[Samba] Not listening on called name
Hi, in some machine logfiles I have several of this errors: [2009/06/18 08:45:53, 1] libsmb/cliconnect.c:cli_start_connection(1667) session request to SEKRETARIAT-17 failed (Not listening on called name) In the HowTo-Collection, I read, this can be caused by host allow/deny settings. But I haven't defined this two parameters. Ping and nmblookup is both fine: # nmblookup SEKRETARIAT-17 querying SEKRETARIAT-17 on 127.255.255.255 querying SEKRETARIAT-17 on 192.168.29.255 10.1.5.188 SEKRETARIAT-1700 # ping -c 1 SEKRETARIAT-17 PING SEKRETARIAT-17.clt.mr.lfmg.de (10.1.5.188) 56(84) bytes of data. 64 bytes from sekretariat-17.clt.mr.lfmg.de (10.1.5.188): icmp_seq=1 ttl=127 time=0.151 ms --- SEKRETARIAT-17.clt.mr.lfmg.de ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.151/0.151/0.151/0.000 ms Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.0.24 on OpenWRT
On Wed, Jun 17, 2009 at 06:25:48PM -0700, Kunal Punjabi wrote: Thank you for your help so far. I don't see any output with the smbd -d 10 -i command. If there's no output with smbd -d 10 -i, then you system seems a bit broken to me. It *should* output tons of stuff. Volker pgpzB12lWhLKo.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Tuning for Pegasus Mail
I have a big performance Problem when using Pegasus Mail storing it's Mail on on an samba Share. I assume PMail does write small blocks of data when saving files. The same performance degeneration is seen when copying files with type file copy instead of using the copy Command. Client OS is Windows-Vista, Server is Samba Samba 3.3.4 Any Hints to optimize samba here? Elmar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tuning for Pegasus Mail
On Thu, Jun 18, 2009 at 10:44:34AM +0200, Elmar Haneke wrote: I have a big performance Problem when using Pegasus Mail storing it's Mail on on an samba Share. I assume PMail does write small blocks of data when saving files. The same performance degeneration is seen when copying files with type file copy instead of using the copy Command. Client OS is Windows-Vista, Server is Samba Samba 3.3.4 Any Hints to optimize samba here? You're sure you don't have oplocks disabled? Volker pgpXbowa17iVv.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tuning for Pegasus Mail
You're sure you don't have oplocks disabled? Oplocks should be active, here is my smb.conf # Samba config file created using SWAT # from UNKNOWN () # Date: 2009/06/18 10:57:52 [global] unix charset = iso8859-15 display charset = utf-8 workgroup = ARBEITSGRUPPE interfaces = 192.168.1.253, 127.0.0.1 bind interfaces only = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *success* unix password sync = Yes lanman auth = Yes client lanman auth = Yes syslog = 0 max log size = 1000 debug pid = Yes debug uid = Yes time server = Yes unix extensions = No client signing = No enable asu support = Yes hostname lookups = Yes cups server = localhost add machine script = /usr/sbin/useradd -g machines -c Machine -d /var/lib/nobody -s /bin/false %u logon script = logon.bat logon path = \\sieve\profile\%U logon drive = H: logon home = \\sieve\UserDir domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d host msdfs = No idmap uid = 1-2 idmap gid = 1-2 valid users = noname, nobody, root, @haneke, @gast, @mitarbeiter create mask = 0777 directory mask = 0777 hosts deny = 192.168.1.110 lpq command = case sensitive = No delete readonly = Yes dos filemode = Yes [UserDir] path = /home/%u valid users = @haneke, @gast, @mitarbeiter read only = No volume = home -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tuning for Pegasus Mail
On Thu, Jun 18, 2009 at 11:27:16AM +0200, Elmar Haneke wrote: You're sure you don't have oplocks disabled? Oplocks should be active, here is my smb.conf Yep, looks likely. Does more than one user access that mailbox simultaneously? This would also kill oplocks. If that is not the case, can you please test if storing the mailboxes on Windows (any workstation would just do it, no server necessary) is significantly faster in exactly the same situation? If so, please create sniffs of the operations against Windows and Samba and upload them somewhere for us to download. If access against Windows is not significantly faster, there's not much we can do about it. Information on how to create network traces can be found under http://wiki.samba.org/index.php/Capture_Packets. Volker pgp7aoyobo2b9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group fails
Hello Kevin, make sure you don't have winbind enum users = yes winbind enum groups = yes turned off in your configuration; it's however set to yes as default. Regards, -sd 2009/6/17 Kevin Blackwell akblack...@gmail.com: Hi, Well, I'll try to start at what I think the root of my problems are. When I do a getent group, I only get a list of the BUILTIN groups. BUILTIN+administrators BUILTIN+users But if I do a wbinfo -g, all the AD groups show up. This alone is not the overall problem, but it is creating a problem because I need getent to return the groups for logging different AD groups to different log files in squid. Another problem is the wbinfo_group.pl and I know this is a squid app, but from what I understand it used wbinfo. /usr/lib/squid/wbinfo_group.pl tuser password Could not get groups for user tuser I can provice config data and anything else necessary. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.3.4-31 ssh/winbind login failure
Folks, Got an odd one here that's had me scratching my head for a few days! Samba 3.3.4-31 from SuSE's RedHat repository, RHEL5 on x86. Compiled OK once I'd worked out how to force a build on the libraries I needed, I also added the code back in to support the 'winbind: ignore domains' directive in smb.conf. Discovered the hard way that 'make install' doesn't move the libnss* libraries over to /lib :) /etc/nsswitch.conf and /etc/pam.d/system-auth configured for winbind support, smb.conf configured for Active Directory once I worked out which directives were actually in use, there's a lot of conflicting info out there in web-land! Also discovered the hard way that wbinfo -u and -g won't work unless you have 'winbind enumerate users = yes' and 'winbind enumerate groups = yes' in smb.conf. It would be nice if wbinfo says this rather than just exiting! What works: all domain and file sharing, I can connect an XP network drive using my Active Directory username, smbclient authenticates ok, 'net ads' commands are happy. Files created get the correct credentials. What doesn't: getent passwd and getent group (strace shows it's using the wrong directory name for the priveleged winbind pipe) ssh logins using AD username. I get the following logs: /var/log/samba/winbindd.log [2009/06/18 11:18:45, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) /var/log/secure Jun 18 11:18:45 old-fs2 sshd[25696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fs2.cam.cw.local user=ADuser Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): [pamh: 0x09769350] ENTER: pam_sm_authenticate (flags: 0x0001) Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): getting password (0x0011) Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): pam_get_item returned a password Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): Verify user 'ADuser' Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): pam_winbind_request: write to socket failed! Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): internal module error (retval = 3, user = 'ADuser') Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): [pamh: 0x09769350] LEAVE: pam_sm_authenticate returning 3 Jun 18 11:18:47 old-fs2 sshd[25696]: Failed password for ADuser from 10.134.0.102 port 54947 ssh2 Jun 18 11:18:48 old-fs2 sshd[25697]: Connection closed by 10.134.0.102 Obviously the 'write to socket failed' and the error in winbindd.log are directly related, and last time I had an error like that it was because the correct libnss* libraries hadn't been installed. Since file sharing and smbclient can authenticate against AD correctly winbind is obviously working, nothing in the debug level 20 logs to suggest otherwise. pam_winbind is being correctly compiled and linked so I'm currently at a loss. Anyone lucky enough to have seen this before? Cheers! -- -- adrian/witchy Owner of Binary Dinosaurs, the UK's biggest home computer collection? www.binarydinosaurs.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Samba 3.0.24 on OpenWRT
Trying to send this again because the message was too large last time.. Thank you for your help so far. I don't see any output with the smbd -d 10 -i command. However, on a positive note, after doing a smb -i, samba is now listening for requests and I can connect to it from a linux client using smbclient //IPADDRESS/share (and then use get/put to transfer files from the /tmp share) (FYI I had to add netbios-ssn 139/tcp to /etc/services And netbios-ssn stream tcp nowait root /bin/smbd to /etc/inetd.conf to get it to work.) These are some other related configuration changes: diff --git a/package/samba3/files/samba.config b/package/samba3/files/samba.conf index 3acff5d..780a905 100644 --- a/package/samba3/files/samba.config +++ b/package/samba3/files/samba.config @@ -1,14 +1,14 @@ config samba - option 'name' 'openwrt' - option 'workgroup' 'openwrt' - option 'description''openwrt' + option 'name' 'ubicom' + option 'workgroup' 'WORKGROUP' + option 'description''Ubicom SaMBa Server' option 'homes' '1' config sambashare option 'name' 'tmp' option 'path' '/tmp' option 'read_only' 'no' - option 'guest_ok' 'no' - option 'create_mask''0700' - option 'dir_mask' '0700' + option 'guest_ok' 'yes' + option 'create_mask''0755' + option 'dir_mask' '0755' #option 'users' 'abc' I do have 2 questions: 1.The samba server is only waiting for samba connections if I use the -i (interactive) mode. Any idea how I can get my samba server to listen for and accept requests automatically (in non-interactive mode)? 2.A second related question is, how can I configure mount points and samba shares from the OpenWRT user interface? For example in the UI, I added a /etc mount point, but I cannot access it from my linux smb client (using the smbclient command) the same way I could access /tmp (/tmp was statically configured in package/samba3/files/samba.conf) at build time. Is there something that needs to be done to make it work seamlessly with the OpenWRT User Interface? Or is this question misplaced? : Thanks again. Kunal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TOSHARG-BDC.xml translate finish and some bug found
Now,TOSHARG-BDC.xml translate to Japanese finished. and Some bug found. Samba-3 can act as a Backup Domain Controller (BDC) to another Samba Primary Domain Controller (PDC). A Samba-3 PDC can operate with an LDAP account backend. The LDAP backend can be either a common master LDAP server or a slave server. The use of a slave LDAP server has the benefit that when the master is down, clients may still be able to log onto the network. This effectively gives Samba a high degree of scalability and is - logon to? an effective solution for large organizations. If you use an LDAP slave server for a PDC, you will need to Whenever a user logs into a Windows NT4/200x/XP Professional workstation, - log onto? or logon to? (login - unix ,logon - windows?) the workstation connects to a domain controller (authentication server) to validate that the username and password the user entered are valid. If the information entered The domain SID has to be the same on the PDC and the BDC. In Samba versions pre-2.2.5, the domain SID was stored in the file filenameprivate/MACHINE.SID/filename. For all versions of Samba released since 2.2.5 the domain SID is stored in the file filenameprivate/secrets.tdb/filename. This file is unique to each server and cannot be copied from a PDC to a BDC; the BDC will generate a new SID at startup. It will overwrite the PDC domain SID with the newly created BDC SID. There is a procedure that will allow the BDC to aquire the -- acquire? domain SID. This is described here. -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Computers Software Operations Unit Shiba,Minato,Tokyo Open Source Software Platform Development Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Dear Webmaster, I would like to exchange links!
