1380dd07217c688de2730464f77ea0 (commit)
from 59a879626a6a55fb6a43cadf5338c1aa6afe96d1 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 1a7ff4577d33f0dd470f7465c7d0e875c962f54e
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Wed Oct 22 11:06:18 2008 +1100
new version 1.0.64
commit 403c68f96e1380dd07217c688de2730464f77ea0
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Wed Oct 22 11:04:41 2008 +1100
add a context and a timed event so that once we have been in recovery
mode for too long we drop all public ip addresses
---
Summary of changes:
include/ctdb_private.h |2 ++
packaging/RPM/ctdb.spec |5 -
server/ctdb_control.c |8 +---
server/ctdb_recover.c | 40
server/ctdb_takeover.c |3 +++
server/eventscript.c|6 +++---
tools/ctdb.c|3 +--
7 files changed, 54 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index 756c62a..9c06409 100644
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -420,6 +420,7 @@ struct ctdb_context {
uint32_t event_script_timeouts; /* counting how many consecutive times
an eventscript has timedout */
TALLOC_CTX *eventscripts_ctx; /* a context to hold data for the
RUN_EVENTSCRIPTS control */
uint32_t *recd_ping_count;
+ TALLOC_CTX *release_ips_ctx; /* a context used to automatically drop
all IPs if we fail to recover the node */
};
struct ctdb_db_context {
@@ -1422,6 +1423,7 @@ char *ctdb_addr_to_str(ctdb_sock_addr *addr);
void ctdb_canonicalize_ip(const ctdb_sock_addr *ip, ctdb_sock_addr *cip);
int32_t ctdb_control_recd_ping(struct ctdb_context *ctdb);
+int32_t ctdb_control_set_recmaster(struct ctdb_context *ctdb, uint32_t opcode,
TDB_DATA indata);
extern int script_log_level;
diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec
index a052910..2fed220 100644
--- a/packaging/RPM/ctdb.spec
+++ b/packaging/RPM/ctdb.spec
@@ -5,7 +5,7 @@ Vendor: Samba Team
Packager: Samba Team [EMAIL PROTECTED]
Name: ctdb
Version: 1.0
-Release: 63
+Release: 64
Epoch: 0
License: GNU GPL version 3
Group: System Environment/Daemons
@@ -120,6 +120,9 @@ fi
%{_includedir}/ctdb_private.h
%changelog
+* Mon Oct 22 2008 : Version 1.0.64
+ - Add a context and a timed event so that once we have been in recovery for
+ too long we drop all public addresses.
* Mon Oct 20 2008 : Version 1.0.63
- Remove logging of periodic cleanup ... in 50.samba
- When we reload a nodes file, we must detect this and reload the file also
diff --git a/server/ctdb_control.c b/server/ctdb_control.c
index fa38fea..5f65547 100644
--- a/server/ctdb_control.c
+++ b/server/ctdb_control.c
@@ -160,13 +160,7 @@ static int32_t ctdb_control_dispatch(struct ctdb_context
*ctdb,
}
case CTDB_CONTROL_SET_RECMASTER: {
- CHECK_CONTROL_DATA_SIZE(sizeof(uint32_t));
- if (ctdb-freeze_mode != CTDB_FREEZE_FROZEN) {
- DEBUG(DEBUG_NOTICE,(Attempt to set recmaster when not
frozen\n));
- return -1;
- }
- ctdb-recovery_master = ((uint32_t *)(indata.dptr[0]))[0];
- return 0;
+ return ctdb_control_set_recmaster(ctdb, opcode, indata);
}
case CTDB_CONTROL_GET_RECMASTER:
diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c
index 8d61704..c8b0ba0 100644
--- a/server/ctdb_recover.c
+++ b/server/ctdb_recover.c
@@ -529,6 +529,19 @@ static void set_recmode_handler(struct event_context *ev,
struct fd_event *fde,
return;
}
+static void
+ctdb_drop_all_ips_event(struct event_context *ev, struct timed_event *te,
+ struct timeval t, void *private_data)
+{
+ struct ctdb_context *ctdb = talloc_get_type(private_data, struct
ctdb_context);
+
+ DEBUG(DEBUG_INFO,(__location__ Been in recovery mode for too long.
