[Samba] Samba with two workgroups (or domains)
Hello, I have just installed a Samba PDC in a school that serves one domain named SCHOOL. The computer has 4 network interfaces, two of them are for two ADSL connections, and the other to for a couple of subnets, one for teachers, the other for students. With this arrangement, the Linux (K12lstsp / Centos 5.2) provides several services and allows sharing or ADSL connections to both students and teachers. Up to now, both subnets were completely independent (no phisical connection between them), with their own workgroups, SCHOOL and STUDENTS. SCHOOL was just for teachers and school admon. My idea was to include every computer in the Samba domain, and by means of permisión and IP traffic control between subnets (iptables) controlling who can access what. For the moment, and as I have just installed the Samba box, the simplified layout is: Computers in Computers in SCHOOL domain subnet- Samba PDC for SCHOOL subnet- STUDENTS workgroup Teachers have planted me a special request, that I do not want to say no before checking posible solutions. They want to be able to browser all the computers in both SCHOOL domain and STUDENTS workgroup, BUT, they want students to be able to browse ONLY computers in STUDENTS workgroup, and NOT in SCHOOL. I have thought about adding a second Samba PDC controller for STUDENTS (turning the workgroup into a domain) and using remote announce from it to the SCHOOL PDC, but, will it allow to do it? And would there be a solution with just the PDC installed now (I understand a single Samba PDC can control a single domain, so I fear not)? Any ideas will be greatly appreciated. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple IP addresses in DNS record
On Wed, 2008-10-22 at 07:58 -0400, Jarrod Hyder wrote: On Tue, Oct 21, 2008 at 8:17 PM, Frank Gruman [EMAIL PROTECTED] wrote: On Tue, 2008-10-21 at 13:34 -0400, Jarrod Hyder wrote: I have a samba server running on Linux that has two ethernet cards (eth0 eth1) that are bonded into a single virtual interface (bond0). This virtual interface is connected to the corporate LAN and I have another ethernet card (eth2) that is connected to another server that is used for making incremental backups. The problem that I am having is that no matter what I do, the command net ads dns register -P' causes both the bond0 and eth2 IP addresses to show up in the DNS record on the corporate domain controller. I have tried to force samba and winbind to use interface = bond0 and bind interfaces only = yes and it doesn't seem to help this situation. If anyone can shed some light on what I am doing wrong, I would really appreciate it. BTW, I am using samba 3.0.28a -- Jarrod Hyder [EMAIL PROTECTED] Jarrod, Not sure how much help I can be, but give this a try - add the -d # flag to your 'net ads dns ...' command where # can be something up to 10 (more debug output). This can at the very least confirm the smb.conf file being read as well as perhaps point you in a better direction. If nothing else, posted the somewhat cleansed output here; it may help others here to see where your problem lies. Regards, Frank Frank, Here is the debug output of net ads dns register -P -d 10. I can't really make heads or tails of it, but I also don't see either of the IP addresses that are getting registered on the domain. If you could take a look at it I would really appreciate it. Thanks, -- Jarrod Hyder [EMAIL PROTECTED] Jerry, If you could create a patch for 3.0.28a that would be great. Our server is running an older distro and I'm not sure when I would have time to try to compile 3.2. I think if I could patch the source for the version we are currently using and recompile it, I would be better off. Thanks! -- Jarrod Hyder [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode
Samba3 cannot act as an AD domain controller and therefore cannot operate in a trust with a native mode AD domain. Samba4 will be able to do this but it is still under heavy development. If you put your AD domain in mixed mode, you should be able to create the trust although I'm not sure if you can convert a native to mixed mode or not... On Fri, Oct 24, 2008 at 1:20 PM, Sébastien Prud'homme [EMAIL PROTECTED] wrote: After using log level = 10 it seems that Samba is trying to resolv DNS special names to find the ADS domain controler. But my Samba server is not using the ADS DNS infrastructure. I guess i need to declare at least these DNS names in /etc/hosts. 2008/10/23 Sébastien Prud'homme [EMAIL PROTECTED]: Hi, I try to setup a two-way interdomain trust relationship between Samba 3.2.4 and W2003 ADS in native mode (not mixed-mode). I follow this Samba HOWTO without success: http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html All is working fine if i use a Windows NT4 Server instead of W2003 ADS. Is there something to do on Samba or ADS so that it works ? Security tunings in Windows registry for instance? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA: how do I tell SAMBA to not prompt for id/passwords when connecting from windows (vista)
