[Samba] monitor domain logons
How can I check if a client has used the pdc or one of the bdc's for domain logon? regards martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain not reachable.
On Wed, Aug 26, 2009 at 10:37 PM, Bill Plattbpl...@buyowner.com wrote: I am setting up a domain with MDS and all works well in some offices, but in others I get domain not reachable errors when trying to logon. Could this be a bad switch? Not sure what MDS is and what does other offices means, but could it be that you need lmhost to setup on workstations (wins also). Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
Hallo, Sallow, Du meintest am 27.08.09: 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. [...] Why samba has this purpose? I think it shows right info that can make user more clearly. As John H. Terpstra has already told: man smb.conf shows the option fstype; its default is NTFS. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] monitor domain logons
Martin I use root preexec in the netlogon share to run a script which: a) Update DNS with the fqdn username.domain b) Update a MySQL db with the username, logon time, machine name and server name in combination with an entry in the logon script on each dc which writes to a logfile at each logon with the username, server and time. Alex On Thu, 2009-08-27 at 08:36 +0200, Martin Hochreiter wrote: How can I check if a client has used the pdc or one of the bdc's for domain logon? regards martin -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. Transact is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 1200 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba profile/profdata and Windows XP/Vista/7
Hello, at the moment we have only windows xp clients, but we got some windows vista clients and in the future windows 7. So i think i need to make for every Windows Version a profile(\\server\profiles), or? We use for Desktop, My Documents and other Directorys Profile Redirections, for a fast logon. I know(or i think to know) that there is a Variable in Samba for the Windows Version, but which Directories need to be seperated? Is there a Solution to create more Profile Redirections than the Default one in the Registry(I mean those default Variables for profiles)? Have a nice day :-) -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: most common way to implement 'net time' privileges
On Wed, Aug 26, 2009 at 6:11 PM, Volker Lendeckevolker.lende...@sernet.de wrote: On Wed, Aug 26, 2009 at 06:05:35PM +0300, Liutauras Adomaitis wrote: now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Normally a Device is not functioning (or so) means an NT_STATUS_UNSUCCESSFUL error message. I don't see any such error message in the logs. When *exactly* did the error happen when you took the log? I looked through the logs again - no line with NT_STATUS_UNSUCCESSFUL. I found other thing (look below). It says ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1376040910-2644421868-2724539926-513] Could this be the problem? [2009/08/27 12:48:03, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/08/27 12:48:03, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/08/27 12:48:03, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base = [o=Publicum,dc=infosaitas,dc=lt], filter = [((sambaSID=S-1-5-21-1376040910-2644421868-2724539926-513)(objectclass=sambaSamAccount))], scope = [2] [2009/08/27 12:48:03, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1613) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1376040910-2644421868-2724539926-513] count=0 [2009/08/27 12:48:03, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base = [ou=Group,cn=internal,o=Publicum,dc=infosaitas,dc=lt], filter = [((objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1376040910-2644421868-2724539926-513))], scope = [2] [2009/08/27 12:48:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(2348) init_group_from_ldap: Entry found for group: 513 [2009/08/27 12:48:03, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/08/27 12:48:03, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1635) lookup_rids: Domain Users:2 [2009/08/27 12:48:03, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: most common way to implement 'net time' privileges
Liutauras Adomaitis pisze: On Wed, Aug 26, 2009 at 6:11 PM, Volker Lendeckevolker.lende...@sernet.de wrote: On Wed, Aug 26, 2009 at 06:05:35PM +0300, Liutauras Adomaitis wrote: now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Normally a Device is not functioning (or so) means an NT_STATUS_UNSUCCESSFUL error message. I don't see any such error message in the logs. When *exactly* did the error happen when you took the log? I looked through the logs again - no line with NT_STATUS_UNSUCCESSFUL. I found other thing (look below). It says ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1376040910-2644421868-2724539926-513] Could this be the problem? I have the same issue on samba 3.4.0. Previously I thought all usrmgr.exe's features does not work for Samba, but only for NT 4.0. The issue comes out when using the latest version 5.2.3790.1127 of usrmgr.exe. The previous ones shipped with Windows NT 4.0 Server and Windows 2000 Server (4.0.1371.1 and versions 5.0.2195.6601) work well, but in both there are no changing time policy setting in the menu of policy -- user rights settings group :-) Allowing Domain Users setting time for their machines via time change settings (clock settings on right bottom corner of windows desktop) or via logon.bat for example I resolved adding Domain User Group into the policy called Allow user time change under secpol.msc utility from Windows XP Professional workstation. Moreover using policy settings from usrmgr.exe utility is more elegant in my opinion and I would be very grateful to know the issue that not allowes to use these policy based settings. Best regards Witek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: most common way to implement 'net time' privileges
On Thu, Aug 27, 2009 at 3:14 PM, Witold Tostawitold.to...@neostrada.pl wrote: Liutauras Adomaitis pisze: On Wed, Aug 26, 2009 at 6:11 PM, Volker Lendeckevolker.lende...@sernet.de wrote: On Wed, Aug 26, 2009 at 06:05:35PM +0300, Liutauras Adomaitis wrote: now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Normally a Device is not functioning (or so) means an NT_STATUS_UNSUCCESSFUL error message. I don't see any such error message in the logs. When *exactly* did the error happen when you took the log? I looked through the logs again - no line with NT_STATUS_UNSUCCESSFUL. I found other thing (look below). It says ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1376040910-2644421868-2724539926-513] Could this be the problem? I have the same issue on samba 3.4.0. Previously I thought all usrmgr.exe's features does not work for Samba, but only for NT 4.0. The issue comes out when using the latest version 5.2.3790.1127 of usrmgr.exe. The previous ones shipped with Windows NT 4.0 Server and Windows 2000 Server (4.0.1371.1 and versions 5.0.2195.6601) work well, but in both there are no changing time policy setting in the menu of policy -- user rights settings group :-) Allowing Domain Users setting time for their machines via time change settings (clock settings on right bottom corner of windows desktop) or via logon.bat for example I resolved adding Domain User Group into the policy called Allow user time change under secpol.msc utility from Windows XP Professional workstation. How did you do that with logon.bat? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] monitor domain logons
On Thu, Aug 27, 2009 at 2:29 PM, Alex Crowac...@integrafin.co.uk wrote: Martin I use root preexec in the netlogon share to run a script which: a) Update DNS with the fqdn username.domain b) Update a MySQL db with the username, logon time, machine name and server name in combination with an entry in the logon script on each dc which writes to a logfile at each logon with the username, server and time. Alex Alex, I have been trying to use root preexec to add domain users to Power users group on the local workstation, it never works.. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#autopoweruserscript Have you used this?? thanks Avinash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] monitor domain logons
