Re: [Samba] Deploying apps via policy
Hi, don't know about that. Would be nice too. Somehow implementing Active Directory with Samba4 is a straight-forward job and enables espacially small companies to have a well structured IT. trust me this solves a lot of problems with daily IT ;-)) It's somehow cheap as you already have some kind for server for central data storage/ printers/ scanners/ ... but not licence costs. Some thing I'm currently missing is ability to configure samba shares with some MS tool (don't know if this would ever be possible???) that integrates into MS domain administration tools. Btw having GPO at place reduces much of the hand work you have to to for client PC setup. Regards, --- Mr. Olli On Sat, 2009-07-18 at 13:22 -0400, mjoy...@ewc.edu wrote: I understand that if you use the Novell Directory + Samba combination that somehow you can also do alot of AD style stuff. Mister Olli wrote: Hi, If you use samba4 you can replace microsoft AD DC controller with samba. I've done this on a FreeBSD machine for a small company (around 5 people) and it works quite well. I currently have some problems getting roaming profiles to work (and no time for it ;-)). After setup you need a windows machine for domain administration on which you install windows 2003 admin pack (not sure if this is the correct name). you can then administer your domain as you're used to... from what I've read multi master replication with openldap should be possible. never tried. but from my (current limited) knowledge you can even setup more than one DC for your active directory... by time I will play a little more with this features and setup some blog to document all that stuff.. Regards, --- Mr. Olli On Fri, 2009-07-17 at 15:37 -0300, Norberto Bensa wrote: On Fri, Jul 17, 2009 at 8:35 AM, Mister Ollimister.o...@googlemail.com wrote: It's a guide on how to install fonts using WinInstall. This one creates a MSI package that you can install via GPO. GPO? With Samba? I'm interested. What version are you using? -- LyX: http://www.lyx.org/ OpenOffice: http://www.openoffice.org/ Inkscape: http://www.inkscape.org/ Scribus: http://www.scribus.net/ GIMP: http://www.gimp.org/ PDF: http://www.pdfforge.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to migrate samba to new box
Dear list, I have samba 3.0.21 on a fedora 5 box. I would like to migrate the whole things to a new box which runs CentOS 5.3. Is there any way to migrate samba verbatim to a new box? Tried to google but found instruction on how to migrate from Windows to Samba only. Thanks in advance. Rgds, Tri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate samba to new box
On Sun, Jul 19, 2009 at 12:54 PM, Tri Trinhtri.tr...@triton-it.com wrote: Dear list, I have samba 3.0.21 on a fedora 5 box. I would like to migrate the whole things to a new box which runs CentOS 5.3. Is there any way to migrate samba verbatim to a new box? It's not hard. I've done it many times. You need to move /etc/samba, /var/lib/samba, /var/cache/samba, /var/spool/samba, and your shares of course. HTH, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate samba to new box
On Sun, Jul 19, 2009 at 1:20 PM, Tri Trinhtri.tr...@triton-it.com wrote: Thanks Norberto, since we need to map Windows groups to linux groups, and create linux users whenever we create Windows users, do I need to re-create all linux groups and users on the new box as well? If yes, please advise if the user and group id must be the same on 2 boxes. Rgds, Tri Oh yes. You can copy the users from /etc/passwd and groups from /etc/groups. Don't copy the whole files, just copy paste the entries you need. Regards, Norberto PS: list admins. Can you please modify the reply-to header to point to the list? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate samba to new box