If you don't want to be prompted for user names and passwords, one hint is to make sure you use the same username and password on both the samba boxes and the windows boxes, as windows will try to use your current account's username and password when connecting to a server, and will only prompt if that doesn't work. Sometimes I run into problems with this if the account in question has no password, so use one on both machines. If you don't want to be bothered logging in each time you start the windows box, type control userpasswords2 at a command prompt in Windows and you can set the machine up to automatically log in at startup to an account which does have a password. (haven't tried this on Vista, works on Win2000 and winXP). Even if the accounts are different, if you map a network drive in Windows to the samba server, tell it to reconnect at logon, click the option that says use a different user name, tell it what the user name and password are, then the windows box will remember the samba account, and use that account for all connections to that samba server. On Fri, 2008-10-24 at 10:01 -0400, joseph collins wrote: I have a linux box on my home network and it also has xp and win viata on the same network. It is all friendly - how do I drop the need for Id/pw (if I can't, how do I set the id/pw so what I type in win vista gets passed to samba cleanly and thus I get in. I have tried many things in smb.conf and cannot figure it out TIA, Joe _ You live life beyond your PC. So now Windows goes beyond your PC. http://clk.atdmt.com/MRT/go/115298556/direct/01/-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] more smbd CPU mystery
-Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Fri 10/24/2008 9:14 PM To: Cochran, Wayne Owen Cc: samba@lists.samba.org; [EMAIL PROTECTED] Subject: Re: [Samba] more smbd CPU mystery On Fri, Oct 24, 2008 at 03:46:04PM -0700, Cochran, Wayne Owen wrote: Well I have determined that everytime someone logs in/logs out of a windows box in our lab *ALL* of the files in My Directory are copied from/to the file server to the local client. Needless to say this is retarded and needs to stop. The local sys admin needs to perform some windows voodoo to redirect this directory. Still this brings the mystery as to why smbd would take up so much CPU. The work should mainly network and disk i/o bound (not CPU bound). nfsd doesn't have this kind of bad CPU performance, why does smbd? I had one of the users download a big file (which was being saved on the desktop). During this I was running top on the file server and noted it was continually soaking up 25% of the CPU: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 12270 liffland 20 0 12748 4776 3628 S 24 0.1 1:02.36 smbd Why would disk/network traffic be so CPU heavy? Shouldn't this mostly be handled by a DMA controller? Can anyone explain this. You need to split out the CPU usage into user/kernel numbers. Yes, smbd is using a lot of CPU here but if it's mostly in kernel then it's just doing it's job. You *want* smbd to be cpu bound, it's really easy to increase CPU by adding more CPU than it is to increase network bandwidth or disk i/o - that gets expensive. Yeah I assume mot of the heavy lifting is in kernel space. But even so I thought that most of the work involves data movement -- most which could be handled via a DMA controller without the CPU being involved. Of course I don't have a deep working knowledge of what's going on like you do. Run vmstat to see what is using the CPU. I'll give that a spin. Now I am trying to query what the current log level or debug level is. Perhaps the admin has this set really high -- there are over 220 files in /var/log/samba -- most of which seem to be updated frequently: I also note there is some data being logged in files under /etc/samba as well. I don't see the log level specified in the smbd.conf nor in the start up script that starts smbd. smbstatus and smbcontrol only seem to allow me to *set* (not *query*) the current log level. How can I query this? Thanks for all your help. --w -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] more smbd CPU mystery