Dropping all IPS\n));
+ talloc_free(ctdb-release_ips_ctx);
+ ctdb-release_ips_ctx = NULL;
+
+ ctdb_release_all_ips(ctdb);
+}
+
/*
set the recovery mode
*/
@@ -542,6 +555,21 @@ int32_t ctdb_control_set_recmode(struct ctdb_context *ctdb,
struct ctdb_set_recmode_state *state;
pid_t parent = getpid();
+ /* if we enter recovery but stay in recovery for too long
+ we will eventually drop all our ip addresses
+ */
+ if (recmode == CTDB_RECOVERY_NORMAL) {
+ talloc_free(ctdb-release_ips_ctx);
+ ctdb-release_ips_ctx = NULL;
+ } else {
+ talloc_free(ctdb-release_ips_ctx);
+
[SCM] CTDB repository - annotated tag ctdb-1.0.64 created - ctdb-1.0.64
The annotated tag, ctdb-1.0.64 has been created at 12c1dcdff5d17950517844ea90966b64547dadcc (tag) tagging 1a7ff4577d33f0dd470f7465c7d0e875c962f54e (commit) replaces ctdb-1.0.62 tagged by Ronnie Sahlberg on Wed Oct 22 11:07:18 2008 +1100 - Log - tag for release 1.0.64 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBI/m7G2aJ36aon/y8RAleVAKCJ3aSoOM/BIiTF39yDu/HLQ1+UNQCcCVX/ RaPy5yJKTEBlu2sfqIemPmQ= =6n0f -END PGP SIGNATURE- Ronnie Sahlberg (8): specify a script log level on the commandline to set under which log make it possible to set the script log level in CTDB sysconfig when we reload the nodes file, we may need to reload the nodes file null out the pointer before we reload the nodes file dont log running periodic cleanup ... new version 1.0.63 add a context and a timed event so that once we have been in recovery new version 1.0.64 --- -- CTDB repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3104-g82ec832
The branch, v3-2-test has been updated
via 82ec832f7edffe2fcfd1bb067e092c159bed2973 (commit)
via 34db58061bf0ec1d495579ac40bc6315b76f5b6c (commit)
via b848f96d747fb41c074dd073f24f186539257d71 (commit)
from e7b0d1c984a37600a234c1f4c95b06e9b5898f30 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit 82ec832f7edffe2fcfd1bb067e092c159bed2973
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Oct 21 17:06:53 2008 -0700
Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
Jeremy.
commit 34db58061bf0ec1d495579ac40bc6315b76f5b6c
Merge: b848f96d747fb41c074dd073f24f186539257d71
e7b0d1c984a37600a234c1f4c95b06e9b5898f30
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Oct 21 12:20:00 2008 -0700
Merge branch 'v3-2-test' of ssh://[EMAIL PROTECTED]/data/git/samba into
v3-2-test
commit b848f96d747fb41c074dd073f24f186539257d71
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Mon Oct 20 16:53:05 2008 -0700
Remove the requirement for ldap call made as root. Add in security
checks for all SAMR calls.
Jeremy.