2009/7/19 Norberto Bensa nbe...@gmail.com: On Sun, Jul 19, 2009 at 1:20 PM, Tri Trinhtri.tr...@triton-it.com wrote: Thanks Norberto, since we need to map Windows groups to linux groups, and create linux users whenever we create Windows users, do I need to re-create all linux groups and users on the new box as well? If yes, please advise if the user and group id must be the same on 2 boxes. Rgds, Tri Oh yes. You can copy the users from /etc/passwd and groups from /etc/groups. Don't copy the whole files, just copy paste the entries you need. Regards, Norberto PS: list admins. Can you please modify the reply-to header to point to the list? Thanks. Thanks Norberto for your instant reply :-) Will try the task again... Cheers, Tri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to test roaming profiles
Gary Dale a écrit : Set loglevel to 10 then try to log in and out. That may show a problem. The preexec probably isn't needed. I've never used one. All it appears to be doing is to create a directory that Samba creates anyway. My profiles are created with a+rwx permissions. My smb.conf for [profiles] simply contains: [profiles] path = /home/samba/profiles read only = No Also I have: [globals] logon path = \\%L\profiles\%U so that the profiles export allows for a path for each user. Thanks Gary, problem solved using your simple example! -- Marc Delisle http://infomarc.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Sun Jul 19 06:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-07-18 00:00:06.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-07-19 00:00:03.0 -0600 @@ -1,22 +1,22 @@ -Build status as of Sat Jul 18 06:00:01 2009 +Build status as of Sun Jul 19 06:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 33 7 0 +ccache 6 2 0 distcc 0 0 0 ldb 33 33 0 -libreplace 29 10 0 +libreplace 4 2 0 lorikeet 0 0 0 -pidl 21 2 0 -ppp 14 0 0 -rsync29 10 0 +pidl 3 0 0 +ppp 3 0 0 +rsync1 1 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 27 14 0 +samba_3_current 2 0 0 samba_3_master 32 27 6 -samba_3_next 28 25 1 +samba_3_next 32 30 1 samba_4_0_test 33 26 2 -talloc 30 30 0 -tdb 28 28 0 +talloc 7 7 0 +tdb 6 6 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-510-g63a6ca0
The branch, master has been updated via 63a6ca084d55db95abea7abffdbe27b55f2b002f (commit) via 28d155499a19943fca3624c814bc13e53d7c71be (commit) via d8ce8f9b61cdd18d65a27623a537fbcbdf547a59 (commit) via 04c1d02021b2e1b38d78d539655989c724f13d17 (commit) via 5bf6203bc2cb63860c616556e14e2dbb07277db6 (commit) from ce378e7c51913c1b110e62dc35c205d8d2fad58a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 63a6ca084d55db95abea7abffdbe27b55f2b002f Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 13:41:04 2009 +0200 librpc: Integrate some subsystems now part of libndr-standard and integrate ndr_dfs in libndr-standard. commit 28d155499a19943fca3624c814bc13e53d7c71be Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 13:39:38 2009 +0200 Add missing includes. commit d8ce8f9b61cdd18d65a27623a537fbcbdf547a59 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 12:41:09 2009 +0200 Create libndr-standard, which includes the NDR marshalling code for the standard set of DCE/RPC interfaces found on Windows. commit 04c1d02021b2e1b38d78d539655989c724f13d17 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 12:15:59 2009 +0200 Remove unnecessary include, update README. commit 5bf6203bc2cb63860c616556e14e2dbb07277db6 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 12:10:47 2009 +0200 Remove outdated status file about samba3 - samba4 upgrade project. --- Summary of changes: librpc/{ndr.pc.in = ndr_standard.pc.in} |8 ++-- source4/configure.ac |1 + source4/lib/samba3/README|3 - source4/lib/samba3/STATUS| 68 -- source4/lib/samba3/samba3.h |1 - source4/libnet/libnet_samdump.c |1 + source4/librpc/config.mk | 76 ++ source4/rpc_server/config.mk |8 ++-- source4/torture/auth/pac.c |1 + 9 files changed, 46 insertions(+), 121 deletions(-) copy librpc/{ndr.pc.in = ndr_standard.pc.in} (55%) delete mode 100644 source4/lib/samba3/STATUS Changeset truncated at 500 lines: diff --git a/librpc/ndr.pc.in b/librpc/ndr_standard.pc.in similarity index 55% copy from librpc/ndr.pc.in copy to librpc/ndr_standard.pc.in index 9cff0ca..80eace1 100644 --- a/librpc/ndr.pc.in +++ b/librpc/ndr_standard.pc.in @@ -3,9 +3,9 @@ exec_pref...