Dear Webmaster Hope you're having a good day! I was wondering if you would be interested exchanging links? I have already placed your link on my website, which you can find here: http://picking-upwomen.com/links.html and so If you accept, here are my linking details that you can link back to; URL - http://www.picking-upwomen.com/ Anchor Text - Picking Up Women Description - A seduction store helping men succeed with women. (please send me the location on your site that you are linking from) I hope you find this a suitable exchange, looking forward to hearing from you soon. Warmest Regards. Mark Williams http://www.picking-upwomen.com/ PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2400-ge912764
The branch, master has been updated via e912764a5e0c1f05f921667eb56ef58552de454b (commit) from 33a59921be8bcca3495b7525fe0c48ccb294fce5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e912764a5e0c1f05f921667eb56ef58552de454b Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 18 09:32:10 2009 +0200 s3/docs: Add documentation for 'net sam rights'. This is part of a fix for bug #6328. Karolin --- Summary of changes: docs-xml/manpages-3/net.8.xml | 27 +++ 1 files changed, 27 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 68e4edb..107a96a 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1056,6 +1056,33 @@ the rid and description is also provided for each account. /refsect2 refsect2 +titleSAM RIGHTS LIST/title + +para +List all available privileges. +/para + +/refsect2 + +refsect2 +titleSAM RIGHTS GRANT lt;NAMEgt; lt;PRIVILEGEgt;/title + +para +Grant one or more privileges to a user. +/para + +/refsect2 + +refsect2 +titleSAM RIGHTS REVOKE lt;NAMEgt; lt;PRIVILEGEgt;/title + +para +Revoke one or more privileges from a user. +/para + +/refsect2 + +refsect2 titleSAM SHOW lt;NAMEgt;/title para -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5313-ga5a3151
The branch, v3-3-test has been updated via a5a31512de9d9b9ed7eed906487dd154fde7e483 (commit) from 8cf6e03e9ebffa759a2a66339124492ef3e8d26f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit a5a31512de9d9b9ed7eed906487dd154fde7e483 Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 18 09:32:10 2009 +0200 s3/docs: Add documentation for 'net sam rights'. This is part of a fix for bug #6328. Karolin --- Summary of changes: docs-xml/manpages-3/net.8.xml | 27 +++ 1 files changed, 27 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index c63ec6a..02f85bb 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1056,6 +1056,33 @@ the rid and description is also provided for each account. /refsect2 refsect2 +titleSAM RIGHTS LIST/title + +para +List all available privileges. +/para + +/refsect2 + +refsect2 +titleSAM RIGHTS GRANT lt;NAMEgt; lt;PRIVILEGEgt;/title + +para +Grant a certain privilege to a user. +/para + +/refsect2 + +refsect2 +titleSAM RIGHTS REVOKE lt;NAMEgt; lt;PRIVILEGEgt;/title + +para +Revoke a certain privilege from a user. +/para + +/refsect2 + +refsect2 titleSAM SHOW lt;NAMEgt;/title para -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3621-g8fdb612
The branch, v3-2-test has been updated via 8fdb612155e36980249b7dd0daf5c57fb4d80f8c (commit) from 1457541f35d50b58b3e322ae69092190634a236d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 8fdb612155e36980249b7dd0daf5c57fb4d80f8c Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 18 09:32:10 2009 +0200 s3/docs: Add documentation for 'net sam rights'. This is part of a fix for bug #6328. Karolin (cherry picked from commit a5a31512de9d9b9ed7eed906487dd154fde7e483) --- Summary of changes: docs-xml/manpages-3/net.8.xml | 27 +++ 1 files changed, 27 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 3db3533..652975e 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -1043,6 +1043,33 @@ the rid and description is also provided for each account. /refsect2 refsect2 +titleSAM RIGHTS LIST/title + +para +List all available privileges. +/para + +/refsect2 + +refsect2 +titleSAM RIGHTS GRANT lt;NAMEgt; lt;PRIVILEGEgt;/title + +para +Grant a certain privilege to a user. +/para + +/refsect2 + +refsect2 +titleSAM RIGHTS REVOKE lt;NAMEgt; lt;PRIVILEGEgt;/title + +para +Revoke a certain privilege from a user. +/para + +/refsect2 + +refsect2 titleSAM SHOW lt;NAMEgt;/title para -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1147-ga291e88
The branch, v3-4-test has been updated
via a291e88019771bb2703bf9854483404a6ee8d622 (commit)
via 4d189ed0be01d71689731d315b53d8ba1d158be3 (commit)
from 86adaae8ea12a88e6f7e84de4c645f237730da1c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -
commit a291e88019771bb2703bf9854483404a6ee8d622
Author: Karolin Seeger ksee...@samba.org
Date: Thu Jun 18 09:32:10 2009 +0200
s3/docs: Add documentation for 'net sam rights'.
This is part of a fix for bug #6328.
Karolin
(cherry picked from commit e912764a5e0c1f05f921667eb56ef58552de454b)
commit 4d189ed0be01d71689731d315b53d8ba1d158be3
Author: David Markey ad...@dmarkey.com
Date: Wed Jun 17 18:29:20 2009 +0200
s3-net: Fix Bug #6328: support net sam rights grant/revoke with multiple
rights.
David
Signed-off-by: Günther Deschner g...@samba.org
---
Summary of changes:
docs-xml/manpages-3/net.8.xml | 27 +
source3/utils/net_sam.c | 64 +++-
2 files changed, 64 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index b6e7042..a0cba83 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -1056,6 +1056,33 @@ the rid and description is also provided for each
account.
/refsect2
refsect2
+titleSAM RIGHTS LIST/title
+
+para
+List all available privileges.
+/para
+
+/refsect2
+
+refsect2
+titleSAM RIGHTS GRANT lt;NAMEgt; lt;PRIVILEGEgt;/title
+
+para
+Grant one or more privileges to a user.
+/para
+
+/refsect2
+
+refsect2
+titleSAM RIGHTS REVOKE lt;NAMEgt; lt;PRIVILEGEgt;/title
+
+para
+Revoke one or more privileges from a user.
