Re: [Samba] Security Policy.
I don't think that saying RTFM is the best approach... but anyway... I already readed the manual and found the information given there somewhat confusing at least for people who hasn't been working with samba for a long time. I edited my smb.conf file and added the following lines : [records] vfs objects = full_audit path = /shared/records full_audit:prefix = %u|%I|%T|%M|%m full_audit:success = open opendir read readdir rmdir sendfile write chmod chmod_acl chown connect disconnect mkdir full_audit:failure = all I restarted the smb service but there are no log files to be found at the path I gave, am I missing something ? Also I don't know in the following line full_audit:facility = LOCAL7 what LOCAL7 stands for. I tryed opening various files on the shares from another computer and nothing happened Thanks, A. Le 15-juil.-09 à 21:52, Linux Addict a écrit : On Wed, Jul 15, 2009 at 8:38 AM, Agustin Eguia agustin.eg...@gmail.com wrote: Already did that, What I don't get is where do I enable the module, is it in smb.conf ? I suppose it will run with the smbd daemon, and that I can define wich share will be logged... but I really don't know where to configure this. Thanks, A. Le 15-juil.-09 à 14:33, Volker Lendecke a écrit : On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote: Can you be more explicit about this module ? I searched the net but found only confusing things about it. Can it log every file, folder read/write access on the share ? This is mostly for security purposes. I found that this is a samba module, but how do I use it, set it up, etc. Yes, it can log every file operation that Samba ever does. man vfs_full_audit contains an example of its use. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Yes. Its on smb.conf and part of samba already. You dont need to enable anything. Use smb.conf directive vfs objects = . [records] path = /data/records vfs objects = full_audit full_audit:prefix = %u|%I full_audit:success = open opendir full_audit:failure = all full_audit:facility = LOCAL7 full_audit:priority = ALERT If you have any questions, please RTFM again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.2.12 - troubels with winbind
Hi, i'am fighting against winbind since Samba 3.2.5 1.) Sometimes all Windows Maschines hangs couse winbind hangs. 2.) getent passwd is sometimes damned slow Is that normal? Sometimes it needs 10 to 30 seconds to respond! Should i set winbind cache time higher than 300? mitarbeiter:/# wbinfo -a PRUEFUNG+u.can%the_top_secret_password plaintext password authentication succeeded challenge/response password authentication succeeded So now: - user logins for the first time: winbind hangs and saves it to the cache: the logon will take long. - the next login will go fast and winbind loads it from the cache - after 300 seconds, winbind fetches it again and refresh the cache: the login will takes long. so why is winbind not refreshing the cache in the background and loads allways the cache? Would makes things faster. Well how can i fix it, that winbind will not take so long? When i could not fix this issue, i can dig my own grave. Company Leaders does not make jokes :/ Would be nice if someone can help me :) have a nice - not so hot - day :-) -- Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.2.12 - troubels with winbind
Well, if i open the windows explorer and go to the network and klick on a trusted domain, it goes 5 times fast and than it needs 20 seconds to show the server and computers. Strange? -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 0x000006d1 while connecting with Windows Server 2008 to Samba server
Hi, I'm running a printserver with samba 3.4.0 with server side printer drivers. That works perfect with WXP-Clients. But everytime when I want to connect with a Windows Server 2008 or Windows Vista to my samba printer share I get the error 0x06d1 on the Windows machine (RPC_S_PROCNUM_OUT_OF_RANGE). I tried a lot of things, but nothing works. Any ideas? Thank you! Philipp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
Quoting Agustin Eguia agustin.eg...@gmail.com: I already readed the manual and found the information given there somewhat confusing at least for people who hasn't been working with samba for a long time. I edited my smb.conf file and added the following lines : [records] vfs objects = full_audit path = /shared/records full_audit:prefix = %u|%I|%T|%M|%m full_audit:success = open opendir read readdir rmdir sendfile write chmod chmod_acl chown connect disconnect mkdir full_audit:failure = all I restarted the smb service but there are no log files to be found at the path I gave, am I missing something ? Also I don't know in the following line full_audit:facility = LOCAL7 what LOCAL7 stands for. I tryed opening various files on the shares from another computer and nothing happened Samba requires a certain level of familiarity with Unix. You need to learn this stuff. In the case of the audit facility, while I haven't used it nor read up on it I recognize LOCAL7 as a syslog logging facility. Please go read man rsyslogd or man syslogd if you have an older system. You'll then need to edit the configuration file for your logging system, for example /etc/rsyslog.conf on my system, and indicate where you'd like the data logged. The log files are not stored at the path, the path is the directory you are exporting to other machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Password policy not being used
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have my samba deployment using an ldap backend. I made changes to the password policy that is stored in the sambadomain object but windows clients are not adhering to the policy. Do I need something in the smb.conf file that enables this or something else I am missing? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpfTa4ACgkQ5B+8XEnAvqvhPACeJfaetbwMCkp0MuhNxewiv0nT JMcAnRZaA8SIX4Grwf/9dxD56/t+yiLH =Xstt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 0x000006d1 while connecting with Windows Server 2008 to Samba server
On Thu, Jul 16, 2009 at 02:25:36PM +0200, Philipp Schubert wrote: Hi, I'm running a printserver with samba 3.4.0 with server side printer drivers. That works perfect with WXP-Clients. But everytime when I want to connect with a Windows Server 2008 or Windows Vista to my samba printer share I get the error 0x06d1 on the Windows machine (RPC_S_PROCNUM_OUT_OF_RANGE). I tried a lot of things, but nothing works. Any ideas? Can you log a bug in our bugzilla and attach a debug level 10 log from the smbd please ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.2.12 - troubels with winbind
On Thu, Jul 16, 2009 at 11:06:30AM +0200, Richard Lamboj wrote: Hi, i'am fighting against winbind since Samba 3.2.5 1.) Sometimes all Windows Maschines hangs couse winbind hangs. 2.) getent passwd is sometimes damned slow Is that normal? Sometimes it needs 10 to 30 seconds to respond! Should i set winbind cache time higher than 300? No this isn't normal.Is your DNS set up correctly ? These sound like DNS timeouts to me. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] require a getent passwd for winbind to work first time
On 07/16/2009 02:55 AM, Terry wrote: Hello, This may not be a problem but just want to check on something. I think I have a working config. I joined a domain successfully. However, after configuring ssh to use winbind, it does not work until I do a 'getent passwd'. It fails with this: Jul 15 14:53:46 omadvnfs01b sshd[25072]: Invalid user DOMAIN+user from 192.168.101.70 Jul 15 14:53:46 omadvnfs01b sshd[25073]: input_userauth_request: invalid user DOMAIN+user Is it just a timing issue? how about wbinfo result ? if it can return list of users from AD, try to remove idmap cache in /var/cache/samba/. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -)
Initially when I posted my access problems to print$ I was using the new registry based smb.conf I had my whole configuration in the registry. Now I move my printers and print$ back to the text based smb.conf and I copied the standard ubuntu debian [printers] and [print$] out of the original ubuntu package smb.conf and the only modification that I made was under the [print$] I change read only to no instead of yes. I can not write to the share. Simply renaming print$ section to print I can access the share and write to it with no problems. Any more suggestions? I need to get this resolved. Here is my smb.conf now: [global] # configbackend = registry include = registry [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = no guest ok = no Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba@lists.samba.org Sent: Wednesday, July 8, 2009 1:17:21 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) I did the suggested updates to app armor and this did not solve the problem. -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: Harry Jede walk2...@arcor.de Cc: samba@lists.samba.org Sent: Monday, July 6, 2009 10:05:14 AM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) Well, I did read the fine documentation and the documentation for this current situation it was no help. The reason I am using the registry for the smb.conf is memory savings, instance changes of smb.conf going into effect, and maybe future clustering. Also, I will state if using the samba registry method is not the proper way of doing things then why would the Samba developers add this feature into Samba? ;-) The reason I set the share with the current rights, is to troubleshoot the problem and prove that my file rights were correct. When I setup the print$ share the proper way it is still read-only even though I had writelist in effect. I currently have 1200 pc connect to a samba-ldap servers with the proper setup with no problems. I will investigate the app armor settings Thanks -Glenn - Original Message - From: Harry Jede walk2...@arcor.de To: samba@lists.samba.org Sent: Friday, July 3, 2009 3:22:19 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) On Thursday, 2. Juli 2009 wrote Glenn T. Arnold: I just made my print$ share settings to match my print drivers share which should work same This is what you believe. and I still cannot create folders or files on the print$ share, but I can all day on the print drivers share. Would someone explain why this is happening? Here is my share settings. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] path=/var/lib/samba/printers comment=Printer Drivers read only=no [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers] path=/var/lib/samba/printers read only=no Why are you doing this? I think you should reread the excellent Samba docu again. Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba samba@lists.samba.org Sent: Thursday, July 2, 2009 3:29:29 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-) Harry, You did give me an idea though. For grins I just set rights to 0777 even on the extended acls and I still get access denied when trying to upload print drivers. Here is the updated rights on /var/lib/samba/printers. You make your own changes. That's really fine. -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do