@exec_prefix@ libd...@libdir@ included...@includedir@ -Name: ndr -Description: Network Data Representation Core Library -Requires: samba-hostconfig talloc +Name: ndr-standard +Description: NDR marshallers for the standard set of DCE/RPC interfaces +Requires: ndr Version: 0.0.1 -Libs: -L${libdir} -lndr +Libs: -L${libdir} -lndr-standard Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 -D_GNU_SOURCE=1 diff --git a/source4/configure.ac b/source4/configure.ac index 1930f4b..7c5f310 100644 --- a/source4/configure.ac +++ b/source4/configure.ac @@ -37,6 +37,7 @@ m4_include(client/config.m4) AC_CONFIG_FILES(lib/registry/registry.pc) AC_CONFIG_FILES(librpc/dcerpc.pc) AC_CONFIG_FILES(../librpc/ndr.pc) +AC_CONFIG_FILES(../librpc/ndr_standard.pc) AC_CONFIG_FILES(../lib/torture/torture.pc) AC_CONFIG_FILES(auth/gensec/gensec.pc) AC_CONFIG_FILES(param/samba-hostconfig.pc) diff --git a/source4/lib/samba3/README b/source4/lib/samba3/README index 83520f6..3f6553f 100644 --- a/source4/lib/samba3/README +++ b/source4/lib/samba3/README @@ -3,6 +3,3 @@ Samba3 import, migration and compatibility. For example, the first file in this directory (smbpasswd.c) handles portions of the smbpasswd file format. - -The other files in this directory support reading the various -TDB databases from Samba3. diff --git a/source4/lib/samba3/STATUS b/source4/lib/samba3/STATUS deleted file mode 100644 index e464452..000 --- a/source4/lib/samba3/STATUS +++ /dev/null @@ -1,68 +0,0 @@ Samba3 - Samba4 Upgrade --- -(C) 2005 Jelmer Vernooij jel...@samba.org -Published under the GNU GPL - -Sponsored by the Google Summer of Code program (http://code.google.com/summerofcode.html) -Mentored by Andrew Bartlett abart...@samba.org -Thanks! - -Done: - - Reading wins.dat - - Reading registry.tdb - - Reading passdb.tdb - - Reading account_policy.tdb - - Reading group_mappings.tdb - - Reading winbindd_idmap.tdb - - Reading share_info.tdb - - Reading secrets.tdb - - Reading smbpasswd - - Reading + writing (generic) smb.conf files - - Testsuite for read support mentioned above - - Console utility for dumping Samba information - - Import user accounts in Samba4 - - Import groups in Samba4 - - Import secrets in Samba4 - - Import WINS data in Samba4 - - Dump idmap data to LDB - - Import registry keys/values in Samba4 - - Import account policies in Samba4 - -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-520-g4447bd9
The branch, master has been updated via 4447bd96b90ce4bfca793d482f9dcbd98e6579a5 (commit) via de2a9fb60704eda5ba22e5d3b14111628acef2e8 (commit) via 11fa3ed9ee1a05aabdba902db9899dfeb664b324 (commit) via 5f8df164716a43bd9e6c22dfd1f066bf96ccf273 (commit) via a817cff5a0f17c6a8b35013483a18c70acdfaa1c (commit) via 295c3724a30013c572d3a3fdd3a8acc6ed19c546 (commit) via cb53b780803bc9a6dc02b16a64abe408727f69b4 (commit) via dbedfc318e2984238ee0acdb19a1a70fda8f4381 (commit) via 5b4cb31ef1359d8c39dbffc028abb68652cc2186 (commit) via de04e00ec2bf823f90a464416e88231e97f8df59 (commit) from 63a6ca084d55db95abea7abffdbe27b55f2b002f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4447bd96b90ce4bfca793d482f9dcbd98e6579a5 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 17:18:04 2009 +0200 Include ntsvc NDR in libndr-standard. commit de2a9fb60704eda5ba22e5d3b14111628acef2e8 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 17:17:23 2009 +0200 Remove unused variable. commit 11fa3ed9ee1a05aabdba902db9899dfeb664b324 Author: Slava Semushin php-co...@altlinux.ru Date: Sat Jul 18 23:30:33 2009 +0700 source4/lib/registry/patchfile.c(reg_diff_load): fixed possible resource leak. File descriptor leaks when write(2) fails and we are returning from function. Found by cppcheck: [./source4/lib/registry/patchfile.c:319]: (error) Resource leak: fd commit 5f8df164716a43bd9e6c22dfd1f066bf96ccf273 Author: Slava Semushin php-co...