+/para
+
+/refsect2
+
+refsect2
titleSAM SHOW lt;NAMEgt;/title
para
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 6b3f5e5..7427ba9 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -678,63 +678,73 @@ static int net_sam_rights_grant(struct net_context *c,
int argc,
enum lsa_SidType type;
const char *dom, *name;
SE_PRIV mask;
+ int i;
- if (argc != 2 || c-display_usage) {
+ if (argc 2 || c-display_usage) {
d_fprintf(stderr, usage: net sam rights grant name
- right\n);
+ rights ...\n);
return -1;
}
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
-dom, name, sid, type)) {
+ dom, name, sid, type)) {
d_fprintf(stderr, Could not find name %s\n, argv[0]);
return -1;
}
- if (!se_priv_from_name(argv[1], mask)) {
- d_fprintf(stderr, %s unknown\n, argv[1]);
- return -1;
- }
+ for (i=1; i argc; i++) {
+ if (!se_priv_from_name(argv[i], mask)) {
+ d_fprintf(stderr, %s unknown\n, argv[i]);
+ return -1;
+ }
- if (!grant_privilege(sid, mask)) {
- d_fprintf(stderr, Could not grant privilege\n);
- return -1;
+ if (!grant_privilege(sid, mask)) {
+ d_fprintf(stderr, Could not grant privilege\n);
+ return -1;
+ }
+
+ d_printf(Granted %s to %s\\%s\n, argv[i], dom, name);
}
- d_printf(Granted %s to %s\\%s\n, argv[1], dom, name);
return 0;
}
-static int net_sam_rights_revoke(struct net_context *c, int argc, const char
**argv)
+static int net_sam_rights_revoke(struct net_context *c, int argc,
+ const char **argv)
{
DOM_SID sid;
enum lsa_SidType type;
const char *dom, *name;
SE_PRIV mask;
+ int i;
- if (argc != 2 || c-display_usage) {
+ if (argc 2 || c-display_usage) {
d_fprintf(stderr, usage: net sam rights revoke name
- right\n);
+ rights\n);
return -1;
}
if (!lookup_name(talloc_tos(), argv[0], LOOKUP_NAME_LOCAL,
-dom, name, sid, type)) {
+ dom, name, sid, type)) {
d_fprintf(stderr, Could not find name %s\n, argv[0]);
return -1;
}
- if (!se_priv_from_name(argv[1], mask)) {
- d_fprintf(stderr, %s unknown\n, argv[1]);
- return -1;
- }
+ for (i=1; i argc; i++) {
- if (!revoke_privilege(sid, mask)) {
- d_fprintf(stderr, Could not revoke privilege\n);
- return -1;
+ if (!se_priv_from_name(argv[i], mask)) {
+ d_fprintf(stderr, %s
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1148-gec18e0f
The branch, v3-4-test has been updated via ec18e0f11eda8d25feb14c92cf7d90bda8d79269 (commit) from a291e88019771bb2703bf9854483404a6ee8d622 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit ec18e0f11eda8d25feb14c92cf7d90bda8d79269 Author: Jeremy Allison j...@samba.org Date: Wed Jun 17 13:56:21 2009 -0700 Fix bug #6476 - more then 3000 smbd-zombies in memory We weren't reaping children in the [x]inetd case. Jeremy. (cherry picked from commit 7d20e8f7f4d3d1a17b3817cea370304f2f437809) --- Summary of changes: source3/smbd/server.c | 12 1 files changed, 12 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 685b26f..30addaf 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1045,6 +1045,11 @@ extern void build_options(bool screen); BlockSignals(False, SIGUSR1); BlockSignals(False, SIGTERM); + /* Ensure we leave no zombies until we +* correctly set up child handling below. */ + + CatchChild(); + /* we want total control over the permissions on created files, so set our umask to 0 */ umask(0); @@ -1211,6 +1216,13 @@ extern void build_options(bool screen); /* close our standard file descriptors */ close_low_fds(False); /* Don't close stderr */ +#ifdef HAVE_ATEXIT + atexit(killkids); +#endif + + /* Stop zombies */ + smbd_setup_sig_chld_handler(); + smbd_process(); exit_server_cleanly(NULL); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5314-g7e51314
The branch, v3-3-test has been updated
via 7e51314f2e18241876b049642fcb133df7e44c70 (commit)
from a5a31512de9d9b9ed7eed906487dd154fde7e483 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 7e51314f2e18241876b049642fcb133df7e44c70
Author: Jeremy Allison j...@samba.org
Date: Thu Jun 18 11:53:52 2009 +0200
Fix bug #6476 - more then 3000 smbd-zombies in memory
We weren't reaping children in the [x]inetd case.
Jeremy.
---
Summary of changes:
source/smbd/server.c | 19 +++
1 files changed, 15 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/server.c b/source/smbd/server.c
index 2415aeb..e0f86a6 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -355,10 +355,6 @@ static bool open_sockets_smbd(bool is_daemon, bool
interactive, const char *smb_
struct dns_reg_state * dns_reg = NULL;
unsigned dns_port = 0;
- if (!is_daemon) {
- return open_sockets_inetd();
- }
-
#ifdef HAVE_ATEXIT
{
static int atexit_set;
@@ -369,6 +365,17 @@ static bool open_sockets_smbd(bool is_daemon, bool
interactive, const char *smb_
}
#endif
+ if (!is_daemon) {
+ /*
+* Stop zombies the old way.
+* We aren't forking any new
+* 'normal' connections when
+* run from [x]inetd.
+*/
+ CatchChild();
+ return open_sockets_inetd();
+ }
+
/* Stop zombies */
CatchSignal(SIGCLD, sig_cld);
@@ -1252,6 +1259,10 @@ extern void build_options(bool screen);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
+/* Ensure we leave no zombies until we
+* correctly set up child handling below. */
+CatchChild();
+
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3622-ga062682
The branch, v3-2-test has been updated
via a0626827c820cad082001ab76f1f7e37f1a7307b (commit)
from 8fdb612155e36980249b7dd0daf5c57fb4d80f8c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit a0626827c820cad082001ab76f1f7e37f1a7307b
Author: Jeremy Allison j...@samba.org
Date: Thu Jun 18 11:53:52 2009 +0200
Fix bug #6476 - more then 3000 smbd-zombies in memory
We weren't reaping children in the [x]inetd case.
Jeremy.
(cherry picked from commit 7e51314f2e18241876b049642fcb133df7e44c70)
---
Summary of changes:
source/smbd/server.c | 19 +++
1 files changed, 15 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/server.c b/source/smbd/server.c
index e914118..35c98aa 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -348,10 +348,6 @@ static bool open_sockets_smbd(bool is_daemon, bool
interactive, const char *smb_
struct dns_reg_state * dns_reg = NULL;
unsigned dns_port = 0;
- if (!is_daemon) {
- return open_sockets_inetd();
- }
-
#ifdef HAVE_ATEXIT
{
static int atexit_set;
@@ -362,6 +358,17 @@ static bool open_sockets_smbd(bool is_daemon, bool
interactive, const char *smb_
}
#endif
+ if (!is_daemon) {
+ /*
+* Stop zombies the old way.
+* We aren't forking any new
+* 'normal' connections when
+* run from [x]inetd.
+*/
+ CatchChild();
+ return open_sockets_inetd();
+ }
+
/* Stop zombies */
CatchSignal(SIGCLD, sig_cld);
@@ -1199,6 +1206,10 @@ extern void build_options(bool screen);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
+/* Ensure we leave no zombies until we
+* correctly set up child handling below. */
+CatchChild();
+
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5315-g0cfe59f
The branch, v3-3-test has been updated
via 0cfe59f1b580371f445b50151ceae5aef02bf0c4 (commit)
from 7e51314f2e18241876b049642fcb133df7e44c70 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4
Author: Günther Deschner g...@samba.org
Date: Mon May 11 18:27:40 2009 +0200
s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned
a NULL sid_array since 3.2.0.
Found by torture test.
This makes it possible to search for users while adding them to groups via
windows usermanager.
Fixes bug #6484.
Guenther
---
Summary of changes:
source/rpc_server/srv_lsa_nt.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 96ee36a..ec7d30a 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -1090,6 +1090,7 @@ NTSTATUS _lsa_LookupNames2(pipes_struct *p,
status = _lsa_LookupNames(p, q);
+ sid_array2-count = sid_array-count;
sid_array2-sids = TALLOC_ARRAY(p-mem_ctx, struct lsa_TranslatedSid2,
sid_array-count);
if (!sid_array2-sids) {
return NT_STATUS_NO_MEMORY;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3623-gb653d1b
The branch, v3-2-test has been updated
via b653d1b1186e1c43f1ad0a64d19ee2fc015594a6 (commit)
from a0626827c820cad082001ab76f1f7e37f1a7307b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit b653d1b1186e1c43f1ad0a64d19ee2fc015594a6
Author: Günther Deschner g...@samba.org
Date: Mon May 11 18:27:40 2009 +0200
s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned
a NULL sid_array since 3.2.0.
Found by torture test.
This makes it possible to search for users while adding them to groups via
windows usermanager.
Fixes bug #6484.
