Re: [Samba] NT_STATUS_ACCESS_DENIED
Dear all i also faced this problem few days back. I recreated trust and problem resolved, thanks On Wed, Dec 3, 2008 at 3:37 PM, Mailing List SVR [EMAIL PROTECTED]wrote: Hi all, I have a samba PDC (with ldap), all ok for several months since today users experience very slow login, in my log I have : [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users net sam createbuiltingroup Users give NT_STATUS_ACCESS_DENIED and wbinfo -g Error looking up domain groups until yesterday all was ok, what can be the origin of this problems? I think isn't a configuration issue, I repeat myself the same configuration is working since several months, a google search give several results with similar problems but seems none is able to solve thanks for your help, regards Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba/smbmount Windows-AD Kerberos und PAM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. As the Subject line discribes nearly all features/possibilities of interaction bewteen Windows and *nix I will get in detail now ;) I want to login on a linux-machine an get my home from a Windows share. On the one hand I use a Windows 2003 RC2 server - fileserver in an AD / Windows domain. On the other hand I use a linux PC (Ubuntu 8.04 amd64), that gets all login-information via kerberos out of the AD/domain. I added some lines/modified the following files: /etc/samba/smb.conf /etc/nsswitch.conf /etc/krb5.conf /etc/pam.d/common-auth /etc/pam.d/common-account Currently users can log in on the linux-pc using their AD-account. So far so good, but actually I wanted to provide a home directory that is mounted (Windows share) during the login-process. I thought pam_mount would be a good choice. First I wanted to test, if the share can be mounted manually after login - - and ups, first problem A user, who could sucessfully log in using the AD/domain, was able to mount the share via smbmount, but he could only list the content - no writing, modifing, ... My first thought: Might be a problem with the right-managemend, so let' s check and ply with them: 1. right of the windows share - share: everyone - full control - NTFS (Security) user, who logs in, has full control - I modified the advanced security settings, the user has full control on the folder, subfolders and files - the user is actually owner of this (shared) folder 2. after (domain)login on the linux machine I created a directory ~/mnt with usualy rights and ownership 3. I used the following options for smbmount: smbmount //W2K3-Server/share mnt/ -o user=AD-user, / domain=AD-Domain,rw,iocharset=utf8,uid=1, / gid=10004,file_mode=0777,dir_mode=0777 The user-information I fetched via id: uid=1(AD-user) gid=10004(domänen-benutzer) Gruppen=10001(BUILTIN\users),10004(domänen-benutzer),10005(AD-Gruppe1),10006(AD-Gruppe2) Now just a quick look at the lokal rights: ls -ld * drwxrwxrwx 1 AD-user domänen-benutzer 0 2008-11-17 17:01 mnt ls -l mnt - -rwxrwxrwx 1 AD-user domänen-benutzer 0 2008-11-17 17:00 / copy-test.txt.txt drwxrwxrwx 1 AD-user domänen-benutzer 0 2008-09-26 15:22 test123 As smbmount did not work the way I intended - no writing, modifing, ... - - I actually did not try to get lucky with smp_mount. i will try if smbmount works the way I want it to. I tried to mount (smbmount and mount -t smbfs/cifs) as root - surprise, surprise this works. So let's try to write/modify - no chance, neither writing nor modifing :( A quick look at /etc/mtab: more than one line with my mounted windows share exists. How could this happen ?!? I think nearly everyone can use the provided windows share, but not me ;) I tried to solve this problem for one day using google etc. - but could not find a good hint. Does anybody know what goes wrong and give me he hint? Thanks for help/advise best regards Bernd Kohler - -- UMIC - RWTH Aachen http://www.umic.rwth-aachen.de Otto-Blumenthal-Str. 2 52074 Aachen Tel.: +49 241 80 20680 Fax:+49 241 80 22640 E-Mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkk3mgAACgkQOiq/E1Lch49ZggCgg7Y3s+bQCX7MIy52TDMxTqhf rLEAn3sYFcjuVuOPuzneQxTdlrLjIfEb =k/SJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to enable offline bit in SAMBA
We have a SAMBA built from source code, and we want to enable offline bit in SAMBA, Can anybody can give some advices on this? Thanks. Vincent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and the WinXP WebClient
Hi! We've had horrible performance when opening files from out Samba server with OpenOffice.org on some of our XP machines (not on all, I might add). Also, the general file transfers (copy to/from server) were fast and adequate. Then I had stumbled upon the Samba HOWTO which mentioned turning off this WebClient service on WinXP. I'm just rather curious, why does this WebClient slows down the opening of files with OO.org? Anyone care to elaborate? Thanks in advance! Daniel -- LEVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] page cache keeps growing untill system runs out of memory on a MIPS platform
Hi, I have samba-3.0.28a crosscompiled and running on a MIPS platform. The development system has about 150MB of free RAM after system bootup and no swap space. The system also has an USB interface, to which an external USB hard disk is connected. When I try to transfer huge files above (100MB) from a client on to the USB hard disk, I find that the page cache eats up almost about 100MB and occasionally the system runs out of memory. I even tried tweaking the /proc/sys/vm settings with the following values, but it did not help. /proc/sys/vm/dirty_background_ratio = 2 /proc/sys/vm/dirty_ratio = 5 /proc/sys/vm/dirty_expire_centisecs = 1000 /proc/sys/vm/vfs_cache_pressure = 1 I also tried copying the huge file locally from one folder to another through the USB interface using dd oflag=direct flag (unbuffered write). But the page cache again ate away about 100MB RAM. Has anybody here seen the same problem? Is there a possible fix? I believe it's more to do with USB caching or something rather than samba itself Thanks, Srini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_ACCESS_DENIED
In my case users are not able to login to server too, ldap require to change password, I do that and now all seems to work, however I have the error posted in samba log and wbinfo -g give errors, I'm sure when I installer the server there wasn't this issue, any ideas? Il giorno gio, 04/12/2008 alle 14.04 +0530, vishesh kumar ha scritto: Dear all i also faced this problem few days back. I recreated trust and problem resolved, thanks On Wed, Dec 3, 2008 at 3:37 PM, Mailing List SVR [EMAIL PROTECTED] wrote: Hi all, I have a samba PDC (with ldap), all ok for several months since today users experience very slow login, in my log I have : [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users net sam createbuiltingroup Users give NT_STATUS_ACCESS_DENIED and wbinfo -g Error looking up domain groups until yesterday all was ok, what can be the origin of this problems? I think isn't a configuration issue, I repeat myself the same configuration is working since several months, a google search give several results with similar problems but seems none is able to solve thanks for your help, regards Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] get_domain_master_name_node_status_fail
The message below is appearing in my log file. I wonder why nmbd thinks it needs to do a status request to that IP address? It is another server here but does not run samba. I have been trying to make is stop this without any luck so far. Does anyone know how? Thanks, Bill Dec 4 08:27:43 apss nmbd[5048]: [2008/12/04 08:27:43, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(486) Dec 4 08:27:44 apss nmbd[5048]: get_domain_master_name_node_status_fail: Dec 4 08:27:44 apss nmbd[5048]: Doing a node status request to the domain master browser at IP ???.???.97.12 failed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot restart winbindd
Hi Dale, Well I fixed my problem by using Likewise-open. It went magically and now I can login via the A.D. I'll try to understand what Likewise did and fix the problem in Samba. Thanks for the help, Bernard On Mon, Dec 1, 2008 at 2:02 PM, Dale Schroeder [EMAIL PROTECTED] wrote: Bernard, Log keeps asking if domain has been joined. What is the output of net ads testjoin ? If join is bad, you've found your problem. If join is OK, send output of testparm command. Too much info in your smb.conf to wade through. You may also wish to review the following for clues: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 Dale Bernard Fay wrote: Hi, I try to setup a Ubuntu 8.10 workstation to connect to an active directory on a Windows Server 2003. I follow the howto at https://help.ubuntu.com/community/Ac...ryWinbindHowtohttps://help.ubuntu.com/community/ActiveDirectoryWinbindHowto https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto Unfortunately, winbindd stopped working after I configured smb.conf. smbd and nmbd are still running. I include smb.conf and log.winbindd hoping it can help someone diagnose my problem. thanks in advance, Bernard Copyright Andrew Tridgell and the Samba Team 1992-2008 [2008/11/28 20:14:22, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2353) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2008/11/28 20:14:22, 0] winbindd/winbindd_util.c:init_domain_list(719) Could not fetch our SID - *did we join*? [2008/11/28 20:14:22, 0] winbindd/winbindd.c:main(1268) unable to initialize domain list [2008/11/28 20:15:52, 0] winbindd/winbindd.c:main(1126) winbindd version 3.2.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2008/11/28 20:15:52, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2353) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2008/11/28 20:15:52, 0] winbindd/winbindd_util.c:init_domain_list(719) Could not fetch our SID - *did we join*? [2008/11/28 20:15:52, 0] winbindd/winbindd.c:main(1268) unable to initialize domain listtrying to connect to active directory, winbindd stopped -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join ADS domain with 3.3.0rc1 on Suse 11.0 linux
On Wed, 3 Dec 2008 12:06:44 +0100 Luciano Mannucci [EMAIL PROTECTED] wrote: namenor:/usr/src/local/samba/samba-3.3.0rc1/source # net ads join -S gilgamesh.mcs.it -U Administrator -d10 Solved. I ubdated kerberos and happily joined issuing net ads join -S gilgamesh -U Administrator Cheers to all, luciano. -- /\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL/ E-MAIL: [EMAIL PROTECTED] / \ AND POSTINGS/ WWW: http://www.mannucci.ORG/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT_STATUS_ACCESS_DENIED