@altlinux.ru Date: Sat Jul 18 16:28:53 2009 +0700 lib/util/util_file.c(file_save): fixed file descriptor leak when read(2) fails. Found by cppcheck: [./lib/util/util_file.c:383]: (error) Resource leak: fd commit a817cff5a0f17c6a8b35013483a18c70acdfaa1c Author: Matthieu Patou mat+informatique.sa...@matws.net Date: Sat Jul 11 15:57:35 2009 +0200 Fix broken password quality check This fixes broken password tests when the passwords contain non ASCII characters (e.g. accentuated chars like ('e, `e, ...) commit 295c3724a30013c572d3a3fdd3a8acc6ed19c546 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Wed Jul 15 13:25:04 2009 +0200 Fix typo commit cb53b780803bc9a6dc02b16a64abe408727f69b4 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Fri Jul 17 18:13:28 2009 +0200 [SAMBA 4] Some cosmetic changes for the LDB modules Some corrections which make the code a bit more readable (no functional changes here) commit dbedfc318e2984238ee0acdb19a1a70fda8f4381 Author: Matt Kraai mkr...@beckman.com Date: Thu Jul 9 09:45:28 2009 -0700 include unix.h if it's available commit 5b4cb31ef1359d8c39dbffc028abb68652cc2186 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Thu Jul 9 17:54:42 2009 +0200 Cosmetic correction Changes the order of two commands. First set up the priv structure, then assign it to the ntvfs structure. commit de04e00ec2bf823f90a464416e88231e97f8df59 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 15:39:52 2009 +0200 Merge more ndr interfaces into libndr-standard. --- Summary of changes: lib/replace/libreplace.m4 |1 + lib/replace/replace.h |4 + lib/util/genrand.c |3 +- lib/util/tests/genrand.c |2 + lib/util/util_file.c |1 + source4/dsdb/samdb/ldb_modules/linked_attributes.c | 11 +-- source4/dsdb/samdb/ldb_modules/password_hash.c | 13 ++-- source4/lib/registry/patchfile.c |1 + source4/libcli/security/security_token.c |2 +- source4/librpc/config.mk | 89 ++-- source4/ntvfs/unixuid/vfs_unixuid.c|2 +- source4/rpc_server/config.mk |4 +- source4/torture/rpc/object_uuid.c |1 - 13 files changed, 52 insertions(+), 82 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index 2d90d9c..a3a26ef 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -103,6 +103,7 @@ AC_CHECK_HEADERS(sys/time.h time.h) AC_CHECK_HEADERS(stdarg.h vararg.h) AC_CHECK_HEADERS(sys/mount.h mntent.h) AC_CHECK_HEADERS(stropts.h) +AC_CHECK_HEADERS(unix.h) AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror) AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) diff --git a/lib/replace/replace.h b/lib/replace/replace.h index fe1f732..2db6aa1 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -258,6 +258,10 @@ char *rep_realpath(const char
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-522-g8557d14
The branch, master has been updated via 8557d14f65212faceb3e7223818b34b8869a0470 (commit) via 7a765b65b739c38ea1e3cfc136c92d2fb5ed4fa7 (commit) from 4447bd96b90ce4bfca793d482f9dcbd98e6579a5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8557d14f65212faceb3e7223818b34b8869a0470 Merge: 7a765b65b739c38ea1e3cfc136c92d2fb5ed4fa7 4447bd96b90ce4bfca793d482f9dcbd98e6579a5 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 17:39:23 2009 +0200 Merge branch 'master' of git://git.samba.org/samba commit 7a765b65b739c38ea1e3cfc136c92d2fb5ed4fa7 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 13:19:54 2009 +0200 provision: Remove unused imports. --- Summary of changes: source4/setup/provision |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/setup/provision b/source4/setup/provision index 5cb851c..d7fa6aa 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -22,9 +22,7 @@ # along with this program. If not, see http://www.gnu.org/licenses/. # -import getopt import optparse -import os import sys # Find right directory when running from source tree @@ -34,7 +32,6 @@ import samba from samba.credentials import DONT_USE_KERBEROS from samba.auth import system_session import samba.getopt as options -from samba import param from samba.provision import provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS, find_setup_dir # how do we make this case insensitive?? @@ -121,7 +118,6 @@ if not opts.interactive and (opts.realm is None or opts.domain is None): if opts.interactive: from getpass import getpass - import readline import socket def ask(prompt, default=None): if default is not None: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-526-g7889823