---
Summary of changes:
source/lib/smbldap.c|7 --
source/lib/util_sid.c | 11 +++
source/rpc_server/srv_samr_nt.c | 131 ---
source/utils/net_rpc.c | 11 ---
4 files changed, 133 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index bcde53c..315b1e3 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -1023,13 +1023,6 @@ static int smbldap_open(struct smbldap_state *ldap_state)
int rc, opt_rc;
bool reopen = False;
SMB_ASSERT(ldap_state);
-
-#ifndef NO_LDAP_SECURITY
- if (geteuid() != 0) {
- DEBUG(0, (smbldap_open: cannot access LDAP when not root\n));
- return LDAP_INSUFFICIENT_ACCESS;
- }
-#endif
if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping +
SMBLDAP_DONT_PING_TIME) time(NULL))) {
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 53614ed..f656bb1 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -664,6 +664,17 @@ bool is_null_sid(const DOM_SID *sid)
return sid_equal(sid, null_sid);
}
+bool is_sid_in_token(const NT_USER_TOKEN *token, const DOM_SID *sid)
+{
+int i;
+
+for (i=0; itoken-num_sids; i++) {
+if (sid_compare(sid, token-user_sids[i]) == 0)
+return true;
+}
+return false;
+}
+
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
DOM_SID **user_sids,
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index c59a46c..a085aa7 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -5,7 +5,7 @@
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997,
* Copyright (C) Marc Jacobsen1999,
- * Copyright (C) Jeremy Allison2001-2005,
+ * Copyright (C) Jeremy Allison2001-2008,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough [EMAIL PROTECTED] 2002,
* Copyright (C) Gerald (Jerry) Carter 2003-2004,
@@ -249,6 +249,48 @@ static NTSTATUS access_check_samr_function(uint32
acc_granted, uint32 acc_requir
}
/***
+ Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
+/
+
+static void map_max_allowed_access(const NT_USER_TOKEN *token,
+ uint32_t *pacc_requested)
+{
+ if (!((*pacc_requested) MAXIMUM_ALLOWED_ACCESS)) {
+ return;
+ }
+ *pacc_requested = ~MAXIMUM_ALLOWED_ACCESS;
+
+ /* At least try for generic read. */
+ *pacc_requested = GENERIC_READ_ACCESS;
+
+ /* root gets anything. */
+ if (geteuid() == sec_initial_uid()) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+
+ /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account
Operators */
+
+ if (is_sid_in_token(token, global_sid_Builtin_Administrators) ||
+ is_sid_in_token(token,
global_sid_Builtin_Account_Operators)) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+
+ /* Full access for DOMAIN\Domain Admins. */
+ if ( IS_DC ) {
+ DOM_SID domadmin_sid;
+ sid_copy( domadmin_sid, get_global_sam_sid() );
+
[SCM] Samba Shared Repository - branch master updated - 4e9db0b1004aedf9eef69b9361ed6d9e69897a1e
The branch, master has been updated
via 4e9db0b1004aedf9eef69b9361ed6d9e69897a1e (commit)
from f36e51617c7bd316f3ef393532bbc169895d6a66 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4e9db0b1004aedf9eef69b9361ed6d9e69897a1e
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Oct 21 18:05:48 2008 -0700
Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
Jeremy.
---
Summary of changes:
source3/include/proto.h |1 +
source3/lib/util_sid.c | 11 ++
source3/rpc_server/srv_samr_nt.c | 64 +++---
source3/utils/net_rpc.c | 11 --
4 files changed, 71 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9b39502..9b555e6 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1466,6 +1466,7 @@ void del_sid_from_array(const DOM_SID *sid, DOM_SID
**sids, size_t *num);
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
uint32 rid, uint32 **pp_rids, size_t
*p_num);
bool is_null_sid(const DOM_SID *sid);
+bool is_sid_in_token(const NT_USER_TOKEN *token, const DOM_SID *sid);
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
DOM_SID **user_sids,
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 53614ed..f656bb1 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -664,6 +664,17 @@ bool is_null_sid(const DOM_SID *sid)
return sid_equal(sid, null_sid);
}
+bool is_sid_in_token(const NT_USER_TOKEN *token, const DOM_SID *sid)
+{
+int i;
+
+for (i=0; itoken-num_sids; i++) {
+if (sid_compare(sid, token-user_sids[i]) == 0)
+return true;
+}
+return false;
+}
+
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
DOM_SID **user_sids,
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 261d77c..221ad29 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -5,7 +5,7 @@
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997,
* Copyright (C) Marc Jacobsen1999,
- * Copyright (C) Jeremy Allison2001-2005,
+ * Copyright (C) Jeremy Allison2001-2008,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough [EMAIL PROTECTED] 2002,
* Copyright (C) Gerald (Jerry) Carter 2003-2004,