Glenn, Have you granted your user Print Operator privileges? net rpc rights grant user SePrintOperatorPrivilege -U root http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2601337 Dale Glenn T. Arnold wrote: Initially when I posted my access problems to print$ I was using the new registry based smb.conf I had my whole configuration in the registry. Now I move my printers and print$ back to the text based smb.conf and I copied the standard ubuntu debian [printers] and [print$] out of the original ubuntu package smb.conf and the only modification that I made was under the [print$] I change read only to no instead of yes. I can not write to the share. Simply renaming print$ section to print I can access the share and write to it with no problems. Any more suggestions? I need to get this resolved. Here is my smb.conf now: [global] # configbackend = registry include = registry [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = no guest ok = no Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba@lists.samba.org Sent: Wednesday, July 8, 2009 1:17:21 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) I did the suggested updates to app armor and this did not solve the problem. -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: Harry Jede walk2...@arcor.de Cc: samba@lists.samba.org Sent: Monday, July 6, 2009 10:05:14 AM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) Well, I did read the fine documentation and the documentation for this current situation it was no help. The reason I am using the registry for the smb.conf is memory savings, instance changes of smb.conf going into effect, and maybe future clustering. Also, I will state if using the samba registry method is not the proper way of doing things then why would the Samba developers add this feature into Samba? ;-) The reason I set the share with the current rights, is to troubleshoot the problem and prove that my file rights were correct. When I setup the print$ share the proper way it is still read-only even though I had writelist in effect. I currently have 1200 pc connect to a samba-ldap servers with the proper setup with no problems. I will investigate the app armor settings Thanks -Glenn - Original Message - From: Harry Jede walk2...@arcor.de To: samba@lists.samba.org Sent: Friday, July 3, 2009 3:22:19 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) On Thursday, 2. Juli 2009 wrote Glenn T. Arnold: I just made my print$ share settings to match my print drivers share which should work same This is what you believe. and I still cannot create folders or files on the print$ share, but I can all day on the print drivers share. Would someone explain why this is happening? Here is my share settings. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] path=/var/lib/samba/printers comment=Printer Drivers read only=no [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers] path=/var/lib/samba/printers read only=no Why are you doing this? I think you should reread the excellent Samba docu again. Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba samba@lists.samba.org Sent: Thursday, July 2, 2009 3:29:29 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-) Harry, You did give me an idea though. For grins I just set rights to 0777 even on the extended acls and I still get access denied when trying to upload print drivers. Here is the updated rights on /var/lib/samba/printers. You make your own changes. That's really fine. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do
Dale, Yes, I have the right assigned to my Domain Admins group and I just added it to my account just encase there is a group rights problem. Here is my user id rights. net rpc rights list Domain\myaccount Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Thanks for the suggestion! -Glenn - Original Message - From: Dale Schroeder d...@briannassaladdressing.com To: Glenn T. Arnold garn...@unrealsolutions.com Cc: Samba samba@lists.samba.org Sent: Thursday, July 16, 2009 3:58:08 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do Glenn, Have you granted your user Print Operator privileges? net rpc rights grant user SePrintOperatorPrivilege -U root http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2601337 Dale Glenn T. Arnold wrote: Initially when I posted my access problems to print$ I was using the new registry based smb.conf I had my whole configuration in the registry. Now I move my printers and print$ back to the text based smb.conf and I copied the standard ubuntu debian [printers] and [print$] out of the original ubuntu package smb.conf and the only modification that I made was under the [print$] I change read only to no instead of yes. I can not write to the share. Simply renaming print$ section to print I can access the share and write to it with no problems. Any more suggestions? I need to get this resolved. Here is my smb.conf now: [global] # configbackend = registry include = registry [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = no guest ok = no Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba@lists.samba.org Sent: Wednesday, July 8, 2009 1:17:21 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) I did the suggested updates to app armor and this did not solve the problem. -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: Harry Jede walk2...@arcor.de Cc: samba@lists.samba.org Sent: Monday, July 6, 2009 10:05:14 AM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) Well, I did read the fine documentation and the documentation for this current situation it was no help. The reason I am using the registry for the smb.conf is memory savings, instance changes of smb.conf going into effect, and maybe future clustering. Also, I will state if using the samba registry method is not the proper way of doing things then why would the Samba developers add this feature into Samba? ;-) The reason I set the share with the current rights, is to troubleshoot the problem and prove that my file rights were correct. When I setup the print$ share the proper way it is still read-only even though I had writelist in effect. I currently have 1200 pc connect to a samba-ldap servers with the proper setup with no problems. I will investigate the app armor settings Thanks -Glenn - Original Message - From: Harry Jede walk2...@arcor.de To: samba@lists.samba.org Sent: Friday, July 3, 2009 3:22:19 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) On Thursday, 2. Juli 2009 wrote Glenn T. Arnold: I just made my print$ share settings to match my print drivers share which should work same This is what you believe. and I still cannot create folders or files on the print$ share, but I can all day on the print drivers share. Would someone explain why this is happening? Here is my share settings. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] path=/var/lib/samba/printers comment=Printer Drivers read only=no [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers] path=/var/lib/samba/printers read only=no Why are you doing this? I think you should reread the excellent Samba docu again. Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba samba@lists.samba.org Sent: Thursday, July 2, 2009 3:29:29 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-) Harry, You did give me an idea though. For grins I just set rights to 0777 even on the extended acls and I still get access denied when trying to upload print drivers. Here is the updated rights on /var/lib/samba/printers. You make your own changes. That's really fine. -- To
Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -)
On Thu, Jul 16, 2009 at 03:11:00PM -0400, Glenn T. Arnold wrote: Initially when I posted my access problems to print$ I was using the new registry based smb.conf I had my whole configuration in the registry. Now I move my printers and print$ back to the text based smb.conf and I copied the standard ubuntu debian [printers] and [print$] out of the original ubuntu package smb.conf and the only modification that I made was under the [print$] I change read only to no instead of yes. I can not write to the share. Simply renaming print$ section to print I can access the share and write to it with no problems. Any more suggestions? I need to get this resolved. Here is my smb.conf now: Please post a debug level 10 log of the client trying to write. This should make things clearer. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Slow perfomance comparing Win NT 4.0 server
Hello! I've replaced the old Windows NT 4.0 server with new modern (Core 2 DUO 2.4Ghz with 1GB RAM, SATA drives in linux software RAID 1 under CentOS 5, Samba 3.3.0-38) But client started to complain that the speed was slowed down. I made some tests with old and new servers and see that working with files is really slow. Office and pdf documents opening sometimes up to minute comparing 1-2 second from old server. Please point me to the right way to catch the problem hdparm shows good numbers: /dev/md0: Timing buffered disk reads: 182 MB in 3.01 seconds = 60.48 MB/sec /dev/md0: Timing cached reads: 4528 MB in 2.00 seconds = 2265.41 MB/sec smb.conf: #=== Global Settings = [global] workgroup = CORP server string = MASTER Fileserver netbios name = master ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # --- Logging Options - # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate max log size = 250 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # --- Domain Controller Options # security = user passdb backend = tdbsam domain master = yes domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used logon script = %u.bat ; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path logon path = add user script = /usr/sbin/useradd %u -n -g users add group script = /usr/sbin/groupadd %g add machine script = /usr/sbin/useradd -n -c Workstation (%u) -M -d /nohome -s /bin/false %u delete user script = /usr/sbin/userdel %u delete user from group script = /usr/sbin/userdel %u %g delete group script = /usr/sbin/groupdel %g # --- Browser Control Options local master = yes os level = 65 preferred master = yes #- Name Resolution --- wins support = yes #; wins server = 192.168.0.10 #; wins proxy = yes #; dns proxy = yes # --- Printing Options - load printers = yes cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --- Filesystem Options --- # ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes valid users = %S valid users = MYDOMAIN\%S # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes [Documents] path=/home/shares/Documents comment=Documents writeable=yes browseable=yes create mode=0660 directory mode=0770 [Invoices] path=/home/shares/Invoices comment=Invoices writeable=yes browseable=yes create mode=0660 directory mode=0770 valid users = igor,larisa,sergei1 [Shared] path=/home/shares/Shared comment=Shared Files writeable=yes browseable=yes create mode=0660 directory mode=0770 [Source] path=/home/shares/Source comment=Software source writeable=yes browseable=yes create mode=0660 directory mode=0770 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow perfomance comparing Win NT 4.0 server