Il giorno mer, 03/12/2008 alle 10.27 -0800, Robinson, Eric ha scritto: What does 'net ads testjoin' say? Sounds like the trust is broken. Whevever we've seen those errors, we've fixed them by remove and rejoining the computer to the domain. -- Eric Robinson on the samba domain controller I run: net ads testjoin [2008/12/04 15:49:47, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Join to domain is not valid: No logon servers but strangely now all seems to work, testparm Load smb config files from /etc/samba/smb.conf WARNING: The printer admin option is deprecated Processing section [netlogon] Processing section [profiles] Processing section [homes] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] unix charset = LOCALE workgroup = CPE netbios name = CPE-PDC server string = Samba PDC passdb backend = ldapsam:ldap://ldap.cpe.it username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 137 138 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = cups add user script = /usr/sbin/smbldap-useradd -m %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=cpe,dc=it ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=cpe,dc=it ldap user suffix = ou=Users idmap backend = ldap:ldap://ldap.cpe.it idmap uid = 1-2 idmap gid = 1-2 printer admin = Administrator map acl inherit = Yes [netlogon] comment = Network Logon Service path = /home/dati/samba/netlogon/ browseable = No locking = No share modes = No [profiles] path = /home/dati/samba/profiles valid users = %U admin users = @Domain Admins read only = No guest ok = Yes profile acls = Yes case sensitive = No preserve case = No short preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/ browseable = No csc policy = disable [homes] comment = Cartella Personale valid users = %S read only = No hide files = /.bash*/.profile/ browseable = No any hints? thanks Nicola -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing List SVR Sent: Wednesday, December 03, 2008 2:07 AM To: Samba List Subject: [Samba] NT_STATUS_ACCESS_DENIED Hi all, I have a samba PDC (with ldap), all ok for several months since today users experience very slow login, in my log I have : [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users net sam createbuiltingroup Users give NT_STATUS_ACCESS_DENIED and wbinfo -g Error looking up domain groups until yesterday all was ok, what can be the origin of this problems? I think isn't a configuration issue, I repeat myself the same configuration is working since several months, a google search give several results with similar problems but seems none is able to solve thanks for your help, regards Nicola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Disclaimer - December 3, 2008 This email and any files transmitted with it are confidential and intended solely for Mailing List SVR,Samba List. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol:
RE: [Samba] How to enable offline bit in SAMBA
The answer is probably going to depend upon exactly how the files are offline. The Tobi Oetiker samfs patch will compare the size of the files to the number of blocks on disk that the file is taking up, and set the offline bit for any file where the num_blocks * 512 file_size. The patch files on his site are tied to the various versions of samba, but I've never had a problem doing a find and replace on a similar version. 3.0.28 should work on 3.0.33, and 3.2.4 should work on 3.2.5, for example. http://tobi.oetiker.ch/solaris/sambasamfs/ Good luck, ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vincent Guo Sent: Thursday, December 04, 2008 5:21 AM To: samba@lists.samba.org Cc: [EMAIL PROTECTED] Subject: [Samba] How to enable offline bit in SAMBA We have a SAMBA built from source code, and we want to enable offline bit in SAMBA, Can anybody can give some advices on this? Thanks. Vincent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.2.5 binaries
There is a stable release 3.2.5, but no SuSE binaries. This was a security patch. Will there be an update? Please update. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem accessing [home] share - SMB/AD
I have a deployement of samba 3.2.5, with MIT KRB5.1.6.3 and authentication from Win2k3 AD server. I am able to access public shares as well as restricted shares such as an 'Engineering' share when I put my user in the correct AD group. However, I am completely unable to access my Home share. Getent passwd, works (grepped for my username) marguin:x:502:502::/home/marguin:/bin/bash marguin:*:20045:2:Matthew Arguin:/fileshare/private/marguin:/bin/bash Getent group, works finance:*:20001:user1,user2,marguin allsmbusers:*:20012:marguin,all the other group members My dir drwxrwxrwx 7 marguin allsmbusers 4096 Dec 3 19:16 marguin And that marguin for the owner, corresponds to 20045, the AD user, not the local user. Testparm /etc/samba/smb.conf only complains about the '+' that I use as the delimiter [global] workgroup = DOMAIN realm = DOMAIN.NET server string = %h Samba Server Version %v netbios name = FS log file = /var/log/samba/%m.log log level =10 security = ADS use kerberos keytab = true #client use spnego = yes password server = IP of AD server encrypt passwords = yes local master = no domain master = no preferred master = no dns proxy = no idmap uid = 2-4 idmap gid = 2-4 template homedir = /fileshare/private/%U template shell = /bin/bash #template primary group = Domain Users winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes winbind separator = + winbind cache time = 300 # no is default winbind nested groups = Yes wins server = ip of WINS server # Share Definitions == [homes] comment = Home Directory for %u path = /fileshare/private/%u browseable = no writable = yes valid users = @%D+%u #invalid users = temporarily commented out for troubleshooting Looking for any thoughts -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] server or client having the problem?
Please choose one or more. Was this message: A. Extremely esoteric. B. Ridiculously common. C. Works for me. D. Non-sequitur. E. Boring. F. Old software, go away. G. Facile. H. Call your vendor(s), chump. Thanks for participating. On Mon, 2008-12-01 at 11:50 -0800, rhubbell wrote: Hello, Running client on redhat4 version 3.0.28-0 and the server on Solaris 10 version 3.0.25c Writing 2-3megabytes/second. Something stopped working. On the client I ran strace against the mount.smbfs process: It showed pause( On the server all I saw was this: [2008/11/30 14:14:43, 1] smbd/service.c:(1230) 192.168.1.200 (192.168.1.200) closed connection to service smbmnt Can't strace smbiod on the client and can't find the man page for it and I can't send signal 11 to try to get a core. I'm just running this instead of NFS, would CIFS be a better choice here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] page cache keeps growing untill system runs out of memory on a MIPS platform
On Thu, Dec 04, 2008 at 02:28:15AM -0800, srinivasan jayarajan wrote: Hi, I have samba-3.0.28a crosscompiled and running on a MIPS platform. The development system has about 150MB of free RAM after system bootup and no swap space. The system also has an USB interface, to which an external USB hard disk is connected. When I try to transfer huge files above (100MB) from a client on to the USB hard disk, I find that the page cache eats up almost about 100MB and occasionally the system runs out of memory. I even tried tweaking the /proc/sys/vm settings with the following values, but it did not help. /proc/sys/vm/dirty_background_ratio = 2 /proc/sys/vm/dirty_ratio = 5 /proc/sys/vm/dirty_expire_centisecs = 1000 /proc/sys/vm/vfs_cache_pressure = 1 I also tried copying the huge file locally from one folder to another through the USB interface using dd oflag=direct flag (unbuffered write). But the page cache again ate away about 100MB RAM. Has anybody here seen the same problem? Is there a possible fix? I believe it's more to do with USB caching or something rather than samba itself You should raise this on the Linux filesystems list rather than the Samba list (I'm assuming it's Linux). We don't do anything to control the page cache from smbd. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] server or client having the problem?
I was trying to get a feel for samba as a solution to just serve files. I ran a long duration test over the holiday. I haven't tried it again. [global] workgroup = smbmnt server string = Samba Server security = server hosts allow = 192.168. 127. load printers = no log file = /var/samba/log/log.%m max log size = 5 passdb backend = smbpasswd dns proxy = no [smbmnt] path = /data/a1/b1/c1 public = no valid users = daemon writable = yes On the client: mount -t smbfs -o username=daemon //server/smbmnt /smbmnt I was hesitant to enable too much logging as I read there was a severe, negative performance impact. Performance is a keystone for me. It seems to hold up fine so I can increase and try again but explorations like this take a lot of time so I may not pursue this; at least not right away. On Thu, 2008-12-04 at 12:04 -0500, Aaron Maley wrote: G) Not enough info Did this only happen once? Is it a continuous problem? What's your server config file look like? Can you duplicate the issue? If you can duplicate it more detailed logs might help. I'm no expert, but there simply isn't enough info here to figure out what's going on. rhubbell wrote: Please choose one or more. Was this message: A. Extremely esoteric. B. Ridiculously common. C. Works for me. D. Non-sequitur. E. Boring. F. Old software, go away. G. Facile. H. Call your vendor(s), chump. Thanks for participating. On Mon, 2008-12-01 at 11:50 -0800, rhubbell wrote: Hello, Running client on redhat4 version 3.0.28-0 and the server on Solaris 10 version 3.0.25c Writing 2-3megabytes/second. Something stopped working. On the client I ran strace against the mount.smbfs process: It showed pause( On the server all I saw was this: [2008/11/30 14:14:43, 1] smbd/service.c:(1230) 192.168.1.200 (192.168.1.200) closed connection to service smbmnt Can't strace smbiod on the client and can't find the man page for it and I can't send signal 11 to try to get a core. I'm just running this instead of NFS, would CIFS be a better choice here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot map to Linux share from Windows
Help, I have set up RHEL5 to authenticate against Windows Server 2003 R2 Active Directory using ldap/kerberos. Everything works fine except that I cannot map a drive from Windows machines to the shares I have set up in Samba on the linux machine. I can log into Linux using accounts in AD, and running smbclient linuxserver\\sambashare works fine on the linux box using account information from AD. Kinit returns a ticket successfully. wbinfo -u successfully returns a list of users in AD, and wbinfo -g successfully returns a list of groups from AD. getent passwd username successfully returns information from AD. But if I go to a Windows machine and map a network drive, it returns the error The network connection is longer available. My smb.conf is as follows: I have also tried it without the socket options line. [global] socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 workgroup = phx password server = phxwn01 realm = PHX.ENG security = ads idmap backend = ad template shell = /bin/tcsh winbind use default domain = false winbind offline logon = false [vobstore] comment = PHX Vob storage path = /vobstore writeable = yes browseable = yes guest ok = yes In smbd debug mode 5, the latter part of the log.smbd file shows the following when trying to connect from the Windows machine. It seems to find the account from AD fine and grant access, but unexpectedly closes the connection for some reason. [2008/12/04 09:48:04, 5] smbd/connection.c:claim_connection(142) claiming [vobstore] [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249) [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120 se_access_check: also S-1-5-21-2693496084-966658720-213559819-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2693496084-966658720-213559819-518 se_access_check: also S-1-5-21-2693496084-966658720-213559819-512 se_access_check: also S-1-5-21-2693496084-966658720-213559819-519 [2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted.. [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249) [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120 se_access_check: also S-1-5-21-2693496084-966658720-213559819-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2693496084-966658720-213559819-518 se_access_check: also S-1-5-21-2693496084-966658720-213559819-512 se_access_check: also S-1-5-21-2693496084-966658720-213559819-519 [2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1, 4) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-2693496084-966658720-213559819-1120 contains 8 SIDs SID[ 0]: S-1-5-21-2693496084-966658720-213559819-1120 SID[ 1]: S-1-5-21-2693496084-966658720-213559819-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2693496084-966658720-213559819-518 SID[ 6]: S-1-5-21-2693496084-966658720-213559819-512 SID[ 7]: S-1-5-21-2693496084-966658720-213559819-519 SE_PRIV 0x0 0x0 0x0 0x0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 1 Primary group is 4 and contains 1 supplementary groups Group[ 0]: 10002 [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(0,1) gid=(0,4) [2008/12/04 09:48:04, 1] smbd/service.c:make_connection_snum(1190) phxwn01 (:::192.168.50.20) connect to service vobstore initially as user p53044 (uid=1, gid=4) (pid 6819) [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/12/04 09:48:04, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=VOBSTORE [2008/12/04 09:48:04, 5] lib/util.c:show_msg(642) [2008/12/04 09:48:04, 5] lib/util.c:show_msg(652) size=62 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=256 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=13 [2008/12/04 09:48:04, 0] lib/util_sock.c:read_socket_with_timeout(939) [2008/12/04 09:48:04, 0]