Alex, I have been trying to use root preexec to add domain users to Power users group on the local workstation, it never works.. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#autopoweruserscript Have you used this?? thanks Avinash I have already heard of that hint - thank your for the link. Is there really no tool inside samba that can show you what client has logged on on what certain dc? What about this IPC$ - is that a hint for a domain logon? martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] error sys_lseek copy file samba 2.2.7
I can´t copy some files from server to directory /adawork/softtek om AIX box I´m using AIX 5.3 with samba 2.2.7-4 Here´s mys logs from samba server _ file log.windows-server seek_file: (FAT_ATRASO_TRANS_5_3_1_in.txt) sys_lseek failed. Error was Invalid argument [2009/08/27 13:30:59, 3] smbd/error.c:error_packet(94) error string = Invalid argument [2009/08/27 13:30:59, 3] smbd/error.c:error_packet(113) error packet at smbd/reply.c(2969) cmd=47 (SMBwriteX) NT_STATUS_INVALID_HANDLE [2009/08/27 13:30:59, 3] smbd/process.c:process_smb(878) Transaction 32782 of length 41 [2009/08/27 13:30:59, 3] smbd/process.c:switch_message(685) switch message SMBflush (pid 938236) file smb.conf # Samba config file created using SWAT # Date: 2009/08/25 20:19:04 # Global parameters [global] workgroup = CP.COM.BR server string = adabas security = SHARE log level = 1 log file = /var/spool/samba/log.%m max log size = 10 preferred master = No dns proxy = No wins server = No hosts allow = 192.,10.16.,15. [softtek] comment = Diretorio /adawork/softtek. path = /adawork/softtek read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 192.168. [softtekp] comment = Diretorio /adawork/softtek. path = /adawork/softtek read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 192.168. [softtekp1] comment = Diretorio /adawork/softtek. path = /adawork/softtek read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 15.0.0.1 #oplock contention limit = 4 [c477095] comment = Diretorio /home/c477095 path = /home/c477095 write list = @staff read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 192.168.20.242 [dccgg] comment = Diretorio /home/dccgg path = /home/dccgg write list = @staff read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 192.168. [dpcfat] comment = Diretorio /home/dpcfat path = /home/dpcfat write list = @staff read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 192.168. [resource] comment = Diretorio /adawork path = /adawork write list = @staff read only = No create mask = 0777 guest ok = Yes hosts allow = 192.168.13. [NMON] comment = Diretorio /home/service/nmon path = /home/service/nmon write list = @staff read only = No create mask = 0777 guest only = Yes guest ok = Yes hosts allow = 192.168.20.222 thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap? Samba? Nss?
It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. I noticed this first on my batch user add program for adding users to ldap/samba. The program reads in the users and groups with getpwent and getgrent and it really takes a long time. Any suggestions of what to start looking for would be appreciated. -- Scott Mayo - System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: most common way to implement 'net time' privileges
Liutauras Adomaitis pisze: On Thu, Aug 27, 2009 at 3:14 PM, Witold Tostawitold.to...@neostrada.pl wrote: Liutauras Adomaitis pisze: On Wed, Aug 26, 2009 at 6:11 PM, Volker Lendeckevolker.lende...@sernet.de wrote: On Wed, Aug 26, 2009 at 06:05:35PM +0300, Liutauras Adomaitis wrote: now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Normally a Device is not functioning (or so) means an NT_STATUS_UNSUCCESSFUL error message. I don't see any such error message in the logs. When *exactly* did the error happen when you took the log? I looked through the logs again - no line with NT_STATUS_UNSUCCESSFUL. I found other thing (look below). It says ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1376040910-2644421868-2724539926-513] Could this be the problem? I have the same issue on samba 3.4.0. Previously I thought all usrmgr.exe's features does not work for Samba, but only for NT 4.0. The issue comes out when using the latest version 5.2.3790.1127 of usrmgr.exe. The previous ones shipped with Windows NT 4.0 Server and Windows 2000 Server (4.0.1371.1 and versions 5.0.2195.6601) work well, but in both there are no changing time policy setting in the menu of policy -- user rights settings group :-) Allowing Domain Users setting time for their machines via time change settings (clock settings on right bottom corner of windows desktop) or via logon.bat for example I resolved adding Domain User Group into the policy called Allow user time change under secpol.msc utility from Windows XP Professional workstation. How did you do that with logon.bat? You probably got me wrong :-) Using the logon.bat (common NT login script) I synchronize the client's system time with domain time when client logs into the domain with the following command: net time /domain:yourdomainname /set /yes But only the domain administartors and as far as I know advanced users are able to do this. When your user is an administartor or advanced user that's enough, you don't have to change anything else. But if the user is a domain user you have to add the ability of changing system time to computer's local policy (secpol.msc) Otherwise login.bat processing will stop and will inform that user doesn't have privilage to change local system time. With such statement domain user cannot enter system's clock and look at the calendar either, funny isn't it ? My point was to ask the Honorable Group if there's a possibility to set up a domain policy that allows to change user's system time for each domain user globally, not only computer's local policy for each computer separately. Best regards. Witek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject - Email found in subject
Hi, Anyone?, please help!! Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research From: Shaun Martin smar...@akazaresearch.com Date: Wed, 26 Aug 2009 09:12:33 -0400 To: Jeremy Allison j...@samba.org Cc: samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject - Email found in subject Hi All, Ok I think I have isolated the problem a little more. I did not know the user in question was using a MAC as she is a remote user I have never seen. It seems this issue is only happening with MAC's I did not think that could happen as she is still using the smb protocol. Below is a dir listing of newly created dir's from win, linux and mac clients all using the smb protocol. drwxrwxr-x 2 bbaumann isovera 48 2009-08-26 09:07 ben --windows drwxrwxr-x 2 crusso isovera 48 2009-08-26 09:07 chris---linux (ubunutu) drwxr-xr-x 2 efogel isovera 48 2009-08-26 09:08 erin ---MAC (Newest Version) As you can see the only one not respecting my config of a 775 dir is the mac client. Has anyone seen this before? Any help is greatly appreciated. Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Tue, 18 Aug 2009 11:55:03 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: Adam Williams awill...@mdah.state.ms.us, samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject On Tue, Aug 18, 2009 at 11:38:21AM -0400, Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new I just tested this using the latest released 3.4.0 code and it works fine. I suggest you upgrade to the latest version from 3.2.0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba rg/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
Just curious, Are you using samba with nss_ldap and pam_ldap for user lookups and authentication? sgm...@mail.bloomfield.k12.mo.us wrote: It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. I noticed this first on my batch user add program for adding users to ldap/samba. The program reads in the users and groups with getpwent and getgrent and it really takes a long time. Any suggestions of what to start looking for would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
