Re: [Samba] User in Samba 4
Thank you for your reply, I tried to do: ldbsearch-H / usr / local / samba / private / sam.ldb but I see no user name! And for the package I install, it's probably a version for ubuntu, because on OpenSUSE, it does not exist! Thank you -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 26. mai 2010 14:46 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: [Samba] User in Samba 4 2010/5/26 Viatte Frédéric frederic.via...@rpn.ch: Hello Do you know where its users stored on the server Samba 4 ? Are they in a database? Yes, they are in /usr/local/samba/private/sam.ldb. e.g. try: ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=user)' You can also access the information via LDAP over the network. e.g.: $ sudo apt-get install ldap-utils libsasl2-modules-gssapi-heimdal $ kinit administrator $ ldapsearch -h localhost -Y GSSAPI '(objectClass=user)' cn -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbd start trouble - CentOS 5.4
Whit Blauvelt wrote: With smbd Version 3.0.33-3.14.el5 on two different CentOS 5.4 64-bit boxes, /etc/init.d/smb start reports OK for both nmbd and smbd, but an instant later smbd stops running, with no errors reported - just fails, no matter what logging level is requested of it. Also, service smb start fails. On the other hand, smbd -D starts and runs smbd just fine, if done from a console. Also sh /etc/init.d/smb start runs it just fine, if from a console. (sh = bash on CentOS, and the smb script itself specifies /bin/sh.) That feels as if it could be an SELinux problem. If your initscript has been edited and picked up the wrong context, smbd will not have all the permissions it normally gets. Try ls -Z /etc/rc.d/init.d/smb restorecon -v /etc/rc.d/init.d/smb Moray. To err is human. To purr, feline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User in Samba 4
2010/5/27 Viatte Frédéric frederic.via...@rpn.ch: Another small question At what time the database is it create? What command to create it? It is created by setup/provision. -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 26. mai 2010 14:46 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: [Samba] User in Samba 4 2010/5/26 Viatte Frédéric frederic.via...@rpn.ch: Hello Do you know where its users stored on the server Samba 4 ? Are they in a database? Yes, they are in /usr/local/samba/private/sam.ldb. e.g. try: ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=user)' You can also access the information via LDAP over the network. e.g.: $ sudo apt-get install ldap-utils libsasl2-modules-gssapi-heimdal $ kinit administrator $ ldapsearch -h localhost -Y GSSAPI '(objectClass=user)' cn -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User in Samba 4
2010/5/27 Viatte Frédéric frederic.via...@rpn.ch: Thank you for your reply, I tried to do: ldbsearch-H / usr / local / samba / private / sam.ldb but I see no user name! What about with: $ /usr/local/samba/bin/wbinfo -u When I run that against a new Samba4 installation after running setup/provision and then creating a user with net newuser I get this: $ /usr/local/samba/bin/wbinfo -u Administrator Guest krbtgt dns michael And for the package I install, it's probably a version for ubuntu, because on OpenSUSE, it does not exist! The packages necessary for the ldapsearch are the OpenLDAP client utilities and the SASL GSSAPI mechanism. On Ubuntu these are ldap-utils and either libsasl2-modules-gssapi-heimdal or libsasl2-modules-gssapi-mit. I don't know what they are on OpenSUSE. You probably want to use the net command and wbinfo etc., rather than ldbsearch or ldapsearch. Or you can use the GUI tools from a Windows machine as mentioned on the Samba4 HOWTO. -Message d'origine- De : Michael Wood [mailto:esiot...@gmail.com] Envoyé : mercredi, 26. mai 2010 14:46 À : Viatte Frédéric Cc : samba@lists.samba.org Objet : Re: [Samba] User in Samba 4 2010/5/26 Viatte Frédéric frederic.via...@rpn.ch: Hello Do you know where its users stored on the server Samba 4 ? Are they in a database? Yes, they are in /usr/local/samba/private/sam.ldb. e.g. try: ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=user)' You can also access the information via LDAP over the network. e.g.: $ sudo apt-get install ldap-utils libsasl2-modules-gssapi-heimdal $ kinit administrator $ ldapsearch -h localhost -Y GSSAPI '(objectClass=user)' cn -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Patch: newuseradv and newgroupadv scripts for net cmd utlity
Hi On 27 May 2010 00:06, Lukasz Zalewski lu...@dcs.qmul.ac.uk wrote: Hi all, As per Jelmer's request - in response to bug #7455 attached diff file. Please let me know what you think and if any modificationes need to be performed Regards Luk I think samba-technical is a better place to post this. -- Michael Wood esiot...@gmail.com --- samba/netcmd/__init__.py.org2010-05-25 17:28:00.0 +0100 +++ samba/netcmd/__init__.py2010-05-26 11:43:16.0 +0100 @@ -160,3 +160,7 @@ commands[vampire] = cmd_vampire() from samba.netcmd.machinepw import cmd_machinepw commands[machinepw] = cmd_machinepw() +from samba.netcmd.newuseradv import cmd_newuseradv +commands[newuseradv] = cmd_newuseradv() +from samba.netcmd.newgroupadv import cmd_newgroupadv +commands[newgroupadv] = cmd_newgroupadv() --- samba/samdb.py.org 2010-05-25 13:12:16.0 +0100 +++ samba/samdb.py 2010-05-26 21:34:11.0 +0100 @@ -140,6 +140,158 @@ else: self.transaction_commit() +def newgroupadv(self, groupname, groupou=None, grouptype=None, +description=None, mailaddress=None, notes=None): +Adds a new group with additional parameters + +:param groupname: Name of the new group +:param grouptype: Type of the new group +:param description: Description of the new group +:param mailaddress: Email address of the new group +:param notes: Notes of the new group + + +self.transaction_start() +try: +group_dn = CN=%s,%s,%s % (groupname, (groupou or CN=Users), self.domain_dn()) + +# The new user record. Note the reliance on the SAMLDB module which +# fills in the default informations + ldbmessage = {dn: group_dn, +sAMAccountName: groupname, +objectClass: group} + + if grouptype is not None: +ldbmessage[groupType] = %d % ((grouptype)-2**32) + +if description is not None: +ldbmessage[description] = description + +if mailaddress is not None: +ldbmessage[mail] = mailaddress + +if notes is not None: +ldbmessage[info] = notes + +self.add(ldbmessage) + +except: +self.transaction_cancel() +raise +else: +self.transaction_commit() + +def newuseradv(self, username, password, +force_password_change_at_next_login_req=False, + userou=None, surname=None, givenname=None, initials=None, + profilepath=None, scriptpath=None, homedrive=None, homedirectory=None, + jobtitle=None, department=None, company=None, description=None, + mailaddress=None, internetaddress=None, telephonenumber=None, + physicaldeliveryoffice=None): +Adds a new user with additional parameters + +:param username: Name of the new user +:param password: Password for the new user +:param force_password_change_at_next_login_req: Force password change +:param userou: Object container (without domainDN postfix) for new user +:param surname: Surname of the new user +:param givenname: First name of the new user +:param initials: Initials of the new user +:param profilepath: Profile path of the new user +:param scriptpath: Logon script path of the new user +:param homedrive: Home drive of the new user +:param homedirectory: Home directory of the new user +:param jobtitle: Job title of the new user +:param department: Department of the new user +:param company: Company of the new user +:param description: of the new user +:param mailaddress: Email address of the new user +:param internetaddress: Home page of the new user +:param telephonenumber: Phone number of the new user +:param physicaldeliveryoffice: Office location of the new user + + +displayName = ; +if givenname is not None: +displayName += givenname + +if initials is not None: +displayName += ' %s.' % initials + +if surname is not None: +displayName += ' %s' % surname + +self.transaction_start() +try: +user_dn = CN=%s,%s,%s % (username, (userou or CN=Users), self.domain_dn()) + +# The new user record. Note the reliance on the SAMLDB module which +# fills in the default informations + ldbmessage = {dn: user_dn, +sAMAccountName: username, +objectClass: user} + + if surname is not None: +ldbmessage[sn] = surname + + if givenname is not None: +ldbmessage[givenName] = givenname + + if displayName is not : +ldbmessage[displayName] =
Re: [Samba] unable to join to a Samba4 domain
Am 25.05.2010 21:03, Tomasz Chmielewski wrote: Am 25.05.2010 20:55, Lukasz Zalewski wrote: If I block LDAP on UDP, Windows does not send queries to LDAP on TCP. Is it the same for you? And indeed, the error message is the same whether 389/UDP is blocked or not. I'n my case if one protocol (TCP or UDP) in that port is enabled things seem to work. if both are disabled i get the error message. Have you tried to disable firewall on samba4 host just to rule it out? Presumably you don't have any other firewalls in the way? I will try to join Windows 2008 to the domain tomorrow as a test. There is no firewall between the hosts. I'll try to test it with Windows XP, but it may take 1-2 days before I'm able to do it. Unfortunately, Windows XP SP3 fails to join a Samba4 domain as well. How can I troubleshoot it? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb/cifs share network speed testing
Is there any piece of software that I can use to run between a client and a linux or windows server with a smb/cifs share that will test network speed, latency, sustained read/writes, multiple file create, read, write, close, etc.. etc.. over X period time? iperf http://dast.nlanr.net/Projects/Iperf/Iperf is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. http://en.wikipedia.org/wiki/Iperf Iperf is a tool to measure the bandwidth and the quality of a network link. http://openmaniak.com/iperf.php -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Interdomain trust with different WINS servers