Re: [Samba] Cannot map to Linux share from Windows
On Thu, Dec 04, 2008 at 10:05:49AM -0800, Roger Criddle wrote: Help, I have set up RHEL5 to authenticate against Windows Server 2003 R2 Active Directory using ldap/kerberos. Everything works fine except that I cannot map a drive from Windows machines to the shares I have set up in Samba on the linux machine. I can log into Linux using accounts in AD, and running smbclient linuxserver\\sambashare works fine on the linux box using account information from AD. Kinit returns a ticket successfully. wbinfo -u successfully returns a list of users in AD, and wbinfo -g successfully returns a list of groups from AD. getent passwd username successfully returns information from AD. But if I go to a Windows machine and map a network drive, it returns the error The network connection is longer available. My smb.conf is as follows: I have also tried it without the socket options line. [global] socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 workgroup = phx password server = phxwn01 realm = PHX.ENG security = ads idmap backend = ad template shell = /bin/tcsh winbind use default domain = false winbind offline logon = false [vobstore] comment = PHX Vob storage path = /vobstore writeable = yes browseable = yes guest ok = yes In smbd debug mode 5, the latter part of the log.smbd file shows the following when trying to connect from the Windows machine. It seems to find the account from AD fine and grant access, but unexpectedly closes the connection for some reason. [2008/12/04 09:48:04, 5] smbd/connection.c:claim_connection(142) claiming [vobstore] [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249) [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120 se_access_check: also S-1-5-21-2693496084-966658720-213559819-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2693496084-966658720-213559819-518 se_access_check: also S-1-5-21-2693496084-966658720-213559819-512 se_access_check: also S-1-5-21-2693496084-966658720-213559819-519 [2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted.. [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(249) [2008/12/04 09:48:04, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2693496084-966658720-213559819-1120 se_access_check: also S-1-5-21-2693496084-966658720-213559819-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2693496084-966658720-213559819-518 se_access_check: also S-1-5-21-2693496084-966658720-213559819-512 se_access_check: also S-1-5-21-2693496084-966658720-213559819-519 [2008/12/04 09:48:04, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1, 4) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-2693496084-966658720-213559819-1120 contains 8 SIDs SID[ 0]: S-1-5-21-2693496084-966658720-213559819-1120 SID[ 1]: S-1-5-21-2693496084-966658720-213559819-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2693496084-966658720-213559819-518 SID[ 6]: S-1-5-21-2693496084-966658720-213559819-512 SID[ 7]: S-1-5-21-2693496084-966658720-213559819-519 SE_PRIV 0x0 0x0 0x0 0x0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 1 Primary group is 4 and contains 1 supplementary groups Group[ 0]: 10002 [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(0,1) gid=(0,4) [2008/12/04 09:48:04, 1] smbd/service.c:make_connection_snum(1190) phxwn01 (:::192.168.50.20) connect to service vobstore initially as user p53044 (uid=1, gid=4) (pid 6819) [2008/12/04 09:48:04, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/12/04 09:48:04, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/12/04 09:48:04, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/12/04 09:48:04, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/12/04 09:48:04, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=VOBSTORE [2008/12/04 09:48:04, 5] lib/util.c:show_msg(642) [2008/12/04 09:48:04, 5] lib/util.c:show_msg(652) size=62 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=256 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F)
Re: [Samba] Stable Samba for AIX5.1
Hi I use pware.samba-3.0.23d on AIX 5.3. It works very well for me and I am almost sure I have used it already on 5.1. cheers On Wed, Dec 3, 2008 at 2:58 AM, Ray, Tito [EMAIL PROTECTED] wrote: Hello, I need to upgrade Samba 2.2.2 to a stable Samba version compatible with AIX5.1 . Need to know the samba version I need to download and apply. Tito -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.2.5 binaries
There is a stable release 3.2.5, but no SuSE binaries. This was a security patch. Will there be an update? Please update. Thanks. What do you mean? http://ftp.sernet.de/pub/samba/recent/suse/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ballpark perf. numbers
Was wondering if anyone's got some ballpark performance numbers that they can share. It would be great to see some basic numbers, nothing formal. Even if it's just observations from a system you manage or monitor. I'd be most interested to see how a single server with multiple clients performs. Throughput, reads/writes and if possible a rough view of server memory and cpu per byte and per read and per write. As you can see I'm just trying to get a feel for how Samba performs and scales. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Join multiple CTDB managed Samba servers into Active Directory
Hi , I have set up a 2-node CTDB cluster serving NFS and CIFS authenticating Windows and Linux users via Active Directory. The setup works fine, except only one server in the CTDB-cluster is able to join the AD domain at a given instance. If you manually add the other server into AD, the already connected server gets disconnected. There is no specific error message logged in /var/log/message or /var/log/samba/log.smbd or /var/log/samba/log.winbind + network snooping at Samba port(445) does not provide any info. Please find the smb.conf and CTDB details attached. Without CTDB, I can have Samba active on multiple servers joined to AD. Following is the setup + error message when you manually try to join a second CTDB node into Active Directory: Configuration: # CTDB Up and Virtualizing two Nodes into single entity # CTDB configured to manage IP, NFS, Samba, and Winbind [EMAIL PROTECTED] nfsexport]# ctdb status Number of nodes:2 pnn:0 172.16.2.252 OK (THIS NODE) pnn:1 172.16.2.253 OK Generation:1529093094 Size:2 hash:0 lmaster:0 hash:1 lmaster:1 Recovery mode:NORMAL (0) Recovery master:1 [EMAIL PROTECTED] ~]# ctdb ip Public IPs on node 1 192.168.97.5 0 192.168.97.6 1 # Initially only node-02 was only able to join AD [EMAIL PROTECTED] nfsexport]# net ads testjoin Join is OK # Able to see users in AD Domain [EMAIL PROTECTED] ~]# wbinfo -u list TESTDOMAIN+administrator TESTDOMAIN+peyton TESTDOMAIN+eli Join Error - # node-01 is unable to join AD [EMAIL PROTECTED] ~]# net ads testjoin [2008/12/02 15:59:47, 0] libads/kerberos.c:ads_kinit_password(361) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed [2008/12/02 15:59:47, 0] libads/kerberos.c:ads_kinit_password(361) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed Join to domain is not valid: Logon failure # Manually Add node-01 to the AD [EMAIL PROTECTED] ~]# net -d 1 ads join -U Administrator Enter Administrator's password: [2008/12/02 16:06:11, 1] libnet/libnet_join.c:libnet_Join(1799) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'node-01' domain_name : * domain_name : 'TESTDOMAIN.LOCAL' account_ou : NULL admin_account: 'Administrator' admin_password : * machine_password : NULL join_flags : 0x0023 (35) 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config: 0x00 (0) ads : NULL debug: 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2008/12/02 16:06:11, 1] libnet/libnet_join.c:libnet_Join(1830) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'TESTDOMAIN' dns_domain_name : 'testdomain.local' dn : 'CN=node-01,CN=Computers,DC=testdomain,DC=local' domain_sid : * domain_sid : S-1-5-21-3868838012-3874256186-1289404937 modified_config : 0x00 (0) error_string : NULL domain_is_ad : 0x01 (1) result : WERR_OK Using short domain name -- TESTDOMAIN Joined 'node-01' to realm 'testdomain.local' [EMAIL PROTECTED] ~]# net ads testjoin Join is OK #Check AD Status from node-02 # Result: node-02 which was originally joined to AD gets revoked when node-01 is manually added into AD [EMAIL PROTECTED] nfsexport]# net ads testjoin [2008/12/02 16:21:14, 0] libads/kerberos.c:ads_kinit_password(361) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed [2008/12/02 16:21:14, 0] libads/kerberos.c:ads_kinit_password(361) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed Join to domain is
Re: [Samba] Stable Samba for AIX5.1
Original message Date: Thu, 4 Dec 2008 17:44:05 +0100 From: Urs Golla [EMAIL PROTECTED] Subject: Re: [Samba] Stable Samba for AIX5.1 To: Ray, Tito [EMAIL PROTECTED] Cc: samba@lists.samba.org Hi I use pware.samba-3.0.23d on AIX 5.3. It works very well for me and I am almost sure I have used it already on 5.1. Hmmm, I do not think that will run on 5.1. The latest stable code for AIX 5.3/6.1 is at: http://pware.hvcc.edu/ Cheers, Bill cheers On Wed, Dec 3, 2008 at 2:58 AM, Ray, Tito [EMAIL PROTECTED] wrote: Hello, I need to upgrade Samba 2.2.2 to a stable Samba version compatible with AIX5.1 . Need to know the samba version I need to download and apply. Tito -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ballpark perf. numbers
I am not sure if this is what your looking for http://us1.samba.org/samba/docs/man/Samba-Guide/secure.html Thanks, Srini --- On Thu, 12/4/08, rhubbell [EMAIL PROTECTED] wrote: From: rhubbell [EMAIL PROTECTED] Subject: [Samba] ballpark perf. numbers To: samba@lists.samba.org Date: Thursday, December 4, 2008, 4:59 PM Was wondering if anyone's got some ballpark performance numbers that they can share. It would be great to see some basic numbers, nothing formal. Even if it's just observations from a system you manage or monitor. I'd be most interested to see how a single server with multiple clients performs. Throughput, reads/writes and if possible a rough view of server memory and cpu per byte and per read and per write. As you can see I'm just trying to get a feel for how Samba performs and scales. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Stable Samba for AIX5.1