On Sat, Oct 25, 2008 at 08:58:17AM -0700, Cochran, Wayne Owen wrote: Now I am trying to query what the current log level or debug level is. Perhaps the admin has this set really high -- there are over 220 files in /var/log/samba -- most of which seem to be updated frequently: I also note there is some data being logged in files under /etc/samba as well. I don't see the log level specified in the smbd.conf nor in the start up script that starts smbd. smbstatus and smbcontrol only seem to allow me to *set* (not *query*) the current log level. How can I query this? smbcontrol pid debuglevel will display it for that pid. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issues with Samba, LDAP and file shares
Greeting all. I'm having some issues getting access to the shares that I've setup under samba. Going through the log files I've come across this line which indicates what the error is. '/shares/data' does not exist or permission denied when connecting to [data] Error was Permission denied Though when I examine the information relating to the permissions on the share I get: -rw-rw-r-- 1 root Domain Users 0 Oct 23 12:41 data As far as the configuration within smb.conf it is: [data] comment = data path = /shares/data public = yes writable = yes printable = no browseable = yes If it helps, I'm seeing this same error message for all of the shares I've got setup. It just so happens that the data one is the one that I'm using in this example. If anyone could please help me out as to what the problem is with this it would be greatly appreciated. Thanks, Matthew Delves -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
the problem is that we need different domains but there are users that should be able to login in to all domains and also there is a public domain which every body could use to login so if we use multiple LDAP servers managing their properties for example passwords is difficult since when a user changes password then the password must be set in all LDAP servers. 2008/10/23 Andrew Bartlett [EMAIL PROTECTED] On Mon, 2008-10-20 at 08:57 +0330, Mohammad Reza Hosseini wrote: hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? In short, don't. A lot of folks have got themselves into a lot of trouble doing this, as it is not a tested or supported configuration. The only option is to ensure that each Samba domain cannot see the users of the other domain - the suffixes must be different. But then why even share the LDAP server? I strongly suggest running a single domain for a single organisation, backed by a single LDAP server (or replicated set of LDAP servers). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ http://samba.org/%7Eabartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch master updated - ff211be69681c8dbbd7b6364fafb7aa6e8b5a1f5
The branch, master has been updated
via ff211be69681c8dbbd7b6364fafb7aa6e8b5a1f5 (commit)
from d6afe7c61a7ba36253321bbdac7b65fc925cacde (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ff211be69681c8dbbd7b6364fafb7aa6e8b5a1f5
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Sat Oct 25 12:09:58 2008 +0200
Remove pipe_handle_offset -- pipes now use struct files_struct
---
Summary of changes:
source3/include/proto.h |1 -
source3/rpc_server/srv_pipe_hnd.c | 16
source3/smbd/files.c |5 -
3 files changed, 0 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 83cd740..d04968e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -7110,7 +7110,6 @@ bool api_pipe_request(pipes_struct *p);
pipes_struct *get_first_internal_pipe(void);
pipes_struct *get_next_internal_pipe(pipes_struct *p);
-void set_pipe_handle_offset(int max_open_files);
void init_rpc_pipe_hnd(void);
bool fsp_is_np(struct files_struct *fsp);
diff --git a/source3/rpc_server/srv_pipe_hnd.c
b/source3/rpc_server/srv_pipe_hnd.c
index c8037e6..aaa3557 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -55,22 +55,6 @@ pipes_struct *get_next_internal_pipe(pipes_struct *p)
return p-next;
}
-/* this must be larger than the sum of the open files and directories */
-static int pipe_handle_offset;
-
-/
- Set the pipe_handle_offset. Called from smbd/files.c
-/
-
-void set_pipe_handle_offset(int max_open_files)
-{
- if(max_open_files 0x7000) {
- pipe_handle_offset = 0x7000;
- } else {
- pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
- }
-}
-
/
Initialise pipe handle states.
/
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 4a27d02..d3bfce7 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -200,11 +200,6 @@ open files, %d are available.\n, request_max_open_files,
real_max_open_files));
if (!file_bmap) {
exit_server(out of memory in file_init);
}
-
- /*
-* Ensure that pipe_handle_oppset is set correctly.