Hello, If you want to avoid using get try setting ldapsam:trusted = yes. This way Samba will fetch user info directly from LDAP instead of going through the getpwent and others which reaally pull a lot of data. That should reduce the time needed to login a bit (at least that worked for me). Regards, Michal 2009/8/27 Ryan Suarez ryan.sua...@sheridanc.on.ca: Just curious, Are you using samba with nss_ldap and pam_ldap for user lookups and authentication? sgm...@mail.bloomfield.k12.mo.us wrote: It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. I noticed this first on my batch user add program for adding users to ldap/samba. The program reads in the users and groups with getpwent and getgrent and it really takes a long time. Any suggestions of what to start looking for would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
Michal Dobroczynski wrote: Hello, If you want to avoid using get try setting ldapsam:trusted = yes. This way Samba will fetch user info directly from LDAP instead of going through the getpwent and others which reaally pull a lot of data. That should reduce the time needed to login a bit (at least that worked for me). You're assuming that his samba is setup as a domain controller, not simply a domain member. And that it has write access to ldap with the necessary attributes. Scott, you need to provide more info. Regards, Michal 2009/8/27 Ryan Suarez ryan.sua...@sheridanc.on.ca: Just curious, Are you using samba with nss_ldap and pam_ldap for user lookups and authentication? sgm...@mail.bloomfield.k12.mo.us wrote: It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. I noticed this first on my batch user add program for adding users to ldap/samba. The program reads in the users and groups with getpwent and getgrent and it really takes a long time. Any suggestions of what to start looking for would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
Ryan Suarez wrote: Michal Dobroczynski wrote: Hello, If you want to avoid using get try setting ldapsam:trusted = yes. This way Samba will fetch user info directly from LDAP instead of going through the getpwent and others which reaally pull a lot of data. That should reduce the time needed to login a bit (at least that worked for me). You're assuming that his samba is setup as a domain controller, not simply a domain member. And that it has write access to ldap with the necessary attributes. sorry I meant security=user or server, not domain member Scott, you need to provide more info. Regards, Michal 2009/8/27 Ryan Suarez ryan.sua...@sheridanc.on.ca: Just curious, Are you using samba with nss_ldap and pam_ldap for user lookups and authentication? sgm...@mail.bloomfield.k12.mo.us wrote: It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. I noticed this first on my batch user add program for adding users to ldap/samba. The program reads in the users and groups with getpwent and getgrent and it really takes a long time. Any suggestions of what to start looking for would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
Ryan Suarez wrote: Michal Dobroczynski wrote: Hello, If you want to avoid using get try setting ldapsam:trusted = yes. This way Samba will fetch user info directly from LDAP instead of going through the getpwent and others which reaally pull a lot of data. That should reduce the time needed to login a bit (at least that worked for me). The get as in my perl script actually. I will have to do some reading to figure out how to get the info I need without it. You're assuming that his samba is setup as a domain controller, not simply a domain member. And that it has write access to ldap with the necessary attributes. Scott, you need to provide more info. Rest of the info is at the bottom of this post. Just curious, Are you using samba with nss_ldap and pam_ldap for user lookups and authentication? Yes. I hope it is all setup correctly. It is working it seems. It seems that it really got slow in the last couple of days. I have added some users to LDAP, but not that many. There are proabably a total of 1000 users and not near all of them would log on at once. Maybe a couple of hundred at the very most and more like 75-100. sgm...@mail.bloomfield.k12.mo.us wrote: It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. I noticed this first on my batch user add program for adding users to ldap/samba. The program reads in the users and groups with getpwent and getgrent and it really takes a long time. Any suggestions of what to start looking for would be appreciated. I have a question about LDAP also and was wondering if this would affect it. I know that on my old server I had the following in the slapd.conf: core cosine inetorgperson nis samba On my new one it has the above plus: corba duaconf dyngroup java misc openldap ppolicy collective Those were just in there when I installed it so I left them. Should I take them out or would that not have any affect on logins at all? Here is my smb.conf [global] workgroup = BES server string = netbios name = SCHOOL1 host msdfs = yes interfaces = lo eth0 hosts allow = 127. 10.0. 192.168.0. localhost log level = 3 ldap passwd sync = Yes ldap admin dn = cn=Manager,dc=school1,dc=bloomfield.k12.mo.us ldap suffix = dc=school1,dc=bloomfield.k12.mo.us ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add machine script = /usr/sbin/smbldap-useradd -w %u add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u Dos charset = 850 Unix charset = ISO8859-1 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 log file = /var/log/samba/log.%m security = user passdb backend = ldapsam:ldap://127.0.0.1 domain master = yes domain logons = yes logon path = /bin/false %u local master = yes os level = 65 preferred master = yes wins support = yes dns proxy = no load printers = yes cups options = raw [teacher_dfs] path = /district/dfs_shares/teachers msdfs root = yes [student_dfs] path = /district/dfs_shares/students msdfs root = yes [userhome] comment = Home Directories path = /home/%u read only = no [student] comment = School Wide Main for students path = /district/school read only = no create mask = 660 force create mode = 2660 directory mask = 770 force directory mode = 3770 [teacher] comment = School Wide Main for teachers path = /district/school read only = no create mask = 666 force create mode = 2666 directory mask = 777 force directory mode = 3777 valid users = @teacher @admin @staff [staff] comment = drive for staff to share things on path = /district/teachers read only = no create mask = 666 force create mode = 2666 directory mask = 777 force directory mode = 3777 valid users = @teacher @admin @staff [sis] path = /district/sis read only = no valid users = @sis @teacher @admin create mask = 666 directory mask = 770 force directory mode = 2770 level2 oplocks = no oplocks = no [follett] path = /district/follett read only = no [vexira] path = /district/vexira read only = yes [software] path = /district/_SOFTWARE read only = no [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon
[Samba] Share folders with Samba4 AD
Hi, I installed Samba4-alpha8 in my server. The AD works perfectly. But I'll want share the users homes with Samba4, so I put My Documents of Windows linked with /home/[user] by shared users home folder. Help me please. Thanks. Atenciosamente, Ricardo Aragão Personal e-mail: ricardo.ara...@targetso.com Pabx: +55 21 3005-9545 R. 14 Mobile: +55 21 9469-8679 *www.targetso.com* | Rua Graça Aranha, 57 | Sala 405 Centro | Rio de Janeiro | RJ | Tel: +55 21 3005-9545 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
2009/8/27 sgm...@mail.bloomfield.k12.mo.us: [...] Yes. I hope it is all setup correctly. It is working it seems. It seems that it really got slow in the last couple of days. I have added some users to LDAP, but not that many. There are proabably a total of 1000 users and not near all of them would log on at once. Maybe a couple of hundred at the very most and more like 75-100. [...] Perhaps you need to tweak the LDAP indexes? Your LDAP logs should tell you what is being accessed without an index. You can also get the LDAP server to log the queries and try them yourself using ldapsearch to see if they are slow. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap? Samba? Nss?