Guenther
(cherry picked from commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4)
---
Summary of changes:
source/rpc_server/srv_lsa_nt.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 697cc52..cf883bb 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -1092,6 +1092,7 @@ NTSTATUS _lsa_LookupNames2(pipes_struct *p,
status = _lsa_LookupNames(p, q);
+ sid_array2-count = sid_array-count;
sid_array2-sids = TALLOC_ARRAY(p-mem_ctx, struct lsa_TranslatedSid2,
sid_array-count);
if (!sid_array2-sids) {
return NT_STATUS_NO_MEMORY;
--
Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2397-g79454b5
On Wed, 2009-06-17 at 22:52 -0500, Andrew Bartlett wrote: commit b112cc5503350b248949bdbcce8072f5523ce877 Author: Eric Sandall sanda...@sourcemage.org Date: Fri Jun 12 13:24:30 2009 +0200 For tevent to install tevent_util.h Patch for bug #6270 This patch is for the future when samba4 builds using external libraries. With this patch, tevent now installs tevent_util.h which is required by samba4. Andrew, I am going to revert this one, tevent_util.h is a private tevent header and must not be installed. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2401-gc925058
The branch, master has been updated via c92505817d6453c100ed52c9c3ab289f5589ce25 (commit) from e912764a5e0c1f05f921667eb56ef58552de454b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c92505817d6453c100ed52c9c3ab289f5589ce25 Author: Simo Sorce i...@samba.org Date: Thu Jun 18 07:56:51 2009 -0400 Revert For tevent to install tevent_util.h This reverts commit b112cc5503350b248949bdbcce8072f5523ce877. tevent_util.h is a private header. Must not be installed. --- Summary of changes: lib/tevent/tevent.mk |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/tevent.mk b/lib/tevent/tevent.mk index 903876b..82cc4a0 100644 --- a/lib/tevent/tevent.mk +++ b/lib/tevent/tevent.mk @@ -23,7 +23,6 @@ installdirs:: installheaders:: installdirs cp $(srcdir)/tevent.h $(DESTDIR)$(includedir) cp $(srcdir)/tevent_internal.h $(DESTDIR)$(includedir) - cp $(srcdir)/tevent_util.h $(DESTDIR)$(includedir) installlibs:: installdirs cp tevent.pc $(DESTDIR)$(libdir)/pkgconfig -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2403-ge7e98ba
The branch, master has been updated
via e7e98ba4807f3c4e0538b24ae0092f69383ae2d7 (commit)
via 6037c200a1ff37fce91a5559aa87cdee0e310a8d (commit)
from c92505817d6453c100ed52c9c3ab289f5589ce25 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e7e98ba4807f3c4e0538b24ae0092f69383ae2d7
Author: Günther Deschner g...@samba.org
Date: Thu Jun 18 16:17:26 2009 +0200
libwbclient: fix returned LogonInfo in wbc_LogonUser().
That function could return emtpy blobs for username and ccache for e.g.
cached
logins.
Guenther
commit 6037c200a1ff37fce91a5559aa87cdee0e310a8d
Author: Günther Deschner g...@samba.org
Date: Thu Jun 18 16:33:46 2009 +0200
wbinfo: use wbcLogonUser for wbinfo -K.
Guenther
---
Summary of changes:
nsswitch/libwbclient/wbc_pam.c |6 ++-
nsswitch/wbinfo.c | 111 +++-
2 files changed, 80 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index a245d8a..d3bf616 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -268,7 +268,8 @@ static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx,
wbc_status = wbc_create_auth_info(i, resp, i-info);
BAIL_ON_WBC_ERROR(wbc_status);
- if (resp-data.auth.krb5ccname) {
+ if (resp-data.auth.krb5ccname
+ strlen(resp-data.auth.krb5ccname)) {
wbc_status = wbcAddNamedBlob(i-num_blobs,
i-blobs,
krb5ccname,
@@ -278,7 +279,8 @@ static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx,
BAIL_ON_WBC_ERROR(wbc_status);
}
- if (resp-data.auth.unix_username) {
+ if (resp-data.auth.unix_username
+ strlen(resp-data.auth.unix_username)) {
wbc_status = wbcAddNamedBlob(i-num_blobs,
i-blobs,
unix_username,
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 04addda..5dd96f9 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1178,66 +1178,107 @@ static char *wbinfo_prompt_pass(const char *prefix,
static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- char *p;
- char *password;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ char *s = NULL;
+ char *p = NULL;
+ char *password = NULL;
+ char *name = NULL;
+ uid_t uid;
+ struct wbcLogonUserParams params;
+ struct wbcLogonUserInfo *info;
+ struct wbcAuthErrorInfo *error;
+ struct wbcUserPasswordPolicyInfo *policy;
- p = strchr(username, '%');
+ if ((s = SMB_STRDUP(username)) == NULL) {
+ return false;
+ }
- if (p) {
+ if ((p = strchr(s, '%')) != NULL) {
*p = 0;
- fstrcpy(request.data.auth.user, username);
- fstrcpy(request.data.auth.pass, p + 1);
- *p = '%';
+ p++;
+ password = SMB_STRDUP(p);
} else {
- fstrcpy(request.data.auth.user, username);
password = wbinfo_prompt_pass(NULL, username);
- fstrcpy(request.data.auth.pass, password);
- SAFE_FREE(password);
}
- request.flags = flags;
+ name = s;
- fstrcpy(request.data.auth.krb5_cc_type, cctype);
+ uid = geteuid();
- request.data.auth.uid = geteuid();
+ params.username = name;
+ params.password = password;
+ params.num_blobs = 0;
+ params.blobs = NULL;
- result = winbindd_request_response(WINBINDD_PAM_AUTH, request,
response);
+ wbc_status = wbcAddNamedBlob(params.num_blobs,
+params.blobs,
+flags,
+0,
+(uint8_t *)flags,
+sizeof(flags));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
- /* Display response */
+ wbc_status = wbcAddNamedBlob(params.num_blobs,
+params.blobs,
+user_uid,
+0,
+(uint8_t *)uid,
+sizeof(uid));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
+
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2404-g3426748
The branch, master has been updated
via 34267482d53cb559cc40c4ec2bee929c21b7886b (commit)
from e7e98ba4807f3c4e0538b24ae0092f69383ae2d7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 34267482d53cb559cc40c4ec2bee929c21b7886b
Author: Jeremy Allison j...@samba.org
Date: Thu Jun 18 13:13:38 2009 -0700
Replace the boilerplate calls to :
resolve_dfspath() - unix_convert() - get_full_smb_filename() -
check_name()
with a new function filename_convert().
This restores the check_name() calls that had gone missing
since the default create_file was changed. All standard
pathname processing now goes through filename_convert().
I'll take a look at the non-standard pathname processing
next. As a benefit, fixed a missing resolve_dfspath()
in the trans2 mkdir call.
Jeremy.
---
Summary of changes:
source3/include/proto.h| 10 ++-
source3/smbd/filename.c| 52 ++
source3/smbd/nttrans.c | 30 +++-
source3/smbd/reply.c | 168 +--
source3/smbd/smb2_create.c | 10 +--
source3/smbd/trans2.c | 154
6 files changed, 154 insertions(+), 270 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4ae141e..6fc2825 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6384,6 +6384,12 @@ NTSTATUS check_name(connection_struct *conn, const char
*name);
int get_real_filename(connection_struct *conn, const char *path,
const char *name, TALLOC_CTX *mem_ctx,
char **found_name);
+NTSTATUS filename_convert(TALLOC_CTX *mem_ctx,
+ connection_struct *conn,
+ bool dfs_path,
+ const char *name_in,
+ struct smb_filename **pp_smb_fname,
+ char **pp_name);
/* The following definitions come from smbd/files.c */
@@ -7078,8 +7084,8 @@ void send_trans2_replies(connection_struct *conn,
unsigned char *create_volume_objectid(connection_struct *conn, unsigned char
objid[16]);
NTSTATUS hardlink_internals(TALLOC_CTX *ctx,
connection_struct *conn,
- const char *oldname_in,
- const char *newname_in);
+ const struct smb_filename *smb_fname_old,
+ const struct smb_filename *smb_fname_new);
NTSTATUS smb_set_file_time(connection_struct *conn,
files_struct *fsp,
const char *fname,
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 456caf5..e1e5454 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1150,3 +1150,55 @@ static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
TALLOC_FREE(streams);
return status;
}
+
+/
+ Go through all the steps to validate a filename.
+/
+
+NTSTATUS filename_convert(TALLOC_CTX *ctx,
+ connection_struct *conn,
+ bool dfs_path,
+ const char *name_in,
+ struct smb_filename **pp_smb_fname,
+ char **pp_name)
+{
+ NTSTATUS status;
+
+ *pp_smb_fname = NULL;
+ *pp_name = NULL;
+
+ status = resolve_dfspath(ctx, conn,
+ dfs_path,
+ name_in,
+ pp_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,(filename_convert: resolve_dfspath failed
+ for name %s with %s\n,
+ name_in,
+ nt_errstr(status) ));
+ return status;
+ }
+ status = unix_convert(ctx, conn, *pp_name, pp_smb_fname, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,(filename_convert: unix_convert failed
+ for name %s with %s\n,
+ *pp_name,
+ nt_errstr(status) ));
+ return status;
+ }
+
+ status = get_full_smb_filename(ctx, *pp_smb_fname, pp_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = check_name(conn, *pp_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3,(filename_convert: check_name failed
+ for name %s with %s\n,
+ *pp_name,
+ nt_errstr(status) ));
+ return status;
+ }
+ return status;
+}
diff --git
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2405-gd2da9de
The branch, master has been updated
via d2da9dee686881106678d50a96713f0632dcdf10 (commit)
from 34267482d53cb559cc40c4ec2bee929c21b7886b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d2da9dee686881106678d50a96713f0632dcdf10
Author: Jeremy Allison j...@samba.org
Date: Thu Jun 18 15:07:14 2009 -0700
Add some const to the stat struct in the dosmode calls.
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.