I think the syntax may be the same as for Microsoft lmhosts http://support.microsoft.com/kb/314108 On 05/26/2010 05:35 AM, Juan Asensio Sánchez wrote: Hi I am trying to stablish a relation between two different Samba domains. Each domain has two PDCs, all they are WINS servers, and the two domains are in different subnets. They are configured to use LDAP as the user/group/machine database. First, I will create the relation, being DOM1.CORP the trusted domain, and DOM2.CORP the trusting domain, so in a server of DOM1.CORP, I create a user this way: DOM1-S1$ /usr/bin/perl -w /opt/ldap/smbldap-tools/bin/smbldap-useradd -W -t 5 'DOM1.CORP$' DOM1-S1$ smbpasswd -i DOM1.CORP$ The two commands are OK, and the domain account is created in LDAP, in ou=Computers. I can see the machine in getent passwd. Now, in a server of the trusting domain, i run the command: DOM2-S1$ net rpc trustdom establish 'DOM1.CORP' [2010/05/26 11:21:03, 0] utils/net_rpc.c:rpc_trustdom_establish(5647) Couldn't find domain controller for domain DOM1.CORP Well, I know this is normal because servers of DOM2 don't know anything about DOM1. I suppose I will have to add the entries of the two servers of DOM1 in lmhosts, and the entry for the own domain, but i can't get it to work. Now, my lmhosts is this: 127.0.0.1 localhost 1.1.1.1 DOM1-S1 1.1.1.2 DOM1-S2 1.1.1.1 DOM1.CORP 1.1.1.2 DOM1.CORP But the previuos command gives error again. Even if I run nmblookup querying the servers or the domain, i get errors: DOM2-S1$ nmblookup -R -U localhost 'DOM1.CORP' added interface ip=1.1.2.1 bcast=1.1.2.255 nmask=255.255.255.0 querying DOM1.CORP on 127.0.0.1 name_query failed to find name DOM1.CORP Is this the right way to stablish the relationship? How should I add the entries to the lmhosts file? Regards and thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SWAT does not show some buttons 99samba 99linux
I installed SAMBA and SWAT on three computers running Debian squeeze. On computer-A SWAT comes up with the following buttons.. Home Globals Shares PrintersWizard Status ViewPassword Status shows smbd : running nmbd : running winbindd : running Computers B and Conly show HomeStatus ViewPassword Status shows smbd : running nmbd : running winbindd : not running What might I do to get Computers B and C to match A ? Gus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads join: Aborted
I'm having trouble getting a host to join an ADS domain/realm. I have smb.conf set correctly, with the workgroup, realm, and security = ads specified. However, when I try to join with the command: net ads join -U Administrator, I simple get the message Aborted and it does not join the domain. If I use the -d flag to enable debugging, I see the following toward the end of the output: [2010/05/27 08:44:33.261144, 3] libads/sasl.c:790(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_rfc4...@please_ignore [2010/05/27 08:44:33.261484, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2010/05/27 08:44:33.288414, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 27 May 2010 18:44:33 MDT [2010/05/27 08:44:33.288453, 3] libsmb/clikrb5.c:743(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2010/05/27 08:44:33.296939, 3] libads/ldap.c:2908(ads_domain_func_level) ads_domain_func_level: 0 [2010/05/27 08:44:33.297755, 2] libads/ldap.c:3363(ads_get_upn) ads_get_upn: No userPrincipalName attribute! [2010/05/27 08:44:33.297787, 3] libads/kerberos.c:445(kerberos_secrets_store_des_salt) kerberos_secrets_store_des_salt: Storing salt host/xenprint.ad.seakr@ad.seakr.com Aborted The output from another system (same O/S, same Samba version, same krb5 version, etc.) contains similar output, except that there's continue output after the Storing salt message. If I use strace, I see the following: write(7, 0c\2\1\10c^\4\25dc=AD,dc=SEAKR,dc=COM\n\1..., 101) = 101 gettimeofday({1274971641, 629786}, NULL) = 0 poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 15000) = 1 ([{fd=7, revents=POLLIN}]) read(7, 0\204\0\0\r\271\2\1, 8) = 8 read(7, \10d\204\0\0\r\260\4.CN=xenprint,CN=Computer..., 3511) = 3511 gettimeofday({1274971641, 630532}, NULL) = 0 poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7, revents=POLLIN}]) read(7, 0\204\0\0\0E\2\1, 8) = 8 read(7, \10s\204\0\0\0\4:ldap://ad.seakr.com/CN=;..., 67) = 67 gettimeofday({1274971641, 630706}, NULL) = 0 poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7, revents=POLLIN}]) read(7, 0\204\0\0\0\20\2\1, 8)= 8 read(7, \10e\204\0\0\0\7\n\1\0\4\0\4\0, 14) = 14 rt_sigaction(SIGALRM, {0x1, [ALRM], SA_RESTORER, 0x7ffeb08d7560}, {0x7ffeb33135e0, [ALRM], SA_RESTORER, 0x7ffeb08d7560}, 8) = 0 alarm(0)= 15 fcntl(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=8, len=1}) = 0 fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=168, len=0}) = 0 fstat(3, {st_mode=S_IFREG|0600, st_size=45056, ...}) = 0 fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=168, len=0}) = 0 fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=8, len=1}) = 0 fcntl(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0 fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0 fcntl(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0 fcntl(5, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 tgkill(5304, 5304, SIGABRT) = 0 --- SIGABRT (Aborted) @ 0 (0) --- +++ killed by SIGABRT +++ Any ideas what would cause a SIGABRT on this process? Thanks, Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACLs in windows clients w/ GPFS
Hello list, I've got a ctdb cluster working against a GPFS cluster. I've got ACLs going and have set the default/active ACLs on my folders. The ACLs seem to be working fine, they are correctly limiting/allowing access to the said folders/files. My issue is that when using the windows client to view/change the ACLs everything goes south. When trying to view the ACLs via right clicking on the folder in windows and going to the security tab only shows the basic unix permissions (owner/group/other). If I try to add a new user to the ACL via windows it still won't show up in the security window after adding. When going back to a shell and looking at the ACLs on the folder in question the new user is present, but the previous ACLs have been removed. Any thoughts on how to get these ACLs to show/work through a windows client? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fixed delay logging onto Samba3.3 from Vista Business
The domain user does login eventually. Mostly. Roaming Profiles are very broken on W7: the top level Vista.V2 directory is created, but nothing is stored back into it on the server, and the logged in domain user ends up with a C:\Users\Temp profile. Thanks to Drew Vonada-Smith the roaming profiles are working again. The problem was that information stored in HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Profilelist for the user while trying logins while setting up the system got out of sync with the actual server configuration. Deleting the entry for any existing users let them login with a functioning roaming profile. Unfortunately this did nothing about the fixed delays observed of 30s and 15s. Here is part of the netlogon.log for the slow parts of a domain user with a working (small = 2.5MB) profile. The 30s gap starts at 10:05:53, and the 15s gap at 10:06:23. 05/27 10:05:51 [LOGON] SamLogon: Interactive logon of SAF\mathog from SAF04 Entered 05/27 10:05:52 [LOGON] SamLogon: Interactive logon of SAF\mathog from SAF04 Returns 0x0 05/27 10:05:52 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DS 05/27 10:05:52 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:05:52 [MISC] NetpDcGetName: SAF: Only try once to find NT 5.0 DC in NT 4.0 domain. 05/27 10:05:52 [MAILSLOT] Sent 'Sam Logon' message to SAF[1C] on all transports. 05/27 10:05:52 [CRITICAL] NetpDcMatchResponse: SAFSERVER: SAF: response not from DS server. 0x0 05/27 10:05:52 [MISC] NetpDcGetName: NetpDcGetNameNetbios returned 121 05/27 10:05:52 [MISC] NetpDcGetName: SAF: Only try once done. 05/27 10:05:52 [MISC] NetpDcGetName: SAF: Domain is an NT 4.0 domain. 05/27 10:05:52 [MISC] DsGetDcName function returns 1355: Dom:SAF Acct:(null) Flags: DS 05/27 10:05:53 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DSP 05/27 10:05:53 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:05:53 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain (Use previously cached entry.) 05/27 10:05:53 [MISC] DsGetDcName function returns 0: Dom:SAF Acct:(null) Flags: DSP 05/27 10:06:23 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DSP 05/27 10:06:23 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:06:23 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain (Use previously cached entry.) 05/27 10:06:23 [MISC] DsGetDcName function returns 0: Dom:SAF Acct:(null) Flags: DSP 05/27 10:06:38 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: IP KDC 05/27 10:06:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:06:38 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain 05/27 10:06:38 [MISC] DsGetDcName function returns 1355: Dom:SAF Acct:(null) Flags: IP KDC 05/27 10:06:38 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: IP KDC 05/27 10:06:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:06:38 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain 05/27 10:06:38 [MISC] DsGetDcName function returns 1355: Dom:SAF Acct:(null) Flags: IP KDC 05/27 10:06:39 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DS NETBIOS RET_DNS 05/27 10:06:39 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:06:39 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain 05/27 10:06:39 [MISC] DsGetDcName function returns 1355: Dom:SAF Acct:(null) Flags: DS NETBIOS RET_DNS 05/27 10:06:39 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DS RET_DNS 05/27 10:06:39 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:06:39 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain 05/27 10:06:39 [MISC] DsGetDcName function returns 1355: Dom:SAF Acct:(null) Flags: DS RET_DNS 05/27 10:06:39 [MISC] DsGetDcName function called: Dom:SAF Acct:(null) Flags: DSP 05/27 10:06:39 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c011 05/27 10:06:39 [MISC] NetpDcGetName: SAF: Avoid finding NT 5.0 DC in NT 4.0 domain (Use previously cached entry.) I went through the event logs, and there was one interesting entry. Also at 10:05:53 in the system log there was an event 7001 (1101), User Logon Notification for Customer Experience Improvement Program. Have to run tcpdump on the server and see what happens at corresponding times... Nobody knows what causes these delays??? David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fixed delay logging onto Samba3.3 from Vista Business