You could be right about that... But it is worth going to 5.3 anyway. particularly if you plan to use group names with more than 9 (8+'\n') characters. On Fri, Dec 5, 2008 at 1:51 AM, William Jojo [EMAIL PROTECTED] wrote: Original message Date: Thu, 4 Dec 2008 17:44:05 +0100 From: Urs Golla [EMAIL PROTECTED] Subject: Re: [Samba] Stable Samba for AIX5.1 To: Ray, Tito [EMAIL PROTECTED] Cc: samba@lists.samba.org Hi I use pware.samba-3.0.23d on AIX 5.3. It works very well for me and I am almost sure I have used it already on 5.1. Hmmm, I do not think that will run on 5.1. The latest stable code for AIX 5.3/6.1 is at: http://pware.hvcc.edu/ Cheers, Bill cheers On Wed, Dec 3, 2008 at 2:58 AM, Ray, Tito [EMAIL PROTECTED] wrote: Hello, I need to upgrade Samba 2.2.2 to a stable Samba version compatible with AIX5.1 . Need to know the samba version I need to download and apply. Tito -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Installing Primary Domain Controller in Solaris 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Search Google. Even Sun themselves provide this documentation. Tarak Ranjan wrote: Hi List, Can anyone give me some links of how to's to install samba in solaris 10 /\ Tarak Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJOL8nmb+gadEcsb4RAl7cAKDe9Xk5H5tPAwF32IiX8wcJtPCovACdGXLM fO/qHPUzEYHea33MmJEf0Rc= =luL6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch master updated - 2b8f3e253d3a56aac996287f5ce265d0c915b3c8
The branch, master has been updated via 2b8f3e253d3a56aac996287f5ce265d0c915b3c8 (commit) from dbfcd3f97c02a19c48360b4f477570997f8aa870 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2b8f3e253d3a56aac996287f5ce265d0c915b3c8 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 12:26:03 2008 +0100 s3:net: fix password set of 'net rpc trustdom add' metze --- Summary of changes: source3/utils/net_rpc.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3c8ce03..0c34972 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5250,7 +5250,8 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, notime, notime, notime, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, parameters, - 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + 0, 0, ACB_DOMTRUST, + SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD, hours, 0, 0, 0, 0, 0, 0, 0, crypt_pwd); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4592-ge1e76f1
The branch, v3-3-test has been updated via e1e76f19cf9c72abe4086965846b2d438cfbdd00 (commit) from f2a3617778cab1695a09f065840907e1227b6d86 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e1e76f19cf9c72abe4086965846b2d438cfbdd00 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 12:26:03 2008 +0100 s3:net: fix password set of 'net rpc trustdom add' metze (cherry-picked from commit 2b8f3e253d3a56aac996287f5ce265d0c915b3c8) --- Summary of changes: source/utils/net_rpc.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 5b16801..bb63a57 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -5254,7 +5254,8 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, notime, notime, notime, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, parameters, - 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + 0, 0, ACB_DOMTRUST, + SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD, hours, 0, 0, 0, 0, 0, 0, 0, crypt_pwd); -- Samba Shared Repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.3_ctdb.51-7-gb02d2bf
The branch, v3-2-ctdb has been updated via b02d2bf1e4c4507690e76f7119097632cd6dd052 (commit) via afcdaa4bd20460a3435d3ed72f203a27d724634b (commit) from 0e9d5638a7c375b3b18f19f83f97924ab45ad382 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit b02d2bf1e4c4507690e76f7119097632cd6dd052 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 16:38:55 2008 +0100 winbindd: don't open a new dc connection in winbindd_getpwnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael commit afcdaa4bd20460a3435d3ed72f203a27d724634b Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 15:59:17 2008 +0100 winbindd: don't open a new dc connection in winbindd_getgrnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael --- Summary of changes: source/winbindd/winbindd_group.c |2 +- source/winbindd/winbindd_user.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index bccbf62..9c09a1a 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -717,7 +717,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get info for the domain */ - if ((domain = find_domain_from_name(name_domain)) == NULL) { + if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { DEBUG(3, (could not get domain sid for domain %s\n, name_domain)); request_error(state); diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c index af6dcc6..a60a573 100644 --- a/source/winbindd/winbindd_user.c +++ b/source/winbindd/winbindd_user.c @@ -386,7 +386,7 @@ void winbindd_getpwnam(struct winbindd_cli_state *state) /* Get info for the domain */ - domain = find_domain_from_name(domname); + domain = find_domain_from_name_noinit(domname); if (domain == NULL) { DEBUG(7, (could not find domain entry for domain %s. -- SAMBA-CTDB repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3224-g05fbd5f
The branch, v3-2-test has been updated via 05fbd5f87cb39cffe0acc5c3132e13f2d471edf2 (commit) from 10dd8a54ea7ea2cf86de5e20a62912298e0c4acc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 05fbd5f87cb39cffe0acc5c3132e13f2d471edf2 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 12:26:03 2008 +0100 s3:net: fix password set of 'net rpc trustdom add' metze (cherry-picked from commit 2b8f3e253d3a56aac996287f5ce265d0c915b3c8) (cherry picked from commit e1e76f19cf9c72abe4086965846b2d438cfbdd00) --- Summary of changes: source/utils/net_rpc.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 945ca38..ceb429f 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -5439,7 +5439,8 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, notime, notime, notime, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, parameters, - 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + 0, 0, ACB_DOMTRUST, + SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD, hours, 0, 0, 0, 0, 0, 0, 0, pwbuf, 24); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 6c9b0298a99ba14d832b30d9396bed64ae4ebd3e
The branch, master has been updated via 6c9b0298a99ba14d832b30d9396bed64ae4ebd3e (commit) via e9d1c3e7eab7cbc14fa54d7df1ae7da52d483a7c (commit) via 9d44600470e2f2444a09d91d5d6b36515454c919 (commit) via 885a1be8b932a212b6234a2a0c990975eb16e9e8 (commit) from 2b8f3e253d3a56aac996287f5ce265d0c915b3c8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6c9b0298a99ba14d832b30d9396bed64ae4ebd3e Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 12:47:43 2008 +0100 s4:selftest: we have netr_GetDcName() and netr_GetAnyDCName() implementations now metze commit e9d1c3e7eab7cbc14fa54d7df1ae7da52d483a7c Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 12:46:30 2008 +0100 RAW-NETLOGON: check netr_GetAnyDCName() result metze commit 9d44600470e2f2444a09d91d5d6b36515454c919 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 12:03:01 2008 +0100 s4:netlogon: for now implement netr_GetAnyDCName() as wrapper of netr_GetDcName() metze commit 885a1be8b932a212b6234a2a0c990975eb16e9e8 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 11:56:51 2008 +0100 s4:netlogon: Implement netr_GetDcName() similar to netr_DsGetDCName() metze --- Summary of changes: source4/rpc_server/netlogon/dcerpc_netlogon.c | 48 +++- source4/selftest/knownfail|2 - source4/torture/rpc/netlogon.c|1 + 3 files changed, 47 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index ccc1fc5..2806802 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -803,7 +803,40 @@ static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALL static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_GetDcName *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + const char * const attrs[] = { NULL }; + void *sam_ctx; + struct ldb_message **res; + struct ldb_dn *domain_dn; + int ret; + const char *dcname; + + sam_ctx = samdb_connect(mem_ctx, dce_call-event_ctx, + dce_call-conn-dce_ctx-lp_ctx, + dce_call-conn-auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_DS_SERVICE_UNAVAILABLE; + } + + domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx, + r-in.domainname); + if (domain_dn == NULL) { + return WERR_DS_SERVICE_UNAVAILABLE; + } + + ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, res, attrs); + if (ret != 1) { + return WERR_NO_SUCH_DOMAIN; + } + + /* TODO: - return real IP address +* - check all r-in.* parameters (server_unc is ignored by w2k3!) +*/ + dcname = talloc_asprintf(mem_ctx, %s, + lp_netbios_name(dce_call-conn-dce_ctx-lp_ctx)); + W_ERROR_HAVE_NO_MEMORY(dcname); + + *r-out.dcname = dcname; + return WERR_OK; } @@ -823,7 +856,18 @@ static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLO static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_GetAnyDCName *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct netr_GetDcName r2; + WERROR werr; + + ZERO_STRUCT(r2); + + r2.in.logon_server = r-in.logon_server; + r2.in.domainname= r-in.domainname; + r2.out.dcname = r-out.dcname; + + werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, r2); + + return werr; } diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index 9649a1f..abc6978 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -23,10 +23,8 @@ rpc.netlogon.*.LogonUasLogon rpc.netlogon.*.LogonUasLogoff rpc.netlogon.*.DatabaseSync rpc.netlogon.*.DatabaseSync2 -rpc.netlogon.*.GetDcName rpc.netlogon.*.LogonControl rpc.netlogon.*.LogonControl2 -rpc.netlogon.*.GetAnyDCName rpc.netlogon.*.DsrEnumerateDomainTrusts rpc.netlogon.*.NetrEnumerateTrustedDomains rpc.netlogon.*.NetrEnumerateTrustedDomainsEx diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 953f9d1..5fb3607 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -1523,6 +1523,7 @@ static bool test_GetAnyDCName(struct torture_context *tctx, status = dcerpc_netr_GetAnyDCName(p, tctx, r);
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3226-g284b3e5
The branch, v3-2-test has been updated via 284b3e50435d4450008031e00b7290a1970a0cc4 (commit) via b8e94c56a68cb3525682e24de6078608a1146240 (commit) from 05fbd5f87cb39cffe0acc5c3132e13f2d471edf2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 284b3e50435d4450008031e00b7290a1970a0cc4 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 16:38:55 2008 +0100 winbindd: don't open a new dc connection in winbindd_getpwnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael commit b8e94c56a68cb3525682e24de6078608a1146240 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 15:59:17 2008 +0100 winbindd: don't open a new dc connection in winbindd_getgrnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael --- Summary of changes: source/winbindd/winbindd_group.c |2 +- source/winbindd/winbindd_user.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index c212294..9307250 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -707,7 +707,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get info for the domain */ - if ((domain = find_domain_from_name(name_domain)) == NULL) { + if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { DEBUG(3, (could not get domain sid for domain %s\n, name_domain)); request_error(state); diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c index 19feec3..2c73fea 100644 --- a/source/winbindd/winbindd_user.c +++ b/source/winbindd/winbindd_user.c @@ -384,7 +384,7 @@ void winbindd_getpwnam(struct winbindd_cli_state *state) /* Get info for the domain */ - domain = find_domain_from_name(domname); + domain = find_domain_from_name_noinit(domname); if (domain == NULL) { DEBUG(7, (could not find domain entry for domain %s. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4594-g23f4937