Jeremy.
---
Summary of changes:
source3/include/proto.h|8 +++---
source3/rpc_server/srv_srvsvc_nt.c | 19 +++-
source3/smbd/dosmode.c | 28 +---
source3/smbd/file_access.c | 11 ++---
source3/smbd/nttrans.c | 40 +--
source3/smbd/open.c|1 -
source3/smbd/posix_acls.c | 31 +++
source3/smbd/reply.c | 36
8 files changed, 72 insertions(+), 102 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6fc2825..598d83a 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6290,9 +6290,9 @@ bool smbd_setup_mdns_registration(struct tevent_context
*ev,
mode_t unix_mode(connection_struct *conn, int dosmode, const char *fname,
const char *inherit_from_dir);
-uint32 dos_mode_msdfs(connection_struct *conn, const char
*path,SMB_STRUCT_STAT *sbuf);
+uint32 dos_mode_msdfs(connection_struct *conn, const char *path, const
SMB_STRUCT_STAT *sbuf);
int dos_attributes_to_stat_dos_flags(uint32_t dosmode);
-uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT
*sbuf);
+uint32 dos_mode(connection_struct *conn, const char *path, const
SMB_STRUCT_STAT *sbuf);
int file_set_dosmode(connection_struct *conn, const char *fname,
uint32 dosmode, SMB_STRUCT_STAT *st,
const char *parent_dir,
@@ -6339,8 +6339,8 @@ bool can_access_file_acl(struct connection_struct *conn,
uint32_t access_mask);
bool can_delete_file_in_directory(connection_struct *conn,
const struct smb_filename *smb_fname);
-bool can_access_file_data(connection_struct *conn, const char *fname,
SMB_STRUCT_STAT *psbuf, uint32 access_mask);
-bool can_write_to_file(connection_struct *conn, const char *fname,
SMB_STRUCT_STAT *psbuf);
+bool can_access_file_data(connection_struct *conn, const char *fname, const
SMB_STRUCT_STAT *psbuf, uint32 access_mask);
+bool can_write_to_file(connection_struct *conn, const char *fname, const
SMB_STRUCT_STAT *psbuf);
bool directory_has_default_acl(connection_struct *conn, const char *fname);
/* The following definitions come from smbd/fileio.c */
diff --git a/source3/rpc_server/srv_srvsvc_nt.c
b/source3/rpc_server/srv_srvsvc_nt.c
index 1b07fc2..070f7fd 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2067,23 +2067,17 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
goto error_exit;
}
- nt_status = resolve_dfspath(talloc_tos(),
+ nt_status = filename_convert(talloc_tos(),
conn,
false,
r-in.file,
+ smb_fname,
fname);
if (!NT_STATUS_IS_OK(nt_status)) {
werr = ntstatus_to_werror(nt_status);
goto error_exit;
}
- nt_status = unix_convert(talloc_tos(), conn, fname, smb_fname,
-0);
- if (!NT_STATUS_IS_OK(nt_status)) {
- werr = ntstatus_to_werror(nt_status);
- goto error_exit;
- }
-
nt_status = SMB_VFS_CREATE_FILE(
conn, /* conn */
NULL, /* req */
@@ -2203,21 +2197,16 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
goto error_exit;
}
- nt_status = resolve_dfspath(talloc_tos(),
+ nt_status = filename_convert(talloc_tos(),
conn,
false,
r-in.file,
+ smb_fname,
fname);
if (!NT_STATUS_IS_OK(nt_status)) {
werr = ntstatus_to_werror(nt_status);
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2406-g3188582
The branch, master has been updated
via 31885822ae0744582fb145f541bd4cfc590173d6 (commit)
from d2da9dee686881106678d50a96713f0632dcdf10 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 31885822ae0744582fb145f541bd4cfc590173d6
Author: Jeremy Allison j...@samba.org
Date: Thu Jun 18 15:40:14 2009 -0700
acl_group_override() doesn't need to call stat. Pass this
down from above (as const).
Jeremy.
---
Summary of changes:
source3/smbd/posix_acls.c | 45 +
1 files changed, 17 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6eed92c..bdd27fb 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2547,38 +2547,23 @@ static bool current_user_in_group(gid_t gid)
/
static bool acl_group_override(connection_struct *conn,
- gid_t prim_gid,
- files_struct *fsp)
+ const SMB_STRUCT_STAT *psbuf,
+ const char *fname)
{
-
if ((errno != EPERM) (errno != EACCES)) {
return false;
}
/* file primary group == user primary or supplementary group */
if (lp_acl_group_control(SNUM(conn))
- current_user_in_group(prim_gid)) {
+ current_user_in_group(psbuf-st_ex_gid)) {
return true;
}
/* user has writeable permission */
- if (lp_dos_filemode(SNUM(conn))) {
- SMB_STRUCT_STAT sbuf;
- int ret;
-
- if (fsp-posix_open) {
- ret = SMB_VFS_LSTAT(conn,fsp-fsp_name,sbuf);
- } else {
- ret = SMB_VFS_STAT(conn,fsp-fsp_name,sbuf);
- }
-
- if (ret == -1) {
- return false;
- }
-
- if (can_write_to_file(conn, fsp-fsp_name, sbuf)) {
- return true;
- }
+ if (lp_dos_filemode(SNUM(conn))
+ can_write_to_file(conn, fname, psbuf)) {
+ return true;
}
return false;
@@ -2588,7 +2573,11 @@ static bool acl_group_override(connection_struct *conn,
Attempt to apply an ACL to a file or directory.
/
-static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool
default_ace, gid_t prim_gid, bool *pacl_set_support)
+static bool set_canon_ace_list(files_struct *fsp,
+ canon_ace *the_ace,
+ bool default_ace,
+ const SMB_STRUCT_STAT *psbuf,
+ bool *pacl_set_support)
{
connection_struct *conn = fsp-conn;
bool ret = False;
@@ -2767,7 +2756,7 @@ static bool set_canon_ace_list(files_struct *fsp,
canon_ace *the_ace, bool defau
*pacl_set_support = False;
}
- if (acl_group_override(conn, prim_gid, fsp)) {
+ if (acl_group_override(conn, psbuf, fsp-fsp_name)) {
int sret;
DEBUG(5,(set_canon_ace_list: acl group control
on and current user in file %s primary group.\n,
@@ -2798,7 +2787,7 @@ static bool set_canon_ace_list(files_struct *fsp,
canon_ace *the_ace, bool defau
*pacl_set_support = False;
}
- if (acl_group_override(conn, prim_gid, fsp)) {
+ if (acl_group_override(conn, psbuf, fsp-fsp_name)) {
int sret;
DEBUG(5,(set_canon_ace_list: acl group control
on and current user in file %s primary group.\n,
@@ -3802,7 +3791,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32
security_info_sent, const SEC_DESC
if (set_acl_as_root) {
become_root();
}
- ret = set_canon_ace_list(fsp, file_ace_list, False,
sbuf.st_ex_gid, acl_set_support);
+ ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf,
acl_set_support);
if (set_acl_as_root) {
unbecome_root();
}
@@ -3819,7 +3808,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32
security_info_sent, const SEC_DESC
if (set_acl_as_root) {
become_root();
}
- ret = set_canon_ace_list(fsp, dir_ace_list,
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2407-g5a9ca3d
The branch, master has been updated
via 5a9ca3db032af5938e9709f3355a1f45b1e08d27 (commit)
from 31885822ae0744582fb145f541bd4cfc590173d6 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5a9ca3db032af5938e9709f3355a1f45b1e08d27
Author: Volker Lendecke v...@samba.org
Date: Thu Jun 18 11:45:57 2009 +0200
Fix bug 4699: Remove pidfile on clean shutdown
---
Summary of changes:
source3/include/proto.h |1 +
source3/lib/pidfile.c | 26 ++
source3/nmbd/nmbd.c |2 ++
source3/smbd/server.c |3 +++
source3/winbindd/winbindd.c |4
5 files changed, 28 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 598d83a..74406fd 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -583,6 +583,7 @@ int nt_status_to_pam(NTSTATUS nt_status);
pid_t pidfile_pid(const char *name);
void pidfile_create(const char *program_name);
+void pidfile_unlink(void);
/* The following definitions come from lib/popt_common.c */
diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c
index 3495dae..37b36af 100644
--- a/source3/lib/pidfile.c
+++ b/source3/lib/pidfile.c
@@ -25,6 +25,8 @@
#define O_NONBLOCK
#endif
+static char *pidFile_name = NULL;
+
/* return the pid in a pidfile. return 0 if the process (or pidfile)
does not exist */
pid_t pidfile_pid(const char *name)
@@ -88,7 +90,6 @@ void pidfile_create(const char *program_name)
charbuf[20];
const char*short_configfile;
char *name;
- char *pidFile;
pid_t pid;
/* Add a suffix to the program name if this is a process with a
@@ -110,27 +111,28 @@ void pidfile_create(const char *program_name)
}
}
- if (asprintf(pidFile, %s/%s.pid, lp_piddir(), name) == -1) {
+ if (asprintf(pidFile_name, %s/%s.pid, lp_piddir(), name) == -1) {
smb_panic(asprintf failed);
}
pid = pidfile_pid(name);
if (pid != 0) {
DEBUG(0,(ERROR: %s is already running. File %s exists and
process id %d is running.\n,
-name, pidFile, (int)pid));
+name, pidFile_name, (int)pid));
exit(1);
}
- fd = sys_open(pidFile, O_NONBLOCK | O_CREAT | O_WRONLY | O_EXCL, 0644);