On Fri, Jul 17, 2009 at 12:06:52AM +0300, Georgy Goshin wrote: Hello! I've replaced the old Windows NT 4.0 server with new modern (Core 2 DUO 2.4Ghz with 1GB RAM, SATA drives in linux software RAID 1 under CentOS 5, Samba 3.3.0-38) But client started to complain that the speed was slowed down. I made some tests with old and new servers and see that working with files is really slow. Office and pdf documents opening sometimes up to minute comparing 1-2 second from old server. Please point me to the right way to catch the problem hdparm shows good numbers: /dev/md0: Timing buffered disk reads: 182 MB in 3.01 seconds = 60.48 MB/sec /dev/md0: Timing cached reads: 4528 MB in 2.00 seconds = 2265.41 MB/sec This is not needed (and may be harmful) socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 But this won't make a difference between 1-2 seconds and one minute. Is it slow to initially connect to the share ? If so I'd suspect DNS lookups. If it's slow accessing the share but fast to connect I'd get a wireshark capture trace and looks for timestamp gaps in the packet stream. That should give a clue. You can do the same with a timestamped smbd log at debug level 10 - look for suspicious gaps in activity, as there's some waiting problem that's being triggered here. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -)
On Thu, Jul 16, 2009 at 05:31:21PM -0400, Glenn T. Arnold wrote: Here is the level 10 log files I sent the first one as attachments which look like did not make it through. I don't see any attempts to open the print$ share in these logs. I do see an error : netlogon_creds_server_check: challenge : 14D0450551344C93 calculated: BAB7D8066C1D3129 netlogon_creds_server_check: credentials check failed. _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client WIN7 machine account WIN7$ Is this a Win7 machine ? 3.3.2 doesn't have the fixes for Win7 netlogon credentials in it (hardly suprising as Win7 wasn't even a twinkle in Microsoft's release schedule when 3.3.2 was shipped :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net join problems
My last install of Samba was 3.2.2 on Solaris 10 Sparc platform. Had no problems. I'm now trying to install 3.4.0 on Solaris 10 x86 platform. With 3.2.2 I would join our Windows domain as such: net join -S servername -w DOMAIN_NAME -U username All worked fine. Now with 3.4.0 I'm getting usage error trying to do the same thing. Here is my config: # ./testparm Load smb config files from /opt/samba-3.4.0/lib/smb.conf Processing section [homes] Processing section [students] Processing section [student_orgs] Processing section [homes] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = MY_DOM server string = Samba Server security = DOMAIN password level = 8 lanman auth = Yes client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m max log size = 50 deadtime = 10 max open files = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No preferred master = Auto dns proxy = No wins server = xxx.xxx.xxx.xxx kernel oplocks = No lock spin time = 3 remote announce = xxx.xxx.xxx.xxx acl group control = Yes oplocks = No strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 inherit permissions = Yes inherit owner = Yes level2 oplocks = No [students] comment = Students home dirs path = /data/students read only = No create mask = 0770 directory mask = 02770 inherit owner = Yes level2 oplocks = No [student_orgs] comment = Student Orgs space path = /data/student_orgs read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes level2 oplocks = No Has something changed with net join? -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net join problems
try typing net help. From a samba 3.2.8 system the following partial output shows Valid targets: choose one (none defaults to localhost) -S or --server=server server name -I or --ipaddress=ipaddraddress of target server -w or --workgroup=wgtarget workgroup or domain CJ Keist wrote: My last install of Samba was 3.2.2 on Solaris 10 Sparc platform. Had no problems. I'm now trying to install 3.4.0 on Solaris 10 x86 platform. With 3.2.2 I would join our Windows domain as such: net join -S servername -w DOMAIN_NAME -U username All worked fine. Now with 3.4.0 I'm getting usage error trying to do the same thing. Here is my config: # ./testparm Load smb config files from /opt/samba-3.4.0/lib/smb.conf Processing section [homes] Processing section [students] Processing section [student_orgs] Processing section [homes] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = MY_DOM server string = Samba Server security = DOMAIN password level = 8 lanman auth = Yes client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m max log size = 50 deadtime = 10 max open files = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No preferred master = Auto dns proxy = No wins server = xxx.xxx.xxx.xxx kernel oplocks = No lock spin time = 3 remote announce = xxx.xxx.xxx.xxx acl group control = Yes oplocks = No strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 inherit permissions = Yes inherit owner = Yes level2 oplocks = No [students] comment = Students home dirs path = /data/students read only = No create mask = 0770 directory mask = 02770 inherit owner = Yes level2 oplocks = No [student_orgs] comment = Student Orgs space path = /data/student_orgs read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes level2 oplocks = No Has something changed with net join? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net join problems
John, Thanks that was it!! John H Terpstra - Samba Team wrote: CJ Keist wrote: My last install of Samba was 3.2.2 on Solaris 10 Sparc platform. Had no problems. I'm now trying to install 3.4.0 on Solaris 10 x86 platform. With 3.2.2 I would join our Windows domain as such: net join -S servername -w DOMAIN_NAME -U username All worked fine. Now with 3.4.0 I'm getting usage error trying to do the same thing. Yes - a small change. Just use: net rpc join -S servername -W domain_name -U username Note: The change is the specification of the join method rpc. - John T. -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permission problem with mac os x client
Hi all, Server: Debian 5.0 with samba 3.2.5 Client: Current Mac OS X Wanted: files with 0760, directories with 2770 Config: create mask = 760 directory mask = 770 force create mode = 760 force directory mode = 2770 Problem: files created with 644 or 764 or 600 directories created with 2700 or 0770 or 0700 My setup works just perfect with Windows Clients. Anyone knows why this doesnt work with mac os x? Mit freundlichen Grüßen Udo Müller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission problem with mac os x client
2009/7/16 Udo Mueller deb...@cs-ol.de: Hi all, Server: Debian 5.0 with samba 3.2.5 Client: Current Mac OS X Wanted: files with 0760, directories with 2770 Config: create mask = 760 directory mask = 770 force create mode = 760 force directory mode = 2770 Problem: files created with 644 or 764 or 600 directories created with 2700 or 0770 or 0700 My setup works just perfect with Windows Clients. Anyone knows why this doesnt work with mac os x? try unix extensions = no -- James Peach | jor...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Deploying apps via policy
Can I deploy software/applications through group or domain policy with samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help with configuration of winbind and idmap backend = ad
Hello all, I have an interesting situation that I'm trying to get working. At this point, I'm not sure if it's possible to do what I want with my configuration. I will start by explaining my situation. I have a primarily windows network in my organization. I also have quite a few UNIX systems as build servers. All these systems share 1 file server (currently a Netapp, but I am moving to a Linux system with Samba/NFS). All users on my network have AD accounts. Only about 25% of those users also have UNIX accounts. They have the same username. I installed SFU on our domain controllers and ran a script against our NIS and automatically populated all Windows users with UNIX accounts with the msSFU30* information from NIS. Now the problem I'm having. I can start winbind, but getent passwd won't reveal any information from Active Directory. I have set the winbind and idmap debug level to 10, and I see entries like this in winbind.log: [2009/07/16 16:01:15, 10] winbindd/idmap_util.c:idmap_sid_to_uid(104) idmap_sid_to_uid: sid = [S-1-5-21-3961909960-354130599-1050854057-3065] [2009/07/16 16:01:15, 10] winbindd/idmap_cache.c:idmap_cache_map_sid(349) Cache entry with key = IDMAP/SID/S-1-5-21-3961909960-354130599-1050854057-3065 couldn't be found [2009/07/16 16:01:15, 10] winbindd/idmap.c:idmap_backends_sids_to_unixids(1191) Query backends to map sids-ids [2009/07/16 16:01:15, 10] winbindd/idmap.c:idmap_backends_sids_to_unixids(1216) SID S-1-5-21-3961909960-354130599-1050854057-3065 is being handled by BLUE [2009/07/16 16:01:15, 10] winbindd/idmap.c:idmap_backends_sids_to_unixids(1237) Query ids from domain BLUE [2009/07/16 16:01:15, 7] winbindd/idmap_ad.c:ad_idmap_cached_connection_interna l(76) Current tickets expire in 36077 seconds (at 1247817752, time is now 1247781675 ) [2009/07/16 16:01:15, 10] winbindd/idmap_ad.c:idmap_ad_sids_to_unixids(544) Filter: [((|(sAMAccountType=805306368)(sAMAccountType=805306369)(sAMAccountTy pe=805306370)(sAMAccountType=268435456)(sAMAccountType=536870912))(|(objectSid=\ 01\05\00\00\00\00\00\05\15\00\00\00\C8\F2\25\EC\A7\9A\1B\15\A9\C2\A2\3E\F9\0B\00 \00)))] [2009/07/16 16:01:15, 10] winbindd/idmap_ad.c:idmap_ad_sids_to_unixids(632) Mapped S-1-5-21-3961909960-354130599-1050854057-3065 - 40256 (1) [2009/07/16 16:01:15, 10] winbindd/idmap_cache.c:idmap_cache_set(150) Adding cache entry with key = IDMAP/SID/S-1-5-21-3961909960-354130599-10508540 57-3065; value = 1247782575/IDMAP/UID/40256 and timeout = Thu Jul 16 16:16:15 2009 (900 seconds ahead) [2009/07/16 16:01:15, 10] winbindd/idmap_cache.c:idmap_cache_set(172) Adding cache entry with key = IDMAP/UID/40256; value = 1247782575/IDMAP/SID/ S-1-5-21-3961909960-354130599-1050854057-3065 and timeout = Thu Jul 16 16:16:15 2009 (900 seconds ahead) [2009/07/16 16:01:15, 10] winbindd/idmap_util.c:idmap_sid_to_gid(144) idmap_sid_to_gid: sid = [S-1-5-21-3961909960-354130599-1050854057-513] [2009/07/16 16:01:15, 10] winbindd/idmap_util.c:idmap_sid_to_gid(163) sid [S-1-5-21-3961909960-354130599-1050854057-513] not mapped to a gid [2,2] [2009/07/16 16:01:15, 1] winbindd/winbindd_user.c:winbindd_fill_pwent(92) error getting group id for sid S-1-5-21-3961909960-354130599-1050854057-513 [2009/07/16 16:01:15, 1] winbindd/winbindd_user.c:winbindd_getpwent(766) could not lookup domain user truth I have a tcpdump, and it shows that the query it's performing is returning the msSFU30GidNumber attribute (value 11). I'm unsure why it's unable to locate my group ID. I also have created a group with that same ID in Active Directory. The configuration I'm using to get the above results is as follows: idmap domains = default BLUE idmap config BLUE:backend = ad idmap config BLUE:default = yes idmap config BLUE:schema_mode = sfu idmap config default:backend = rid idmap config default:base_rid = 30 idmap uid = 10-20 idmap gid = 10-20 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /mnt/rw_rd_variable_data/homes/home/%U template shell = /sbin/nologin winbind use default domain = yes The group name for the SID it's attempting to look up above, is BLUE\Domain Users 2. The behavior I'm looking for is: I would like windows users that create files on my samba shares to have a matching NIS userid/groupid if they have a UNIX account. Otherwise, I would like the Samba server to use the rid method to assign this user a UID/GID (This way, it's the same on my other 2 file servers as well). If I'm going about this all wrong, I would appreciate a pointer in the right direction. This system is running samba 3.2.10 on a 64-bit Openfiler distribution. Thanks for any help you can provide, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