sgm...@mail.bloomfield.k12.mo.us wrote in message news:1247.204.184.27.217.1251396091.squir...@mail.bloomfield.k12.mo.us... It seems my logins are taking a long time to get logged in. I am guessing that it is worse when classes start and a lot of the kids try to login at once. My old server did not seem to have this problem though and we have the same number of students. Where should I start looking at this? I am guessing that it is ldap, but want to make sure. If I log in at a computer and go to start-run and type \\server, it may take 1-2 minutes until I can see my shares which is the same thing the students are seeing when logging into the domain. I just wanted to leave any profile copying out of the equation so I just did it this way. Do you have a db_config file set up? This usually makes a significant improvement in Openldap's performance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba account integrate
pc1 : fedora 10 pc2 : fedora 10 Pc1 and pc2 using Samba to integrate your account information can we do? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Thu Aug 27 06:00:01 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-08-26 00:00:34.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-08-27 00:00:03.0 -0600 @@ -1,22 +1,22 @@ -Build status as of Wed Aug 26 06:00:01 2009 +Build status as of Thu Aug 27 06:00:01 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 2 1 0 +ccache 3 1 0 distcc 0 0 0 -ldb 24 24 0 -libreplace 22 11 0 +ldb 25 25 0 +libreplace 24 11 0 lorikeet 0 0 0 pidl 1 1 0 ppp 0 0 0 -rsync24 10 0 +rsync3 2 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 0 0 0 -samba_3_master 22 22 2 -samba_3_next 22 21 1 -samba_4_0_test 24 24 3 -talloc 24 24 0 -tdb 21 21 0 +samba_3_current 1 1 0 +samba_3_master 23 23 2 +samba_3_next 23 22 1 +samba_4_0_test 25 25 2 +talloc 25 25 0 +tdb 22 22 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1205-g160c197
The branch, master has been updated via 160c197b8456ef5cd70c8297d8a7efc3dca178ec (commit) from 6c55518d471950d8ebaf0df47634116802d6f735 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 160c197b8456ef5cd70c8297d8a7efc3dca178ec Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 27 19:38:04 2009 +1000 s4:python Add helper to get at the domain SID --- Summary of changes: source4/scripting/python/pyglue.c | 27 +++ source4/scripting/python/samba/__init__.py |6 ++ 2 files changed, 33 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index 55ba5c3..79ee0ec 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -194,6 +194,30 @@ static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args) Py_RETURN_NONE; } +static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args) +{ + PyObject *py_ldb; + struct ldb_context *ldb; + const struct dom_sid *sid; + PyObject *ret; + char *retstr; + + if (!PyArg_ParseTuple(args, O, py_ldb)) + return NULL; + + PyErr_LDB_OR_RAISE(py_ldb, ldb); + + sid = samdb_domain_sid(ldb); + if (!sid) { + PyErr_SetString(PyExc_RuntimeError, samdb_domain_sid failed); + return NULL; + } + retstr = dom_sid_string(NULL, sid); + ret = PyString_FromString(retstr); + talloc_free(retstr); + return ret; +} + static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args) { PyObject *py_ldb; @@ -434,6 +458,9 @@ static PyMethodDef py_misc_methods[] = { { samdb_set_domain_sid, (PyCFunction)py_samdb_set_domain_sid, METH_VARARGS, samdb_set_domain_sid(samdb, sid)\n Set SID of domain to use. }, + { samdb_get_domain_sid, (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS, + samdb_get_domain_sid(samdb)\n + Get SID of domain in use. }, { ldb_register_samba_handlers, (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS, ldb_register_samba_handlers(ldb)\n Register Samba-specific LDB modules and schemas. }, diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 4df3d6f..720a015 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -233,6 +233,12 @@ class Ldb(ldb.Ldb): glue.samdb_set_domain_sid(self, sid) +def domain_sid(self): +Read the domain SID used by this LDB. + + +glue.samdb_get_domain_sid(self) + def set_schema_from_ldif(self, pf, df): glue.dsdb_set_schema_from_ldif(self, pf, df) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1206-gd368c73
The branch, master has been updated via d368c73f9545f1c2fb66c8de8b5053d15a150876 (commit) from 160c197b8456ef5cd70c8297d8a7efc3dca178ec (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d368c73f9545f1c2fb66c8de8b5053d15a150876 Author: Günther Deschner g...@samba.org Date: Thu Aug 27 12:32:56 2009 +0200 s4-smbtorture: add test_SetPassword_flags to RPC-NETLOGON-S3 testsuite. Guenther --- Summary of changes: source4/torture/rpc/netlogon.c | 101 1 files changed, 101 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index f488a03..7544541 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -342,6 +342,82 @@ static bool test_SetPassword(struct torture_context *tctx, } /* + try a change password for our machine account +*/ +static bool test_SetPassword_flags(struct torture_context *tctx, + struct dcerpc_pipe *p, + struct cli_credentials *machine_credentials, + uint32_t negotiate_flags) +{ + NTSTATUS status; + struct netr_ServerPasswordSet r; + const char *password; + struct netlogon_creds_CredentialState *creds; + struct netr_Authenticator credential, return_authenticator; + struct samr_Password new_password; + + if (!test_SetupCredentials2(p, tctx, negotiate_flags, + machine_credentials, + cli_credentials_get_secure_channel_type(machine_credentials), + creds)) { + return false; + } + + r.in.server_name = talloc_asprintf(tctx, %s, dcerpc_server_name(p)); + r.in.account_name = talloc_asprintf(tctx, %s$, TEST_MACHINE_NAME); + r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials); + r.in.computer_name = TEST_MACHINE_NAME; + r.in.credential = credential; + r.in.new_password = new_password; + r.out.return_authenticator = return_authenticator; + + password = generate_random_str(tctx, 8); + E_md4hash(password, new_password.hash); + + netlogon_creds_des_encrypt(creds, new_password); + + torture_comment(tctx, Testing ServerPasswordSet on machine account\n); + torture_comment(tctx, Changing machine account password to '%s'\n, + password); + + netlogon_creds_client_authenticator(creds, credential); + + status = dcerpc_netr_ServerPasswordSet(p, tctx, r); + torture_assert_ntstatus_ok(tctx, status, ServerPasswordSet); + + if (!netlogon_creds_client_check(creds, r.out.return_authenticator-cred)) { + torture_comment(tctx, Credential chaining failed\n); + } + + /* by changing the machine password twice we test the + credentials chaining fully, and we verify that the server + allows the password to be set to the same value twice in a + row (match win2k3) */ + torture_comment(tctx, + Testing a second ServerPasswordSet on machine account\n); + torture_comment(tctx, + Changing machine account password to '%s' (same as previous run)\n, password); + + netlogon_creds_client_authenticator(creds, credential); + + status = dcerpc_netr_ServerPasswordSet(p, tctx, r); + torture_assert_ntstatus_ok(tctx, status, ServerPasswordSet (2)); + + if (!netlogon_creds_client_check(creds, r.out.return_authenticator-cred)) { + torture_comment(tctx, Credential chaining failed\n); + } + + cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED); + + torture_assert(tctx, + test_SetupCredentials(p, tctx, machine_credentials, creds), + ServerPasswordSet failed to actually change the password); + + return true; +} + + +/* generate a random password for password change tests */ static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len) @@ -2590,6 +2666,30 @@ static bool test_ManyGetDCName(struct torture_context *tctx, return true; } +static bool test_SetPassword_with_flags(struct torture_context *tctx, + struct dcerpc_pipe *p, + struct cli_credentials *machine_credentials) +{ + uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS }; + struct netlogon_creds_CredentialState *creds; + int i; + + if (!test_SetupCredentials2(p, tctx, 0, + machine_credentials, +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1207-g3f0c877
The branch, master has been updated via 3f0c8772f15517134ef2c5805119f197aa1f69ed (commit) from d368c73f9545f1c2fb66c8de8b5053d15a150876 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3f0c8772f15517134ef2c5805119f197aa1f69ed Author: Günther Deschner g...@samba.org Date: Thu Aug 27 13:37:06 2009 +0200 s4-smbtorture: do not hard code BDC secure channel type into RPC-NETLOGON tests. Guenther --- Summary of changes: source4/torture/rpc/netlogon.c | 21 - 1 files changed, 12 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 7544541..9a73cfe 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -110,7 +110,7 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx, a.in.server_name = NULL; a.in.account_name = talloc_asprintf(tctx, %s$, machine_name); - a.in.secure_channel_type = SEC_CHAN_BDC; + a.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials); a.in.computer_name = machine_name; a.in.credentials = credentials3; a.out.return_credentials = credentials3; @@ -130,7 +130,9 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx, /* This allows the tests to continue against the more fussy windows 2008 */ if (NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED)) { return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, - credentials, SEC_CHAN_BDC, creds_out); + credentials, + cli_credentials_get_secure_channel_type(credentials), + creds_out); } torture_assert_ntstatus_ok(tctx, status, ServerAuthenticate); @@ -238,7 +240,7 @@ static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context a.in.server_name = NULL; a.in.account_name = talloc_asprintf(tctx, %s$, machine_name); - a.in.secure_channel_type = SEC_CHAN_BDC; + a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials); a.in.computer_name = machine_name; a.in.negotiate_flags = negotiate_flags; a.in.credentials = credentials3; @@ -290,7 +292,7 @@ static bool test_SetPassword(struct torture_context *tctx, r.in.server_name = talloc_asprintf(tctx, %s, dcerpc_server_name(p)); r.in.account_name = talloc_asprintf(tctx, %s$, TEST_MACHINE_NAME); - r.in.secure_channel_type = SEC_CHAN_BDC; + r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials); r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = credential; r.in.new_password = new_password; @@ -458,7 +460,7 @@ static bool test_SetPassword2(struct torture_context *tctx, r.in.server_name = talloc_asprintf(tctx, %s, dcerpc_server_name(p)); r.in.account_name = talloc_asprintf(tctx, %s$, TEST_MACHINE_NAME); - r.in.secure_channel_type = SEC_CHAN_BDC; + r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials); r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = credential; r.in.new_password = new_password; @@ -618,7 +620,7 @@ static bool test_GetPassword(struct torture_context *tctx, r.in.server_name = talloc_asprintf(tctx, %s, dcerpc_server_name(p)); r.in.account_name = talloc_asprintf(tctx, %s$, TEST_MACHINE_NAME); - r.in.secure_channel_type = SEC_CHAN_BDC; + r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials); r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = credential; r.out.return_authenticator = return_authenticator; @@ -649,7 +651,7 @@ static bool test_GetTrustPasswords(struct torture_context *tctx, r.in.server_name = talloc_asprintf(tctx, %s, dcerpc_server_name(p)); r.in.account_name = talloc_asprintf(tctx, %s$, TEST_MACHINE_NAME); - r.in.secure_channel_type = SEC_CHAN_BDC; + r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials); r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = credential; r.out.return_authenticator = return_authenticator; @@ -1715,7 +1717,8 @@ static bool test_DatabaseSync2(struct torture_context *tctx, if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS, machine_credentials, -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1214-g1d8d3fd
The branch, master has been updated via 1d8d3fd7c3c2e6c46a3e01983dc26a5a650f6f84 (commit) via 5a1240deac89b1821c987c3daed5a6ad597471f5 (commit) via c4a95f900a64649527a0a299eb52c352c51a2ae7 (commit) via 94948f7a401df781ad64090a804a894cf2976a86 (commit) via 2f16bf54452ba6ef5fc2ad1c031b62ec8454a26b (commit) via f3d71d3e8c1e9c98df38ef5f8c547ff2780e9cfb (commit) via 3532c8b9d831c8122de871db62d17608ff24f409 (commit) from 3f0c8772f15517134ef2c5805119f197aa1f69ed (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1d8d3fd7c3c2e6c46a3e01983dc26a5a650f6f84 Author: Volker Lendecke v...@samba.org Date: Thu Aug 27 14:55:41 2009 +0200 s3:winbind: Convert WINBINDD_GETUSERSIDS to the new API commit 5a1240deac89b1821c987c3daed5a6ad597471f5 Author: Volker Lendecke v...@samba.org Date: Thu Aug 27 14:34:59 2009 +0200 s3:winbind: Fix a typo commit c4a95f900a64649527a0a299eb52c352c51a2ae7 Author: Volker Lendecke v...@samba.org Date: Thu Aug 27 14:16:22 2009 +0200 s3:winbind: Remove the manual caching for the async wb_ functions The generic NDR-based cache in winbindd_dual_ndr.c replaces this. commit 94948f7a401df781ad64090a804a894cf2976a86 Author: Volker Lendecke v...@samba.org Date: Tue Aug 25 12:25:12 2009 +0200 s3:winbind: Some calls are not cacheable commit 2f16bf54452ba6ef5fc2ad1c031b62ec8454a26b Author: Volker Lendecke v...@samba.org Date: Tue Aug 25 11:26:14 2009 +0200 s3:winbind: Factor out wcache_store_seqnum() commit f3d71d3e8c1e9c98df38ef5f8c547ff2780e9cfb Author: Volker Lendecke v...@samba.org Date: Mon Aug 24 00:13:02 2009 +0200 s3:winbind: Add a generic cache for NDR based parent-child requests commit 3532c8b9d831c8122de871db62d17608ff24f409 Author: Volker Lendecke v...