@@ -248,6 +248,48 @@ static NTSTATUS access_check_samr_function(uint32
acc_granted, uint32 acc_requir
}
/***
+ Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
+/
+
+static void map_max_allowed_access(const NT_USER_TOKEN *token,
+ uint32_t *pacc_requested)
+{
+ if (!((*pacc_requested) MAXIMUM_ALLOWED_ACCESS)) {
+ return;
+ }
+ *pacc_requested = ~MAXIMUM_ALLOWED_ACCESS;
+
+ /* At least try for generic read. */
+ *pacc_requested = GENERIC_READ_ACCESS;
+
+ /* root gets anything. */
+ if (geteuid() == sec_initial_uid()) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+
+ /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account
Operators */
+
+ if (is_sid_in_token(token, global_sid_Builtin_Administrators) ||
+ is_sid_in_token(token,
global_sid_Builtin_Account_Operators)) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+
+ /* Full access for DOMAIN\Domain Admins. */
+ if ( IS_DC ) {
+ DOM_SID domadmin_sid;
+ sid_copy( domadmin_sid, get_global_sam_sid() );
+ sid_append_rid( domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+ if (is_sid_in_token(token, domadmin_sid)) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+ }
+ /* TODO ! Check privileges. */
+}
+
+/***
Fetch or create a dispinfo struct.
/
@@ -585,6 +627,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
return status;
/*check if access can be granted as requested by client. */
+
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4277-g9c0fc1d
The branch, v3-3-test has been updated
via 9c0fc1d83ceae0ac78b8ea2408e6c385402b6f86 (commit)
from e61a0cc2cd51c97df316377f74dd6c9430c5f7cc (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 9c0fc1d83ceae0ac78b8ea2408e6c385402b6f86
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Oct 21 18:06:01 2008 -0700
Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
Jeremy.
---
Summary of changes:
source/include/proto.h |1 +
source/lib/util_sid.c | 11 +++
source/rpc_server/srv_samr_nt.c | 64 +++---
source/utils/net_rpc.c | 11 ---
4 files changed, 71 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/proto.h b/source/include/proto.h
index d69de44..bbe6319 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -1507,6 +1507,7 @@ void del_sid_from_array(const DOM_SID *sid, DOM_SID
**sids, size_t *num);
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
uint32 rid, uint32 **pp_rids, size_t
*p_num);
bool is_null_sid(const DOM_SID *sid);
+bool is_sid_in_token(const NT_USER_TOKEN *token, const DOM_SID *sid);
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
DOM_SID **user_sids,
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 53614ed..f656bb1 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -664,6 +664,17 @@ bool is_null_sid(const DOM_SID *sid)
return sid_equal(sid, null_sid);
}
+bool is_sid_in_token(const NT_USER_TOKEN *token, const DOM_SID *sid)
+{
+int i;
+
+for (i=0; itoken-num_sids; i++) {
+if (sid_compare(sid, token-user_sids[i]) == 0)
+return true;
+}
+return false;
+}
+
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
DOM_SID **user_sids,
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 1e17338..03dd7db 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -5,7 +5,7 @@
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997,
* Copyright (C) Marc Jacobsen1999,
- * Copyright (C) Jeremy Allison2001-2005,
+ * Copyright (C) Jeremy Allison2001-2008,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough [EMAIL PROTECTED] 2002,
* Copyright (C) Gerald (Jerry) Carter 2003-2004,
@@ -248,6 +248,48 @@ static NTSTATUS access_check_samr_function(uint32
acc_granted, uint32 acc_requir
}
/***
+ Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
+/
+
+static void map_max_allowed_access(const NT_USER_TOKEN *token,
+ uint32_t *pacc_requested)
+{
+ if (!((*pacc_requested) MAXIMUM_ALLOWED_ACCESS)) {
+ return;
+ }
+ *pacc_requested = ~MAXIMUM_ALLOWED_ACCESS;
+
+ /* At least try for generic read. */
+ *pacc_requested = GENERIC_READ_ACCESS;
+
+ /* root gets anything. */
+ if (geteuid() == sec_initial_uid()) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+
+ /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account
Operators */
+
+ if (is_sid_in_token(token, global_sid_Builtin_Administrators) ||
+ is_sid_in_token(token,
global_sid_Builtin_Account_Operators)) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+
+ /* Full access for DOMAIN\Domain Admins. */
+ if ( IS_DC ) {
+ DOM_SID domadmin_sid;
+ sid_copy( domadmin_sid, get_global_sam_sid() );
+ sid_append_rid( domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+ if (is_sid_in_token(token, domadmin_sid)) {
+ *pacc_requested |= GENERIC_ALL_ACCESS;
+ return;
+ }
+ }
+ /* TODO ! Check privileges. */
+}
+
+/***
Fetch or create a dispinfo struct.