dials
What Are The Effects Of Pheromones Onn uHmans?.www[dot]me15[dot]net PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: [SCM] Samba Shared Repository - branch master updated- release-4-0-0alpha8-349-g5334b79
Steven Danneman schrieb: Yes, please make sure you use torture_comment() instead of printf() and all torture_assert* functions instead of just returning false in a test. Then make test reports them as failures instead of errors and it's easy to mark them as known failures. This makes sure that the server doesn't crash when the test runs against it. metze Excellent, thanks Metze. Do we have any kind of document that describes best practices for writing torture tests? If not I can start a wiki page. That would be great. Thus, far I have mostly copied style from other tests, but obviously there is a mix of several different approaches added over the years. Yes, there's a lot of old stuff there: I started to clean it up for some tests... see 4ab243bcabefdcc044c6d517bb4d0e628227d5ac. In the end I'd like to have a #define printf __donnot_use_printf__ in lib/torture/torture.h, but he have a long way to go... metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-445-g1f12dc4
The branch, master has been updated
via 1f12dc4409cc4964e708c29906fad1f81086ec01 (commit)
from c901f57ce31cb6deaf2897e12b3b14a25fe9e12f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 1f12dc4409cc4964e708c29906fad1f81086ec01
Author: Stefan Metzmacher me...@samba.org
Date: Thu Jul 16 08:20:17 2009 +0200
tsocket: rename sa_len = sa_socklen, because sa_len is a macro on some
platforms
metze
---
Summary of changes:
lib/tsocket/tsocket_bsd.c | 42 +-
1 files changed, 21 insertions(+), 21 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c
index 78bca4b..8f1ccbe 100644
--- a/lib/tsocket/tsocket_bsd.c
+++ b/lib/tsocket/tsocket_bsd.c
@@ -203,7 +203,7 @@ struct tsocket_address_bsd {
static int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
struct sockaddr *sa,
- socklen_t sa_len,
+ socklen_t sa_socklen,
struct tsocket_address **_addr,
const char *location)
{
@@ -212,20 +212,20 @@ static int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX
*mem_ctx,
switch (sa-sa_family) {
case AF_UNIX:
- if (sa_len sizeof(struct sockaddr_un)) {
+ if (sa_socklen sizeof(struct sockaddr_un)) {
errno = EINVAL;
return -1;
}
break;
case AF_INET:
- if (sa_len sizeof(struct sockaddr_in)) {
+ if (sa_socklen sizeof(struct sockaddr_in)) {
errno = EINVAL;
return -1;
}
break;
#ifdef HAVE_IPV6
case AF_INET6:
- if (sa_len sizeof(struct sockaddr_in6)) {
+ if (sa_socklen sizeof(struct sockaddr_in6)) {
errno = EINVAL;
return -1;
}
@@ -236,7 +236,7 @@ static int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX
*mem_ctx,
return -1;
}
- if (sa_len sizeof(struct sockaddr_storage)) {
+ if (sa_socklen sizeof(struct sockaddr_storage)) {
errno = EINVAL;
return -1;
}
@@ -253,7 +253,7 @@ static int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX
*mem_ctx,
ZERO_STRUCTP(bsda);
- memcpy(bsda-u.ss, sa, sa_len);
+ memcpy(bsda-u.ss, sa, sa_socklen);
*_addr = addr;
return 0;
@@ -773,7 +773,7 @@ static void tdgram_bsd_recvfrom_handler(void *private_data)
struct tsocket_address_bsd *bsda;
ssize_t ret;
struct sockaddr *sa = NULL;
- socklen_t sa_len = 0;
+ socklen_t sa_socklen = 0;
int err;
bool retry;
@@ -809,16 +809,16 @@ static void tdgram_bsd_recvfrom_handler(void
*private_data)
ZERO_STRUCTP(bsda);
sa = bsda-u.sa;
- sa_len = sizeof(bsda-u.ss);
+ sa_socklen = sizeof(bsda-u.ss);
/*
* for unix sockets we can't use the size of sockaddr_storage
* we would get EINVAL
*/
if (bsda-u.sa.sa_family == AF_UNIX) {
- sa_len = sizeof(bsda-u.un);
+ sa_socklen = sizeof(bsda-u.un);
}
- ret = recvfrom(bsds-fd, state-buf, state-len, 0, sa, sa_len);
+ ret = recvfrom(bsds-fd, state-buf, state-len, 0, sa, sa_socklen);
err = tsocket_bsd_error_from_errno(ret, errno, retry);
if (retry) {
/* retry later */
@@ -946,7 +946,7 @@ static void tdgram_bsd_sendto_handler(void *private_data)
struct tdgram_context *dgram = state-dgram;
struct tdgram_bsd *bsds = tdgram_context_data(dgram, struct tdgram_bsd);
struct sockaddr *sa = NULL;
- socklen_t sa_len = 0;
+ socklen_t sa_socklen = 0;
ssize_t ret;
int err;
bool retry;
@@ -957,17 +957,17 @@ static void tdgram_bsd_sendto_handler(void *private_data)
struct tsocket_address_bsd);
sa = bsda-u.sa;
- sa_len = sizeof(bsda-u.ss);
+ sa_socklen = sizeof(bsda-u.ss);
/*
* for unix sockets we can't use the size of sockaddr_storage
* we would get EINVAL
*/
if (bsda-u.sa.sa_family == AF_UNIX) {
- sa_len = sizeof(bsda-u.un);
+ sa_socklen = sizeof(bsda-u.un);
}
}
- ret = sendto(bsds-fd, state-buf, state-len, 0, sa, sa_len);
+ ret = sendto(bsds-fd, state-buf, state-len, 0, sa,
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-446-g3fa212a
The branch, master has been updated
via 3fa212af61cd334daf2b0ac6bb4c85e1db15230a (commit)
from 1f12dc4409cc4964e708c29906fad1f81086ec01 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3fa212af61cd334daf2b0ac6bb4c85e1db15230a
Author: Stefan Metzmacher me...@samba.org
Date: Thu Jul 16 08:51:51 2009 +0200
s4:heimdal_build: try to fix the build on Solaris
The problem seems to be #define flock rk_flock
heimdal/../heimdal_build/replace.c: In function `rk_flock':
heimdal/../heimdal_build/replace.c:64: error: storage size of 'lock' isn't
known
heimdal/../heimdal_build/replace.c:64: warning: unused variable `lock'
metze
---
Summary of changes:
source4/heimdal_build/replace.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/heimdal_build/replace.c b/source4/heimdal_build/replace.c
index 6842b11..8c3def7 100644
--- a/source4/heimdal_build/replace.c
+++ b/source4/heimdal_build/replace.c
@@ -61,6 +61,7 @@
#ifndef HAVE_FLOCK
int flock(int fd, int op)
{
+#undef flock
struct flock lock;
lock.l_whence = 0;
lock.l_start = 0;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-451-g8cac8fd
The branch, master has been updated
via 8cac8fd5d69f332db9e50865395d11e36639904f (commit)
via 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4 (commit)
via 3c9b26276083002124674678ac757e859fb6b20e (commit)
via 47eb061b5345cccf322c165f510f54c04481d4bc (commit)
via 29c3a277e10e9c87c6965c4c6fb26a01b1277c57 (commit)
from 3fa212af61cd334daf2b0ac6bb4c85e1db15230a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8cac8fd5d69f332db9e50865395d11e36639904f
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 11:13:26 2009 +0200
s4-smbtorture: use torture_comment in RPC-LSA tests.
Guenther
commit 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 11:07:14 2009 +0200
fix LSA-PRIVILEGES
commit 3c9b26276083002124674678ac757e859fb6b20e
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 11:07:06 2009 +0200
fix LSA-TRUSTED-DOMAINS
commit 47eb061b5345cccf322c165f510f54c04481d4bc
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 02:10:23 2009 +0200
s4-smbtorture: move all privilege tests to RPC-LSA-PRIVILEGES.
Guenther
commit 29c3a277e10e9c87c6965c4c6fb26a01b1277c57
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 00:56:17 2009 +0200
s4-smbtorture: move all trusted domain tests to RPC-LSA-TRUSTED-DOMAINS.
Guenther
---
Summary of changes:
source4/torture/rpc/lsa.c | 530 ++---
source4/torture/rpc/rpc.c |2 +
2 files changed, 309 insertions(+), 223 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 7d03e7e..7963092 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -47,7 +47,7 @@ static bool test_OpenPolicy(struct dcerpc_pipe *p,
NTSTATUS status;
uint16_t system_name = '\\';
- printf(\nTesting OpenPolicy\n);
+ torture_comment(tctx, \nTesting OpenPolicy\n);
qos.len = 0;
qos.impersonation_level = 2;
@@ -70,10 +70,10 @@ static bool test_OpenPolicy(struct dcerpc_pipe *p,
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
NT_STATUS_EQUAL(status,
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
- printf(not considering %s to be an error\n,
nt_errstr(status));
+ torture_comment(tctx, not considering %s to be an
error\n, nt_errstr(status));
return true;
}
- printf(OpenPolicy failed - %s\n, nt_errstr(status));
+ torture_comment(tctx, OpenPolicy failed - %s\n,
nt_errstr(status));
return false;
}
@@ -90,7 +90,7 @@ bool test_lsa_OpenPolicy2(struct dcerpc_pipe *p,
struct lsa_OpenPolicy2 r;
NTSTATUS status;
- printf(\nTesting OpenPolicy2\n);
+ torture_comment(tctx, \nTesting OpenPolicy2\n);
*handle = talloc(tctx, struct policy_handle);
if (!*handle) {
@@ -118,12 +118,12 @@ bool test_lsa_OpenPolicy2(struct dcerpc_pipe *p,
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
NT_STATUS_EQUAL(status,
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
- printf(not considering %s to be an error\n,
nt_errstr(status));
+ torture_comment(tctx, not considering %s to be an
error\n, nt_errstr(status));
talloc_free(*handle);
*handle = NULL;
return true;
}
- printf(OpenPolicy2 failed - %s\n, nt_errstr(status));
+ torture_comment(tctx, OpenPolicy2 failed - %s\n,
nt_errstr(status));
return false;
}
@@ -161,7 +161,7 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
NTSTATUS status;
int i;
- printf(\nTesting LookupNames with %d names\n, tnames-count);
+ torture_comment(tctx, \nTesting LookupNames with %d names\n,
tnames-count);
sids.count = 0;
sids.sids = NULL;
@@ -187,30 +187,30 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
for (i=0;i tnames-count;i++) {
if (i count sids.sids[i].sid_type ==
SID_NAME_UNKNOWN) {
- printf(LookupName of %s was unmapped\n,
+ torture_comment(tctx, LookupName of %s was
unmapped\n,
tnames-names[i].name.string);
} else if (i =count) {
- printf(LookupName of %s failed to return
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-453-g39684d2