@samba.org Date: Mon Aug 24 00:08:14 2009 +0200 s3:winbind: Factor out wcache_fetch_seqnum --- Summary of changes: source3/Makefile.in|1 + source3/winbindd/wb_group_members.c| 31 --- source3/winbindd/wb_lookupname.c | 28 ++- source3/winbindd/wb_lookupsid.c| 11 - source3/winbindd/wb_lookupuseraliases.c|9 - source3/winbindd/wb_lookupusergroups.c |9 - source3/winbindd/wb_queryuser.c|7 - source3/winbindd/winbindd.c|4 +- source3/winbindd/winbindd_async.c | 165 -- source3/winbindd/winbindd_cache.c | 235 +--- source3/winbindd/winbindd_domain.c |2 +- source3/winbindd/winbindd_dual.c |4 +- source3/winbindd/winbindd_dual_ndr.c | 49 +++-- ...d_getuserdomgroups.c = winbindd_getusersids.c} | 78 source3/winbindd/winbindd_group.c | 84 --- source3/winbindd/winbindd_idmap.c |2 +- source3/winbindd/winbindd_locator.c|2 +- source3/winbindd/winbindd_lookupname.c |2 +- source3/winbindd/winbindd_proto.h | 20 ++- 19 files changed, 313 insertions(+), 430 deletions(-) copy source3/winbindd/{winbindd_getuserdomgroups.c = winbindd_getusersids.c} (51%) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index f1fac93..e53dcb9 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1184,6 +1184,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_show_sequence.o \ winbindd/winbindd_getgrgid.o \ winbindd/winbindd_getgrnam.o \ + winbindd/winbindd_getusersids.o \ auth/token_util.o \ ../nsswitch/libwbclient/wb_reqtrans.o \ smbd/connection.o diff --git a/source3/winbindd/wb_group_members.c b/source3/winbindd/wb_group_members.c index 5de4d51..f37641b 100644 --- a/source3/winbindd/wb_group_members.c +++ b/source3/winbindd/wb_group_members.c @@ -52,11 +52,6 @@ static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx, struct tevent_req *req, *subreq; struct wb_lookupgroupmem_state *state; struct winbindd_domain *domain; - uint32_t num_names; - struct dom_sid *sid_mem; - char **names; - uint32_t *name_types; - NTSTATUS status; req = tevent_req_create(mem_ctx, state, struct wb_lookupgroupmem_state); @@ -71,32 +66,6 @@ static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - status = wcache_lookup_groupmem(domain, state, state-sid, num_names, - sid_mem, names, name_types); - if
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1230-g8d58472
The branch, master has been updated via 8d58472706d651fb023ad2eb9d7268429cc7c0ca (commit) via a69d8ab35c03eab4342b5ffbbb961902c8b5f14b (commit) via e115cb5cb153f75fe1d97dcd6037da2796a44e64 (commit) via 360868b6e8ab033993f528d09f803eac660536db (commit) via a3c6e02748d1025da1b68efb4b03e1dc74eebbfe (commit) via b089506136f953961a0290d8af030fbaac3e7136 (commit) via 21a93c2ddc87da3e6e1af8ad7819018526c4b40b (commit) via 2d8157fb9e91b145a98b4b87a50d3bea69412108 (commit) via a09b627ecc446e78aa293e9e8b79c12f75a6b74e (commit) via 7c972d83d268a277501626122ab1c7cdddc0f4a3 (commit) via 04310cc1c510025c8d5dc10d744ab9825eae3fee (commit) via 699266920b23fd9ea6079d8ae8e4682bb5141f0d (commit) via 5a1577884819ccaa21741beb6765819cf640cdc9 (commit) via 17d3800e923fd51f6dd9799d39d56a012f2ad600 (commit) via a18d6839aceb7db05f46d87281ad41f30edb515f (commit) via 598127259894353ffe23316b50408924983a5e82 (commit) from 1d8d3fd7c3c2e6c46a3e01983dc26a5a650f6f84 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8d58472706d651fb023ad2eb9d7268429cc7c0ca Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 25 11:25:47 2009 +0200 libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step() This abstracts the usage of crypto functions instead of directly calling des_crypt112(). metze Signed-off-by: Günther Deschner g...@samba.org commit a69d8ab35c03eab4342b5ffbbb961902c8b5f14b Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 25 11:12:48 2009 +0200 libcli/auth: remove some useless lines metze Signed-off-by: Günther Deschner g...@samba.org commit e115cb5cb153f75fe1d97dcd6037da2796a44e64 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 25 12:02:38 2009 +0200 libcli/auth: remember schannel type in netlogon_creds_server_init() metze Signed-off-by: Günther Deschner g...@samba.org commit 360868b6e8ab033993f528d09f803eac660536db Author: Günther Deschner g...@samba.org Date: Wed Aug 26 00:45:02 2009 +0200 s3-schannel: remove remaining code that was using struct dcinfo. Guenther commit a3c6e02748d1025da1b68efb4b03e1dc74eebbfe Author: Günther Deschner g...@samba.org Date: Tue Aug 25 22:45:15 2009 +0200 s3-credentials: remove unused code. Guenther commit b089506136f953961a0290d8af030fbaac3e7136 Author: Günther Deschner g...@samba.org Date: Wed Aug 26 11:46:58 2009 +0200 s3-schannel: upgrade old format schannel_store.tdb. Guenther commit 21a93c2ddc87da3e6e1af8ad7819018526c4b40b Author: Günther Deschner g...@samba.org Date: Tue Aug 25 22:38:55 2009 +0200 s3-netlogon: use shared credential and schannel storage infrastructure for netlogon server. Guenther commit 2d8157fb9e91b145a98b4b87a50d3bea69412108 Author: Günther Deschner g...@samba.org Date: Tue Aug 25 22:26:34 2009 +0200 s3-netlogon: add netr_creds_server_step_check() convenience wrapper. Guenther commit a09b627ecc446e78aa293e9e8b79c12f75a6b74e Author: Günther Deschner g...@samba.org Date: Wed Aug 26 00:31:27 2009 +0200 s3-schannel: add simple wrappers to fetch and store schannel auth info. Guenther commit 7c972d83d268a277501626122ab1c7cdddc0f4a3 Author: Günther Deschner g...@samba.org Date: Tue Aug 25 21:45:24 2009 +0200 s3-schannel: make open_schannel_session_store() public. Guenther commit 04310cc1c510025c8d5dc10d744ab9825eae3fee Author: Günther Deschner g...@samba.org Date: Tue Aug 25 21:16:27 2009 +0200 libcli/auth: add tdb backend for schannel state. Guenther commit 699266920b23fd9ea6079d8ae8e4682bb5141f0d Author: Günther Deschner g...@samba.org Date: Wed Aug 26 15:08:32 2009 +0200 libcli/auth: move netlogon_creds_CredentialState out of libcli. Guenther commit 5a1577884819ccaa21741beb6765819cf640cdc9 Author: Günther Deschner g...@samba.org Date: Wed Aug 26 14:45:35 2009 +0200 schannel: add netlogon_creds_CredentialState to IDL. Guenther commit 17d3800e923fd51f6dd9799d39d56a012f2ad600 Author: Günther Deschner g...@samba.org Date: Tue Aug 25 21:09:53 2009 +0200 s4-schannel: add ldb suffix to schannel functions. Guenther commit a18d6839aceb7db05f46d87281ad41f30edb515f Author: Günther Deschner g...@samba.org Date: Tue Aug 25 18:59:39 2009 +0200 libcli/auth: rename schannel_state.c to schannel_state_ldb.c. Guenther commit 598127259894353ffe23316b50408924983a5e82 Author: Günther Deschner g...@samba.org Date: Wed Aug 26 16:48:00 2009 +0200 s3-build: add SCHANNEL_OBJ to Makefile.in. Guenther --- Summary of changes: libcli/auth/config.mk
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1231-g1f3d0c5