The branch, v3-3-test has been updated via 23f493795ce506f9dae5468edcd6c49de91c57a6 (commit) via 53e8594714a5aa6dc5fb1379f0dc5c84b517a851 (commit) from e1e76f19cf9c72abe4086965846b2d438cfbdd00 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 23f493795ce506f9dae5468edcd6c49de91c57a6 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 16:38:55 2008 +0100 winbindd: don't open a new dc connection in winbindd_getpwnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael commit 53e8594714a5aa6dc5fb1379f0dc5c84b517a851 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 15:59:17 2008 +0100 winbindd: don't open a new dc connection in winbindd_getgrnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael --- Summary of changes: source/winbindd/winbindd_group.c |2 +- source/winbindd/winbindd_user.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index 3422fdb..8b4d4d6 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -800,7 +800,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get info for the domain */ - if ((domain = find_domain_from_name(name_domain)) == NULL) { + if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { DEBUG(3, (could not get domain sid for domain %s\n, name_domain)); request_error(state); diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c index e5d0a22..fd1fdd3 100644 --- a/source/winbindd/winbindd_user.c +++ b/source/winbindd/winbindd_user.c @@ -456,7 +456,7 @@ void winbindd_getpwnam(struct winbindd_cli_state *state) /* Get info for the domain */ - domain = find_domain_from_name(domname); + domain = find_domain_from_name_noinit(domname); if (domain == NULL) { DEBUG(7, (could not find domain entry for domain %s. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 95b4baf5adc61e823a83044e9a679a6200d2f6af
The branch, master has been updated via 95b4baf5adc61e823a83044e9a679a6200d2f6af (commit) via db59cbfba8018d5b8eaf71d6a4441c5914baca4c (commit) from 6c9b0298a99ba14d832b30d9396bed64ae4ebd3e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 95b4baf5adc61e823a83044e9a679a6200d2f6af Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 16:38:55 2008 +0100 s3:winbindd: don't open a new dc connection in winbindd_getpwnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael commit db59cbfba8018d5b8eaf71d6a4441c5914baca4c Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 3 15:59:17 2008 +0100 s3:winbindd: don't open a new dc connection in winbindd_getgrnam (main winbindd) This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael --- Summary of changes: source3/winbindd/winbindd_group.c |2 +- source3/winbindd/winbindd_user.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 3422fdb..8b4d4d6 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -800,7 +800,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get info for the domain */ - if ((domain = find_domain_from_name(name_domain)) == NULL) { + if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { DEBUG(3, (could not get domain sid for domain %s\n, name_domain)); request_error(state); diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index e5d0a22..fd1fdd3 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -456,7 +456,7 @@ void winbindd_getpwnam(struct winbindd_cli_state *state) /* Get info for the domain */ - domain = find_domain_from_name(domname); + domain = find_domain_from_name_noinit(domname); if (domain == NULL) { DEBUG(7, (could not find domain entry for domain %s. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 0f38bd90722469c6dbf1bcc7f56d3fbf6db3a8e8
The branch, master has been updated via 0f38bd90722469c6dbf1bcc7f56d3fbf6db3a8e8 (commit) from 95b4baf5adc61e823a83044e9a679a6200d2f6af (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0f38bd90722469c6dbf1bcc7f56d3fbf6db3a8e8 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 14:00:44 2008 +0100 s3:winbindd: fix horrible mis-indentation of toplvl braces in getgrsid_sid2gid_recv to make code more readble Michael --- Summary of changes: source3/winbindd/winbindd_group.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 8b4d4d6..7432bda 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -833,7 +833,7 @@ struct getgrsid_state { }; static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) - { +{ struct getgrsid_state *s = (struct getgrsid_state *)private_data; struct winbindd_domain *domain; @@ -884,7 +884,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s-state-response.extra_data.data = gr_mem; request_ok(s-state); - } +} static void getgrsid_lookupsid_recv( void *private_data, bool success, const char *dom_name, const char *name, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4595-gd28a0f9
The branch, v3-3-test has been updated via d28a0f970e06c67729d71d505c35ae1d49ad6ccc (commit) from 23f493795ce506f9dae5468edcd6c49de91c57a6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit d28a0f970e06c67729d71d505c35ae1d49ad6ccc Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 14:04:33 2008 +0100 winbindd: fix horrible mis-indentation of toplvl braces in getgrsid_sid2gid_r to make code more readable Michael --- Summary of changes: source/winbindd/winbindd_group.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index 8b4d4d6..7432bda 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -833,7 +833,7 @@ struct getgrsid_state { }; static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) - { +{ struct getgrsid_state *s = (struct getgrsid_state *)private_data; struct winbindd_domain *domain; @@ -884,7 +884,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s-state-response.extra_data.data = gr_mem; request_ok(s-state); - } +} static void getgrsid_lookupsid_recv( void *private_data, bool success, const char *dom_name, const char *name, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3228-g21dedb6
The branch, v3-2-test has been updated via 21dedb62d866bb0a2ae808c8d5a411c7f0fb8604 (commit) via 2deb1272ef7d3edd910988e696f5556bcfcdbe1f (commit) from 284b3e50435d4450008031e00b7290a1970a0cc4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 21dedb62d866bb0a2ae808c8d5a411c7f0fb8604 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 14:30:52 2008 +0100 winbindd: fix more misindentations of top level braces in winbindd_group Michael commit 2deb1272ef7d3edd910988e696f5556bcfcdbe1f Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 14:29:01 2008 +0100 winbindd: fix horrible mis-indentation of toplvl braces in getgrsid_sid2gid_recv to make code more readable Michael --- Summary of changes: source/winbindd/winbindd_group.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index 9307250..f1b1fed 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -740,7 +740,7 @@ struct getgrsid_state { }; static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) - { +{ struct getgrsid_state *s = (struct getgrsid_state *)private_data; struct winbindd_domain *domain; @@ -790,7 +790,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s-state-response.extra_data.data = gr_mem; request_ok(s-state); - } +} static void getgrsid_lookupsid_recv( void *private_data, bool success, const char *dom_name, const char *name, @@ -832,10 +832,10 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, winbindd_sid2gid_async(s-state-mem_ctx, s-group_sid, getgrsid_sid2gid_recv, s); - } +} static void winbindd_getgrsid( struct winbindd_cli_state *state, const DOM_SID group_sid ) - { +{ struct getgrsid_state *s; if ( (s = TALLOC_ZERO_P(state-mem_ctx, struct getgrsid_state)) == NULL ) { -- Samba Shared Repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.3_ctdb.51-9-g2a02d12
The branch, v3-2-ctdb has been updated via 2a02d12df0ca53ddf29f89f5889245798ac6b59b (commit) via af56198a2d4e787c04c061b78127032ed2e67b51 (commit) from b02d2bf1e4c4507690e76f7119097632cd6dd052 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit 2a02d12df0ca53ddf29f89f5889245798ac6b59b Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 14:30:52 2008 +0100 winbindd: fix more misindentations of top level braces in winbindd_group Michael (cherry picked from commit 21dedb62d866bb0a2ae808c8d5a411c7f0fb8604) commit af56198a2d4e787c04c061b78127032ed2e67b51 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 14:04:33 2008 +0100 winbindd: fix horrible mis-indentation of toplvl braces in getgrsid_sid2gid_r to make code more readable Michael (cherry picked from commit d28a0f970e06c67729d71d505c35ae1d49ad6ccc) --- Summary of changes: source/winbindd/winbindd_group.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index 9c09a1a..8b62387 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -750,7 +750,7 @@ struct getgrsid_state { }; static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) - { +{ struct getgrsid_state *s = (struct getgrsid_state *)private_data; struct winbindd_domain *domain; @@ -800,7 +800,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s-state-response.extra_data.data = gr_mem; request_ok(s-state); - } +} static void getgrsid_lookupsid_recv( void *private_data, bool success, const char *dom_name, const char *name, @@ -842,10 +842,10 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, winbindd_sid2gid_async(s-state-mem_ctx, s-group_sid, getgrsid_sid2gid_recv, s); - } +} static void winbindd_getgrsid( struct winbindd_cli_state *state, const DOM_SID group_sid ) - { +{ struct getgrsid_state *s; if ( (s = TALLOC_ZERO_P(state-mem_ctx, struct getgrsid_state)) == NULL ) { -- SAMBA-CTDB repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3229-gaddbddf
The branch, v3-2-test has been updated via addbddf90a4935f7fda8ed4acbf5a4574d7fc92b (commit) from 21dedb62d866bb0a2ae808c8d5a411c7f0fb8604 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit addbddf90a4935f7fda8ed4acbf5a4574d7fc92b Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 15:01:46 2008 +0100 winbindd: fix more horrible brace mis-indentations in winbindd_group Sorry, but I can't bear this. And while my vim is smart enough to cope with this, it confuses _me_, and I have seen an emacs confused as well. (Which comes as no surprise, almost human as it is...) Michael --- Summary of changes: source/winbindd/winbindd_group.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index f1b1fed..bcb859d 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -815,14 +815,14 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, dom_name, name, name_type)); request_error(s-state); return; -} + } if ( (s-group_name = talloc_asprintf( s-state-mem_ctx, %s%c%s, dom_name, *lp_winbind_separator(), name)) == NULL ) -{ + { DEBUG(1, (getgrsid_lookupsid_recv: talloc_asprintf() Failed!\n)); request_error(s-state); return; -- Samba Shared Repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.3_ctdb.51-10-g7213d15