/
@@ -585,6 +627,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
return status;
/*check if access can be granted as requested by client. */
+
[SCM] Samba Shared Repository - branch master updated - 5018fef8cb9573077a8d41150e12d962478b9831
The branch, master has been updated
via 5018fef8cb9573077a8d41150e12d962478b9831 (commit)
via e16e6e9cb0c30e84edda99328f1b3eb0c7f428f2 (commit)
from 4e9db0b1004aedf9eef69b9361ed6d9e69897a1e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5018fef8cb9573077a8d41150e12d962478b9831
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Wed Oct 22 04:05:22 2008 +0200
Fix path for quicktest.
commit e16e6e9cb0c30e84edda99328f1b3eb0c7f428f2
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Wed Oct 22 03:41:24 2008 +0200
Use standard types.
---
Summary of changes:
selftest/selftest.pl|2 +-
source3/lib/time.c | 32
source3/passdb/passdb.c | 16
3 files changed, 25 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 96b58cc..6f9a723 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -519,7 +519,7 @@ foreach (@opt_exclude) {
}
if ($opt_quick) {
- push (@includes, read_test_regexes(samba4-quick));
+ push (@includes, read_test_regexes(selftest/quick));
}
foreach (@opt_include) {
diff --git a/source3/lib/time.c b/source3/lib/time.c
index c4aa7d0..db2266f 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -105,7 +105,7 @@ NTTIME nttime_from_string(const char *s)
preserve the special values.
**/
-uint32 convert_time_t_to_uint32(time_t t)
+uint32_t convert_time_t_to_uint32(time_t t)
{
#if (defined(SIZEOF_TIME_T) (SIZEOF_TIME_T == 8))
/* time_t is 64-bit. */
@@ -115,10 +115,10 @@ uint32 convert_time_t_to_uint32(time_t t)
return 0x7FFF;
}
#endif
- return (uint32)t;
+ return (uint32_t)t;
}
-time_t convert_uint32_to_time_t(uint32 u)
+time_t convert_uint32_to_time_t(uint32_t u)
{
#if (defined(SIZEOF_TIME_T) (SIZEOF_TIME_T == 8))
/* time_t is 64-bit. */
@@ -253,7 +253,7 @@ char *current_timestring(TALLOC_CTX *ctx, bool hires)
static void put_dos_date(char *buf,int offset,time_t unixdate, int zone_offset)
{
- uint32 x = make_dos_date(unixdate, zone_offset);
+ uint32_t x = make_dos_date(unixdate, zone_offset);
SIVAL(buf,offset,x);
}
@@ -264,7 +264,7 @@ static void put_dos_date(char *buf,int offset,time_t
unixdate, int zone_offset)
static void put_dos_date2(char *buf,int offset,time_t unixdate, int
zone_offset)
{
- uint32 x = make_dos_date(unixdate, zone_offset);
+ uint32_t x = make_dos_date(unixdate, zone_offset);
x = ((x0x)16) | ((x0x)16);
SIVAL(buf,offset,x);
}
@@ -522,7 +522,7 @@ void dos_filetime_timespec(struct timespec *tsp)
static time_t make_unix_date(const void *date_ptr, int zone_offset)
{
- uint32 dos_date=0;
+ uint32_t dos_date=0;
struct tm t;
time_t ret;
@@ -549,7 +549,7 @@ static time_t make_unix_date(const void *date_ptr, int