The branch, master has been updated via 1f3d0c54850b4b9ab6889d50bfa2049970a7cb17 (commit) from 8d58472706d651fb023ad2eb9d7268429cc7c0ca (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f3d0c54850b4b9ab6889d50bfa2049970a7cb17 Author: Günther Deschner g...@samba.org Date: Fri Aug 14 00:36:21 2009 +0200 s3-ntlmssp: remove trailing whitespace. Guenther --- Summary of changes: source3/include/ntlmssp.h | 24 +++--- source3/libsmb/ntlmssp.c | 192 source3/libsmb/ntlmssp_sign.c | 58 ++-- 3 files changed, 137 insertions(+), 137 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index 67cdd5a..1662eaa 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1997 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 Copyright (C) Paul Ashton 1997 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. */ @@ -70,7 +70,7 @@ enum NTLM_MESSAGE_TYPE #define NTLMSSP_SIG_SIZE 16 -typedef struct ntlmssp_state +typedef struct ntlmssp_state { unsigned int ref_count; enum NTLMSSP_ROLE role; @@ -98,7 +98,7 @@ typedef struct ntlmssp_state void *auth_context; /** -* Callback to get the 'challenge' used for NTLM authentication. +* Callback to get the 'challenge' used for NTLM authentication. * * @param ntlmssp_state This structure * @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication @@ -108,10 +108,10 @@ typedef struct ntlmssp_state uint8_t challenge[8]); /** -* Callback to find if the challenge used by NTLM authentication may be modified +* Callback to find if the challenge used by NTLM authentication may be modified * * The NTLM2 authentication scheme modifies the effective challenge, but this is not compatiable with the -* current 'security=server' implementation.. +* current 'security=server' implementation.. * * @param ntlmssp_state This structure * @return Can the challenge be set to arbitary values? @@ -120,7 +120,7 @@ typedef struct ntlmssp_state bool (*may_set_challenge)(const struct ntlmssp_state *ntlmssp_state); /** -* Callback to set the 'challenge' used for NTLM authentication. +* Callback to set the 'challenge' used for NTLM authentication. * * The callback may use the void *auth_context to store state information, but the same value is always available * from the DATA_BLOB chal on this structure. @@ -132,9 +132,9 @@ typedef struct ntlmssp_state NTSTATUS (*set_challenge)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge); /** -* Callback to check the user's password. +* Callback to check the user's password. * -* The callback must reads the feilds of this structure for the information it needs on the user +* The callback must reads the feilds of this structure for the information it needs on the user * @param ntlmssp_state This structure * @param nt_session_key If an NT session key is returned by the authentication process, return it here * @param lm_session_key If an LM session key is returned by the authentication process, return it here @@ -165,5 +165,5 @@ typedef struct ntlmssp_state /* it turns out that we don't always get the response in at the time we want to process it. Store it here, until we need it */ - DATA_BLOB stored_response; + DATA_BLOB stored_response; } NTLMSSP_STATE; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index c5d271c..023d356 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/Netbios implementation. Version 3.0 handle NLTMSSP, server side @@ -24,24 +24,24 @@ #include
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1235-g2a3270b
The branch, master has been updated via 2a3270beec2800e0a5dcb69af111d053abaa9245 (commit) via 5234d10c8e8c9d0d2576133c209ba474e1867d28 (commit) via 09fe57923ab5570aad106b6b82faabe3fcd130fd (commit) via e91d5dbed05f364d155ff8b91ddf5af718fb1462 (commit) from 1f3d0c54850b4b9ab6889d50bfa2049970a7cb17 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2a3270beec2800e0a5dcb69af111d053abaa9245 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 19 09:58:38 2009 +0200 s3:smbd: teach filename_convert() about fake files (2nd fix for bug #6642) metze commit 5234d10c8e8c9d0d2576133c209ba474e1867d28 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 19 09:57:47 2009 +0200 s3:smbd: add is_fake_file_path() that takes only the raw path as string metze commit 09fe57923ab5570aad106b6b82faabe3fcd130fd Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 18 11:34:54 2009 +0200 s3:streams: check for :$DATA only in the backend (fix bug #6642) We need to allow \\$Extend\\$Quota:$Q:$INDEX_ALLOCATION to pass check_path(), so that the Quota Dialog works. metze commit e91d5dbed05f364d155ff8b91ddf5af718fb1462 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 18 11:32:37 2009 +0200 s3:error_map: make NTSTATUS - errno - NTSTATUS mapping consistent for NT_STATUS_INVALID_PARAMETER Why have we mapped EINVAL - NT_STATUS_INVALID_HANDLE before? metze --- Summary of changes: source3/include/proto.h |1 + source3/lib/errmap_unix.c |2 +- source3/modules/onefs_streams.c |3 ++ source3/modules/vfs_streams_depot.c | 10 +++- source3/smbd/fake_file.c| 36 +- source3/smbd/filename.c | 11 ++ source3/smbd/reply.c|3 -- 7 files changed, 46 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index b87e3b7..ac0eed2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6288,6 +6288,7 @@ void reply_openerror(struct smb_request *req, NTSTATUS status); /* The following definitions come from smbd/fake_file.c */ +enum FAKE_FILE_TYPE is_fake_file_path(const char *path); enum FAKE_FILE_TYPE is_fake_file(const struct smb_filename *smb_fname); NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, uint16_t current_vuid, diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c index d43598b..d5b94e9 100644 --- a/source3/lib/errmap_unix.c +++ b/source3/lib/errmap_unix.c @@ -31,7 +31,7 @@ const struct unix_error_map unix_dos_nt_errmap[] = { { ENOTDIR, ERRDOS, ERRbadpath, NT_STATUS_NOT_A_DIRECTORY }, { EIO, ERRHRD, ERRgeneral, NT_STATUS_IO_DEVICE_ERROR }, { EBADF, ERRSRV, ERRsrverror, NT_STATUS_INVALID_HANDLE }, - { EINVAL, ERRSRV, ERRsrverror, NT_STATUS_INVALID_HANDLE }, + { EINVAL, ERRSRV, ERRsrverror, NT_STATUS_INVALID_PARAMETER }, { EEXIST, ERRDOS, ERRfilexists, NT_STATUS_OBJECT_NAME_COLLISION}, { ENFILE, ERRDOS, ERRnofids, NT_STATUS_TOO_MANY_OPENED_FILES }, { EMFILE, ERRDOS, ERRnofids, NT_STATUS_TOO_MANY_OPENED_FILES }, diff --git a/source3/modules/onefs_streams.c b/source3/modules/onefs_streams.c index 66eda57..da26661 100644 --- a/source3/modules/onefs_streams.c +++ b/source3/modules/onefs_streams.c @@ -55,6 +55,9 @@ NTSTATUS onefs_stream_prep_smb_fname(TALLOC_CTX *ctx, /* Strip off the :$DATA if one exists. */ str_tmp = strrchr_m(stream_name, ':'); if (str_tmp) { + if (StrCaseCmp(str_tmp, :$DATA) != 0) { + return NT_STATUS_INVALID_PARAMETER; + } str_tmp[0] = '\0'; } } diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index d09255a..aa01891 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -321,6 +321,14 @@ static NTSTATUS stream_smb_fname(vfs_handle_struct *handle, *smb_fname_out = NULL; + stype = strchr_m(smb_fname-stream_name + 1, ':'); + + if (stype) { + if (StrCaseCmp(stype, :$DATA) != 0) { + return NT_STATUS_INVALID_PARAMETER; + } + } + dirname = stream_dir(handle, smb_fname, NULL, create_dir); if (dirname == NULL) { @@ -328,8 +336,6 @@ static NTSTATUS stream_smb_fname(vfs_handle_struct *handle, goto fail; } - stype = strchr_m(smb_fname-stream_name + 1, ':'); - stream_fname = talloc_asprintf(talloc_tos(),
[SCM] CTDB repository - branch master updated - ctdb-1.0.88-2-g54c047c