The branch, master has been updated via 39684d2cbe1c8c69dc9ca5c6e05861e24091bb83 (commit) via c9fe3256d87f4fcd119dc1a3c784f2196b4ad2fd (commit) from 8cac8fd5d69f332db9e50865395d11e36639904f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 39684d2cbe1c8c69dc9ca5c6e05861e24091bb83 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 16 09:06:42 2009 +0200 tevent: try to fix the build on QNX qnx18 6.4.1 it doesn't have SA_RESTART defined metze commit c9fe3256d87f4fcd119dc1a3c784f2196b4ad2fd Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 16 10:51:34 2009 +0200 s4:heimdal_build: tell heimdal we have inet_aton() This should fix problems on Solaris. metze --- Summary of changes: lib/tevent/testsuite.c| 12 +++- source4/heimdal_build/roken.h |4 2 files changed, 15 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/testsuite.c b/lib/tevent/testsuite.c index d964fb3..f9aca91 100644 --- a/lib/tevent/testsuite.c +++ b/lib/tevent/testsuite.c @@ -66,7 +66,13 @@ static bool test_event_context(struct torture_context *test, const char *backend = (const char *)test_data; int alarm_count=0, info_count=0; struct tevent_fd *fde; - struct signal_event *se1, *se2, *se3; +#ifdef SA_RESTART + struct tevent_signal *se1 = NULL; +#endif + struct tevent_signal *se2 = NULL; +#ifdef SA_SIGINFO + struct tevent_signal *se3 = NULL; +#endif int finished=0; struct timeval t; char c = 0; @@ -92,7 +98,9 @@ static bool test_event_context(struct torture_context *test, event_add_timed(ev_ctx, ev_ctx, timeval_current_ofs(2,0), finished_handler, finished); +#ifdef SA_RESTART se1 = event_add_signal(ev_ctx, ev_ctx, SIGALRM, SA_RESTART, count_handler, alarm_count); +#endif se2 = event_add_signal(ev_ctx, ev_ctx, SIGALRM, SA_RESETHAND, count_handler, alarm_count); #ifdef SA_SIGINFO se3 = event_add_signal(ev_ctx, ev_ctx, SIGUSR1, SA_SIGINFO, count_handler, info_count); @@ -120,7 +128,9 @@ static bool test_event_context(struct torture_context *test, torture_comment(test, Got %.2f pipe events/sec\n, fde_count/timeval_elapsed(t)); +#ifdef SA_RESTART talloc_free(se1); +#endif torture_assert_int_equal(test, alarm_count, 1+fde_count, alarm count mismatch); diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index decce03..87060cf 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -97,6 +97,10 @@ #define HAVE_INNETGR #endif +#ifndef HAVE_INET_ATON +#define HAVE_INET_ATON +#endif + /* we lie about having pidfile() so that NetBSD5 can compile. Nothing in the parts of heimdal we use actually uses pidfile(), and we don't use it in Samba, so this works, although its ugly */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-454-g98aba45
The branch, master has been updated via 98aba452fbddb9f05250a7e4dc8979990759f671 (commit) from 39684d2cbe1c8c69dc9ca5c6e05861e24091bb83 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 98aba452fbddb9f05250a7e4dc8979990759f671 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 16 12:08:56 2009 +0200 s4:heimdal_build: try to fix the build on systems without ifaddrs.h metze --- Summary of changes: source4/heimdal_build/ifaddrs.hin |1 + source4/heimdal_build/internal.m4 |9 + 2 files changed, 10 insertions(+), 0 deletions(-) create mode 100644 source4/heimdal_build/ifaddrs.hin Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/ifaddrs.hin b/source4/heimdal_build/ifaddrs.hin new file mode 100644 index 000..a50b033 --- /dev/null +++ b/source4/heimdal_build/ifaddrs.hin @@ -0,0 +1 @@ +#include system/network.h diff --git a/source4/heimdal_build/internal.m4 b/source4/heimdal_build/internal.m4 index 5c8d78e..e7e7ae1 100644 --- a/source4/heimdal_build/internal.m4 +++ b/source4/heimdal_build/internal.m4 @@ -46,6 +46,15 @@ dnl declarations will be correct). Phew! AC_CHECK_HEADERS([err.h], [], [ cp heimdal/lib/roken/err.hin heimdal_build/err.h ]) +dnl Not all systems have ifaddrs.h, so we provide a replacement. Heimdal +dnl unconditionally #includes ifaddrs.h, so we need to create an ifaddrs.h, +dnl but we can't just have a static one because we don't want to use +dnl it on systems that have a real ifaddrs.h. If the system has a real +dnl ifaddrs.h. We don't use heimdal's lib/roken/ifaddrs.hin because +dnl our libreplace would conflict with it. +AC_CHECK_HEADERS([ifaddrs.h], [], + [ cp heimdal_build/ifaddrs.hin heimdal_build/ifaddrs.h ]) + AC_CHECK_HEADERS([ \ crypt.h \ curses.h\ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-455-g4a754d0
The branch, master has been updated via 4a754d029b0eb229b23980aa4a80dae2b485a302 (commit) from 98aba452fbddb9f05250a7e4dc8979990759f671 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4a754d029b0eb229b23980aa4a80dae2b485a302 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 16 12:21:29 2009 +0200 s4:heimdal_build: predefine GSSAPI_DEPRECATED depending on the compiler version Otherwise heimdal/lib/gssapi/gssapi/gssapi.h will just define it to __attribute__ ((deprecated)) which is not supported by all compilers we care about. This should fix the build on Tru64 metze --- Summary of changes: source4/heimdal_build/krb5-types.h |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/krb5-types.h b/source4/heimdal_build/krb5-types.h index cdc5a3c..94973d7 100644 --- a/source4/heimdal_build/krb5-types.h +++ b/source4/heimdal_build/krb5-types.h @@ -10,4 +10,12 @@ typedef socklen_t krb5_socklen_t; typedef ssize_t krb5_ssize_t; +#ifndef GSSAPI_DEPRECATED +#if (__GNUC__ = 3) (__GNUC_MINOR__ = 1 ) +#define GSSAPI_DEPRECATED __attribute__ ((deprecated)) +#else +#define GSSAPI_DEPRECATED +#endif +#endif + #endif /* __krb5_types_h__ */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-456-g74c405d
The branch, master has been updated
via 74c405db406d0971ba4fe2abae4ebd950d27ab1c (commit)
from 4a754d029b0eb229b23980aa4a80dae2b485a302 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 74c405db406d0971ba4fe2abae4ebd950d27ab1c
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 16 09:54:14 2009 -0700
Tidyup prompted by #6554 - Wrong deallocation in sam_account_ok.
Jeremy.
---
Summary of changes:
source3/auth/auth_sam.c |5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index a2634fe..26b45e4 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -226,10 +226,10 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
if (*workstation_list) {
bool invalid_ws = True;
- char *tok;
+ char *tok = NULL;
const char *s = workstation_list;
+ char *machine_name = talloc_asprintf(mem_ctx, %s$,
user_info-wksta_name);
- const char *machine_name = talloc_asprintf(mem_ctx, %s$,
user_info-wksta_name);
if (machine_name == NULL)
return NT_STATUS_NO_MEMORY;
@@ -251,6 +251,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
TALLOC_FREE(tok);
}
TALLOC_FREE(tok);
+ TALLOC_FREE(machine_name);
if (invalid_ws)
return NT_STATUS_INVALID_WORKSTATION;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-462-g2e77deb
The branch, master has been updated
via 2e77debc99299cd0defd5c00c6b618dc753905c8 (commit)
via 106d43a1ddf1a9ad9369bde17acede2a6071fb6c (commit)
via 8d68d04258d8a6e090d2eb27476532d63f741231 (commit)
via 4faef0da762fc1689ae9a3bc657fc6b5e77beb94 (commit)
via 35e45fb841e0c36ec2f8b2a8d7216700cc9af691 (commit)
via 3b899af422075949f3c2f0d14787c7e11a3b16df (commit)
from 74c405db406d0971ba4fe2abae4ebd950d27ab1c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2e77debc99299cd0defd5c00c6b618dc753905c8
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 18:39:06 2009 +0200
Revert fix LSA-PRIVILEGES
This reverts commit 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4.
commit 106d43a1ddf1a9ad9369bde17acede2a6071fb6c
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 18:38:55 2009 +0200
Revert fix LSA-TRUSTED-DOMAINS
This reverts commit 3c9b26276083002124674678ac757e859fb6b20e.
commit 8d68d04258d8a6e090d2eb27476532d63f741231
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 18:38:25 2009 +0200
s4-smbtorture: use secinfo flags instead of numbers in lsa test.
Guenther
commit 4faef0da762fc1689ae9a3bc657fc6b5e77beb94
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 18:37:19 2009 +0200
s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity().
Guenther
commit 35e45fb841e0c36ec2f8b2a8d7216700cc9af691
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 18:32:53 2009 +0200
s3-lsa: implement _lsa_LookupPrivName().
Guenther
commit 3b899af422075949f3c2f0d14787c7e11a3b16df
Author: Günther Deschner g...@samba.org
Date: Thu Jul 16 02:25:43 2009 +0200
s3-lsa: implement _lsa_EnumAccountsWithUserRight().
Guenther
---
Summary of changes:
source3/rpc_server/srv_lsa_nt.c | 130 +++
source4/torture/rpc/lsa.c | 14 ++--
2 files changed, 112 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index c62991e..1a6d3ba 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1917,6 +1917,51 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct
*p,
}
/***
+ _lsa_LookupPrivName
+ ***/
+
+NTSTATUS _lsa_LookupPrivName(pipes_struct *p,
+struct lsa_LookupPrivName *r)
+{
+ struct lsa_info *info = NULL;
+ const char *name;
+ struct lsa_StringLarge *lsa_name;
+
+ /* find the connection policy handle. */
+ if (!find_policy_by_hnd(p, r-in.handle, (void **)(void *)info)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (info-type != LSA_HANDLE_POLICY_TYPE) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (!(info-access LSA_POLICY_VIEW_LOCAL_INFORMATION)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ name = luid_to_privilege_name((LUID *)r-in.luid);
+ if (!name) {
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
+ }
+
+ lsa_name = TALLOC_ZERO_P(p-mem_ctx, struct lsa_StringLarge);
+ if (!lsa_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ lsa_name-string = talloc_strdup(lsa_name, name);
+ if (!lsa_name-string) {
+ TALLOC_FREE(lsa_name);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *r-out.name = lsa_name;
+
+ return NT_STATUS_OK;
+}
+
+/***
_lsa_QuerySecurity
***/
@@ -1947,19 +1992,9 @@ NTSTATUS _lsa_QuerySecurity(pipes_struct *p,
return status;
}
- switch (r-in.sec_info) {
- case 1:
- /* SD contains only the owner */
- if((*r-out.sdbuf = make_sec_desc_buf(p-mem_ctx, sd_size,
psd)) == NULL)
- return NT_STATUS_NO_MEMORY;
- break;
- case 4:
- /* SD contains only the ACL */
- if((*r-out.sdbuf = make_sec_desc_buf(p-mem_ctx, sd_size,
psd)) == NULL)
- return NT_STATUS_NO_MEMORY;
- break;
- default:
- return NT_STATUS_INVALID_LEVEL;
+ *r-out.sdbuf = make_sec_desc_buf(p-mem_ctx, sd_size, psd);
+ if (!*r-out.sdbuf) {
+ return NT_STATUS_NO_MEMORY;
}
return status;
@@ -2246,6 +2281,63 @@ NTSTATUS _lsa_LookupPrivValue(pipes_struct *p,
return NT_STATUS_OK;
}
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-464-g19bc4ce
The branch, master has been updated
via 19bc4ce95ca9b2a985313f5eb887275aa6fe3599 (commit)
via d7b31ff853ac06d5021314be698109f8487770f9 (commit)
from 2e77debc99299cd0defd5c00c6b618dc753905c8 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 19bc4ce95ca9b2a985313f5eb887275aa6fe3599
Author: Andrew Bartlett abart...@samba.org
Date: Thu Jul 16 17:37:36 2009 +1000
s4:kdc Rework KDC to pull in less attributes for krbtgt lookups
Each attribute we request from LDB comes with a small cost, so don't
lookup any more than we must for the (very) frequent krbtgt lookup
case. Similarly, we don't need to build a PAC for a server (as a
target), so don't ask for the PAC attributes here either.
Andrew Bartlett
commit d7b31ff853ac06d5021314be698109f8487770f9
Author: Andrew Bartlett abart...@samba.org
Date: Thu Jul 16 12:47:57 2009 +1000
s4:kdc rename functions from LDB_ to hdb_samba4
The LDB_ prefix is misleading, and stomps on the LDB namespace. This
is a Samba4 hdb module, and not something generic.