I went through the event logs, and there was one interesting entry. Also at 10:05:53 in the system log there was an event 7001 (1101), User Logon Notification for Customer Experience Improvement Program. Have to run tcpdump on the server and see what happens at corresponding times... Nobody knows what causes these delays??? I just was looking for the cause of the 30 second to 1 minute delay logging in to windows 7. No solution yet.. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net ads join: Aborted
On 2010/05/27 at 08:48, Nick Couchman nick.couch...@seakr.com wrote: I'm having trouble getting a host to join an ADS domain/realm. I have smb.conf set correctly, with the workgroup, realm, and security = ads specified. However, when I try to join with the command: net ads join -U Administrator, I simple get the message Aborted and it does not join the domain. If I use the -d flag to enable debugging, I see the following toward the end of the output: This problem seems to only occur in Samba 3.5.3 on a certain machine. I have two machines, both running Opensuse 11.2 and using the OBS Samba repository. One of them allows me to join the AD domain, the other throws the error in the previous message. No idea what's going on - Samba packages, krb5 packages, nss, etc., are all exactly the same. -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fixed delay logging onto Samba3.3 from Vista Business
Repost: samba@lists.samba.org On May 27, 2010, at 10:41 AM, John Drescher wrote: I went through the event logs, and there was one interesting entry. Also at 10:05:53 in the system log there was an event 7001 (1101), User Logon Notification for Customer Experience Improvement Program. Have to run tcpdump on the server and see what happens at corresponding times... Nobody knows what causes these delays??? I just was looking for the cause of the 30 second to 1 minute delay logging in to windows 7. No solution yet.. When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. The timeout does not occur when logging into an Active Directory PDC running Server 2008 R2. I have not tested this with w2k8 R2 client. In addition, if the user's desktop is set to a solid background color logons of any kind (local, AD, samba) will be delayed by 30 seconds. Set the background to any .jpg image or apply Microsoft's hotfix to work around this issue. This is a cumulative timeout; that is, if the above timeout is in affect and the solid background color timeout is also in affect the delay is 60 seconds. I also experienced a 30 second timeout when I set the local GPO to Run logon scripts synchronously. This problem has inexplicably vanished and I can't replicate it though I don't see it listed in any Windows 7 updates. Might have been happening to me with Windows 7 PRO. I'll check that if anyone is interested. The fix was to apply an old Vista reg setting. Can be Googled as Vista Run logon scripts synchronously. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AD and ticket
Hi, A quick question. Today I noticed (might have been there from a long time) klist: No credentials cache file found while setting cache flags(ticket cache /tmp/krb5cc_0) Samba is authenticating fine but don't see the cache. Is this normal? Do we need ticket to join Samba to ADS only and don't care afterwards? Thanks Paras. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
On 05/26/2010 9:00 PM, Thomas Gutzler wrote: On 27/05/2010 4:19 AM, Harry Jede wrote: On Mittwoch, 26. Mai 2010 wrote Thomas Gutzler: On 26/05/2010 4:44 PM, Christian PERRIER wrote: Quoting Thomas Gutzler (thomas.gutz...@gmail.com): After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to karmic (3.4.0) I cannot access the shares any more. Or my favorite upgrade path: # testparm -v -s /dev/null smb.conf.default-$(smbd -V|cut -f2 -d' ') Run this before and after upgrading samba To get a small host specific file without the services: # testparm -s --section-name=global smb.conf.$HOSTNAME-$(smbd -V| cut -f2 -d' ') It's a bit late to run it before the upgrade now but I found another machine running jaunty (enjoy), so I installed samba and ran testparm with the smb.conf from the updated machine (fintlewoodlewix). Here's the diff between the two defaults (without the line numbers): # diff smb.conf.default-3.3.2 smb.conf.default-3.4.0 netbios name = ENJOY netbios name = FINTLEWOODLEWIX server string = Samba 3.3.2 server string = Samba 3.4.0 config backend = file passdb backend = smbpasswd passdb backend = tdbsam use kerberos keytab = No dedicated keytab file = kerberos method = default map untrusted to domain = No I recall you saying that you had accounted for the default passdb backend change in 3.4.0. That leaves the authentications changes as the other big difference with 3.4.0. I don't recall you saying whether or not KRIKKIT is in the domain. If KRIKKIT is not in the domain, try setting map untrusted to domain = Yes on the box that is giving you problems. Dale max open files = 1 max open files = 16384 config file = lock directory = lock directory = /var/run/samba state directory = /var/lib/samba cache directory = /var/cache/samba perfcount module = access based share enum = No browsable = Yes include = And the host specific ones. The only thing I changed there was to get rid of the PAM stuff and change the password server from name to IP. # diff smb.conf.enjoy-3.3.2 smb.conf.fintlewoodlewix-3.4.0 obey pam restrictions = Yes password server = io password server = 130.95.136.177 passdb backend = tdbsam pam password change = Yes I also deleted all .tdb files in /var/lib/samba, the machine account on the PDC and rejoined the domain but authentication still doesn't work. Neither does the mapping to guest for invalid users. While I had samba running on the jaunty machine, I joined it to the domain and tried if I could connect to it using the same machine and credentials as before; and I could. Even the guest account seems to work alright with no change in the configuration other than the path in the share. I might follow Christians suggestion and upgrade to 10.04 unless there are any other suggestions. Maybe a second upgrade fixes it. Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fixed delay logging onto Samba3.3 from Vista Business
Marc Cain wrote: When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. The timeout does not occur when logging into an Active Directory PDC running Server 2008 R2. I have not tested this with w2k8 R2 client. In addition, if the user's desktop is set to a solid background color logons of any kind (local, AD, samba) will be delayed by 30 seconds. Set the background to any .jpg image or apply Microsoft's hotfix to work around this issue. This is a cumulative timeout; that is, if the above timeout is in affect and the solid background color timeout is also in affect the delay is 60 seconds. Oh crud, the background is solid. On the other hand, the machine is fully patched, so maybe that hotfix is already in place. I ran wireshark on the client, and also had netlogon going. Edited the netlogon.log so that the times all ended in .00 and saved the dump in .csv format. Merged them and sorted by time. You can see the results here: http://saf.bio.caltech.edu/pub/pickup/w7_logon_events.txt The login starts with the netlogon 11:28:44.00 entry. Some interesting stuff in there. There is an ARP request just before the end of the 30 second gap in netlogon messages at 11:29:15.00. Just before that there are 5 seconds where no packets move between the server and the client, in either direction. (131.215.12.42 / Gigabyte is the workstations, 131.215.12.46 / Supermicro is the server.) Why the heck is the client waiting for 30 seconds from the start of the session to look up the server's address, and why is it sending out an ARP when the workstation had a TCP packet at 11:28:39.677891, only 35 seconds before? Not to mention that in this case both the server and workstation have static IP addresses! The 15 second gap starting at 11:29:16 corresponds to 3 ICMP ping requests from the client to the server, none of which trigger a response packet. Of course the server firewall is configured to drop all of those - I bet allowing them will eliminate the 15 second delay. Possibly one of the configuration settings you mention would do the same. Regards, David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can only see files one level deep