The branch, master has been updated via 54c047c48902a15e5d2925bfa86e012a11188796 (commit) from 85590e9dfaab0db16ce8103e509fd4d51aef4ad5 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 54c047c48902a15e5d2925bfa86e012a11188796 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Aug 28 05:19:44 2009 +1000 remove a check for the reclock file we dont need --- Summary of changes: config/ctdb.init |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.init b/config/ctdb.init index d69b01c..0e6d5fd 100755 --- a/config/ctdb.init +++ b/config/ctdb.init @@ -62,10 +62,6 @@ else fi build_ctdb_options () { -[ -z $CTDB_RECOVERY_LOCK ] { - echo You must configure the location of the CTDB_RECOVERY_LOCK - exit 1 -} maybe_set () { # If the 2nd arg is null then return - don't set anything. -- CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1236-gcc248f7
The branch, master has been updated via cc248f7dfccf015586627ecef5fc5a475cc7f842 (commit) from 2a3270beec2800e0a5dcb69af111d053abaa9245 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cc248f7dfccf015586627ecef5fc5a475cc7f842 Author: Michael Adam ob...@samba.org Date: Wed Aug 26 12:58:47 2009 +0200 util: fix comment and clarify argument name in DLIST_DEMOTE() Michael --- Summary of changes: lib/util/dlinklist.h |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/dlinklist.h b/lib/util/dlinklist.h index 1a4ebb6..693b43d 100644 --- a/lib/util/dlinklist.h +++ b/lib/util/dlinklist.h @@ -87,11 +87,11 @@ do { \ }\ } while (0) -/* demote an element to the end of the list, needs a tmp pointer */ -#define DLIST_DEMOTE(list, p, tmp) \ +/* demote an element to the end of the list, needs the entry type */ +#define DLIST_DEMOTE(list, p, type) \ do { \ DLIST_REMOVE(list, p); \ - DLIST_ADD_END(list, p, tmp); \ + DLIST_ADD_END(list, p, type); \ } while (0) /* concatenate two lists - putting all elements of the 2nd list at the -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-1.0.88-3-ge26d9d3
The branch, master has been updated via e26d9d32e68e7db1cf4f96c47c0126e9e0b213be (commit) from 54c047c48902a15e5d2925bfa86e012a11188796 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit e26d9d32e68e7db1cf4f96c47c0126e9e0b213be Author: Michael Adam ob...@samba.org Date: Thu Aug 27 22:09:42 2009 +0200 set broadcast addresses in the takeip event. Michael --- Summary of changes: config/events.d/10.interface |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/10.interface b/config/events.d/10.interface index 298f3e8..1c8d32d 100755 --- a/config/events.d/10.interface +++ b/config/events.d/10.interface @@ -57,7 +57,7 @@ case $cmd in echo Failed to bringup interface $iface exit 1 } - /sbin/ip addr add $ip/$maskbits dev $iface || { + /sbin/ip addr add $ip/$maskbits brd + dev $iface || { echo Failed to add $ip/$maskbits on dev $iface } # cope with the script being killed while we have the interface blocked -- CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1241-g76d9115
The branch, master has been updated via 76d91156c82e20bbd68c752376cb814d71759033 (commit) via be4ac227842530d484659f2db683453366326d8b (commit) via 6abb637e3e0d23635fdbbb91c163731b325d696d (commit) via 398d0c2929026fccb3409316720a4dcad225ab05 (commit) via 4279879c9847ca069527e11ca934b8906009cad8 (commit) from cc248f7dfccf015586627ecef5fc5a475cc7f842 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 76d91156c82e20bbd68c752376cb814d71759033 Author: Rusty Russell ru...@rustcorp.com.au Date: Fri Aug 28 12:11:23 2009 +0930 lib/tevent: close pipe_fds on event_context destruction The hack_fds were never closed before; now they're inside event_context they should be closed when that is destroyed. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit be4ac227842530d484659f2db683453366326d8b Author: Rusty Russell ru...@rustcorp.com.au Date: Fri Aug 28 12:08:47 2009 +0930 lib/tevent: handle tevent_common_add_signal on different event contexts. I don't know if this is a problem in real life. The code assumes there's only one tevent_context; all signals will notify the first event context. That's counter-intuitive if you ever use more than one, and there's nothing else in this code which prevents it AFAICT. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 6abb637e3e0d23635fdbbb91c163731b325d696d Author: Rusty Russell ru...@rustcorp.com.au Date: Fri Aug 28 12:04:22 2009 +0930 lib/tevent: fix race with signals and tevent_common_add_signal We carefully preserve the old signal handler, but we replace it before we've set up everything; in particular, if we fail setting up the pipe_hack we could write a NUL char to stdout (fd 0), instead of calling the old signal handler. Replace the signal handler as the very last thing we do. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 398d0c2929026fccb3409316720a4dcad225ab05 Author: Rusty Russell ru...@rustcorp.com.au Date: Fri Aug 28 11:56:34 2009 +0930 lib/tdb: don't overwrite TDBs with different version numbers. In future, this may happen, and we don't want to clobber them. Signed-off-by: Rusty Russell ru...@rustcorp.com.au commit 4279879c9847ca069527e11ca934b8906009cad8 Author: Rusty Russell ru...@rustcorp.com.au Date: Wed Aug 26 17:30:32 2009 +0930 lib/tevent: remove spectacularly complicated manual subtraction To be completely honest, I don't quite know whether to laugh or cry at this one: 1 + (0x ~(s.seen - s.count)) == 1 + (~(s.seen - s.count))# s.seen, s.count are uint32_t == s.count - s.seen # -A == ~A + 1 Signed-off-by: Rusty Russell ru...@rustcorp.com.au --- Summary of changes: lib/tdb/common/open.c| 12 --- lib/tevent/tevent.c |2 + lib/tevent/tevent_internal.h |1 + lib/tevent/tevent_signal.c | 69 +- 4 files changed, 51 insertions(+), 33 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c index 2e6a707..141e6fe 100644 --- a/lib/tdb/common/open.c +++ b/lib/tdb/common/open.c @@ -240,17 +240,19 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags, errno = 0; if (read(tdb-fd, tdb-header, sizeof(tdb-header)) != sizeof(tdb-header) - || strcmp(tdb-header.magic_food, TDB_MAGIC_FOOD) != 0 - || (tdb-header.version != TDB_VERSION -!(rev = (tdb-header.version==TDB_BYTEREV(TDB_VERSION) { - /* its not a valid database - possibly initialise it */ + || strcmp(tdb-header.magic_food, TDB_MAGIC_FOOD) != 0) { if (!(open_flags O_CREAT) || tdb_new_database(tdb, hash_size) == -1) { if (errno == 0) { - errno = EIO; /* ie bad format or something */ + errno = EIO; /* ie bad format or something */ } goto fail; } rev = (tdb-flags TDB_CONVERT); + } else if (tdb-header.version != TDB_VERSION + !(rev = (tdb-header.version==TDB_BYTEREV(TDB_VERSION { + /* wrong version */ + errno = EIO; + goto fail; } vp = (unsigned char *)tdb-header.version; vertest = (((uint32_t)vp[0]) 24) | (((uint32_t)vp[1]) 16) | diff --git a/lib/tevent/tevent.c b/lib/tevent/tevent.c index 0c02e46..56d0da3 100644 --- a/lib/tevent/tevent.c +++ b/lib/tevent/tevent.c @@ -148,6 +148,8 @@ int tevent_common_context_destructor(struct tevent_context *ev)