-*/
- set_pipe_handle_offset(real_max_open_files);
}
/
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 56164805147935b8e3b03c22adee7cc2b1e1c3b8
The branch, master has been updated via 56164805147935b8e3b03c22adee7cc2b1e1c3b8 (commit) from ff211be69681c8dbbd7b6364fafb7aa6e8b5a1f5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 56164805147935b8e3b03c22adee7cc2b1e1c3b8 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Oct 25 13:33:21 2008 +0200 Fix make etags -- the args list gets really long for s4 with the prefix --- Summary of changes: source3/Makefile.in | 35 ++- 1 files changed, 34 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 01ea90a..ac9770d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2723,7 +2723,40 @@ proto:: etags:: etags `find $(srcdir) -name *.[ch]` etags --append `find $(srcdir)/../lib -name *.[ch]` - etags --append `find $(srcdir)/../source4 -name *.[ch]` + etags --append `find $(srcdir)/../librpc -name *.[ch]` + etags --append `find $(srcdir)/../libcli -name *.[ch]` + etags --append `find $(srcdir)/../source4/client -name *.[ch]` + etags --append `find $(srcdir)/../source4/auth -name *.[ch]` + etags --append `find $(srcdir)/../source4/rpc_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/kdc -name *.[ch]` + etags --append `find $(srcdir)/../source4/winbind -name *.[ch]` + etags --append `find $(srcdir)/../source4/scripting -name *.[ch]` + etags --append `find $(srcdir)/../source4/heimdal_build -name *.[ch]` + etags --append `find $(srcdir)/../source4/libcli -name *.[ch]` + etags --append `find $(srcdir)/../source4/ntp_signd -name *.[ch]` + etags --append `find $(srcdir)/../source4/ldap_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/smb_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/include -name *.[ch]` + etags --append `find $(srcdir)/../source4/nsswitch -name *.[ch]` + etags --append `find $(srcdir)/../source4/cldap_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/utils -name *.[ch]` + etags --append `find $(srcdir)/../source4/librpc -name *.[ch]` + etags --append `find $(srcdir)/../source4/libnet -name *.[ch]` + etags --append `find $(srcdir)/../source4/web_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/heimdal -name *.[ch]` + etags --append `find $(srcdir)/../source4/wrepl_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/dynconfig -name *.[ch]` + etags --append `find $(srcdir)/../source4/param -name *.[ch]` + etags --append `find $(srcdir)/../source4/lib -name *.[ch]` + etags --append `find $(srcdir)/../source4/nbt_server -name *.[ch]` + etags --append `find $(srcdir)/../source4/build -name *.[ch]` + etags --append `find $(srcdir)/../source4/ntvfs -name *.[ch]` + etags --append `find $(srcdir)/../source4/torture -name *.[ch]` + etags --append `find $(srcdir)/../source4/cluster -name *.[ch]` + etags --append `find $(srcdir)/../source4/ntptr -name *.[ch]` + etags --append `find $(srcdir)/../source4/smbd -name *.[ch]` + etags --append `find $(srcdir)/../source4/script -name *.[ch]` + etags --append `find $(srcdir)/../source4/dsdb -name *.[ch]` ctags:: ctags `find $(srcdir)/.. -name *.[ch]` -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 1ad54998a971b58f870263b4b8d6e051d627c79e
The branch, master has been updated via 1ad54998a971b58f870263b4b8d6e051d627c79e (commit) from 56164805147935b8e3b03c22adee7cc2b1e1c3b8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1ad54998a971b58f870263b4b8d6e051d627c79e Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Oct 25 13:50:25 2008 +0200 Add str_list_check[_ci] to s3's proto.h Jelmer, when I include lib/util/util.h into some s3 file I get errors, this is why I put those prototypes here as a workaround. Might be fixed differently later. --- Summary of changes: source3/include/proto.h |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index d04968e..e4a445b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1663,6 +1663,9 @@ size_t str_list_length( const char * const*list ); bool str_list_sub_basic( char **list, const char *smb_name, const char *domain_name ); bool str_list_substitute(char **list, const char *pattern, const char *insert); +bool str_list_check(const char **list, const char *s); +bool str_list_check_ci(const char **list, const char *s); + char *ipstr_list_make(char **ipstr_list, const struct ip_service *ip_list, int ip_count); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - f87219d6e6e049a6d233696d126ea231cbbc1672