+ fd = sys_open(pidFile_name, O_NONBLOCK | O_CREAT | O_WRONLY | O_EXCL,
+ 0644);
if (fd == -1) {
- DEBUG(0,(ERROR: can't open %s: Error was %s\n, pidFile,
+ DEBUG(0,(ERROR: can't open %s: Error was %s\n, pidFile_name,
strerror(errno)));
exit(1);
}
if (fcntl_lock(fd,SMB_F_SETLK,0,1,F_WRLCK)==False) {
DEBUG(0,(ERROR: %s : fcntl lock of file %s failed. Error was
%s\n,
- name, pidFile, strerror(errno)));
+name, pidFile_name, strerror(errno)));
exit(1);
}
@@ -138,10 +140,18 @@ void pidfile_create(const char *program_name)
slprintf(buf, sizeof(buf) - 1, %u\n, (unsigned int) sys_getpid());
if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) {
DEBUG(0,(ERROR: can't write to file %s: %s\n,
-pidFile, strerror(errno)));
+pidFile_name, strerror(errno)));
exit(1);
}
/* Leave pid file open locked for the duration... */
SAFE_FREE(name);
- SAFE_FREE(pidFile);
+}
+
+void pidfile_unlink(void)
+{
+ if (pidFile_name == NULL) {
+ return;
+ }
+ unlink(pidFile_name);
+ SAFE_FREE(pidFile_name);
}
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 903dc36..848baef 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -82,6 +82,8 @@ static void terminate(void)
/* If there was an async dns child - kill it. */
kill_async_dns_child();
+ pidfile_unlink();
+
exit(0);
}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d3ce4b6..5b474d8 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -854,6 +854,9 @@ static void exit_server_common(enum server_exit_reason how,
} else {
DEBUG(3,(Server exit (%s)\n,
(reason ? reason : normal exit)));
+ if (am_parent) {
+ pidfile_unlink();
+ }
}
/* if we had any open SMB connections when we exited then we
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 0a73c0e..d617fe1 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -173,6 +173,10 @@ static void
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2408-g5d40677
The branch, master has been updated
via 5d40677a9b7d97a028878422be3dc1ace4bfeecf (commit)
from 5a9ca3db032af5938e9709f3355a1f45b1e08d27 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5d40677a9b7d97a028878422be3dc1ace4bfeecf
Author: Günther Deschner g...@samba.org
Date: Fri Jun 19 01:57:16 2009 +0200
s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry
calculation.
Based on patch from Blindauer Emmanuel sa...@mooby.net.
Guenther
---
Summary of changes:
nsswitch/pam_winbind.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 545c87d..e90f1b7 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -914,7 +914,8 @@ static void _pam_warn_password_expiry(struct pwb_context
*ctx,
/* now check for the global password policy */
/* good catch from Ralf Haferkamp: an expiry of never is translated
* to -1 */
- if (policy-expire == -1) {
+ if ((policy-expire == (int64_t)-1) ||
+ (policy-expire == 0)) {
return;
}
--
Samba Shared Repository
Build status as of Fri Jun 19 00:00:03 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-06-18 00:00:30.0 + +++ /home/build/master/cache/broken_results.txt 2009-06-19 00:01:30.0 + @@ -1,11 +1,11 @@ -Build status as of Thu Jun 18 00:00:02 2009 +Build status as of Fri Jun 19 00:00:03 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 30 5 0 +ccache 31 5 0 distcc 0 0 0 -ldb 31 31 0 +ldb 30 31 0 libreplace 31 10 0 lorikeet 0 0 0 pidl 22 2 0 @@ -13,9 +13,9 @@ rsync31 9 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 29 22 0 -samba_3_master 30 27 3 -samba_3_next 30 29 1 +samba_3_current 29 20 0 +samba_3_master 30 28 5 +samba_3_next 30 28 1 samba_4_0_test 31 28 1 talloc 31 31 0 tdb 29 24 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2412-g5c19c60
The branch, master has been updated
via 5c19c60c5741196fc0a2b8db901e1be02139ae4e (commit)
via a8e757ba4ca2a003c114295473fe08a8f80fb2c2 (commit)
via 2627c6c0c2d3d96b3d458092ba8b090447a76a61 (commit)
via 0376d056e58d76b7792a5512d84c07f703838b4d (commit)
from 5d40677a9b7d97a028878422be3dc1ace4bfeecf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5c19c60c5741196fc0a2b8db901e1be02139ae4e
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jun 19 11:29:31 2009 +1000
s4:ldb Add test for integer normalisation behaviour
This uses groupType as the example, but this actually applies to all
integer types in AD.
Andrew Bartlett
commit a8e757ba4ca2a003c114295473fe08a8f80fb2c2
Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de
Date: Thu Jun 18 11:18:05 2009 +0200
A fix in the ACL code used by both SAMBA 3 and 4
This fixes an uninitialised structure. It has been found through valgrind
in the RAW-ACLs test suite (Bug #6397).
commit 2627c6c0c2d3d96b3d458092ba8b090447a76a61
Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de
Date: Thu Jun 18 11:16:16 2009 +0200
Fixed some uninitialised variables
I tried hard to not change the program logic. Should fix bug #6439.
commit 0376d056e58d76b7792a5512d84c07f703838b4d
Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de
Date: Thu Jun 18 11:05:45 2009 +0200
Correct handling of 32-bit integer attributes in SAMBA 4
- LDB handles now all 32-bit integer attributes correctly (also with
overflows)
according to the schema
- LDAP backends handle the attributes groupType, userAccountControl and
sAMAccountType correctly. This handling doesn't yet use the schema but
the conversion file simple_ldap.map.c which contains them hardcoded.
Did also a refactoring of the conversion function there.
- Bug #6136 should be gone
---
Summary of changes:
.gitignore |1 -
libcli/security/security_descriptor.c|2 +-
source4/auth/kerberos/gssapi_parse.c |6 +--
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 39 +++
source4/dsdb/schema/schema_syntax.c | 15 ++--
source4/lib/ldb-samba/ldif_handlers.c| 84 ++---
source4/lib/ldb-samba/ldif_handlers.h|4 +
source4/lib/ldb/tests/python/ldap.py | 17 +
source4/lib/registry/regf.c |3 +-
source4/lib/tls/tls.c|3 +-
source4/utils/ntlm_auth.c| 13 +++-
11 files changed, 126 insertions(+), 61 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index e8e1dfa..1ace6e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -206,7 +206,6 @@ source4/lib/ldb/examples/ldbreader
source4/lib/ldb/examples/ldifreader
source4/lib/ldb/lib
source4/lib/ldb/man/*.html
-source4/lib/ldb-samba/ldif_handlers.h
source4/lib/ldb/samba/ldif_handlers_proto.h
source4/lib/ldb/tests/tmp
source4/libnet/libnet_proto.h
diff --git a/libcli/security/security_descriptor.c
b/libcli/security/security_descriptor.c
index 59d82b8..f18a326 100644
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -373,7 +373,7 @@ static struct security_descriptor
*security_descriptor_appendv(struct security_d
while ((sidstr = va_arg(ap, const char *))) {
struct dom_sid *sid;
- struct security_ace *ace = talloc(sd, struct security_ace);
+ struct security_ace *ace = talloc_zero(sd, struct security_ace);
NTSTATUS status;
if (ace == NULL) {
diff --git a/source4/auth/kerberos/gssapi_parse.c
b/source4/auth/kerberos/gssapi_parse.c
index 489ebca..b538d82 100644
--- a/source4/auth/kerberos/gssapi_parse.c
+++ b/source4/auth/kerberos/gssapi_parse.c
@@ -35,12 +35,8 @@ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx,
const DATA_BLOB *tick
struct asn1_data *data;
DATA_BLOB ret;
- if (!data || !ticket-data) {
- return data_blob(NULL,0);
- }
-
data = asn1_init(mem_ctx);
- if (data == NULL) {
+ if (!data || !ticket-data) {
return data_blob(NULL,0);
}
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
index 948241b..0a6c350 100644
--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
@@ -146,19 +146,10 @@ static struct ldb_val objectCategory_always_dn(struct
ldb_module *module, TALLOC
static struct ldb_val normalise_to_signed32(struct ldb_module *module,
TALLOC_CTX *ctx, const struct ldb_val
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2413-g19723ed
The branch, master has been updated
via 19723ed0fcdf267ece3dbcde503f86093aceb39b (commit)
from 5c19c60c5741196fc0a2b8db901e1be02139ae4e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 19723ed0fcdf267ece3dbcde503f86093aceb39b
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jun 19 13:25:28 2009 +1000
Partially revert restriction of socket_wrapper to 1500 byte writes
This keeps the restriction for stream sockets (where the caller will
retry), without creating problems on datagram sockets (CLDAP is not
defined, as far as I know, across multiple UDP packets).