Hi there, I have been googling all morning, and have thus far not come up with a solution... Server: CentOS release 5.5 (Final) samba-common-3.0.33-3.28.el5 samba-3.0.33-3.28.el5 samba-client-3.0.33-3.28.el5 Client: OS X 10.6.3 (Build 10D578) All patches are applied. SMB CONF: # cat /etc/samba/smb.conf [global] workgroup = WRKGRP netbios name = Boleo server string = (%L) wins support = Yes name resolve order = wins bcast hosts passdb backend = tdbsam username map = /etc/samba/smbusers add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u # Note: The following specifies the default logon script. # Per user logon scripts can be specified in the user account using pdbedit logon script = %U.bat # This sets the default profile path. Set per user paths with pdbedit logon path = logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-2 idmap gid = 15000-2 #mac hacks follow symlinks = yes unix extensions = no veto files = /.DS_Store/._.*/DesktopFolderDB/Network Trash Folder/resource.frk/TheFindByContentFolder/TheVolumeSettingsFolder/ delete veto files = true hide dot files = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /shares/netlogon admin users = root guest ok = Yes browseable = No [myshare] comment = Share for the users in the myshare group path = /shares/myshare users = @ myshare force group = myshare create mask = 0660 directory mask = 0771 writeable = yes Now when I access the shares from the OS X Client, I can see everything at the top level, but when i drill in even 1 level deeper, I can not see any files or folders. I can see an indicator that the folder is still trying to be accessed. On my win clients, there are no issues. If I drill down to a deeper folder directly (IE access with smb://192.168.95.1/myshare/Docs, instead of smb://192.168.95.1/mysahre and clicking into the Docs folder), I can then see the files and folders at that level, but again I can not drill deeper. Ideas? Thank you. DNK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 64-bit drivers
Hello All, I'm having trouble with 64 bit Xerox drivers on my Samba server. The below quote if from another thread which I have followed but on the client Win 7 64 bit machine, I get an error: The specified location does not contain the driver for the Xerox WorkCentre 7675 rev2 PS for the requested processor architecture. Trying to add the driver from at 64 bit client first also fails with the same error. For sure the driver is x64, I can install the driver locally on the Win 7 64 client. I have HP 64 bit drivers installed, no problem ... any ideas? Thanks Greg We support 32bit and 64bit XP, Vista, and Windows7. We upload drivers from a windows client instead of using cupsaddsmb since we found this method solved alot of printing issues when we were using cupsaddsmb: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id2627720 With this method there are a few options to support both 32 and 64bit clients, based on how point and print works. 1. Upload a driver from the Windows 32bit client's local driver store. When a 64bit client tries to connect, point and print does not find the appropriate driver on the samba server. Instead, it will attempt to find and install an appropriate driver with the correct filename from it's own local driver store or Windows Update. This is our preferred method since it's easier to manage. 2. For cases where drivers for a specific printer model is not available in a clients local driver store then we upload both 32bit and 64bit drivers to the samba queue. First we upload 32bit then go into the driver properties, into the 'Sharing' tab, and click on 'Additional Drivers' to install 64bit drivers from a 64bit client. Check out the Windows Point and Print Technical Overview for reference http://bit.ly/cGpqn8 hope this helps, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fixed delay logging onto Samba3.3 from Vista Business
Marc Cain wrote: When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Changed this (set to 0) and it knocked the logon time down to 22 seconds. Checked the netlogon and wireshark logs and the 30 second gap was gone. However, the 15 second gap is still present, as are the corresponding ICMP pings from the client to the server. Have to modify the server's firewall rules to allow icmp ping from the client unless somebody knows where the registry key is that controls those pings. Regards, David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fixed delay logging onto Samba3.3 from Vista Business
However, the 15 second gap is still present, as are the corresponding ICMP pings from the client to the server. Have to modify the server's firewall rules to allow icmp ping from the client unless somebody knows where the registry key is that controls those pings. Found it! Domain login in 8 seconds!!! One must enable Do not detect slow network connections. The method it uses to do that is to PING the server. Not poke at one of the server ports which should be open on the firewall, mind you, but do a regular ICMP ping, which is of course blocked on 99.99% of all linux servers. The W7 client is currently set as follows; 1. hosts entry for the samba server (probably not important) 2. Do net detect slow network connections. (Eliminates the 15s gap). 3. Set max wait time for the network if the user has ... (Eliminates the 30s gap) 4. Do not check for user ownership of roaming profiles (possibly not relevant). Thanks to everybody who helped with this! David Mathog mat...@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help changing write_through
Hello Experts: I would like to force my samba server to send WRITE_THROUGH option (inside CREATE_ANDX_RESPONSE) back to the client (even though the client doesn't explicitly requests for it). I tried to follow the path inside open.c but it doesn't seem to be working. Can someone pls help with this? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] help changing write_through
Hello Experts: I would like to force my samba server to send WRITE_THROUGH option (inside CREATE_ANDX_RESPONSE) back to the client (even though the client doesn't explicitly requests for it). I tried to follow the path inside open.c but it doesn't seem to be working. Can someone pls help with this? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Wrong PDC IP from multi-homed samba PDC
I am trying to join a SAMBA client to a SAMBA domain. The SAMBA PDC is on a different network from the SAMBA client. I have a SAMBA server on the client network acting as a local browse master. The net join command fails because the PDC is multi-homed, it gives out a list of addresses, the address at the head of the list can't be reached by the client and the command does not iterate through the list of PDCs. Is there a way to specify the order of IP addresses handed out by the SAMBA server when it is asked for the PDC address(es)? The PDC is multi-homed with these addresses: 10.142.36.94 (a /25 net) 10.142.36.125 (a /27 net) 10.142.36.254 (a /25 net) The client can connect to the PDC's 10.142.36.94 address (ping, ssh, etc.) via an IPsec tunnel. I can successfully run many commands against the PDC: nmblookup -B server __SAMBA__ nmblookup -M -- - smbclient -L server -U% and so on. However, the net lookup dc command gives me a list of PDC addresses in this order: 10.142.36.254 10.142.36.94 10.142.36.125 The file wins.dat has these entries for the PDC: SERVER#00 1275257441 10.142.36.94 10.142.36.254 10.142.36.125 66R SERVER#03 1275257441 10.142.36.94 10.142.36.254 10.142.36.125 66R SERVER#20 1275257441 10.142.36.94 10.142.36.254 10.142.36.125 66R A net join command fails. It tries to use this address for the PDC: 10.142.36.254 There is no route to that address. The net join command does not iterate through the list of PDC addresses, though. It just fails. Is there a way to specify the order in which the SAMBA PDC hands out its addresses (when multi-homed) such that the IP address at the top of the list is the one on which the request arrived? That is, if a request for the PDC list arrives on the 10.142.36.94 interface can the response put the address 10.142.36.94 at the head of the list of PDC addresses? Thanks, Carl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Two Qs: support special chars in filenames and auditing
Hi experts, Two hopefully quick questions: 1. If I create files with names with special characters, such as *:?\|, on the linux server box, I can see these filenames display just fine. But windows client the special characters do not show up properly. Is there a option to set? I tried: In [global] section: character set = ISO8859-2 client code page = 852 It did not work. 2. Is there an audit log where it records user's access/modification information? Thanks, -Grace -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Wrong PDC IP from multi-homed samba PDC
SNIP list of PDCs. Is there a way to specify the order of IP addresses handed out by the SAMBA server when it is asked for the PDC address(es)? LM Host file on the client. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb/cifs share network speed testing
The dbench/tbench seems to be quite a good tool to measure the performance of a samba share. But I am confused by the dbench. I got a copy of dbench from the git address in the download section of http://dbench.samba.org. After the make, there is no tbench, neither smbtorture. Another copy of dbench from http://samba.org/ftp/tridge/dbench. After the make, there is tbench , dbench , no smbtorture. The problem is that this dbench does not accept -B (--backend) option. As for the smbtorture, it seems no place to download. Iap 2010/5/27 Miguel Medalha miguelmeda...@sapo.pt Is there any piece of software that I can use to run between a client and a linux or windows server with a smb/cifs share that will test network speed, latency, sustained read/writes, multiple file create, read, write, close, etc.. etc.. over X period time? iperf http://dast.nlanr.net/Projects/Iperf/Iperf is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. http://en.wikipedia.org/wiki/Iperf Iperf is a tool to measure the bandwidth and the quality of a network link. http://openmaniak.com/iperf.php -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