Andrew Bartlett
---
Summary of changes:
source4/auth/auth.h |2 +
source4/auth/sam.c | 42 +++
source4/kdc/hdb-samba4.c | 189 +-
3 files changed, 132 insertions(+), 101 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 6bad017..8a0f12e 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -23,6 +23,8 @@
#include librpc/gen_ndr/ndr_krb5pac.h
+extern const char *krbtgt_attrs[];
+extern const char *server_attrs[];
extern const char *user_attrs[];
union netr_Validation;
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c396662..635d942 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -32,25 +32,37 @@
#include param/param.h
#include auth/auth_sam.h
-const char *user_attrs[] = {
- /* required for the krb5 kdc */
- objectClass,
- sAMAccountName,
- userPrincipalName,
- servicePrincipalName,
- msDS-KeyVersionNumber,
- supplementalCredentials,
+#define KRBTGT_ATTRS \
+ /* required for the krb5 kdc */ \
+ objectClass, \
+ sAMAccountName, \
+ userPrincipalName,\
+ servicePrincipalName, \
+ msDS-KeyVersionNumber,\
+ supplementalCredentials, \
+ \
+ /* passwords */ \
+ dBCSPwd, \
+ unicodePwd, \
+ \
+ userAccountControl, \
+ objectSid,\
+ \
+ pwdLastSet, \
+ accountExpires
+
+const char *krbtgt_attrs[] = {
+ KRBTGT_ATTRS
+};
- /* passwords */
- dBCSPwd,
- unicodePwd,
+const char *server_attrs[] = {
+ KRBTGT_ATTRS
+};
- userAccountControl,
+const char *user_attrs[] = {
+ KRBTGT_ATTRS,
- pwdLastSet,
- accountExpires,
logonHours,
- objectSid,
/* check 'allowed workstations' */
userWorkstations,
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 21e8c9a..435282a 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -154,7 +154,7 @@ static HDBFlags uf2HDBFlags(krb5_context context, int
userAccountControl, enum h
flags.invalid = 1;
}
-/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in
LDB_message2entry() */
+/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in
hdb_samba4_message2entry() */
/*
if (userAccountControl UF_MNS_LOGON_ACCOUNT) {
@@ -193,7 +193,7 @@ static void hdb_ldb_free_entry(krb5_context context,
hdb_entry_ex *entry_ex)
talloc_free(entry_ex-ctx);
}
-static krb5_error_code LDB_message2entry_keys(krb5_context context,
+static krb5_error_code hdb_samba4_message2entry_keys(krb5_context context,
struct smb_iconv_convenience
*iconv_convenience,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
@@ -283,22 +283,22 @@ static krb5_error_code
LDB_message2entry_keys(krb5_context context,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
ret = EINVAL;
- krb5_set_error_message(context,
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-466-gf6bed79
The branch, master has been updated
via f6bed79ec6f287ac5da79151b97b6cf4776aab7a (commit)
via 6cb81f7b37d541efb54bcdca46b1e0f6bc8afef9 (commit)
from 19bc4ce95ca9b2a985313f5eb887275aa6fe3599 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f6bed79ec6f287ac5da79151b97b6cf4776aab7a
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jul 17 08:39:51 2009 +1000
Revert s4:heimdal_build: predefine GSSAPI_DEPRECATED depending on the
compiler version
This is now handled correctly in the newly imported Heimdal
This reverts commit 4a754d029b0eb229b23980aa4a80dae2b485a302.
commit 6cb81f7b37d541efb54bcdca46b1e0f6bc8afef9
Author: Andrew Bartlett abart...@samba.org
Date: Fri Jul 17 08:29:03 2009 +1000
s4:heimdal: import lorikeet-heimdal-200907162216 (commit
d09910d6803aad96b52ee626327ee55b14ea0de8)
This includes in particular changes to the KDC to resolve bug 6272,
originally by Matthieu Patou mat+informatique.sa...@matws.net. We
need to sort the AuthorizationData elements to put the PAC first, or
else WinXP breaks when browsed from Win2k8.
Andrew Bartlett
---
Summary of changes:
source4/heimdal/kdc/krb5tgs.c | 39 +++
source4/heimdal/lib/gssapi/gssapi/gssapi.h |6
source4/heimdal/lib/hcrypto/des.h | 10 ---
source4/heimdal/lib/hcrypto/evp.h |9 +-
source4/heimdal/lib/krb5/krb5.h|6
source4/heimdal/lib/krb5/log.c | 13 -
source4/heimdal_build/krb5-types.h |8 -
7 files changed, 60 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 6b98506..635eb27 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -805,17 +805,34 @@ tgs_make_reply(krb5_context context,
et.flags.hw_authent = tgt-flags.hw_authent;
et.flags.anonymous = tgt-flags.anonymous;
et.flags.ok_as_delegate = server-entry.flags.ok_as_delegate;
+
+if(rspac-length) {
+ /*
+* No not need to filter out the any PAC from the
+* auth_data since it's signed by the KDC.
+*/
+ ret = _kdc_tkt_add_if_relevant_ad(context, et,
+ KRB5_AUTHDATA_WIN2K_PAC, rspac);
+ if (ret)
+ goto out;
+}
if (auth_data) {
- /* XXX Check enc-authorization-data */
- et.authorization_data = calloc(1, sizeof(*et.authorization_data));
+ unsigned int i = 0;
+
+ /* XXX check authdata */
if (et.authorization_data == NULL) {
ret = ENOMEM;
+ krb5_set_error_message(context, ret, malloc: out of memory);
goto out;
}
- ret = copy_AuthorizationData(auth_data, et.authorization_data);
- if (ret)
- goto out;
+ for(i = 0; i auth_data-len ; i++) {
+ ret = add_AuthorizationData(et.authorization_data,
auth_data-val[i]);
+ if (ret) {
+ krb5_set_error_message(context, ret, malloc: out of memory);
+ goto out;
+ }
+ }
/* Filter out type KRB5SignedPath */
ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
@@ -832,18 +849,6 @@ tgs_make_reply(krb5_context context,
}
}
-if(rspac-length) {
- /*
-* No not need to filter out the any PAC from the
-* auth_data since it's signed by the KDC.
-*/
- ret = _kdc_tkt_add_if_relevant_ad(context, et,
- KRB5_AUTHDATA_WIN2K_PAC,
- rspac);
- if (ret)
- goto out;
-}
-
ret = krb5_copy_keyblock_contents(context, sessionkey, et.key);
if (ret)
goto out;
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index 07c4b36..9114180 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -54,7 +54,13 @@
#endif
#ifndef GSSAPI_DEPRECATED
+#if defined(__GNUC__) ((__GNUC__ 3) || ((__GNUC__ == 3)
(__GNUC_MINOR__ = 1 )))
#define GSSAPI_DEPRECATED __attribute__((deprecated))
+#elif defined(_MSC_VER)
+#define GSSAPI_DEPRECATED __declspec(deprecated)
+#else
+#define GSSAPI_DEPRECATED
+#endif
#endif
/*
diff --git a/source4/heimdal/lib/hcrypto/des.h
b/source4/heimdal/lib/hcrypto/des.h
index 14402d4..99eb76c 100644
--- a/source4/heimdal/lib/hcrypto/des.h
+++ b/source4/heimdal/lib/hcrypto/des.h
@@ -84,12 +84,14 @@ typedef struct DES_key_schedule
*
*/
-#if !defined(__GNUC__) !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
#ifndef HC_DEPRECATED
+#if defined(__GNUC__)
[SCM] CTDB repository - branch master updated - ctdb-1.0.86-64-g7f273ee
The branch, master has been updated
via 7f273ee769d671d8c8be87c9187302fb77e814f3 (commit)
via 8bbd96cfbbe98f3fc19e432797cbf4478f753a0b (commit)
via 4505ea15408ad40dd8deb4041fd75a65a0ad9336 (commit)
from b75ac1185481060ab71bd743e1e48d333d716eba (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 7f273ee769d671d8c8be87c9187302fb77e814f3
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 09:45:05 2009 +1000
update the eventscript to ensure that stopped nodes can not become the
natgw master
also verify that we actually do have a natgw master available if this is
configured and make the node unhealthy if not.
commit 8bbd96cfbbe98f3fc19e432797cbf4478f753a0b
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 09:36:22 2009 +1000
if all nodes are STOPPED, pick one of the STOPPED nodes as natgw master
commit 4505ea15408ad40dd8deb4041fd75a65a0ad9336
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 09:29:58 2009 +1000
Do not allow STOPPED or DELETED nodes to become the NATGW master
---
Summary of changes:
config/events.d/11.natgw |8 ++--
tools/ctdb.c | 21 ++---
2 files changed, 24 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw
index 8a71c86..b994308 100644
--- a/config/events.d/11.natgw
+++ b/config/events.d/11.natgw
@@ -37,10 +37,14 @@ case $cmd in
recovered)
MYPNN=`ctdb pnn | cut -d: -f2`
- NATGWMASTER=`ctdb natgwlist | head -1`
- NATGWIP=`ctdb natgwlist | tail --lines=+2 | head -1 | cut -d: -f3`
+ NATGWMASTER=`ctdb natgwlist | head -1 | sed -e s/ .*//`
+ NATGWIP=`ctdb natgwlist | head -1 | sed -e s/^[^ ]* *//`
CTDB_NATGW_PUBLIC_IP_HOST=`echo $CTDB_NATGW_PUBLIC_IP | sed -e
s/\/.*/\/32/`
+ if [ $NATGWMASTER == -1 ]; then
+ echo There is not NATGW master node
+ exit 1
+ fi
delete_all
diff --git a/tools/ctdb.c b/tools/ctdb.c
index 12fbe48..e0e728f 100644
--- a/tools/ctdb.c
+++ b/tools/ctdb.c
@@ -677,13 +677,28 @@ static int control_natgwlist(struct ctdb_context *ctdb,
int argc, const char **a
i++;
}
- /* print the natgw master */
+ /* print the natgw master
+* we dont allow STOPPED or DELETED nodes to become the natgwmaster
+*/
for(i=0;inodemap-num;i++){
- if (!(nodemap-nodes[i].flags NODE_FLAGS_DISCONNECTED)) {
- printf(%d\n, nodemap-nodes[i].pnn);
+ if (!(nodemap-nodes[i].flags
(NODE_FLAGS_DISCONNECTED|NODE_FLAGS_STOPPED|NODE_FLAGS_DELETED))) {
+ printf(%d %s\n,
nodemap-nodes[i].pnn,ctdb_addr_to_str(nodemap-nodes[i].addr));
break;
}
}
+ /* unless all nodes are STOPPED, when we pick one anyway */
+ if (i == nodemap-num) {
+ for(i=0;inodemap-num;i++){
+ if (!(nodemap-nodes[i].flags
(NODE_FLAGS_DISCONNECTED|NODE_FLAGS_DELETED))) {
+ printf(%d %s\n, nodemap-nodes[i].pnn,
ctdb_addr_to_str(nodemap-nodes[i].addr));
+ break;
+ }
+ }
+ /* or if we still can not find any */
+ if (i == nodemap-num) {
+ printf(-1 0.0.0.0\n);
+ }
+ }
/* print the pruned list of nodes belonging to this natgw list */
for(i=0;inodemap-num;i++){
--
CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-469-gd4a87ee
The branch, master has been updated
via d4a87ee966adb9205169507fca5c07faefc4513e (commit)
via d5c20c072b464b675fbd5f37a94ae8a6ad403d49 (commit)
via 9f0bdd4e17ef5fe0b28a8ec4676d19eb4ffe6786 (commit)
from f6bed79ec6f287ac5da79151b97b6cf4776aab7a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d4a87ee966adb9205169507fca5c07faefc4513e
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 16 18:14:56 2009 -0700
Replace more long-lived contexts with talloc_autofree_context().