The branch, master has been updated
via f87219d6e6e049a6d233696d126ea231cbbc1672 (commit)
from 1ad54998a971b58f870263b4b8d6e051d627c79e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f87219d6e6e049a6d233696d126ea231cbbc1672
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Sat Oct 25 15:23:36 2008 +0200
Move the is_known_pipename check into np_open
---
Summary of changes:
source3/rpc_server/srv_pipe_hnd.c |6 ++
source3/smbd/nttrans.c| 15 +--
source3/smbd/pipes.c | 16 +---
3 files changed, 16 insertions(+), 21 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_pipe_hnd.c
b/source3/rpc_server/srv_pipe_hnd.c
index aaa3557..822d50a 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -925,6 +925,12 @@ NTSTATUS np_open(struct smb_request *smb_req, struct
connection_struct *conn,
struct files_struct *fsp;
struct pipes_struct *p;
+ /* See if it is one we want to handle. */
+
+ if (!is_known_pipename(name)) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
status = file_new(smb_req, conn, fsp);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (file_new failed: %s\n, nt_errstr(status)));
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index b78c946..3084168 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -276,21 +276,16 @@ static void nt_open_pipe(char *fname, connection_struct
*conn,
DEBUG(4,(nt_open_pipe: Opening pipe %s.\n, fname));
- /* See if it is one we want to handle. */
-
- if (!is_known_pipename(fname)) {
- reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
- ERRDOS, ERRbadpipe);
- return;
- }
-
/* Strip \\ off the name. */
fname++;
- DEBUG(3,(nt_open_pipe: Known pipe %s opening.\n, fname));
-
status = np_open(req, conn, fname, fsp);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ERRDOS, ERRbadpipe);
+ return;
+ }
reply_nterror(req, status);
return;
}
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 25a1fe2..d971e9d 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -66,13 +66,6 @@ void reply_open_pipe_and_X(connection_struct *conn, struct
smb_request *req)
DEBUG(4,(Opening pipe %s.\n, pipe_name));
- /* See if it is one we want to handle. */
- if (!is_known_pipename(pipe_name)) {
- reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
- ERRDOS, ERRbadpipe);
- return;
- }
-
/* Strip \PIPE\ off the name. */
fname = pipe_name + PIPELEN;
@@ -86,12 +79,13 @@ void reply_open_pipe_and_X(connection_struct *conn, struct
smb_request *req)
}
#endif
- /* Known pipes arrive with DIR attribs. Remove it so a regular file */
- /* can be opened and add it in after the open. */
- DEBUG(3,(Known pipe %s opening.\n,fname));
-
status = np_open(req, conn, fname, fsp);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ERRDOS, ERRbadpipe);
+ return;
+ }
reply_nterror(req, status);
return;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 7bea6684c23f34319feb393023e634b1f069f20f
The branch, master has been updated
via 7bea6684c23f34319feb393023e634b1f069f20f (commit)
from f87219d6e6e049a6d233696d126ea231cbbc1672 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7bea6684c23f34319feb393023e634b1f069f20f
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Sat Oct 25 15:37:13 2008 +0200
Add proxied named pipe support
This is a central piece of the merged build thing: Forward named pipes
from
samba3 to samba4. This patch is not finished yet, as we will have to forward
the smb-level authentication information to samba4, but I'm pushing this
patch
already to demonstrate the implementation without clutter.
It adds an intermediate parameter
np:proxy = srvsvc samr winreg wkssvc ... and so on
that states which of the pipes should be forwarded to the s4 unix domain
socket
DEFAULT. The parameter is intermediate because once we have a proper
endpoint
mapper implementation, this information will be retrieved out of a database.