The branch, v3-2-ctdb has been updated via 7213d1594a4b0d7127eac40677714e886d2b5726 (commit) from 2a02d12df0ca53ddf29f89f5889245798ac6b59b (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit 7213d1594a4b0d7127eac40677714e886d2b5726 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Dec 4 15:01:46 2008 +0100 winbindd: fix more horrible brace mis-indentations in winbindd_group Sorry, but I can't bear this. And while my vim is smart enough to cope with this, it confuses _me_, and I have seen an emacs confused as well. (Which comes as no surprise, almost human as it is...) Michael (cherry picked from commit addbddf90a4935f7fda8ed4acbf5a4574d7fc92b) --- Summary of changes: source/winbindd/winbindd_group.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index 8b62387..75ec28c 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -825,14 +825,14 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, dom_name, name, name_type)); request_error(s-state); return; -} + } if ( (s-group_name = talloc_asprintf( s-state-mem_ctx, %s%c%s, dom_name, *lp_winbind_separator(), name)) == NULL ) -{ + { DEBUG(1, (getgrsid_lookupsid_recv: talloc_asprintf() Failed!\n)); request_error(s-state); return; -- SAMBA-CTDB repository
[SCM] Samba Shared Repository - branch master updated - 677e0fb9659abe1ad684dd980d61b88caad9f8a2
The branch, master has been updated via 677e0fb9659abe1ad684dd980d61b88caad9f8a2 (commit) via 180245fce0f0d73d924ca6a25db3fc78934c40d1 (commit) from 0f38bd90722469c6dbf1bcc7f56d3fbf6db3a8e8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 677e0fb9659abe1ad684dd980d61b88caad9f8a2 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 15:40:31 2008 +0100 s4:kludge_acl: allow everybody to read the sequence number metze commit 180245fce0f0d73d924ca6a25db3fc78934c40d1 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Dec 4 15:09:21 2008 +0100 s4:kdc: allow a trusted domain to get kerberos tickets metze --- Summary of changes: source4/auth/auth.h |3 +- source4/auth/ntlm/auth_sam.c|3 +- source4/auth/sam.c | 12 ++ source4/dsdb/samdb/ldb_modules/kludge_acl.c | 28 ++- source4/kdc/pac-glue.c |3 +- 5 files changed, 40 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/auth.h b/source4/auth/auth.h index af9ed52..360da50 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -204,7 +204,8 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct ldb_message *msg_domain_ref, const char *logon_workstation, - const char *name_for_logs); + const char *name_for_logs, + bool allow_domain_trust); struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index d1be5b6..384d342 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -262,7 +262,8 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, msgs[0], msgs_domain_ref[0], user_info-workstation_name, - user_info-mapped.account_name); + user_info-mapped.account_name, + false); return nt_status; } diff --git a/source4/auth/sam.c b/source4/auth/sam.c index f6a998a..4b848cf 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -144,7 +144,8 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct ldb_message *msg_domain_ref, const char *logon_workstation, - const char *name_for_logs) + const char *name_for_logs, + bool allow_domain_trust) { uint16_t acct_flags; const char *workstation_list; @@ -231,11 +232,12 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_LOGON_HOURS; } - if (acct_flags ACB_DOMTRUST) { - DEBUG(2,(sam_account_ok: Domain trust account %s denied by server\n, name_for_logs)); - return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + if (!allow_domain_trust) { + if (acct_flags ACB_DOMTRUST) { + DEBUG(2,(sam_account_ok: Domain trust account %s denied by server\n, name_for_logs)); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } } - if (!(logon_parameters MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) { if (acct_flags ACB_SVRTRUST) { DEBUG(2,(sam_account_ok: Server trust account %s denied by server\n, name_for_logs)); diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6acbf45..97179a8 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -417,6 +417,32 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req) } } +static int kludge_acl_extended(struct ldb_module *module, struct ldb_request *req) +{ + enum security_user_level user_type; + + /* allow everybody to read the sequence number */ + if (strcmp(req-op.extended.oid, + LDB_EXTENDED_SEQUENCE_NUMBER) == 0) { + return ldb_next_request(module, req); + } + + user_type = what_is_user(module); + +
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3230-gd2b7d9d
The branch, v3-2-test has been updated via d2b7d9d29feab263bf736a88e5819203cbc8a165 (commit) from addbddf90a4935f7fda8ed4acbf5a4574d7fc92b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit d2b7d9d29feab263bf736a88e5819203cbc8a165 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 10:23:06 2008 -0800 Fix bug #1254 - write list not working under share-level security Jeremy. --- Summary of changes: source/smbd/share_access.c |4 +- source/smbd/uid.c | 52 +++- 2 files changed, 53 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/share_access.c b/source/smbd/share_access.c index e89934c..ef898b8 100644 --- a/source/smbd/share_access.c +++ b/source/smbd/share_access.c @@ -191,7 +191,7 @@ bool token_contains_name_in_list(const char *username, * The other use is the netgroup check when using @group or group. */ -bool user_ok_token(const char *username, struct nt_user_token *token, int snum) +bool user_ok_token(const char *username, const struct nt_user_token *token, int snum) { if (lp_invalid_users(snum) != NULL) { if (token_contains_name_in_list(username, lp_servicename(snum), @@ -248,7 +248,7 @@ bool user_ok_token(const char *username, struct nt_user_token *token, int snum) */ bool is_share_read_only_for_token(const char *username, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn) { int snum = SNUM(conn); diff --git a/source/smbd/uid.c b/source/smbd/uid.c index 631a37f..5278069 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -141,6 +141,48 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) return(True); } +/*** + Check if a username is OK in share level security. +/ + +static bool check_user_ok_sharelevel_security(connection_struct *conn, + const char *unix_name, + int snum) +{ + NT_USER_TOKEN *token = conn-nt_user_token; + + if (!user_ok_token(unix_name, token, snum)) { + return false; + } + + conn-read_only = is_share_read_only_for_token(unix_name, + token, + conn); + + if (!conn-read_only + !share_access_check(token, lp_servicename(snum), + FILE_WRITE_DATA)) { + /* smb.conf allows r/w, but the security descriptor denies +* write. Fall back to looking at readonly. */ + conn-read_only = true; + DEBUG(5,(falling back to read-only access-evaluation due to +security descriptor\n)); + } + + if (!share_access_check(token, lp_servicename(snum), + conn-read_only ? + FILE_READ_DATA : FILE_WRITE_DATA)) { + return false; + } + + conn-admin_user = token_contains_name_in_list( + unix_name, NULL, token, + lp_admin_users(SNUM(conn))); + + return true; +} + + / Become the user of a connection number without changing the security context stack, but modify the current_user entries. @@ -148,6 +190,7 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum) bool change_to_user(connection_struct *conn, uint16 vuid) { + enum security_types sec = (enum security_types)lp_security(); user_struct *vuser = get_valid_user_struct(vuid); int snum; gid_t gid; @@ -170,7 +213,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) * SMB's - this hurts performance - Badly. */ - if((lp_security() == SEC_SHARE) (current_user.conn == conn) + if((sec == SEC_SHARE) (current_user.conn == conn) (current_user.ut.uid == conn-uid)) { DEBUG(4,(change_to_user: Skipping user change - already user\n)); @@ -191,6 +234,13 @@ bool change_to_user(connection_struct *conn, uint16 vuid) vuser-user.smb_name, vuser-user.unix_name, vuid, lp_servicename(snum))); return False; + } else if ((sec == SEC_SHARE) !check_user_ok_sharelevel_security(conn, + conn-user, snum)) { +
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-32-79-g680e4c3
The branch, v3-0-test has been updated via 680e4c398c79867f8a7ad40e9c2cd9c401922edd (commit) from 09ccdf6aee15169b0fe9c532ee9143bd0cff9d78 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 680e4c398c79867f8a7ad40e9c2cd9c401922edd Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 11:07:53 2008 -0800 Fix bug #1254 - write list not working under share-level security (mtab.c, fix build). Jeremy. --- Summary of changes: source/client/mtab.c |1 + source/smbd/share_access.c |4 +- source/smbd/uid.c | 52 +++- 3 files changed, 54 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/mtab.c b/source/client/mtab.c index 93fbd11..70789bc 100644 --- a/source/client/mtab.c +++ b/source/client/mtab.c @@ -32,6 +32,7 @@ #include errno.h #include stdio.h #include sys/time.h +#include sys/stat.h #include time.h #include fcntl.h #include mntent.h diff --git a/source/smbd/share_access.c b/source/smbd/share_access.c index adb9d16..c971694 100644 --- a/source/smbd/share_access.c +++ b/source/smbd/share_access.c @@ -192,7 +192,7 @@ BOOL token_contains_name_in_list(const char *username, * The other use is the netgroup check when using @group or group. */ -BOOL user_ok_token(const char *username, struct nt_user_token *token, int snum) +BOOL user_ok_token(const char *username, const struct nt_user_token *token, int snum) { if (lp_invalid_users(snum) != NULL) { if (token_contains_name_in_list(username, lp_servicename(snum), @@ -249,7 +249,7 @@ BOOL user_ok_token(const char *username, struct nt_user_token *token, int snum) */ BOOL is_share_read_only_for_token(const char *username, - struct nt_user_token *token, int snum) + const struct nt_user_token *token, int snum) { BOOL result = lp_readonly(snum); diff --git a/source/smbd/uid.c b/source/smbd/uid.c index c6d4e33..07a42fa 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -142,6 +142,48 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) return(True); } +/*** + Check if a username is OK in share level security. +/ + +static bool check_user_ok_sharelevel_security(connection_struct *conn, + const char *unix_name, + int snum) +{ + NT_USER_TOKEN *token = conn-nt_user_token; + + if (!user_ok_token(unix_name, token, snum)) { + return false; + } + + conn-read_only = is_share_read_only_for_token(unix_name, + token, + snum); + + if (!conn-read_only + !share_access_check(token, lp_servicename(snum), + FILE_WRITE_DATA)) { + /* smb.conf allows r/w, but the security descriptor denies +* write. Fall back to looking at readonly. */ + conn-read_only = true; + DEBUG(5,(falling back to read-only access-evaluation due to +security descriptor\n)); + } + + if (!share_access_check(token, lp_servicename(snum), + conn-read_only ? + FILE_READ_DATA : FILE_WRITE_DATA)) { + return false; + } + + conn-admin_user = token_contains_name_in_list( + unix_name, NULL, token, + lp_admin_users(SNUM(conn))); + + return true; +} + + / Become the user of a connection number without changing the security context stack, but modify the current_user entries. @@ -149,6 +191,7 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) BOOL change_to_user(connection_struct *conn, uint16 vuid) { + enum security_types sec = (enum security_types)lp_security(); user_struct *vuser = get_valid_user_struct(vuid); int snum; gid_t gid; @@ -171,7 +214,7 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) * SMB's - this hurts performance - Badly. */ - if((lp_security() == SEC_SHARE) (current_user.conn == conn) + if((sec == SEC_SHARE) (current_user.conn == conn) (current_user.ut.uid == conn-uid)) { DEBUG(4,(change_to_user: Skipping user change - already user\n)); @@ -192,6 +235,13 @@ BOOL