The commit adding this restriction was
47b106c0ae8b91c9cccfc21bf8e4e416b1abfd5d
Andrew Bartlett
---
Summary of changes:
lib/socket_wrapper/socket_wrapper.c | 42 ++
1 files changed, 32 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/socket_wrapper/socket_wrapper.c
b/lib/socket_wrapper/socket_wrapper.c
index 8563400..933b126 100644
--- a/lib/socket_wrapper/socket_wrapper.c
+++ b/lib/socket_wrapper/socket_wrapper.c
@@ -1862,7 +1862,12 @@ _PUBLIC_ ssize_t swrap_recvfrom(int s, void *buf, size_t
len, int flags, struct
fromlen = ss_len;
}
- len = MIN(len, 1500);
+ if (si-type == SOCK_STREAM) {
+ /* cut down to 1500 byte packets for stream sockets,
+* which makes it easier to format PCAP capture files
+* (as the caller will simply continue from here) */
+ len = MIN(len, 1500);
+ }
/* irix 6.4 forgets to null terminate the sun_path string :-( */
memset(un_addr, 0, sizeof(un_addr));
@@ -1902,10 +1907,13 @@ _PUBLIC_ ssize_t swrap_sendto(int s, const void *buf,
size_t len, int flags, con
tolen = si-peername_len;
}
- len = MIN(len, 1500);
-
switch (si-type) {
case SOCK_STREAM:
+ /* cut down to 1500 byte packets for stream sockets,
+* which makes it easier to format PCAP capture files
+* (as the caller will simply continue from here) */
+ len = MIN(len, 1500);
+
ret = real_send(s, buf, len, flags);
break;
case SOCK_DGRAM:
@@ -2012,7 +2020,12 @@ _PUBLIC_ ssize_t swrap_recv(int s, void *buf, size_t
len, int flags)
return real_recv(s, buf, len, flags);
}
- len = MIN(len, 1500);
+ if (si-type == SOCK_STREAM) {
+ /* cut down to 1500 byte packets for stream sockets,
+* which makes it easier to format PCAP capture files
+* (as the caller will simply continue from here) */
+ len = MIN(len, 1500);
+ }
ret = real_recv(s, buf, len, flags);
if (ret == -1 errno != EAGAIN errno != ENOBUFS) {
@@ -2036,7 +2049,12 @@ _PUBLIC_ ssize_t swrap_send(int s, const void *buf,
size_t len, int flags)
return real_send(s, buf, len, flags);
}
- len = MIN(len, 1500);
+ if (si-type == SOCK_STREAM) {
+ /* cut down to 1500 byte packets for stream sockets,
+* which makes it easier to format PCAP capture files
+* (as the caller will simply continue from here) */
+ len = MIN(len, 1500);
+ }
if (si-defer_connect) {
struct sockaddr_un un_addr;
@@ -2157,10 +2175,12 @@ int swrap_readv(int s, const struct iovec *vector,
size_t count)
return real_readv(s, vector, count);
}
- /* we read 1500 bytes as maximum */
- if (count 0) {
+ if (si-type == SOCK_STREAM count 0) {
+ /* cut down to 1500 byte packets for stream sockets,
+* which makes it easier to format PCAP capture files
+* (as the caller will simply continue from here) */
size_t i, len = 0;
-
+
for (i=0; i count; i++) {
size_t nlen;
nlen = len + vector[i].iov_len;
@@ -,8 +2242,10 @@ int swrap_writev(int s, const struct iovec *vector,
size_t count)
return real_writev(s, vector, count);
}
- /* we write 1500 bytes as maximum */
- if (count 0) {
+ if (si-type == SOCK_STREAM count 0) {
+ /* cut down to 1500 byte packets for stream sockets,
+* which makes it easier to format PCAP capture files
+* (as the caller will simply continue from here) */
size_t i, len = 0;
for (i=0; i count; i++) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2415-g4c23a95
The branch, master has been updated via 4c23a9556536561f79fa90bc431fc62fcc4e3c90 (commit) via e5a15e6589add409eb76f62a49e2b7a116a56c7c (commit) from 19723ed0fcdf267ece3dbcde503f86093aceb39b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4c23a9556536561f79fa90bc431fc62fcc4e3c90 Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 19 13:57:30 2009 +1000 added some basic documentation for the idmap script option commit e5a15e6589add409eb76f62a49e2b7a116a56c7c Author: Andrew Tridgell tri...@samba.org Date: Fri Jun 19 13:57:13 2009 +1000 added a sample script for the idmap script option --- Summary of changes: examples/scripts/idmap/README | 168 +++ examples/scripts/idmap/idmap_nis.sh | 119 + 2 files changed, 287 insertions(+), 0 deletions(-) create mode 100644 examples/scripts/idmap/README create mode 100755 examples/scripts/idmap/idmap_nis.sh Changeset truncated at 500 lines: diff --git a/examples/scripts/idmap/README b/examples/scripts/idmap/README new file mode 100644 index 000..3032493 --- /dev/null +++ b/examples/scripts/idmap/README @@ -0,0 +1,168 @@ +idmap script option for flexible UID/GID handling +- + +If you are using idmap backend = tdb2 with winbind in Samba3, then +you have the option of specifying an external script to perform +uid/gid allocation. This can be useful in situations where you are +using AD for authentication, but the AD server is not configured to +supply uid/gid mappings via the services for unix extensions and you +have a need to support a pre-existing system for uid/gid allocation. + +One common situation where this arises is where you have a mixture of +NFS and CIFS clients, and the NFS clients are configured to use NIS +for their id mapping. It is quite common to have an administrative +mechanism in place to ensure that all of the NIS users have a +corresponding AD user account, but there may be no direct mechanism to +ensure that any unix uid/gid attributes in AD match those in NIS. + +In this situation it would normally not be possible to share files +with correct ownership between the CIFS and NFS clients, as winbind +would normally allocate its own set of UIDs from a reserved pool, and +those uids won't match the existing ones in NIS. + +The idmap script option +--- + +To resolve this problem the idmap tdb2 module has the ability to call +out to an external script whenever it meeds an unknown SID or UID/GID +for the first time. It is then the job of that script to provide a +mapping consistent with whatever external system is in place (such as +NIS), and return the mapped result to winbind. + +Winbind will then persistently store the result of the mapping, so +that the script is not invoked more than once per user/group. + +To setup the idmap script you need to set the following options: + + idmap backend = tdb2 + idmap script = /usr/local/bin/idmap.sh + +where the location and name of the script is arbitrary. It just needs +to be executable by winbind. + +You then need to stop Samba, delete the key idmap cache files, and +restart Samba. The idmap files that need to be deleted are: + + - gencache.tdb + - winbindd_cache.tdb + - idmap2.tdb + + +Script operation + + +The script will be called by winbind in one of three ways. + + 1) idmap.sh SIDTOID SID + 2) idmap.sh IDTOSID UID UID + 2) idmap.sh IDTOSID GID GID + +In the first form the script is being asked to map a windows SID (in +the string form S-*) to a UID or GID. In the second form the script +is being asked to map a UID to a SID, and in the third form it is +being asked to map a GID to a SID. + +SIDTOID +--- + +In the first form the script is expected to output a UID or GID given +a SID. The output format is expected to be like this: + + UID:1234 +or + GID:1122 + +If the SID cannot be found, then the script should output an error +like this: + + ERR:Some error message + +Note that it is common for the external mechanism to not know about +windows SIDs, in which case the script may use the wbinfo command to +ask winbind to change the SID into a username or group name. The +wbinfo -s option is the one to use. + + +IDTOSID UID +--- + +In this form the script is expected to turn a UID into a SID, +returning a result like this: + + SID:S-1-5-21-1110277820-2343689819-414998773-1124 + +or an error like this: + + ERR:Some error message + +If the external mechanism that the script wants to use cannot produce +a SID, but can produce a username, then the script can convert the +username to a SID using the wbinfo -n option. + +IDTOSID GID +--- + +In this form the script is expected to turn a GID into a SID, +returning a result like this: + +
[SCM] CTDB repository - branch master updated - ctdb-1.0.84-17-gfc8a364
The branch, master has been updated
via fc8a364eb095ec11ca01246a583bf1dc53510141 (commit)
via 268c3e4b269a92741a02280c84384178e73de10e (commit)
via d177b08f1dc79534491f27726b05405d47e12e20 (commit)
via 6d1e4321b63973c2e53c63d386e8cc0bd9605cae (commit)
from facddcacb4a961cddb117818fa38a3e97770b2fa (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit fc8a364eb095ec11ca01246a583bf1dc53510141
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jun 19 14:58:06 2009 +1000
dont leak file descriptors when set recmdoe timesout
commit 268c3e4b269a92741a02280c84384178e73de10e
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jun 19 14:54:22 2009 +1000
dont leak file descriptors
commit d177b08f1dc79534491f27726b05405d47e12e20
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jun 19 14:44:26 2009 +1000
in the recovery daemon, check that the recovery master can access the
recovery lock file and verify it is not stale from a child process.