If anybody wants to try this, do the merged build and configure s4 with
server services = samba3_smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl
samba3:smbd = /data/inst/sbin/smbd
and s3 with
auth methods = guest netlogond
np:proxy = srvsvc samr winreg wkssvc netlogon ntlsa ntsvcs lsass lsarpc
netdfs \
rpcecho initshutdown epmapper svcctl eventlog drsuapi
Then run rpcclient against samba4. It will fork s3, which authenticates
against
s4, and then forwards the rpc requests to s4.
Volker
---
Summary of changes:
source3/include/fake_file.h |3 +-
source3/rpc_server/srv_pipe_hnd.c | 172 +++--
2 files changed, 146 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/fake_file.h b/source3/include/fake_file.h
index c4b271f..6b34005 100644
--- a/source3/include/fake_file.h
+++ b/source3/include/fake_file.h
@@ -23,7 +23,8 @@
enum FAKE_FILE_TYPE {
FAKE_FILE_TYPE_NONE = 0,
FAKE_FILE_TYPE_QUOTA,
- FAKE_FILE_TYPE_NAMED_PIPE
+ FAKE_FILE_TYPE_NAMED_PIPE,
+ FAKE_FILE_TYPE_NAMED_PIPE_PROXY
};
/*
diff --git a/source3/rpc_server/srv_pipe_hnd.c
b/source3/rpc_server/srv_pipe_hnd.c
index 822d50a..b892755 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -913,9 +913,74 @@ static int close_internal_rpc_pipe_hnd(struct pipes_struct
*p)
bool fsp_is_np(struct files_struct *fsp)
{
- return ((fsp != NULL)
-(fsp-fake_file_handle != NULL)
-(fsp-fake_file_handle-type == FAKE_FILE_TYPE_NAMED_PIPE));
+ enum FAKE_FILE_TYPE type;
+
+ if ((fsp == NULL) || (fsp-fake_file_handle == NULL)) {
+ return false;
+ }
+
+ type = fsp-fake_file_handle-type;
+
+ return ((type == FAKE_FILE_TYPE_NAMED_PIPE)
+ || (type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY));
+}
+
+struct np_proxy_state {
+ int fd;
+};
+
+static int np_proxy_state_destructor(struct np_proxy_state *state)
+{
+ if (state-fd != -1) {
+ close(state-fd);
+ }
+ return 0;
+}
+
+static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
+ const char *pipe_name,
+ struct
auth_serversupplied_info *server_info)
+{
+ struct np_proxy_state *result;
+ struct sockaddr_un addr;
+ char *socket_path;
+
+ result = talloc(mem_ctx, struct np_proxy_state);
+ if (result == NULL) {
+ DEBUG(0, (talloc failed\n));
+ return NULL;
+ }
+
+ result-fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (result-fd == -1) {
+ DEBUG(10, (socket(2) failed: %s\n, strerror(errno)));
+ goto fail;
+ }
+ talloc_set_destructor(result, np_proxy_state_destructor);
+
+ ZERO_STRUCT(addr);
+ addr.sun_family = AF_UNIX;
+
+ socket_path = talloc_asprintf(talloc_tos(), %s/%s,
+ get_dyn_NCALRPCDIR(), DEFAULT);
+ if (socket_path == NULL) {
+ DEBUG(0, (talloc_asprintf failed\n));
+ goto fail;
+ }
+ strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
+ TALLOC_FREE(socket_path);
+
+ if (sys_connect(result-fd, (struct sockaddr *)addr) == -1) {
+ DEBUG(0, (connect(%s) failed: %s\n, addr.sun_path,
+ strerror(errno)));
+ goto fail;
+ }
+
+ return result;
+
+ fail:
+ TALLOC_FREE(result);
+ return NULL;
}
NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn,
@@
[SCM] Samba Shared Repository - branch master updated - 71a2e02cf1b8523442ca67dffa34889ca708b836
The branch, master has been updated
via 71a2e02cf1b8523442ca67dffa34889ca708b836 (commit)
via e72e2773c499a3b2538be71d8be59944a6b03007 (commit)
from 7bea6684c23f34319feb393023e634b1f069f20f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 71a2e02cf1b8523442ca67dffa34889ca708b836
Merge: e72e2773c499a3b2538be71d8be59944a6b03007
7bea6684c23f34319feb393023e634b1f069f20f
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Sun Oct 26 00:41:34 2008 +0200
Merge branch 'master' of ssh://git.samba.org/data/git/samba
commit e72e2773c499a3b2538be71d8be59944a6b03007
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date: Fri Oct 24 18:15:09 2008 +0200
Remove another use of global_loadparm.
---
Summary of changes:
source4/librpc/ndr/ndr_spoolss_buf.c| 17 +
source4/rpc_server/spoolss/dcesrv_spoolss.c |2 +-
2 files changed, 10 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/librpc/ndr/ndr_spoolss_buf.c
b/source4/librpc/ndr/ndr_spoolss_buf.c
index e01c5fd..f42e367 100644