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4596-ga808c53
The branch, v3-3-test has been updated via a808c53ec938a6aeb9f9ddc6a5a02273c7bfdcc9 (commit) from d28a0f970e06c67729d71d505c35ae1d49ad6ccc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit a808c53ec938a6aeb9f9ddc6a5a02273c7bfdcc9 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 11:12:01 2008 -0800 Fix bug #1254 - write list not working under share-level security A somewhat more elegant fix than I could use for 3.2.x or 3.0.x. Turns out the only part of check_user_ok() that needs to change for share level security is the VUID cache pieces, so I can just always use check_user_ok() for all lp_security() cases. Jeremy --- Summary of changes: source/auth/auth_util.c|2 +- source/include/proto.h |6 ++-- source/smbd/share_access.c |4 +- source/smbd/uid.c | 81 +--- 4 files changed, 52 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 9220df0..d2a8591 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -1294,7 +1294,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, -auth_serversupplied_info *src) +const auth_serversupplied_info *src) { auth_serversupplied_info *dst; diff --git a/source/include/proto.h b/source/include/proto.h index 06130c4..33a0bc8 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -121,7 +121,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, bool is_guest, struct auth_serversupplied_info **presult); struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, -auth_serversupplied_info *src); +const auth_serversupplied_info *src); bool init_guest_info(void); bool server_info_set_session_key(struct auth_serversupplied_info *info, DATA_BLOB session_key); @@ -10246,10 +10246,10 @@ bool token_contains_name_in_list(const char *username, const struct nt_user_token *token, const char **list); bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum); + const struct nt_user_token *token, int snum); bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn); /* The following definitions come from smbd/srvstr.c */ diff --git a/source/smbd/share_access.c b/source/smbd/share_access.c index 9dbacc2..c72251b 100644 --- a/source/smbd/share_access.c +++ b/source/smbd/share_access.c @@ -192,7 +192,7 @@ bool token_contains_name_in_list(const char *username, */ bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum) + const struct nt_user_token *token, int snum) { if (lp_invalid_users(snum) != NULL) { if (token_contains_name_in_list(username, domain, @@ -252,7 +252,7 @@ bool user_ok_token(const char *username, const char *domain, bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn) { int snum = SNUM(conn); diff --git a/source/smbd/uid.c b/source/smbd/uid.c index c238f40..119a155 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -61,22 +61,27 @@ bool change_to_guest(void) later code can then mess with. / -static bool check_user_ok(connection_struct *conn, uint16_t vuid, - struct auth_serversupplied_info *server_info, - int snum) +static bool check_user_ok(connection_struct *conn, + uint16_t vuid, + const struct auth_serversupplied_info *server_info, + int snum) { + bool valid_vuid = (vuid != UID_FIELD_INVALID); unsigned int i; - struct vuid_cache_entry *ent = NULL; bool readonly_share; bool admin_user; -
[SCM] Samba Shared Repository - branch master updated - 15e1fd7c540ab47dffdfbd4cfad3a8c18a3f62dc
The branch, master has been updated via 15e1fd7c540ab47dffdfbd4cfad3a8c18a3f62dc (commit) from 677e0fb9659abe1ad684dd980d61b88caad9f8a2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 15e1fd7c540ab47dffdfbd4cfad3a8c18a3f62dc Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 11:20:57 2008 -0800 Fix bug #1254 - write list not working under share-level security A somewhat more elegant fix than I could use for 3.2.x or 3.0.x. Turns out the only part of check_user_ok() that needs to change for share level security is the VUID cache pieces, so I can just always use check_user_ok() for all lp_security() cases. Jeremy --- Summary of changes: source3/auth/auth_util.c|2 +- source3/include/proto.h |6 ++-- source3/smbd/share_access.c |4 +- source3/smbd/uid.c | 81 -- 4 files changed, 52 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9220df0..d2a8591 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1294,7 +1294,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, -auth_serversupplied_info *src) +const auth_serversupplied_info *src) { auth_serversupplied_info *dst; diff --git a/source3/include/proto.h b/source3/include/proto.h index 63fe4d4..89b443e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -123,7 +123,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, bool is_guest, struct auth_serversupplied_info **presult); struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, -auth_serversupplied_info *src); +const auth_serversupplied_info *src); bool init_guest_info(void); bool server_info_set_session_key(struct auth_serversupplied_info *info, DATA_BLOB session_key); @@ -8462,10 +8462,10 @@ bool token_contains_name_in_list(const char *username, const struct nt_user_token *token, const char **list); bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum); + const struct nt_user_token *token, int snum); bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn); /* The following definitions come from smbd/srvstr.c */ diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index 9dbacc2..c72251b 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -192,7 +192,7 @@ bool token_contains_name_in_list(const char *username, */ bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum) + const struct nt_user_token *token, int snum) { if (lp_invalid_users(snum) != NULL) { if (token_contains_name_in_list(username, domain, @@ -252,7 +252,7 @@ bool user_ok_token(const char *username, const char *domain, bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn) { int snum = SNUM(conn); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index ca7df26..5a4b8a5 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -61,22 +61,27 @@ bool change_to_guest(void) later code can then mess with. / -static bool check_user_ok(connection_struct *conn, uint16_t vuid, - struct auth_serversupplied_info *server_info, - int snum) +static bool check_user_ok(connection_struct *conn, + uint16_t vuid, + const struct auth_serversupplied_info *server_info, + int snum) { + bool valid_vuid = (vuid != UID_FIELD_INVALID); unsigned int i; - struct vuid_cache_entry *ent = NULL; bool readonly_share; bool
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4597-ga27251b
The branch, v3-3-test has been updated via a27251b9d58227dd5f258cf32e4117ce5e1e15e8 (commit) from a808c53ec938a6aeb9f9ddc6a5a02273c7bfdcc9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit a27251b9d58227dd5f258cf32e4117ce5e1e15e8 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 11:27:59 2008 -0800 Remove unused var. Jeremy. --- Summary of changes: source/smbd/files.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/files.c b/source/smbd/files.c index 39714c8..4e4004c 100644 --- a/source/smbd/files.c +++ b/source/smbd/files.c @@ -508,8 +508,6 @@ void dup_file_fsp(files_struct *from, uint32 create_options, files_struct *to) { - NTSTATUS status; - SAFE_FREE(to-fh); to-fh = from-fh; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3231-ga1e4637
The branch, v3-2-test has been updated via a1e4637922a565278cceac7b2fe95f82ad049f4a (commit) from d2b7d9d29feab263bf736a88e5819203cbc8a165 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit a1e4637922a565278cceac7b2fe95f82ad049f4a Author: Henning Henkel [EMAIL PROTECTED] Date: Thu Dec 4 13:43:59 2008 -0800 Fix bug #5929 - vfs_prealloc does not build with option --with-cluster-support and GPFS --- Summary of changes: source/modules/vfs_prealloc.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/modules/vfs_prealloc.c b/source/modules/vfs_prealloc.c index 2a06e3d..5a339db 100644 --- a/source/modules/vfs_prealloc.c +++ b/source/modules/vfs_prealloc.c @@ -56,9 +56,9 @@ static int module_debug; static int preallocate_space(int fd, SMB_OFF_T size) { + int err; #ifndef HAVE_GPFS lock_type fl = {0}; - int err; if (size = 0) { return 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4598-ge4ea7d9
The branch, v3-3-test has been updated via e4ea7d93e6d60f5e5759e27bfa9e58ae955b0b3b (commit) from a27251b9d58227dd5f258cf32e4117ce5e1e15e8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e4ea7d93e6d60f5e5759e27bfa9e58ae955b0b3b Author: Henning Henkel [EMAIL PROTECTED] Date: Thu Dec 4 13:47:54 2008 -0800 Fix bug #5929 - vfs_prealloc does not build with option --with-cluster-support and GPFS --- Summary of changes: source/modules/vfs_prealloc.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/modules/vfs_prealloc.c b/source/modules/vfs_prealloc.c index 2a06e3d..5a339db 100644 --- a/source/modules/vfs_prealloc.c +++ b/source/modules/vfs_prealloc.c @@ -56,9 +56,9 @@ static int module_debug; static int preallocate_space(int fd, SMB_OFF_T size) { + int err; #ifndef HAVE_GPFS lock_type fl = {0}; - int err; if (size = 0) { return 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 09b4a9513cf0be52dcd43660ae384b8f7c398287
The branch, master has been updated via 09b4a9513cf0be52dcd43660ae384b8f7c398287 (commit) from 15e1fd7c540ab47dffdfbd4cfad3a8c18a3f62dc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 09b4a9513cf0be52dcd43660ae384b8f7c398287 Author: Henning Henkel [EMAIL PROTECTED] Date: Thu Dec 4 13:55:12 2008 -0800 Fix bug #5929 - vfs_prealloc does not build with option --with-cluster-support and GPFS --- Summary of changes: source3/modules/vfs_prealloc.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_prealloc.c b/source3/modules/vfs_prealloc.c index 2a06e3d..5a339db 100644 --- a/source3/modules/vfs_prealloc.c +++ b/source3/modules/vfs_prealloc.c @@ -56,9 +56,9 @@ static int module_debug; static int preallocate_space(int fd, SMB_OFF_T size) { + int err; #ifndef HAVE_GPFS lock_type fl = {0}; - int err; if (size = 0) { return 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3232-g601c7ea
The branch, v3-2-test has been updated via 601c7eabfdb3d2725849669dda58de6db22d9b8f (commit) from a1e4637922a565278cceac7b2fe95f82ad049f4a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 601c7eabfdb3d2725849669dda58de6db22d9b8f Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 15:33:27 2008 -0800 Fix bug #5937 - filenames with * char hide other files Jeremy. --- Summary of changes: source/smbd/trans2.c | 10 -- 1 files changed, 4 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index cb7cad1..ebf448f 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -1080,15 +1080,13 @@ static bool exact_match(connection_struct *conn, { if (mask[0] == '.' mask[1] == 0) return False; - if (conn-case_sensitive) - return strcmp(str,mask)==0; - if (StrCaseCmp(str,mask) != 0) { - return False; - } if (dptr_has_wild(conn-dirptr)) { return False; } - return True; + if (conn-case_sensitive) + return strcmp(str,mask)==0; + else + return StrCaseCmp(str,mask) == 0; } / -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4599-gdda4402