zone_offset)
static time_t make_unix_date2(const void *date_ptr, int zone_offset)
{
- uint32 x,x2;
+ uint32_t x,x2;
x = IVAL(date_ptr,0);
x2 = ((x0x)16) | ((x0x)16);
@@ -765,13 +765,13 @@ void get_process_uptime(struct timeval *ret_time)
time_t nt_time_to_unix_abs(const NTTIME *nt)
{
- uint64 d;
+ uint64_t d;
if (*nt == 0) {
return (time_t)0;
}
- if (*nt == (uint64)-1) {
+ if (*nt == (uint64_t)-1) {
return (time_t)-1;
}
@@ -806,7 +806,7 @@ time_t uint64s_nt_time_to_unix_abs(const uint64_t *src)
void unix_timespec_to_nt_time(NTTIME *nt, struct timespec ts)
{
- uint64 d;
+ uint64_t d;
if (ts.tv_sec ==0 ts.tv_nsec == 0) {
*nt = 0;
@@ -817,7 +817,7 @@ void unix_timespec_to_nt_time(NTTIME *nt, struct timespec
ts)
return;
}
if (ts.tv_sec == (time_t)-1) {
- *nt = (uint64)-1;
+ *nt = (uint64_t)-1;
return;
}
@@ -875,8 +875,8 @@ void unix_to_nt_time_abs(NTTIME *nt, time_t t)
bool null_mtime(time_t mtime)
{
if (mtime == 0 || mtime == (time_t)0x || mtime == (time_t)-1)
- return(True);
- return(False);
+ return true;
+ return false;
}
/
@@ -936,12 +936,12 @@ const char *display_time(NTTIME nttime)
bool nt_time_is_set(const NTTIME *nt)
{
if (*nt == 0x7FFFLL) {
- return False;
+ return false;
}
if (*nt == NTTIME_INFINITY) {
- return False;
+ return false;
}
-
[SCM] Samba Shared Repository - branch master updated - 7a683618e79acef94235ff4adee275c462559ab5
The branch, master has been updated
via 7a683618e79acef94235ff4adee275c462559ab5 (commit)
from 5018fef8cb9573077a8d41150e12d962478b9831 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7a683618e79acef94235ff4adee275c462559ab5
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Wed Oct 22 04:09:17 2008 +0200
Require separate option for quicktest include list rather than making
assumptions about it.
---
Summary of changes:
selftest/selftest.pl |4
source4/selftest/config.mk |2 +-
2 files changed, 1 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 6f9a723..2484bd0 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -518,10 +518,6 @@ foreach (@opt_exclude) {
push (@excludes, read_test_regexes($_));
}
-if ($opt_quick) {
- push (@includes, read_test_regexes(selftest/quick));
-}
-
foreach (@opt_include) {
push (@includes, read_test_regexes($_));
}
diff --git a/source4/selftest/config.mk b/source4/selftest/config.mk
index 74c177d..43c5855 100644
--- a/source4/selftest/config.mk
+++ b/source4/selftest/config.mk
@@ -8,7 +8,7 @@ SELFTEST = $(LD_LIBPATH_OVERRIDE) $(PERL)
$(selftestdir)/selftest.pl --prefix=${
$(TEST_OPTIONS)
SELFTEST_NOSLOW_OPTS = --exclude=$(srcdir)/selftest/slow
-SELFTEST_QUICK_OPTS = $(SELFTEST_NOSLOW_OPTS) --quick
+SELFTEST_QUICK_OPTS = $(SELFTEST_NOSLOW_OPTS) --quick
--include=$(srcdir)/selftest/quick
slowtest:: everything
$(SELFTEST) $(DEFAULT_TEST_OPTIONS) --immediate $(TESTS)
--
Samba Shared Repository