This allows us to timeout the operation if the underlying filesystem has
become temporarily unresponsive without causing a new recovery.
commit 6d1e4321b63973c2e53c63d386e8cc0bd9605cae
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jun 19 13:09:11 2009 +1000
reduce the timeout we wait for the reclock child process to finish to 5
seconds
before we log an error and abort
---
Summary of changes:
server/ctdb_recover.c | 14 +++-
server/ctdb_recoverd.c | 185 ---
2 files changed, 185 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c
index 7953c6b..526a310 100644
--- a/server/ctdb_recover.c
+++ b/server/ctdb_recover.c
@@ -531,7 +531,13 @@ static int set_recmode_destructor(struct
ctdb_set_recmode_state *state)
double l = timeval_elapsed(state-start_time);
ctdb_reclock_latency(state-ctdb, daemon reclock,
state-ctdb-statistics.reclock.ctdbd, l);
-
+
+ if (state-fd[0] != -1) {
+ state-fd[0] = -1;
+ }
+ if (state-fd[1] != -1) {
+ state-fd[1] = -1;
+ }
kill(state-child, SIGKILL);
return 0;
}
@@ -645,6 +651,8 @@ int32_t ctdb_control_set_recmode(struct ctdb_context *ctdb,
CTDB_NO_MEMORY(ctdb, state);
state-start_time = timeval_current();
+ state-fd[0] = -1;
+ state-fd[1] = -1;
if (ctdb-tunable.verify_recovery_lock == 0) {
/* dont need to verify the reclock file */
@@ -693,16 +701,18 @@ int32_t ctdb_control_set_recmode(struct ctdb_context
*ctdb,
_exit(0);
}
close(state-fd[1]);
+ state-fd[1] = -1;
talloc_set_destructor(state, set_recmode_destructor);
- state-te = event_add_timed(ctdb-ev, state, timeval_current_ofs(15, 0),
+ state-te = event_add_timed(ctdb-ev, state, timeval_current_ofs(5, 0),
ctdb_set_recmode_timeout, state);
state-fde = event_add_fd(ctdb-ev, state, state-fd[0],
EVENT_FD_READ|EVENT_FD_AUTOCLOSE,
set_recmode_handler,
(void *)state);
+
if (state-fde == NULL) {
talloc_free(state);
return -1;
diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c
index 6b2fb5e..07f3f0d 100644
--- a/server/ctdb_recoverd.c
+++ b/server/ctdb_recoverd.c
@@ -2331,6 +2331,176 @@ static int get_remote_nodemaps(struct ctdb_context
*ctdb, TALLOC_CTX *mem_ctx,
return 0;
}
+enum reclock_child_status { RECLOCK_CHECKING, RECLOCK_OK, RECLOCK_FAILED,
RECLOCK_TIMEOUT};
+struct ctdb_check_reclock_state {
+ struct ctdb_context *ctdb;
+ struct timeval start_time;
+ int fd[2];
+ pid_t child;
+ struct timed_event *te;
+ struct fd_event *fde;
+ enum reclock_child_status status;
+};
+
+/* when we free the reclock state we must kill any child process.
+*/
+static int check_reclock_destructor(struct ctdb_check_reclock_state *state)
+{
+ struct ctdb_context *ctdb = state-ctdb;
+
+ ctdb_ctrl_report_recd_lock_latency(ctdb, CONTROL_TIMEOUT(),
timeval_elapsed(state-start_time));
+
+ if (state-fd[0] != -1) {
+ close(state-fd[0]);
+ state-fd[0] = -1;
+ }
+ if (state-fd[1] != -1) {
+ close(state-fd[1]);
+ state-fd[1] = -1;
+ }
+ kill(state-child, SIGKILL);
+ return 0;
+}
+
+/*
+ called if our check_reclock child times out. this would happen if
+ i/o to the reclock file blocks.
+ */
+static void ctdb_check_reclock_timeout(struct event_context *ev, struct
timed_event
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-6-gd9498aa
The branch, master has been updated
via d9498aaf1b931763eac561e8601fa6ef2db01742 (commit)
via ec47444a7ea33e6417bac472c863b43db5baeaae (commit)
via c0d681a73f01d3482c07aee62a33423ef18bac28 (commit)
via 4ceae35d7eb3b7e2e38f226e39853cff40d92464 (commit)
via 17e1cbb6d33614aaf5b6d8aaf4c6cf0dab84dfa6 (commit)
via dcc9ae69953ac03f539a4be8f52ee1c13cfe985d (commit)
from 4c23a9556536561f79fa90bc431fc62fcc4e3c90 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d9498aaf1b931763eac561e8601fa6ef2db01742
Merge: ec47444a7ea33e6417bac472c863b43db5baeaae
4c23a9556536561f79fa90bc431fc62fcc4e3c90
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jun 19 15:38:33 2009 +1000
Merge branch 'master' of ssh://git.samba.org/data/git/samba into
master-devel
commit ec47444a7ea33e6417bac472c863b43db5baeaae
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jun 19 15:29:42 2009 +1000
Allow developers access the the privilaged ldapi socket for the moment
This allows us some time to get the EXTERNAL bind working
commit c0d681a73f01d3482c07aee62a33423ef18bac28
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jun 19 14:43:51 2009 +1000
On our way to alpha9!
---
Summary of changes:
source4/VERSION |2 +-
source4/ldap_server/ldap_server.c | 16 +++-
2 files changed, 16 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/VERSION b/source4/VERSION
index 58f8cc1..92a4f00 100644
--- a/source4/VERSION
+++ b/source4/VERSION
@@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE=
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# - 4.0.0alpha1 #
-SAMBA_VERSION_ALPHA_RELEASE=8
+SAMBA_VERSION_ALPHA_RELEASE=9
# For 'pre' releases the version will be #
diff --git a/source4/ldap_server/ldap_server.c
b/source4/ldap_server/ldap_server.c
index 36e8de6..05a095d 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -455,6 +455,14 @@ static const struct stream_server_ops
ldap_stream_nonpriv_ops = {
.send_handler = ldapsrv_send,
};
+/* The feature removed behind an #ifdef until we can do it properly
+ * with an EXTERNAL bind. */
+
+#ifdef DEVELOPER
+#define WITH_LDAPI_PRIV_SOCKET
+#endif
+
+#ifdef WITH_LDAPI_PRIV_SOCKET
static void ldapsrv_accept_priv(struct stream_connection *c)
{
struct ldapsrv_service *ldapsrv_service = talloc_get_type_abort(
@@ -479,6 +487,7 @@ static const struct stream_server_ops ldap_stream_priv_ops
= {
.send_handler = ldapsrv_send,
};
+#endif
/*
add a socket address to the list of events, one event per port
*/
@@ -549,7 +558,10 @@ static NTSTATUS add_socket(struct tevent_context
*event_context,
*/
static void ldapsrv_task_init(struct task_server *task)
{
- char *ldapi_path, *priv_dir;
+ char *ldapi_path;
+#ifdef WITH_LDAPI_PRIV_SOCKET
+ char *priv_dir;
+#endif
struct ldapsrv_service *ldap_service;
NTSTATUS status;
const struct model_ops *model_ops;
@@ -619,6 +631,7 @@ static void ldapsrv_task_init(struct task_server *task)
ldapi_path, nt_errstr(status)));
}
+#ifdef WITH_LDAPI_PRIV_SOCKET
priv_dir = private_path(ldap_service, task-lp_ctx, ldap_priv);
if (priv_dir == NULL) {
goto failed;
@@ -649,6 +662,7 @@ static void ldapsrv_task_init(struct task_server *task)
ldapi_path, nt_errstr(status)));
}
+#endif
return;
failed:
--
Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.84-18-gfdf50f3
The branch, master has been updated
via fdf50f3e774e3980af81c0b6f4ff81d085f4f697 (commit)
from fc8a364eb095ec11ca01246a583bf1dc53510141 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit fdf50f3e774e3980af81c0b6f4ff81d085f4f697
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jun 19 15:55:13 2009 +1000
dont log an error if waitpid returns -1 and errno is ECHILD
---
Summary of changes:
server/ctdb_recoverd.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c
index 07f3f0d..3ab44a7 100644
--- a/server/ctdb_recoverd.c
+++ b/server/ctdb_recoverd.c
@@ -3094,7 +3094,9 @@ static void recd_sig_child_handler(struct event_context
*ev,
while (pid != 0) {
pid = waitpid(-1, status, WNOHANG);
if (pid == -1) {
- DEBUG(DEBUG_ERR, (__location__ waitpid() returned
error. errno:%d\n, errno));
+ if (errno != ECHILD) {
+ DEBUG(DEBUG_ERR, (__location__ waitpid()
returned error. errno:%s(%d)\n, strerror(errno),errno));
+ }
return;
}
if (pid 0) {
--
CTDB repository