Jeremy.
commit d5c20c072b464b675fbd5f37a94ae8a6ad403d49
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 16 18:13:46 2009 -0700
Replace short-lived NULL talloc contexts with talloc_tos().
Jeremy.
commit 9f0bdd4e17ef5fe0b28a8ec4676d19eb4ffe6786
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 16 18:12:17 2009 -0700
Remove an unused talloc context.
Jeremy.
---
Summary of changes:
source3/auth/auth.c | 10 ++
source3/lib/charcnv.c|8
source3/lib/ctdbd_conn.c |2 +-
source3/lib/dbwrap_tdb.c |2 +-
source3/lib/util_str.c | 34 +-
source3/libsmb/spnego.c |2 +-
6 files changed, 26 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index fd4c503..ce8722a 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -82,7 +82,6 @@ static void get_ntlm_challenge(struct auth_context
*auth_context,
DATA_BLOB challenge = data_blob_null;
const char *challenge_set_by = NULL;
auth_methods *auth_method;
- TALLOC_CTX *mem_ctx;
if (auth_context-challenge.length) {
DEBUG(5, (get_ntlm_challenge (auth subsystem): returning
previous challenge by module %s (normal)\n,
@@ -106,12 +105,8 @@ static void get_ntlm_challenge(struct auth_context
*auth_context,
continue;
}
- mem_ctx = talloc_init(auth_get_challenge for module %s,
auth_method-name);
- if (!mem_ctx) {
- smb_panic(talloc_init() failed!);
- }
-
- challenge = auth_method-get_chal(auth_context,
auth_method-private_data, mem_ctx);
+ challenge = auth_method-get_chal(auth_context,
auth_method-private_data,
+ auth_context-mem_ctx);
if (!challenge.length) {
DEBUG(3, (auth_get_challenge: getting challenge from
authentication method %s FAILED.\n,
auth_method-name));
@@ -121,7 +116,6 @@ static void get_ntlm_challenge(struct auth_context
*auth_context,
challenge_set_by = auth_method-name;
auth_context-challenge_set_method = auth_method;
}
- talloc_destroy(mem_ctx);
}
if (!challenge_set_by) {
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index a1663c1..272f107 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -753,7 +753,7 @@ size_t unix_strupper(const char *src, size_t srclen, char
*dest, size_t destlen)
size_t size;
smb_ucs2_t *buffer;
- if (!push_ucs2_talloc(NULL, buffer, src, size)) {
+ if (!push_ucs2_talloc(talloc_tos(), buffer, src, size)) {
return (size_t)-1;
}
@@ -837,7 +837,7 @@ size_t unix_strlower(const char *src, size_t srclen, char
*dest, size_t destlen)
size_t size;
smb_ucs2_t *buffer = NULL;
- if (!convert_string_talloc(NULL, CH_UNIX, CH_UTF16LE, src, srclen,
+ if (!convert_string_talloc(talloc_tos(), CH_UNIX, CH_UTF16LE, src,
srclen,
(void **)(void *)buffer, size,
True))
{
@@ -951,7 +951,7 @@ size_t push_ascii_nstring(void *dest, const char *src)
smb_ucs2_t *buffer;
conv_silent = True;
- if (!push_ucs2_talloc(NULL, buffer, src, buffer_len)) {
+ if (!push_ucs2_talloc(talloc_tos(), buffer, src, buffer_len)) {
smb_panic(failed to create UCS2 buffer);
}
@@ -1268,7 +1268,7 @@ static size_t push_utf8(void *dest, const char *src,
size_t dest_len, int flags)
}
if (flags STR_UPPER) {
- tmpbuf = strupper_talloc(NULL, src);
+ tmpbuf = strupper_talloc(talloc_tos(), src);
if (!tmpbuf) {
return (size_t)-1;
}
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index dde3775..449e049 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -358,7 +358,7 @@ static NTSTATUS ctdb_read_req(struct ctdbd_connection
*conn, uint32 reqid,
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-470-g5f295eb
The branch, master has been updated
via 5f295eb6f5fe60394b764a2e0bc76b77f6160664 (commit)
from d4a87ee966adb9205169507fca5c07faefc4513e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5f295eb6f5fe60394b764a2e0bc76b77f6160664
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 16 18:28:58 2009 -0700
More conversions of NULL - talloc_autofree_context()
so we at least know when we're using a long-lived context.
Jeremy.
---
Summary of changes:
source3/libsmb/clikrb5.c |4 ++--
source3/libsmb/clispnego.c | 18 +-
source3/libsmb/spnego.c| 21 +
3 files changed, 24 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 8a567dc..152c23b 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -346,7 +346,7 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
}
asn1_start_tag(data, ASN1_CONTEXT(2));
- asn1_read_OctetString(data, NULL, edata_contents);
+ asn1_read_OctetString(data, talloc_autofree_context(), edata_contents);
asn1_end_tag(data);
asn1_end_tag(data);
asn1_end_tag(data);
@@ -389,7 +389,7 @@ bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data,
DATA_BLOB *unwrapped_
asn1_end_tag(data);
asn1_start_tag(data, ASN1_CONTEXT(1));
- asn1_read_OctetString(data, NULL, pac_contents);
+ asn1_read_OctetString(data, talloc_autofree_context(), pac_contents);
asn1_end_tag(data);
asn1_end_tag(data);
asn1_end_tag(data);
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index fb95d71..e586d97 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -151,7 +151,7 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_start_tag(data,ASN1_SEQUENCE(0));
for (i=0; asn1_tag_remaining(data) 0 i ASN1_MAX_OIDS-1; i++) {
const char *oid_str = NULL;
- asn1_read_OID(data,NULL,oid_str);
+ asn1_read_OID(data,talloc_autofree_context(),oid_str);
OIDs[i] = CONST_DISCARD(char *, oid_str);
}
OIDs[i] = NULL;
@@ -163,7 +163,7 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_start_tag(data, ASN1_CONTEXT(3));
asn1_start_tag(data, ASN1_SEQUENCE(0));
asn1_start_tag(data, ASN1_CONTEXT(0));
- asn1_read_GeneralString(data,NULL,principal);
+
asn1_read_GeneralString(data,talloc_autofree_context(),principal);
asn1_end_tag(data);
asn1_end_tag(data);
asn1_end_tag(data);
@@ -256,7 +256,7 @@ bool parse_negTokenTarg(DATA_BLOB blob, char
*OIDs[ASN1_MAX_OIDS], DATA_BLOB *se
asn1_start_tag(data, ASN1_SEQUENCE(0));
for (i=0; asn1_tag_remaining(data) 0 i ASN1_MAX_OIDS-1; i++) {
const char *oid_str = NULL;
- asn1_read_OID(data,NULL,oid_str);
+ asn1_read_OID(data,talloc_autofree_context(),oid_str);
OIDs[i] = CONST_DISCARD(char *, oid_str);
}
OIDs[i] = NULL;
@@ -276,7 +276,7 @@ bool parse_negTokenTarg(DATA_BLOB blob, char
*OIDs[ASN1_MAX_OIDS], DATA_BLOB *se
}
asn1_start_tag(data, ASN1_CONTEXT(2));
- asn1_read_OctetString(data,NULL,secblob);
+ asn1_read_OctetString(data,talloc_autofree_context(),secblob);
asn1_end_tag(data);
asn1_end_tag(data);
@@ -436,13 +436,13 @@ bool spnego_parse_challenge(const DATA_BLOB blob,
asn1_end_tag(data);
asn1_start_tag(data,ASN1_CONTEXT(2));
- asn1_read_OctetString(data, NULL, chal1);
+ asn1_read_OctetString(data, talloc_autofree_context(), chal1);
asn1_end_tag(data);
/* the second challenge is optional (XP doesn't send it) */
if (asn1_tag_remaining(data)) {
asn1_start_tag(data,ASN1_CONTEXT(3));
- asn1_read_OctetString(data, NULL, chal2);
+ asn1_read_OctetString(data, talloc_autofree_context(), chal2);
asn1_end_tag(data);
}
@@ -505,7 +505,7 @@ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
asn1_start_tag(data, ASN1_CONTEXT(1));
asn1_start_tag(data, ASN1_SEQUENCE(0));
asn1_start_tag(data, ASN1_CONTEXT(2));
- asn1_read_OctetString(data, NULL, auth);
+ asn1_read_OctetString(data, talloc_autofree_context(), auth);
asn1_end_tag(data);
asn1_end_tag(data);
asn1_end_tag(data);
@@ -609,7 +609,7 @@ bool spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS
nt_status,
if (asn1_tag_remaining(data)) {
asn1_start_tag(data,ASN1_CONTEXT(2));
-
[SCM] CTDB repository - branch master updated - ctdb-1.0.86-67-g70603d9
The branch, master has been updated
via 70603d9a79c80379bf65d9d703c399a65c109c52 (commit)
via 65e9309564611bf937ded3c74a79abff895d7c59 (commit)
via ca4982c40d81db528fe915d5ecc01fcf7df0b522 (commit)
from 7f273ee769d671d8c8be87c9187302fb77e814f3 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 70603d9a79c80379bf65d9d703c399a65c109c52
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 12:30:05 2009 +1000
document the new stopped event
commit 65e9309564611bf937ded3c74a79abff895d7c59
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 12:26:16 2009 +1000
create a new event : stopped.
This event is called when a node is stopped and is used by eventscripts
that need to do certain cleanup and removal of configuration or ip addresses or
routing ...
Note that a STOPPED node is considered inactive and as such will not be
running the recovered event when the rest of the cluster has recovered.
commit ca4982c40d81db528fe915d5ecc01fcf7df0b522
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 11:37:03 2009 +1000
When we create new election data to send during elections, we must re-read
the node flags from the main daemon to catch when the STOPPED flag is changed.
---
Summary of changes:
config/events.d/91.lvs |2 +-
config/events.d/README |6 +
include/ctdb_private.h |2 +-
server/ctdb_control.c |2 +-
server/ctdb_recover.c | 50 +++-
server/ctdb_recoverd.c |9 +++-
server/eventscript.c |2 +-
7 files changed, 67 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/config/events.d/91.lvs b/config/events.d/91.lvs
index 2411d1e..6d7891f 100755
--- a/config/events.d/91.lvs
+++ b/config/events.d/91.lvs
@@ -48,7 +48,7 @@ case $cmd in
releaseip)
;;
- recovered)
+ recovered|stopped)
# kill off any tcp connections
ipvsadm -D -t $CTDB_LVS_PUBLIC_IP:0
ipvsadm -D -u $CTDB_LVS_PUBLIC_IP:0
diff --git a/config/events.d/README b/config/events.d/README
index a75da38..ac7a8f4 100644
--- a/config/events.d/README
+++ b/config/events.d/README
@@ -120,6 +120,12 @@ recovered
service and also send out statd notifications to all registered
clients.