--- a/source4/librpc/ndr/ndr_spoolss_buf.c
+++ b/source4/librpc/ndr/ndr_spoolss_buf.c
@@ -165,7 +165,7 @@
#define NDR_SPOOLSS_SIZE_ENUM(fn) do { \
struct __##fn __r;\
DATA_BLOB _data_blob_info;\
- struct ndr_push *_ndr_info = ndr_push_init_ctx(mem_ctx,
lp_iconv_convenience(global_loadparm));\
+ struct ndr_push *_ndr_info = ndr_push_init_ctx(mem_ctx,
iconv_convenience);\
if (!_ndr_info) return 0;\
_ndr_info-flags|=0;\
__r.in.level= level;\
@@ -203,7 +203,7 @@ enum ndr_err_code ndr_pull_spoolss_EnumPrinters(struct
ndr_pull *ndr, int flags,
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumPrinters_info(TALLOC_CTX *mem_ctx, uint32_t
level, uint32_t count, union spoolss_PrinterInfo *info)
+uint32_t ndr_size_spoolss_EnumPrinters_info(TALLOC_CTX *mem_ctx, struct
smb_iconv_convenience *iconv_convenience, uint32_t level, uint32_t count, union
spoolss_PrinterInfo *info)
{
NDR_SPOOLSS_SIZE_ENUM(spoolss_EnumPrinters);
}
@@ -239,7 +239,7 @@ enum ndr_err_code ndr_pull_spoolss_EnumJobs(struct ndr_pull
*ndr, int flags, str
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumJobss_info(TALLOC_CTX *mem_ctx, uint32_t level,
uint32_t count, union spoolss_JobInfo *info)
+uint32_t ndr_size_spoolss_EnumJobss_info(TALLOC_CTX *mem_ctx, struct
smb_iconv_convenience *iconv_convenience, uint32_t level, uint32_t count, union
spoolss_JobInfo *info)
{
NDR_SPOOLSS_SIZE_ENUM(spoolss_EnumJobs);
}
@@ -271,7 +271,7 @@ enum ndr_err_code
ndr_pull_spoolss_EnumPrinterDrivers(struct ndr_pull *ndr, int
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumPrinterDrivers_info(TALLOC_CTX *mem_ctx,
uint32_t level, uint32_t count, union spoolss_DriverInfo *info)
+uint32_t ndr_size_spoolss_EnumPrinterDrivers_info(TALLOC_CTX *mem_ctx, struct
smb_iconv_convenience *iconv_convenience, uint32_t level, uint32_t count, union
spoolss_DriverInfo *info)
{
NDR_SPOOLSS_SIZE_ENUM(spoolss_EnumPrinterDrivers);
}
@@ -299,7 +299,7 @@ enum ndr_err_code ndr_pull_spoolss_EnumForms(struct
ndr_pull *ndr, int flags, st
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumForms_info(TALLOC_CTX *mem_ctx, uint32_t level,
uint32_t count, union spoolss_FormInfo *info)
+uint32_t ndr_size_spoolss_EnumForms_info(TALLOC_CTX *mem_ctx, struct
smb_iconv_convenience *iconv_convenience, uint32_t level, uint32_t count, union
spoolss_FormInfo *info)
{
NDR_SPOOLSS_SIZE_ENUM(spoolss_EnumForms);
}
@@ -327,7 +327,7 @@ enum ndr_err_code ndr_pull_spoolss_EnumPorts(struct
ndr_pull *ndr, int flags, st
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumPorts_info(TALLOC_CTX *mem_ctx, uint32_t level,
uint32_t count, union spoolss_PortInfo *info)
+uint32_t ndr_size_spoolss_EnumPorts_info(TALLOC_CTX *mem_ctx, struct
smb_iconv_convenience *iconv_convenience, uint32_t level, uint32_t count, union
spoolss_PortInfo *info)
{
NDR_SPOOLSS_SIZE_ENUM(spoolss_EnumPorts);
}
@@ -355,7 +355,7 @@ enum ndr_err_code ndr_pull_spoolss_EnumMonitors(struct
ndr_pull *ndr, int flags,
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumMonitors_info(TALLOC_CTX *mem_ctx, uint32_t
level, uint32_t count, union spoolss_MonitorInfo *info)
+uint32_t ndr_size_spoolss_EnumMonitors_info(TALLOC_CTX *mem_ctx, struct
smb_iconv_convenience *iconv_convenience, uint32_t level, uint32_t count, union
spoolss_MonitorInfo *info)
{
NDR_SPOOLSS_SIZE_ENUM(spoolss_EnumMonitors);
}
@@ -387,7 +387,8 @@ enum ndr_err_code
ndr_pull_spoolss_EnumPrintProcessors(struct ndr_pull *ndr, int
return NDR_ERR_SUCCESS;
}
-uint32_t ndr_size_spoolss_EnumPrinterProcessors_info(TALLOC_CTX *mem_ctx,
Build status as of Sun Oct 26 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-10-25 00:00:39.0 + +++ /home/build/master/cache/broken_results.txt 2008-10-26 00:01:34.0 + @@ -1,9 +1,9 @@ -Build status as of Sat Oct 25 00:00:02 2008 +Build status as of Sun Oct 26 00:00:02 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 33 7 0 +ccache 32 7 0 ctdb 0 0 0 distcc 1 0 0 ldb 33 32 0 @@ -14,10 +14,10 @@ rsync33 10 0 samba-docs 0 0 0 samba-gtk8 8 0 -samba_3_X_devel 30 19 0 +samba_3_X_devel 30 20 0 samba_3_X_test 29 17 0 samba_4_0_test 32 27 1 -smb-build30 6 0 +smb-build31 6 0 talloc 33 32 0 tdb 33 12 0