The branch, v3-3-test has been updated via dda44029e98d581e358146443d66d3e243163f15 (commit) from e4ea7d93e6d60f5e5759e27bfa9e58ae955b0b3b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit dda44029e98d581e358146443d66d3e243163f15 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 15:34:09 2008 -0800 Fix bug #5937 - filenames with * char hide other files Jeremy. --- Summary of changes: source/smbd/trans2.c | 10 -- 1 files changed, 4 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index d475165..61d23ef 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -1087,15 +1087,13 @@ static bool exact_match(connection_struct *conn, { if (mask[0] == '.' mask[1] == 0) return False; - if (conn-case_sensitive) - return strcmp(str,mask)==0; - if (StrCaseCmp(str,mask) != 0) { - return False; - } if (dptr_has_wild(conn-dirptr)) { return False; } - return True; + if (conn-case_sensitive) + return strcmp(str,mask)==0; + else + return StrCaseCmp(str,mask) == 0; } / -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-32-80-g7917038
The branch, v3-0-test has been updated via 7917038db0277d16e5284ee261a4913e278e5ac7 (commit) from 680e4c398c79867f8a7ad40e9c2cd9c401922edd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 7917038db0277d16e5284ee261a4913e278e5ac7 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 15:35:07 2008 -0800 Fix bug #5937 - filenames with * char hide other files Jeremy. --- Summary of changes: source/smbd/trans2.c | 10 -- 1 files changed, 4 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 9daef90..904a84b 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -966,15 +966,13 @@ static BOOL exact_match(connection_struct *conn, char *str, char *mask) { if (mask[0] == '.' mask[1] == 0) return False; - if (conn-case_sensitive) - return strcmp(str,mask)==0; - if (StrCaseCmp(str,mask) != 0) { - return False; - } if (dptr_has_wild(conn-dirptr)) { return False; } - return True; + if (conn-case_sensitive) + return strcmp(str,mask)==0; + else + return StrCaseCmp(str,mask) == 0; } / -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 0e723d8f7d918d2d1a1e9e26d976f016d5d97c94
The branch, master has been updated via 0e723d8f7d918d2d1a1e9e26d976f016d5d97c94 (commit) from 09b4a9513cf0be52dcd43660ae384b8f7c398287 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0e723d8f7d918d2d1a1e9e26d976f016d5d97c94 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Dec 4 15:35:32 2008 -0800 Fix bug #5937 - filenames with * char hide other files Jeremy. --- Summary of changes: source3/smbd/trans2.c | 10 -- 1 files changed, 4 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f41210b..606e656 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1095,15 +1095,13 @@ static bool exact_match(connection_struct *conn, { if (mask[0] == '.' mask[1] == 0) return False; - if (conn-case_sensitive) - return strcmp(str,mask)==0; - if (StrCaseCmp(str,mask) != 0) { - return False; - } if (dptr_has_wild(conn-dirptr)) { return False; } - return True; + if (conn-case_sensitive) + return strcmp(str,mask)==0; + else + return StrCaseCmp(str,mask) == 0; } / -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.65-19-g5d3018c
The branch, master has been updated via 5d3018c37179966f75183d9a98790eaaaf1d2cfc (commit) via 01633d30f764e8da42c4e5c4710b69cd379c9b39 (commit) from aeb09b08e060be6f833d84ba88abfb168cc5f50e (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 5d3018c37179966f75183d9a98790eaaaf1d2cfc Author: root [EMAIL PROTECTED] Date: Fri Dec 5 10:33:38 2008 +1100 some platforms are very picky about the third argument passed to bind(). and would complain if sa.family is AF_INET and the third argument is not exactly the size of a sockaddr_in. We used to pass a union containing both a sockaddr_in and a sockaddr_in6 which would mean that on those platforms bind() would fail since the passed structure for AF_INET would be too big. Thus we need to set and pass the appropriate size to bind. At the same time for thos eplatforms we can also set sin[6]_size to the expected size. (bind() on those platforms were isurprisingly perfectly ok with sin_len was too big) commit 01633d30f764e8da42c4e5c4710b69cd379c9b39 Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Thu Dec 4 15:25:03 2008 +1100 new version 1.0.67 --- Summary of changes: packaging/RPM/ctdb.spec | 12 ++- tcp/tcp_connect.c | 49 +- 2 files changed, 46 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index b8ec19f..0c3ba05 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -5,7 +5,7 @@ Vendor: Samba Team Packager: Samba Team [EMAIL PROTECTED] Name: ctdb Version: 1.0 -Release: 66 +Release: 67 Epoch: 0 License: GNU GPL version 3 Group: System Environment/Daemons @@ -121,6 +121,16 @@ fi %{_includedir}/ctdb_private.h %changelog +* Thu Dec 3 2008 : Version 1.0.67 + - Add a document describing the recovery process. + - Fix a bug in ctdb setdebug where it would refuse to set a negative + debug level. + - Print the list of literals for debug names if an invalid one was given + to ctdb setdebug + - Redesign how ctdb reloadnodes works and reduce the amont of tcp teardowns + used during this event. + - Make it possible to delete a public ip from all nodes at once using + ctdb delip -n all * Mon Nov 24 2008 : Version 1.0.66 - Allow to change the recmaster even when we are not frozen. - Remove two redundant SAMBA_CHECK variables from the sysconf example diff --git a/tcp/tcp_connect.c b/tcp/tcp_connect.c index bd8af57..cd0693c 100644 --- a/tcp/tcp_connect.c +++ b/tcp/tcp_connect.c @@ -2,6 +2,7 @@ ctdb over TCP Copyright (C) Andrew Tridgell 2006 + Copyright (C) Ronnie Sahlberg 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -127,6 +128,7 @@ void ctdb_tcp_node_connect(struct event_context *ev, struct timed_event *te, struct ctdb_tcp_node); struct ctdb_context *ctdb = node-ctdb; ctdb_sock_addr sock_in; + int sockin_size; ctdb_sock_addr sock_out; ctdb_tcp_stop_connection(node); @@ -151,7 +153,7 @@ void ctdb_tcp_node_connect(struct event_context *ev, struct timed_event *te, return; } -DEBUG(DEBUG_ERR,(create socket...\n)); + DEBUG(DEBUG_ERR,(create socket...\n)); tnode-fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); set_nonblocking(tnode-fd); set_close_on_exec(tnode-fd); @@ -163,13 +165,25 @@ DEBUG(DEBUG_ERR,(create socket...\n)); * a dedicated non-routeable network. */ ZERO_STRUCT(sock_in); -#ifdef HAVE_SOCK_SIN_LEN - sock_in.ip.sin_len = sizeof(sock_in); -#endif if (ctdb_tcp_get_address(ctdb, ctdb-address.address, sock_in) != 0) { return; } - bind(tnode-fd, (struct sockaddr *)sock_in, sizeof(sock_in)); + switch (sock_in.sa.sa_family) { + case AF_INET: + sockin_size = sizeof(sock_in.ip); + break; + case AF_INET6: + sockin_size = sizeof(sock_in.ip6); + break; + default: + DEBUG(DEBUG_ERR, (__location__ unknown family %u\n, + sock_in.sa.sa_family)); + return; + } +#ifdef HAVE_SOCK_SIN_LEN + sock_in.ip.sin_len = sockin_size; +#endif + bind(tnode-fd, (struct sockaddr *)sock_in, sockin_size); if (connect(tnode-fd, (struct sockaddr *)sock_out, sizeof(sock_out)) != 0 errno != EINPROGRESS) { @@ -249,6 +263,7 @@ static int ctdb_tcp_listen_automatic(struct ctdb_context *ctdb) const char *lock_path = /tmp/.ctdb_socket_lock; struct flock lock;
Build status as of Fri Dec 5 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-12-04 00:00:08.0 + +++ /home/build/master/cache/broken_results.txt 2008-12-05 00:00:32.0 + @@ -1,23 +1,23 @@ -Build status as of Thu Dec 4 00:00:01 2008 +Build status as of Fri Dec 5 00:00:02 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 29 7 0 +ccache 28 7 0 ctdb 0 0 0 distcc 1 0 0 -ldb 29 29 0 -libreplace 27 10 0 +ldb 28 28 0 +libreplace 26 10 0 lorikeet-heimdal 26 18 0 -pidl 17 2 0 +pidl 16 2 0 ppp 12 0 0 -rsync28 11 0 +rsync28 10 0 samba-docs 0 0 0 samba-gtk5 5 0 -samba_3_X_devel 27 21 1 -samba_3_X_test 27 19 0 -samba_4_0_test 28 25 1 -smb-build27 6 0 -talloc 29 29 0 -tdb 27 9 0 +samba_3_X_devel 26 20 0 +samba_3_X_test 26 19 0 +samba_4_0_test 26 25 1 +smb-build26 6 0 +talloc 28 28 0 +tdb 26 8 0
[SCM] CTDB repository - branch master updated - ctdb-1.0.65-20-g32d460b
The branch, master has been updated via 32d460b8469eb53145f04161a5d01166f9b5f09e (commit) from 5d3018c37179966f75183d9a98790eaaaf1d2cfc (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 32d460b8469eb53145f04161a5d01166f9b5f09e Author: root [EMAIL PROTECTED] Date: Fri Dec 5 16:32:30 2008 +1100 redo and update how we synchronize flags across the cluster. this simplifies the code and should close a race condition between the local recovery daemon and a remote node when flags are changing. --- Summary of changes: server/ctdb_recoverd.c | 168 ++-- tcp/tcp_connect.c |1 - tools/ctdb.c | 45 + 3 files changed, 151 insertions(+), 63 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index 4faa2f8..468977c 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -639,27 +639,12 @@ static int pull_remote_database(struct ctdb_context *ctdb, struct ctdb_node_map /* update flags on all active nodes */ -static int update_flags_on_all_nodes(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap) -{ - int i; - for (i=0;inodemap-num;i++) { - int ret; - - ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), nodemap-nodes[i].pnn, nodemap-nodes[i].flags, ~nodemap-nodes[i].flags); - if (ret != 0) { - DEBUG(DEBUG_ERR, (__location__ Unable to update nodeflags on remote nodes\n)); - return -1; - } - } - return 0; -} - -static int update_our_flags_on_all_nodes(struct ctdb_context *ctdb, uint32_t pnn, struct ctdb_node_map *nodemap) +static int update_flags_on_all_nodes(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap, uint32_t pnn, uint32_t flags) { int ret; - ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), nodemap-nodes[pnn].pnn, nodemap-nodes[pnn].flags, ~nodemap-nodes[pnn].flags); - if (ret != 0) { + ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), pnn, flags, ~flags); + if (ret != 0) { DEBUG(DEBUG_ERR, (__location__ Unable to update nodeflags on remote nodes\n)); return -1; } @@ -1513,12 +1498,18 @@ static int do_recovery(struct ctdb_recoverd *rec, /* update all nodes to have the same flags that we have */ - ret = update_flags_on_all_nodes(ctdb, nodemap); - if (ret != 0) { - DEBUG(DEBUG_ERR, (__location__ Unable to update flags on all nodes\n)); - return -1; + for (i=0;inodemap-num;i++) { + if (nodemap-nodes[i].flags NODE_FLAGS_DISCONNECTED) { + continue; + } + + ret = update_flags_on_all_nodes(ctdb, nodemap, i, nodemap-nodes[i].flags); + if (ret != 0) { + DEBUG(DEBUG_ERR, (__location__ Unable to update flags on all nodes for node %d\n, i)); + return -1; + } } - + DEBUG(DEBUG_NOTICE, (__location__ Recovery - updated flags\n)); /* disable recovery mode */ @@ -2271,6 +2262,51 @@ static int verify_ip_allocation(struct ctdb_context *ctdb, uint32_t pnn) return 0; } + +static void async_getnodemap_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data) +{ + struct ctdb_node_map **remote_nodemaps = callback_data; + + if (node_pnn = ctdb-num_nodes) { + DEBUG(DEBUG_ERR,(__location__ pnn from invalid node\n)); + return; + } + + remote_nodemaps[node_pnn] = (struct ctdb_node_map *)talloc_steal(remote_nodemaps, outdata.dptr); + +} + +static int get_remote_nodemaps(struct ctdb_context *ctdb, TALLOC_CTX *mem_ctx, + struct ctdb_node_map *nodemap, + struct ctdb_node_map ***remote_nodemaps) +{ + uint32_t *nodes; + int i; + + *remote_nodemaps = talloc_array(mem_ctx, struct ctdb_node_map *, nodemap-num); + if (*remote_nodemaps == NULL) { + DEBUG(DEBUG_ERR, (__location__ failed to allocate remote nodemap array\n)); + return -1; + } + for(i=0; inodemap-num; i++) { + (*remote_nodemaps)[i] = NULL; + } + + nodes = list_of_active_nodes(ctdb, nodemap, mem_ctx, true); + if (ctdb_client_async_control(ctdb, CTDB_CONTROL_GET_NODEMAP, + nodes, + CONTROL_TIMEOUT(), false, tdb_null, + async_getnodemap_callback, + NULL, +