On 28/05/2010 3:14 AM, Dale Schroeder wrote: Quoting Thomas Gutzler (thomas.gutz...@gmail.com): After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to karmic (3.4.0) I cannot access the shares any more. I recall you saying that you had accounted for the default passdb backend change in 3.4.0. That leaves the authentications changes as the other big difference with 3.4.0. I don't recall you saying whether or not KRIKKIT is in the domain. If KRIKKIT is not in the domain, try setting map untrusted to domain = Yes on the box that is giving you problems. That fixed it. And I really don't know why I didn't spot that from the output I posted. I must have been assuming identical behaviour for PDC and domain member, which isn't the case for map untrusted to domain. Thanks for your help! Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Two Qs: support special chars in filenames and auditing
Am Freitag 28 Mai 2010 02:22:33 schrieb Grace Chen: Hi experts, Two hopefully quick questions: 1. If I create files with names with special characters, such as *:?\|, on the linux server box, I can see these filenames display just fine. But windows client the special characters do not show up properly. Is there a option to set? I tried: In [global] section: character set = ISO8859-2 client code page = 852 It did not work. *nix _allowed_ filename chars don't match the windows ones: http://support.microsoft.com/kb/177506/en-us So Samba can't deliver them properly over to windows. 2. Is there an audit log where it records user's access/modification information? have a look at 'man vfs_full_audit' or even better: http://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/ Thanks, -Grace Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbd start trouble - CentOS 5.4
On Thu, May 27, 2010 at 1:16 AM, Moray Henderson moray.hender...@ict-software.org wrote: Whit Blauvelt wrote: With smbd Version 3.0.33-3.14.el5 on two different CentOS 5.4 64-bit boxes, /etc/init.d/smb start reports OK for both nmbd and smbd, but an instant later smbd stops running, with no errors reported - just fails, no matter what logging level is requested of it. Also, service smb start fails. On the other hand, smbd -D starts and runs smbd just fine, if done from a console. Also sh /etc/init.d/smb start runs it just fine, if from a console. (sh = bash on CentOS, and the smb script itself specifies /bin/sh.) That feels as if it could be an SELinux problem. If your initscript has been edited and picked up the wrong context, smbd will not have all the permissions it normally gets. Try ls -Z /etc/rc.d/init.d/smb restorecon -v /etc/rc.d/init.d/smb Moray. To err is human. To purr, feline To test if it is selinux you might try with selinux set to permissive. I had all kinds of troubles getting samba 3.0.33 working on centos 5.4, 64-bit until I tried that. Good luck. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Thu May 27 06:00:04 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-05-26 00:00:09.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-05-27 00:00:26.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Wed May 26 06:00:04 2010 +Build status as of Thu May 27 06:00:04 2010 Build counts: Tree Total Broken Panic @@ -9,7 +9,7 @@ lorikeet 0 0 0 pidl 19 19 0 ppp 14 0 0 -rsync30 12 0 +rsync30 11 0 samba-docs 0 0 0 samba-web0 0 0 samba_3_current 28 27 4
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 85a3853... s3:rpc_server: make use of the npa_tstream code to connect to named pipes via 4afa54f... s3:Makefile.in: add npa_tstream.o to the build of smbd via 9a6636a... s3:rpc_server: pass down local and remote tsocket_address to np_open() via 56ebbb5... s3:smbd: add PIPE_BUSY handling for SMBtrans calls on named pipes via 9a77cb2... s3:rpc_server: add np_read_in_progress() function via 8c0be92... s3:rpc_server: make sure we don't send uninitialized memory for the named_pipe_auth handshake from 6a14dad... s3-net: fix the build. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 85a385324958c41ac9c017421b35db1eeabed87c Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 15:15:09 2010 +0200 s3:rpc_server: make use of the npa_tstream code to connect to named pipes This way we use the newest protocol, which is able to pass the local and remote address of the SMB connection. And we correctly support message mode named pipes without the hack that analyzes the content for DCERPC pdus. metze commit 4afa54fd53cdef1dd8b8e549d77ab02fdec09df4 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 15:08:02 2010 +0200 s3:Makefile.in: add npa_tstream.o to the build of smbd metze commit 9a6636a56e3565202d71ae7049431e3764575b79 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 27 15:12:32 2010 +0200 s3:rpc_server: pass down local and remote tsocket_address to np_open() metze commit 56ebbb53c80a49f2d8dda8a108afc07669af333e Author: Stefan Metzmacher me...@samba.org Date: Wed Apr 28 15:15:23 2010 +0200 s3:smbd: add PIPE_BUSY handling for SMBtrans calls on named pipes metze commit 9a77cb247d00828845df02030e7d174351daf432 Author: Stefan Metzmacher me...@samba.org Date: Wed Apr 28 15:05:30 2010 +0200 s3:rpc_server: add np_read_in_progress() function metze commit 8c0be920442778c24e19f8a52d9f8bc385218834 Author: Stefan Metzmacher me...@samba.org Date: Wed May 26 10:43:19 2010 +0200 s3:rpc_server: make sure we don't send uninitialized memory for the named_pipe_auth handshake metze --- Summary of changes: source3/Makefile.in |4 +- source3/include/proto.h |5 +- source3/rpc_server/srv_pipe_hnd.c | 384 ++--- source3/smbd/ipc.c| 11 + source3/smbd/pipes.c |5 +- 5 files changed, 212 insertions(+), 197 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 1651644..72a7315 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -651,12 +651,14 @@ RPC_SPOOLSS_OBJ = rpc_server/srv_spoolss_nt.o \ RPC_EVENTLOG_OBJ = rpc_server/srv_eventlog_nt.o \ $(LIB_EVENTLOG_OBJ) librpc/gen_ndr/srv_eventlog.o +NPA_TSTREAM_OBJ = ../libcli/named_pipe_auth/npa_tstream.o + RPC_PIPE_OBJ = rpc_server/srv_pipe_hnd.o \ rpc_server/srv_pipe.o rpc_server/srv_lsa_hnd.o RPC_ECHO_OBJ = rpc_server/srv_echo_nt.o librpc/gen_ndr/srv_echo.o -RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) +RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) $(NPA_TSTREAM_OBJ) RPC_PARSE_OBJ = $(RPC_PARSE_OBJ2) diff --git a/source3/include/proto.h b/source3/include/proto.h index 92c757b..6c9790b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5205,10 +5205,13 @@ pipes_struct *get_first_internal_pipe(void); pipes_struct *get_next_internal_pipe(pipes_struct *p); bool fsp_is_np(struct files_struct *fsp); +struct tsocket_address; NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name, -const char *client_address, +const struct tsocket_address *local_address, +const struct tsocket_address *remote_address, struct auth_serversupplied_info *server_info, struct fake_file_handle **phandle); +bool np_read_in_progress(struct fake_file_handle *handle); struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct fake_file_handle *handle, const uint8_t *data, size_t len); diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 075d705..5ba9477 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -22,6 +22,7 @@ #include includes.h #include ../librpc/gen_ndr/srv_spoolss.h #include librpc/gen_ndr/ndr_named_pipe_auth.h +#include ../libcli/named_pipe_auth/npa_tstream.h #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -956,40 +957,30 @@ bool fsp_is_np(struct files_struct *fsp) } struct np_proxy_state { + uint16_t file_type;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dd895e5... vfs_smb_traffic_analyzer.c: set the len variable when running protocol v1. from 85a3853... s3:rpc_server: make use of the npa_tstream code to connect to named pipes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dd895e526c4751865c587819d9e958c8fce9190b Author: Holger Hetterich hhet...@novell.com Date: Sun May 23 23:18:58 2010 +0200 vfs_smb_traffic_analyzer.c: set the len variable when running protocol v1. Signed-off-by: Andreas Schneider a...@samba.org --- Summary of changes: source3/modules/vfs_smb_traffic_analyzer.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index dcb0199..75450c7 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -471,6 +471,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, tm-tm_min, tm-tm_sec, (int)seconds); + len = strlen(str); if (write_data(rf_sock-sock, str, len) != len) { DEBUG(1, (smb_traffic_analyzer_send_data_socket: error sending V1 protocol data to socket!\n)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 869eed7... s3-lanman: use samr for api_RNetUserGetInfo. via a1fc7ae... s4-smbtorture: create the user to test in test_usergetinfo() in RAP-SAM. from dd895e5... vfs_smb_traffic_analyzer.c: set the len variable when running protocol v1. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 869eed76e6dcf4da9fecac5f9b4089c94e9a6bdf Author: Günther Deschner g...@samba.org Date: Wed May 26 23:36:33 2010 +0200 s3-lanman: use samr for api_RNetUserGetInfo. Following MS-RAP 3.2.5.13 NetUserGetInfo Command. Guenther commit a1fc7aebfc327c3553be47c44048c7c458316a25 Author: Günther Deschner g...