+stopped
+ This event is called when a node is STOPPED and can be used to
+ perform additional cleanup that is required.
+ Note that a stopped node is considered inactive, so it will not
+ be issuing the recovered event once the cluster has recovered.
+ See 91.lvs for a use of this event.
Additional note for takeip, releaseip, recovered:
diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index 25595cf..9750552 100644
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -1445,7 +1445,7 @@ int32_t ctdb_control_get_event_script_status(struct
ctdb_context *ctdb, TDB_DATA
int ctdb_log_event_script_output(struct ctdb_context *ctdb, char *str,
uint16_t len);
int ctdb_ctrl_report_recd_lock_latency(struct ctdb_context *ctdb, struct
timeval timeout, double latency);
-int32_t ctdb_control_stop_node(struct ctdb_context *ctdb);
+int32_t ctdb_control_stop_node(struct ctdb_context *ctdb, struct
ctdb_req_control *c, bool *async_reply);
int32_t ctdb_control_continue_node(struct ctdb_context *ctdb);
#endif
diff --git a/server/ctdb_control.c b/server/ctdb_control.c
index 8faaec7..a18ef0c 100644
--- a/server/ctdb_control.c
+++ b/server/ctdb_control.c
@@ -464,7 +464,7 @@ static int32_t ctdb_control_dispatch(struct ctdb_context
*ctdb,
return 0;
case CTDB_CONTROL_STOP_NODE:
CHECK_CONTROL_DATA_SIZE(0);
- return ctdb_control_stop_node(ctdb);
+ return ctdb_control_stop_node(ctdb, c, async_reply);
case CTDB_CONTROL_CONTINUE_NODE:
CHECK_CONTROL_DATA_SIZE(0);
diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c
index b9a507b..b77bf58 100644
--- a/server/ctdb_recover.c
+++ b/server/ctdb_recover.c
@@ -1156,11 +1156,59 @@ int32_t ctdb_control_set_recmaster(struct ctdb_context
*ctdb, uint32_t opcode, T
return 0;
}
-int32_t ctdb_control_stop_node(struct ctdb_context *ctdb)
+
+struct stop_node_callback_state {
+ struct ctdb_req_control *c;
+};
+
+/*
+ called when the 'stopped' event script has finished
+ */
+static void ctdb_stop_node_callback(struct ctdb_context *ctdb, int status,
void *p)
{
+ struct stop_node_callback_state *state = talloc_get_type(p, struct
stop_node_callback_state);
+
+ if (status != 0) {
+ DEBUG(DEBUG_ERR,(__location__ stopped event script failed
(status %d)\n, status));
+ ctdb-nodes[ctdb-pnn]-flags =
[SCM] CTDB repository - branch master updated - ctdb-1.0.86-70-gd187eb8
The branch, master has been updated
via d187eb8507f35a650ff3ffc50fa49110eebca0bd (commit)
via febf3d6d3f2bdf187c042f560aefc54b8ac72454 (commit)
via 34e6f8a04b12f8879eb42d417f9741502f0f (commit)
from 70603d9a79c80379bf65d9d703c399a65c109c52 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit d187eb8507f35a650ff3ffc50fa49110eebca0bd
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 13:01:11 2009 +1000
new version 1.0.87
commit febf3d6d3f2bdf187c042f560aefc54b8ac72454
Merge: 70603d9a79c80379bf65d9d703c399a65c109c52
34e6f8a04b12f8879eb42d417f9741502f0f
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Fri Jul 17 12:45:08 2009 +1000
Merge commit 'martins/master'
commit 34e6f8a04b12f8879eb42d417f9741502f0f
Author: Martin Schwenke mar...@meltin.net
Date: Thu Jul 16 14:04:06 2009 +1000
Test suite: Fix debug code for unexpectedly unhealthy cluster.
The debug code should run ctdb status on a cluster node, not on the
test client.
Signed-off-by: Martin Schwenke mar...@meltin.net
---
Summary of changes:
packaging/RPM/ctdb.spec | 26 +-
1 files changed, 25 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec
index b5d8554..0544e10 100644
--- a/packaging/RPM/ctdb.spec
+++ b/packaging/RPM/ctdb.spec
@@ -4,7 +4,7 @@ Summary: Clustered TDB
Vendor: Samba Team
Packager: Samba Team sa...@samba.org
Name: ctdb
-Version: 1.0.86
+Version: 1.0.87
Release: 1
Epoch: 0
License: GNU GPL version 3
@@ -131,6 +131,30 @@ fi
%{_libdir}/pkgconfig/ctdb.pc
%changelog
+* Fri Jul 17 2009 : Version 1.0.87
+ - Add a new event stopped that is called when a node is stopped.
+ - Documentation of the STOPPED flag and the stop/continue commands
+ - Make it possible to start a node in STOPPED mode.
+ - Add a new node flag : STOPPED and commands ctdb stop ctdb continue
+ These commands are similar to diasble/enable but will also remove the
node from the vnnmap, while disable only fails all ip addresses over.
+ - tests for NFS , CIFS by martins
+ - major updates to the init script by martins
+ - Send gratious arps with a 1.1 second stride instead of a 1 second stride to
workaround interesting features of common linux stacks.
+ - Various test enhancements from martins:
+ - additional other tests
+ - add tests for grat arp generation, ping during failover, ssh and failover
+ - New/updated tcp tickle tests and supprot functions
+ - provide better debugging when a test fails
+ - make ctdbd restarts more reliable in the tests
+ - update the wait bar to make the wait progress in tests more obvious
+ - various cleanups
+ - when dispatching a message to a handler, make the message a real talloc
object so that we can reparent the object in the tallic hierarchy.
+ - document the ipreallocate command
+ - Updates to enable/disable to use the ipreallocate command to block until
the following ipreallocation has completed.
+ - Update the main daemon and the tools to allow debug level to be a string
instead of an integer.
+ - Update the sysconfig file to show using string literals instead of numeric
values for the debuglevels used.
+ - If no debuglevel is specific, make ctdb setdebug show the available
options.
+ - When trying to allocate network packets, add explicit checks if the network
transport has been shutdown before trying and failing, to make log messages
easier to read. Add this extra check and logging to every plave packets are
allocated.
* Tue Jun 30 2009 : Version 1.0.86
- Do not access the reclock at all if VerifyRecoveryLock is zero, not even
try to probe it.
- Allow setting the reclock file as , which means that no reclock file at
all should be used.
--
CTDB repository
[SCM] CTDB repository - annotated tag ctdb-1.0.87 created - ctdb-1.0.87
The annotated tag, ctdb-1.0.87 has been created at 512bf3bafdd1715f0f879f278c67f64bfbd06a8d (tag) tagging d187eb8507f35a650ff3ffc50fa49110eebca0bd (commit) replaces ctdb-1.0.86 tagged by Ronnie Sahlberg on Fri Jul 17 13:05:14 2009 +1000 - Log - tag for the 1.0.87 release -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBKX+p72aJ36aon/y8RAsVYAJ97TP7BlHnfgTLC57ceFlHgLGWt/gCbB0Gg aQ0fvxxUq2SbXGENC9oMq5I= =I00c -END PGP SIGNATURE- Martin Schwenke (32): Initscript fixes, mostly for stop action. Fix minor problem in previous initscript commit. Initscript cleanups. Merge commit 'origin/master' Merge branch 'init_rewrite' Make 51_ctdb_bench.sh more tolerant. Increase threshold in 51_ctdb_bench from 2% to 5%. New tests for NFS and CIFS tickles. Merge branch 'new_tests' Merge commit 'origin/master' Clean up handling the of CTDB restarts in testcases. Fix minor onnode bugs relating to local daemons. Separate test cleanup code in output and clean up ctdb restart code. Fix the run_tests script so that the number of columns is never 0. Add an extra ctdb recovery to test function restart_ctdb(). Updates to TCP tickle tests and supporting functions. New tests for different aspects of failover. When testing make the time taken for some operations more obvious. Make ctdbd restarts in tests more reliable. Test suite: better debug info when the cluster is unexpectedly unhealthy. Separate test cleanup code in output and clean up ctdb restart code. Fix the run_tests script so that the number of columns is never 0. Add an extra ctdb recovery to test function restart_ctdb(). Updates to TCP tickle tests and supporting functions. New tests for different aspects of failover. When testing make the time taken for some operations more obvious. Make ctdbd restarts in tests more reliable. Test suite: better debug info when the cluster is unexpectedly unhealthy. Test suite: new tests and code factoring. Merge commit 'origin/master' into ronnie_merge Merge branch 'ronnie_merge' Test suite: Fix debug code for unexpectedly unhealthy cluster. Ronnie Sahlberg (38): dont even try to allocate a packet if the transport is down since it will fail Dont try to allocate and send packets if the transport is down dont even try to send a message from the main daemon if the transport is down dont try to send error packets if the transport is down if we fail a dmaster migration due to the transport being down, then that is a fatal condition. failing a dmaster send due to the transport being down is fatal Dont even try allocating and sending a CALL packet if the transport is down dont try sending a keepalive if the transport is down when no debuglevel is specified, make 'ctdb setdebug' show the available options update the handling of debug levels so that we always can use a literal instead of a numeric value. show the valid debuglevels that can be used in the error text when an invalid level was specified to ctdb setdebug update the sysconfig to show setting the debuglevel using a string literal instead of a numeric value update enable/disable document the ipreallocate command When we dispatch a message to a handler, pass the data as a real talloc object so that the handler can talloc_steal() the message content. add a new command ctdb ipreallocate, this command will force the recovery master to perform a full ip reallocation process. Merge r...@10.1.1.27:/shared/ctdb/ctdb-git Perform an ipreallocate efter each enable/disable. send ARPs with an interval of 1.1 seconds during ip takeover. Merge r...@10.1.1.27:/shared/ctdb/ctdb-git Initscript cleanups. Add a new node flag : STOPPED remove the header printed for the machinereadable output for natgwlist make it possible to start the daemon in STOPPED mode add two new controls, CTOP_NODE and CONTINUE_NODE dont let other nodes modify the STOPPED flag for the local process when pushing out flags changes document the new commands ctdb stop/continue recovery daemon needs to monitor when the local ctdb daemon is stopped and ensure that the databases gets frozen and the node enters recovery mode change the infolevel when logging stop/continue commands stopped nodes can not win a recmaster election Do not allow STOPPED or DELETED nodes to become the NATGW master if all nodes are STOPPED, pick one of the STOPPED nodes as natgw master update the eventscript to ensure that stopped nodes can not become the natgw master When we create new election data to send during elections, we must re-read the