The branch, master has been updated via 7889823783625e16e273770f73f285920828e411 (commit) via 54a2f51d57a24104f1facff2674b4d441cdfde48 (commit) via 54670bb400f2f8c05d8331dbf17831354600e186 (commit) via 478446f96dae1f42312b72fda4210f1300023e57 (commit) from 8557d14f65212faceb3e7223818b34b8869a0470 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7889823783625e16e273770f73f285920828e411 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 21:12:56 2009 +0200 pidl: Print actual type names in errors about unknown origins rather than 'HASH(0x)'. commit 54a2f51d57a24104f1facff2674b4d441cdfde48 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 20:42:52 2009 +0200 pidl: Print proper errors when arrays don't have a specified size rather than spewing pages of perl warnings. commit 54670bb400f2f8c05d8331dbf17831354600e186 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 18:58:22 2009 +0200 Remove unused parameter setting. commit 478446f96dae1f42312b72fda4210f1300023e57 Author: Jelmer Vernooij jel...@samba.org Date: Sun Jul 19 18:51:15 2009 +0200 Remove unnecessary imports. --- Summary of changes: lib/torture/torture.c |8 --- lib/torture/torture.h |3 -- pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm | 14 +--- pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm | 11 +++-- pidl/lib/Parse/Pidl/Samba4/Python.pm| 30 +- pidl/lib/Parse/Pidl/Typelist.pm |7 - source4/scripting/python/samba/__init__.py |1 - source4/scripting/python/samba/getopt.py|2 +- source4/scripting/python/samba/idmap.py |2 - source4/scripting/python/samba/provision.py |5 +-- source4/scripting/python/samba/samba3.py|4 +- source4/scripting/python/samba/upgrade.py |9 +++ 12 files changed, 47 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/torture/torture.c b/lib/torture/torture.c index 99447e7..392cb0a 100644 --- a/lib/torture/torture.c +++ b/lib/torture/torture.c @@ -65,7 +65,6 @@ struct torture_context *torture_context_child(struct torture_context *parent) if (subtorture == NULL) return NULL; - subtorture-level = parent-level+1; subtorture-ev = talloc_reference(subtorture, parent-ev); subtorture-lp_ctx = talloc_reference(subtorture, parent-lp_ctx); subtorture-outputdir = talloc_reference(subtorture, parent-outputdir); @@ -257,7 +256,6 @@ bool torture_run_suite(struct torture_context *context, struct torture_suite *tsuite; char *old_testname; - context-level++; if (context-results-ui_ops-suite_start) context-results-ui_ops-suite_start(context, suite); @@ -282,8 +280,6 @@ bool torture_run_suite(struct torture_context *context, if (context-results-ui_ops-suite_finish) context-results-ui_ops-suite_finish(context, suite); - context-level--; - return ret; } @@ -378,8 +374,6 @@ bool torture_run_tcase(struct torture_context *context, char *old_testname; struct torture_test *test; - context-level++; - context-active_tcase = tcase; if (context-results-ui_ops-tcase_start) context-results-ui_ops-tcase_start(context, tcase); @@ -415,8 +409,6 @@ done: if (context-results-ui_ops-tcase_finish) context-results-ui_ops-tcase_finish(context, tcase); - context-level--; - return ret; } diff --git a/lib/torture/torture.h b/lib/torture/torture.h index bc63653..e28801e 100644 --- a/lib/torture/torture.h +++ b/lib/torture/torture.h @@ -86,9 +86,6 @@ struct torture_context /** Directory used for temporary test data */ const char *outputdir; - /** Indentation level */ - int level; - /** Event context */ struct tevent_context *ev; diff --git a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm index ed1b71a..a2a61d8 100644 --- a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm +++ b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm @@ -96,11 +96,17 @@ sub ParseOutputArgument($$$) # structure, the user should be able to know the size beforehand # to allocate a structure of the right size. my $env = GenerateFunctionInEnv($fn, r.); - my $size_is = ParseExpr($e-{LEVELS}[$level]-{SIZE_IS}, $env, $e-{ORIGINAL}); - if (has_property($e, charset)) { - $self-pidl(memcpy(CONST_DISCARD(char *, $e-{NAME}), r.out.$e-{NAME}, $size_is * sizeof(*$e-{NAME}));); + my $l = $e-{LEVELS}[$level]; +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-528-g09135ee