@samba.org Date: Thu May 27 13:25:31 2010 +0200 s4-smbtorture: create the user to test in test_usergetinfo() in RAP-SAM. Guenther --- Summary of changes: source3/smbd/lanman.c | 157 + source4/torture/rap/sam.c | 30 - 2 files changed, 157 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 871e2b7..30b3981 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -4027,15 +4027,18 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, char *endp; const char *level_string; - /* get NIS home of a previously validated user - simeon */ - /* With share level security vuid will always be zero. - Don't depend on vuser being non-null !!. JRA */ - user_struct *vuser = get_valid_user_struct(sconn, vuid); - if(vuser != NULL) { - DEBUG(3,( Username of UID %d is %s\n, -(int)vuser-server_info-utok.uid, -vuser-server_info-unix_name)); - } + TALLOC_CTX *mem_ctx = talloc_tos(); + NTSTATUS status; + struct rpc_pipe_client *cli = NULL; + struct policy_handle connect_handle, domain_handle, user_handle; + struct lsa_String domain_name; + struct dom_sid2 *domain_sid; + struct lsa_String names; + struct samr_Ids rids; + struct samr_Ids types; + int errcode = W_ERROR_V(WERR_USER_NOT_FOUND); + uint32_t rid; + union samr_UserInfo *info; if (!str1 || !str2 || !UserName || !p) { return False; @@ -4072,9 +4075,6 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, return False; } - SSVAL(*rparam,0,NERR_Success); - SSVAL(*rparam,2,0); /* converter word */ - p = *rdata; endp = *rdata + *rdata_len; p2 = get_safe_ptr(*rdata,*rdata_len,p,usri11_end); @@ -4082,6 +4082,104 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, return False; } + ZERO_STRUCT(connect_handle); + ZERO_STRUCT(domain_handle); + ZERO_STRUCT(user_handle); + + status = rpc_pipe_open_internal(mem_ctx, ndr_table_samr.syntax_id, + rpc_samr_dispatch, conn-server_info, + cli); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(api_RNetUserGetInfo: could not connect to samr: %s\n, + nt_errstr(status))); + errcode = W_ERROR_V(ntstatus_to_werror(status)); + goto out; + } + + status = rpccli_samr_Connect2(cli, mem_ctx, + global_myname(), + SAMR_ACCESS_CONNECT_TO_SERVER | + SAMR_ACCESS_ENUM_DOMAINS | + SAMR_ACCESS_LOOKUP_DOMAIN, + connect_handle); + if (!NT_STATUS_IS_OK(status)) { + errcode = W_ERROR_V(ntstatus_to_werror(status)); + goto out; + } + + init_lsa_String(domain_name, get_global_sam_name()); + + status = rpccli_samr_LookupDomain(cli, mem_ctx, + connect_handle, + domain_name, + domain_sid); + if (!NT_STATUS_IS_OK(status)) { + errcode = W_ERROR_V(ntstatus_to_werror(status)); + goto out; + } + + status = rpccli_samr_OpenDomain(cli, mem_ctx, + connect_handle, + SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, + domain_sid, + domain_handle); + if (!NT_STATUS_IS_OK(status)) { + errcode = W_ERROR_V(ntstatus_to_werror(status)); + goto out; + } + + init_lsa_String(names,
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 73d4135... s3-selftest: enable RPC-WINREG against s3. via b541fb1... s3-winreg_nt: Fixed QueryValue with data=NULL to get the length. (cherry picked from commit 4567bf9df53e62c0f30279235d56d13cb38de190) via 5d9f173... s3-winreg: change notify call has no meaning when called remotely. via 4f527cf... s3-winreg: make QueryValue pass RPC-WINREG test again. from 4c5a1b6... Fix bug #7448 - smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 73d413524e62796fdcfa4ac06a6499ecd6b9978f Author: Günther Deschner g...@samba.org Date: Tue May 25 14:13:20 2010 +0200 s3-selftest: enable RPC-WINREG against s3. Guenther The last 4 patches address bug #7453 (winreg: QueryValue crashes on NULL pointer dereference). commit b541fb1500aad87aee46ef48036f3b4a05b119cd Author: Andreas Schneider a...@samba.org Date: Fri Apr 16 11:04:27 2010 +0200 s3-winreg_nt: Fixed QueryValue with data=NULL to get the length. (cherry picked from commit 4567bf9df53e62c0f30279235d56d13cb38de190) commit 5d9f173d28fab6ea1afc36978c88f881bb7da52e Author: Günther Deschner g...@samba.org Date: Tue Mar 16 15:29:14 2010 +0100 s3-winreg: change notify call has no meaning when called remotely. Just return not supported to make smbtorture happy. Guenther (cherry picked from commit e46d3d9475c59af8ba6810aeb1403c1aa9e37d9d) commit 4f527cf96a2c208c32f97073b6453386b4a1825c Author: Günther Deschner g...@samba.org Date: Thu Mar 11 20:48:24 2010 +0100 s3-winreg: make QueryValue pass RPC-WINREG test again. Guenther (cherry picked from commit 24a7f8f2dbae73e862b9b3d4c6f0692054c354b3) --- Summary of changes: source3/rpc_server/srv_winreg_nt.c| 12 +++- source3/script/tests/test_posix_s3.sh |2 +- 2 files changed, 8 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 5912322..04c9c8c 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -230,6 +230,10 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r) if ( !regkey ) return WERR_BADFID; + if (r-in.value_name-name == NULL) { + return WERR_INVALID_PARAM; + } + if ((r-out.data_length == NULL) || (r-out.type == NULL) || (r-out.data_size == NULL)) { return WERR_INVALID_PARAM; } @@ -316,7 +320,9 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r) } else { *r-out.data_length = outbuf_size; *r-out.data_size = outbuf_size; - memcpy(r-out.data, outbuf, outbuf_size); + if (r-out.data) { + memcpy(r-out.data, outbuf, outbuf_size); + } status = WERR_OK; } @@ -952,10 +958,6 @@ WERROR _winreg_LoadKey(pipes_struct *p, struct winreg_LoadKey *r) WERROR _winreg_NotifyChangeKeyValue(pipes_struct *p, struct winreg_NotifyChangeKeyValue *r) { - /* fill in your code here if you think this call should - do anything */ - - p-rng_fault_state = True; return WERR_NOT_SUPPORTED; } diff --git a/source3/script/tests/test_posix_s3.sh b/source3/script/tests/test_posix_s3.sh index 79cb3f6..7fc8da8 100755 --- a/source3/script/tests/test_posix_s3.sh +++ b/source3/script/tests/test_posix_s3.sh @@ -40,7 +40,7 @@ raw=$raw RAW-SAMBA3ROOTDIRFID rpc=RPC-AUTHCONTEXT RPC-SAMBA3-BIND RPC-SAMBA3-SRVSVC RPC-SAMBA3-SHARESEC rpc=$rpc RPC-SAMBA3-SPOOLSS RPC-SAMBA3-WKSSVC RPC-SAMBA3-WINREG rpc=$rpc RPC-SAMBA3-NETLOGON RPC-SAMBA3-SESSIONKEY RPC-SAMBA3-GETUSERNAME -rpc=$rpc RPC-SVCCTL RPC-SPOOLSS RPC-SPOOLSS-WIN RPC-NTSVCS +rpc=$rpc RPC-SVCCTL RPC-SPOOLSS RPC-SPOOLSS-WIN RPC-NTSVCS RPC-WINREG rpc=$rpc RPC-LSA-GETUSER RPC-LSA-LOOKUPSIDS RPC-LSA-LOOKUPNAMES rpc=$rpc RPC-LSA-PRIVILEGES rpc=$rpc RPC-SAMR RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9b534ad... s3: Remove an unused variable from 869eed7... s3-lanman: use samr for api_RNetUserGetInfo. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9b534ad1453ab180533edd7e687ce17d871572f0 Author: Volker Lendecke v...@samba.org Date: Thu May 27 14:27:58 2010 +0200 s3: Remove an unused variable --- Summary of changes: source3/smbd/lanman.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 30b3981..77ed2d4 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -4017,7 +4017,6 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - struct smbd_server_connection *sconn = smbd_server_conn; char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *UserName = skip_string(param,tpscnt,str2); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via eff1339... s3-waf: fix the build after tstream changes. from 9b534ad... s3: Remove an unused variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit eff13393b32d35d84f7afb564df5c7df8af58445 Author: Günther Deschner g...@samba.org Date: Thu May 27 17:09:39 2010 +0200 s3-waf: fix the build after tstream changes. Guenther --- Summary of changes: source3/wscript_build |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript_build b/source3/wscript_build index fac9c23..c45f62b 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -394,13 +394,15 @@ RPC_SPOOLSS_SRC = '''rpc_server/srv_spoolss_nt.c RPC_EVENTLOG_SRC = '''rpc_server/srv_eventlog_nt.c ${LIB_EVENTLOG_SRC} ../librpc/gen_ndr/srv_eventlog.c''' +NPA_TSTREAM_SRC = '''../libcli/named_pipe_auth/npa_tstream.c''' + RPC_PIPE_SRC = '''rpc_server/srv_pipe_hnd.c rpc_server/srv_pipe.c rpc_server/srv_lsa_hnd.c''' RPC_ECHO_SRC = '''rpc_server/srv_echo_nt.c ../librpc/gen_ndr/srv_echo.c''' #TODO: RPC_SERVER_SRC used to include RPC_STATIC modules -RPC_SERVER_SRC = '''${RPC_PIPE_SRC}''' +RPC_SERVER_SRC = '''${RPC_PIPE_SRC} ${NPA_TSTREAM_SRC}''' RPC_PARSE_SRC = '''${RPC_PARSE_SRC2}''' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via abbf8ef... s3: Fix a bad memleak in the async echo responder from eff1339... s3-waf: fix the build after tstream changes. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit abbf8efb24c3d079ff2f7e39b2bf8382efa2ad5c Author: Volker Lendecke v...@samba.org Date: Thu May 27 18:12:30 2010 +0200 s3: Fix a bad memleak in the async echo responder --- Summary of changes: source3/smbd/process.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 128a612..ed70b9c 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -2669,7 +2669,7 @@ static void smbd_echo_reader(struct tevent_context *ev, DEBUG(10,(echo_handler[%d]: reading pdu\n, (int)sys_getpid())); - status = receive_smb_talloc(state, smbd_server_fd(), + status = receive_smb_talloc(state-pending, smbd_server_fd(), (char **)(void *)state-pending[num_pending].iov_base, 0 /* timeout */, unread, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 21e8548... s3-waf: Also set developer env when building in developer mode from abbf8ef... s3: Fix a bad memleak in the async echo responder http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 21e8548c0a3ea8fcca4e97a9b0f8b5a2cddf3d29 Author: Kai Blin k...@samba.org Date: Thu May 27 22:42:23 2010 +0200 s3-waf: Also set developer env when building in developer mode --- Summary of changes: source3/wscript |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript b/source3/wscript index 3bc9bd1..6dc05c8 100644 --- a/source3/wscript +++ b/source3/wscript @@ -61,6 +61,7 @@ def configure(conf): conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True) if Options.options.developer: conf.ADD_CFLAGS('-DDEVELOPER -DDEBUG_PASSWORD') +conv.env['developer'] = True if Options.options.with_swat: conf.env['build_swat'] = True -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 49a80fe... s3-waf: Fix typo from 21e8548... s3-waf: Also set developer env when building in developer mode http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 49a80fe6710a8c3c5977b35be2f55c2748b3bddc Author: Kai Blin k...