The branch, master has been updated via 09135ee5a09a8b6aabf88c1bdf9280065c8b35e7 (commit) via 2fc5331e5c23e3f448b53fa7838e478772d0caed (commit) from 7889823783625e16e273770f73f285920828e411 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 09135ee5a09a8b6aabf88c1bdf9280065c8b35e7 Author: Andrew Bartlett abart...@samba.org Date: Sat Jul 18 10:15:55 2009 +1000 s4:kdc Add in a simple check for constrained delegation to self To do this properly, we must use the PAC, but for now this is enough to check that we are delegating to another name on the same host (which must be safe). (Windows 7 does this a lot, also noted in bug 6273) Andrew Bartlett commit 2fc5331e5c23e3f448b53fa7838e478772d0caed Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Fri Jul 10 12:48:18 2009 +0200 [SAMBA 4 directory] Refactoring and clean up of directory structure - Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that isCriticalSystemObject and showInAdvancedViewOnly attributes are set correctly on each object --- Summary of changes: source4/kdc/hdb-samba4.c | 71 ++- source4/setup/provision.ldif | 184 - source4/setup/provision_basedn_modify.ldif|6 +- source4/setup/provision_computers_modify.ldif |6 +- source4/setup/provision_configuration.ldif|1 + source4/setup/provision_group_policy.ldif | 11 -- source4/setup/provision_self_join.ldif|5 +- source4/setup/provision_users.ldif| 26 +--- source4/setup/provision_users_modify.ldif |6 +- source4/setup/schema_samba4.ldif |3 - 10 files changed, 237 insertions(+), 82 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 435282a..cadbe33 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -1422,6 +1422,75 @@ static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB *db) return 0; } +krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, + hdb_entry_ex *entry, + krb5_const_principal target_principal) +{ + struct ldb_context *ldb_ctx = (struct ldb_context *)db-hdb_db; + struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, loadparm), + struct loadparm_context); + krb5_error_code ret; + krb5_principal enterprise_prinicpal = NULL; + struct ldb_dn *realm_dn; + struct ldb_message *msg; + struct dom_sid *orig_sid; + struct dom_sid *target_sid; + struct hdb_ldb_private *p = talloc_get_type(entry-ctx, struct hdb_ldb_private); + const char *delegation_check_attrs[] = { + objectSid, NULL + }; + + TALLOC_CTX *mem_ctx = talloc_named(db, 0, hdb_samba4_check_constrained_delegation); + + if (!mem_ctx) { + ret = ENOMEM; + krb5_set_error_message(context, ret, hdb_samba4_fetch: talloc_named() failed!); + return ret; + } + + if (target_principal-name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { + /* Need to reparse the enterprise principal to find the real target */ + if (target_principal-name.name_string.len != 1) { + ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, hdb_samba4_check_constrained_delegation: request for delegation to enterprise principal with wrong (%d) number of components, + target_principal-name.name_string.len); + talloc_free(mem_ctx); + return ret; + } + ret = krb5_parse_name(context, target_principal-name.name_string.val[0], + enterprise_prinicpal); + if (ret) { + talloc_free(mem_ctx); + return ret; + } + target_principal = enterprise_prinicpal; + } + + ret = hdb_samba4_lookup_server(context, db, lp_ctx, mem_ctx, target_principal, + delegation_check_attrs, realm_dn, msg); + + krb5_free_principal(context, enterprise_prinicpal); + + if (ret != 0) { + talloc_free(mem_ctx); + return ret; + } + +