@samba.org Date: Thu May 27 22:45:13 2010 +0200 s3-waf: Fix typo Sorry for the noise --- Summary of changes: source3/wscript |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript b/source3/wscript index 6dc05c8..c3d4c43 100644 --- a/source3/wscript +++ b/source3/wscript @@ -61,7 +61,7 @@ def configure(conf): conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True) if Options.options.developer: conf.ADD_CFLAGS('-DDEVELOPER -DDEBUG_PASSWORD') -conv.env['developer'] = True +conf.env['developer'] = True if Options.options.with_swat: conf.env['build_swat'] = True -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7bcd9c5... libndr: add support for relative_rap_convert. from 49a80fe... s3-waf: Fix typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7bcd9c5583ac2f750aa9c90af7d1ac86eb36f86f Author: Günther Deschner g...@samba.org Date: Fri Apr 30 01:08:07 2010 +0200 libndr: add support for relative_rap_convert. Will not harm anyone, is only used for rare short (2byte) relative pointers, and relative_rap_convert is always 0 so far (as all init functions using struct ndr_pull will zero the struct). Guenther --- Summary of changes: librpc/ndr/libndr.h|1 + librpc/ndr/ndr_basic.c |1 + 2 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index 133a119..d5091a6 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -62,6 +62,7 @@ struct ndr_pull { uint32_t relative_highest_offset; uint32_t relative_base_offset; + uint32_t relative_rap_convert; struct ndr_token_list *relative_base_list; struct ndr_token_list *relative_list; diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c index f7d6ee0..d0d58b0 100644 --- a/librpc/ndr/ndr_basic.c +++ b/librpc/ndr/ndr_basic.c @@ -185,6 +185,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_relative_ptr_short(struct ndr_pull *ndr, uin if (*v != 0) { ndr-ptr_count++; } + *(v) -= ndr-relative_rap_convert; return NDR_ERR_SUCCESS; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 82982bd... s4-smbtorture: we can fully use autogenerated code to pull info unions now. from 7bcd9c5... libndr: add support for relative_rap_convert. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 82982bd48086712d5efd2e9be79c16a4338605f7 Author: Günther Deschner g...@samba.org Date: Fri Apr 30 01:09:46 2010 +0200 s4-smbtorture: we can fully use autogenerated code to pull info unions now. Guenther --- Summary of changes: source4/torture/rap/rap.c | 262 - 1 files changed, 90 insertions(+), 172 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rap/rap.c b/source4/torture/rap/rap.c index 8483160..d263f80 100644 --- a/source4/torture/rap/rap.c +++ b/source4/torture/rap/rap.c @@ -711,13 +711,32 @@ static NTSTATUS rap_pull_rap_PrintQueue5(TALLOC_CTX *mem_ctx, struct ndr_pull *n return NT_STATUS_OK; } +static enum ndr_err_code ndr_pull_rap_NetPrintQEnum_data(struct ndr_pull *ndr, struct rap_NetPrintQEnum *r) +{ + uint32_t cntr_info_0; + TALLOC_CTX *_mem_save_info_0; + + NDR_PULL_ALLOC_N(ndr, r-out.info, r-out.count); + _mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r-out.info, 0); + for (cntr_info_0 = 0; cntr_info_0 r-out.count; cntr_info_0++) { + NDR_CHECK(ndr_pull_set_switch_value(ndr, r-out.info[cntr_info_0], r-in.level)); + NDR_CHECK(ndr_pull_rap_printq_info(ndr, NDR_SCALARS, r-out.info[cntr_info_0])); + } + for (cntr_info_0 = 0; cntr_info_0 r-out.count; cntr_info_0++) { + NDR_CHECK(ndr_pull_rap_printq_info(ndr, NDR_BUFFERS, r-out.info[cntr_info_0])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0); + + return NDR_ERR_SUCCESS; +} + NTSTATUS smbcli_rap_netprintqenum(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, struct rap_NetPrintQEnum *r) { struct rap_call *call; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - int i; if (!(call = new_rap_cli_call(mem_ctx, RAP_WPrintQEnum))) { return NT_STATUS_NO_MEMORY; @@ -770,39 +789,11 @@ NTSTATUS smbcli_rap_netprintqenum(struct smbcli_tree *tree, NDR_GOTO(ndr_pull_uint16(call-ndr_pull_param, NDR_SCALARS, r-out.count)); NDR_GOTO(ndr_pull_uint16(call-ndr_pull_param, NDR_SCALARS, r-out.available)); - r-out.info = talloc_zero_array(mem_ctx, union rap_printq_info, r-out.count); + call-ndr_pull_data-relative_rap_convert = r-out.convert; - if (r-out.info == NULL) { - result = NT_STATUS_NO_MEMORY; - goto done; - } + NDR_GOTO(ndr_pull_rap_NetPrintQEnum_data(call-ndr_pull_data, r)); - for (i=0; ir-out.count; i++) { - switch(r-in.level) { - case 0: - result = rap_pull_rap_PrintQueue0(mem_ctx, call-ndr_pull_data, r-out.convert, r-out.info[i].info0); - break; - case 1: - result = rap_pull_rap_PrintQueue1(mem_ctx, call-ndr_pull_data, r-out.convert, r-out.info[i].info1); - break; - case 2: - result = rap_pull_rap_PrintQueue2(mem_ctx, call-ndr_pull_data, r-out.convert, r-out.info[i].info2); - break; - case 3: - result = rap_pull_rap_PrintQueue3(mem_ctx, call-ndr_pull_data, r-out.convert, r-out.info[i].info3); - break; - case 4: - result = rap_pull_rap_PrintQueue4(mem_ctx, call-ndr_pull_data, r-out.convert, r-out.info[i].info4); - break; - case 5: - result = rap_pull_rap_PrintQueue5(mem_ctx, call-ndr_pull_data, r-out.convert, r-out.info[i].info5); - break; - } - } - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } + r-out.info = talloc_steal(mem_ctx, r-out.info); if (DEBUGLEVEL = 10) { NDR_PRINT_OUT_DEBUG(rap_NetPrintQEnum, r); @@ -869,39 +860,22 @@ NTSTATUS smbcli_rap_netprintqgetinfo(struct smbcli_tree *tree, result = NT_STATUS_INVALID_PARAMETER; + ZERO_STRUCT(r-out); + NDR_GOTO(ndr_pull_rap_status(call-ndr_pull_param, NDR_SCALARS, r-out.status)); NDR_GOTO(ndr_pull_uint16(call-ndr_pull_param, NDR_SCALARS, r-out.convert)); NDR_GOTO(ndr_pull_uint16(call-ndr_pull_param, NDR_SCALARS, r-out.available)); - switch(r-in.level) { - case 0: - result = rap_pull_rap_PrintQueue0(mem_ctx, call-ndr_pull_data, r-out.convert,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7803bcd... s4-smbtorture: remove obsolete handmarshalled rap code. from 82982bd... s4-smbtorture: we can fully use autogenerated code to pull info unions now. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7803bcdae654f1474c57f0d31ed17f56492441e3 Author: Günther Deschner g...@samba.org Date: Thu Apr 29 23:34:27 2010 +0200 s4-smbtorture: remove obsolete handmarshalled rap code. Guenther --- Summary of changes: source4/torture/rap/rap.c | 281 - 1 files changed, 0 insertions(+), 281 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rap/rap.c b/source4/torture/rap/rap.c index d263f80..33d6715 100644 --- a/source4/torture/rap/rap.c +++ b/source4/torture/rap/rap.c @@ -564,153 +564,6 @@ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree, return result; } -static NTSTATUS rap_pull_rap_JobInfo0(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, uint16_t convert, struct rap_PrintJobInfo0 *r) -{ - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobID)); - - return NT_STATUS_OK; -} - -static NTSTATUS rap_pull_rap_JobInfo1(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, uint16_t convert, struct rap_PrintJobInfo1 *r) -{ - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobID)); - NDR_RETURN(ndr_pull_charset(ndr, NDR_SCALARS, r-UserName, 21, sizeof(uint8_t), CH_DOS)); - NDR_RETURN(ndr_pull_uint8(ndr, NDR_SCALARS, r-Pad)); - NDR_RETURN(ndr_pull_charset(ndr, NDR_SCALARS, r-NotifyName, 16, sizeof(uint8_t), CH_DOS)); - NDR_RETURN(ndr_pull_charset(ndr, NDR_SCALARS, r-DataType, 10, sizeof(uint8_t), CH_DOS)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-PrintParameterString)); - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobPosition)); - NDR_RETURN(ndr_pull_rap_PrintJStatusCode(ndr, NDR_SCALARS, r-JobStatus)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-JobStatusString)); - NDR_RETURN(ndr_pull_time_t(ndr, NDR_SCALARS, r-TimeSubmitted)); - NDR_RETURN(ndr_pull_uint32(ndr, NDR_SCALARS, r-JobSize)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-JobCommentString)); - - return NT_STATUS_OK; -} - -static NTSTATUS rap_pull_rap_JobInfo2(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, uint16_t convert, struct rap_PrintJobInfo2 *r) -{ - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobID)); - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-Priority)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-UserName)); - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobPosition)); - NDR_RETURN(ndr_pull_rap_PrintJStatusCode(ndr, NDR_SCALARS, r-JobStatus)); - NDR_RETURN(ndr_pull_time_t(ndr, NDR_SCALARS, r-TimeSubmitted)); - NDR_RETURN(ndr_pull_uint32(ndr, NDR_SCALARS, r-JobSize)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-JobCommentString)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-DocumentName)); - - return NT_STATUS_OK; -} - -static NTSTATUS rap_pull_rap_JobInfo3(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, uint16_t convert, struct rap_PrintJobInfo3 *r) -{ - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobID)); - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-Priority)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-UserName)); - NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, r-JobPosition)); - NDR_RETURN(ndr_pull_rap_PrintJStatusCode(ndr, NDR_SCALARS, r-JobStatus)); - NDR_RETURN(ndr_pull_time_t(ndr, NDR_SCALARS, r-TimeSubmitted)); - NDR_RETURN(ndr_pull_uint32(ndr, NDR_SCALARS, r-JobSize)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-JobCommentString)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-DocumentName)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-NotifyName)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-DataType)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-PrintParameterString)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-StatusString)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-QueueName)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-PrintProcessorName)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-PrintProcessorParams)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-DriverName)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-DriverDataOffset)); - RAP_RETURN(rap_pull_string(mem_ctx, ndr, convert, r-PrinterNameOffset)); - - return NT_STATUS_OK; -} - -static NTSTATUS rap_pull_rap_PrintQueue0(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, uint16_t convert, struct
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 667716d... s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test. from 7803bcd... s4-smbtorture: remove obsolete handmarshalled rap code. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 667716d2041fc531bfa6241b02bbfc12d7666e51 Author: Günther Deschner g...@samba.org Date: Thu May 27 16:10:10 2010 +0200 s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test. Guenther --- Summary of changes: source4/torture/rap/sam.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rap/sam.c b/source4/torture/rap/sam.c index 7b97a08..290ba08 100644 --- a/source4/torture/rap/sam.c +++ b/source4/torture/rap/sam.c @@ -192,7 +192,7 @@ static bool test_usergetinfo_byname(struct torture_context *tctx, { struct rap_NetUserGetInfo r; int i; - uint16_t levels[] = { 0, 1, /*2,*/ 10, /*11*/ }; + uint16_t levels[] = { 0, 1, 2, 10, 11 }; for (i=0; i ARRAY_SIZE(levels); i++) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 606be25... s3:auth Free sampass as soon as we have server_info via d9cffc0... s3:auth use info3 in auth_serversupplied_info via 6713f3d... s3:auth add function to copy a netr_SamInfo3 structure via 605cfef... s3:auth: add function to convert samu to netr_SamInfo3 from 667716d... s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 606be25ecf4a31cba9f15c43ebc650aecb17e765 Author: Simo Sorce sso...@redhat.com Date: Thu May 27 05:31:45 2010 -0400 s3:auth Free sampass as soon as we have server_info We don't keep sampass in server_info anymore So it makes no sense to keep it around. Signed-off-by: Günther Deschner g...@samba.org commit d9cffc01be58184312a6a7b55bd523cf8daefa78 Author: Simo Sorce sso...@redhat.com Date: Thu May 27 03:41:56 2010 -0400 s3:auth use info3 in auth_serversupplied_info Signed-off-by: Günther Deschner g...@samba.org commit 6713f3d945f09a732e620641771d9ff403aca9ef Author: Simo Sorce sso...@redhat.com Date: Thu May 27 02:40:59 2010 -0400 s3:auth add function to copy a netr_SamInfo3 structure Signed-off-by: Günther Deschner g...@samba.org commit 605cfef56c23f39eba88545c43284b061e9755bd Author: Simo Sorce sso...@redhat.com Date: Thu May 27 02:07:33 2010 -0400 s3:auth: add function to convert samu to netr_SamInfo3 Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/auth/auth_util.c | 412 +++ source3/auth/check_samsec.c|7 +- source3/auth/server_info.c | 504 +--- source3/auth/server_info_sam.c | 11 +- source3/include/auth.h |2 +- source3/include/proto.h|7 + source3/modules/vfs_expand_msdfs.c |2 +- source3/modules/vfs_full_audit.c |2 +- source3/modules/vfs_recycle.c |2 +- source3/modules/vfs_smb_traffic_analyzer.c |6 +- source3/printing/printing.c|2 +- source3/rpc_server/srv_lsa_nt.c|2 +- source3/rpc_server/srv_netlog_nt.c |2 +- source3/smbd/lanman.c |9 +- source3/smbd/password.c|6 +- source3/smbd/process.c |3 +- source3/smbd/service.c | 12 +- source3/smbd/sesssetup.c |7 +- source3/smbd/smb2_sesssetup.c |9 +- source3/smbd/uid.c |6 +- 20 files changed, 400 insertions(+), 613 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ad454b6..854ab89 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -455,7 +455,7 @@ static NTSTATUS log_nt_token(NT_USER_TOKEN *token) } /* - * Create the token to use from server_info-sam_account and + * Create the token to use from server_info-info3 and * server_info-sids (the info3/sam groups). Find the unix gids. */ @@ -464,6 +464,7 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) NTSTATUS status; size_t i; struct dom_sid tmp_sid; + struct dom_sid user_sid; /* * If winbind is not around, we can not make much use of the SIDs the @@ -482,9 +483,13 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) server_info-ptok); } else { + sid_compose(user_sid, + server_info-info3-base.domain_sid, + server_info-info3-base.rid); + server_info-ptok = create_local_nt_token( server_info, - pdb_get_user_sid(server_info-sam_account), + user_sid, server_info-guest, server_info-num_sids, server_info-sids); status = server_info-ptok ? @@ -592,7 +597,16 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - result-sam_account = sampass; + status = samu_to_SamInfo3(result, sampass, + global_myname(), result-info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, (Failed to convert samu to info3: %s\n, + nt_errstr(status))); + TALLOC_FREE(sampass); + TALLOC_FREE(result); + return status; + } + result-unix_name = talloc_strdup(result, unix_username);
Re: [SCM] Samba Shared Repository - branch master updated
On Thu, May 27, 2010 at 05:57:35PM -0500, Günther Deschner wrote: The branch, master has been updated via 606be25... s3:auth Free sampass as soon as we have server_info via d9cffc0... s3:auth use info3 in auth_serversupplied_info via 6713f3d... s3:auth add function to copy a netr_SamInfo3 structure via 605cfef... s3:auth: add function to convert samu to netr_SamInfo3 from 667716d... s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master Hi Simo, arg... and of course I pushed and incomplete and old version of that patchset :/ sorry, sorry, sorry. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org pgpOFoHHGJ7JE.pgp Description: PGP signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2a6a696... s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3 from 606be25... s3:auth Free sampass as soon as we have server_info http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2a6a696e32798f2a2aabef61dfa421da6328d069 Author: Simo Sorce sso...@redhat.com Date: Thu May 27 03:21:35 2010 -0400 s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3 Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/auth/server_info.c | 135 source3/include/proto.h|2 + 2 files changed, 137 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index e9ccdb6..d9b25bd 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -441,3 +441,138 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, return info3; } + +static NTSTATUS wbcsids_to_samr_RidWithAttributeArray( + TALLOC_CTX *mem_ctx, + struct samr_RidWithAttributeArray *groups, + const struct dom_sid *domain_sid, + const struct wbcSidWithAttr *sids, + size_t num_sids) +{ + unsigned int i; + bool ok; + + groups-rids = talloc_array(mem_ctx, + struct samr_RidWithAttribute, num_sids); + if (!groups-rids) { + return NT_STATUS_NO_MEMORY; + } + + /* a wbcDomainSid is the same as a dom_sid */ + for (i = 0; i num_sids; i++) { + ok = sid_peek_check_rid(domain_sid, + (const struct dom_sid *)sids[i].sid, + groups-rids[i].rid); + if (!ok) continue; + + groups-rids[i].attributes = SE_GROUP_MANDATORY | +SE_GROUP_ENABLED_BY_DEFAULT | +SE_GROUP_ENABLED; + groups-count++; + } + + return NT_STATUS_OK; +} + +struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, + const struct wbcAuthUserInfo *info) +{ + struct netr_SamInfo3 *info3; + struct dom_sid user_sid; + struct dom_sid group_sid; + struct dom_sid domain_sid; + NTSTATUS status; + bool ok; + + memcpy(user_sid, info-sids[0].sid, sizeof(user_sid)); + memcpy(group_sid, info-sids[1].sid, sizeof(group_sid)); + + info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); + if (!info3) return NULL; + + info3-base.last_logon = info-logon_time; + info3-base.last_logoff = info-logoff_time; + info3-base.acct_expiry = info-kickoff_time; + info3-base.last_password_change = info-pass_last_set_time; + info3-base.allow_password_change = info-pass_can_change_time; + info3-base.force_password_change = info-pass_must_change_time; + + if (info-account_name) { + info3-base.account_name.string = + talloc_strdup(info3, info-account_name); + RET_NOMEM(info3-base.account_name.string); + } + if (info-full_name) { + info3-base.full_name.string = + talloc_strdup(info3, info-full_name); + RET_NOMEM(info3-base.full_name.string); + } + if (info-logon_script) { + info3-base.logon_script.string = + talloc_strdup(info3, info-logon_script); + RET_NOMEM(info3-base.logon_script.string); + } + if (info-profile_path) { + info3-base.profile_path.string = + talloc_strdup(info3, info-profile_path); + RET_NOMEM(info3-base.profile_path.string); + } + if (info-home_directory) { + info3-base.home_directory.string = + talloc_strdup(info3, info-home_directory); + RET_NOMEM(info3-base.home_directory.string); + } + if (info-home_drive) { + info3-base.home_drive.string = + talloc_strdup(info3, info-home_drive); + RET_NOMEM(info3-base.home_drive.string); + } + + info3-base.logon_count = info-logon_count; + info3-base.bad_password_count = info-bad_password_count; + + sid_copy(domain_sid, user_sid); + sid_split_rid(domain_sid, info3-base.rid); + + ok = sid_peek_check_rid(domain_sid, group_sid, + info3-base.primary_gid); + if (!ok) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3bb8195... Fix Out of memory checks from 2a6a696... s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3bb819581b1dc2624a9e52c2cae065cc3bda6a4b Author: Simo Sorce sso...@redhat.com Date: Thu May 27 19:22:02 2010 -0400 Fix Out of memory checks Günther pushed an older version of the patch s3:auth add function to copy a netr_SamInfo3 structure that was missing these fixes. --- Summary of changes: source3/auth/server_info.c | 96 +++- 1 files changed, 59 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index d9b25bd..27f0487 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -393,51 +393,73 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, { struct netr_SamInfo3 *info3; - info3 = talloc(mem_ctx, struct netr_SamInfo3); + info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); if (!info3) return NULL; /* first copy all, then realloc pointers */ info3-base = orig-base; - info3-base.account_name.string = - talloc_strdup(info3, orig-base.account_name.string); - RET_NOMEM(info3-base.account_name.string); - info3-base.full_name.string = - talloc_strdup(info3, orig-base.full_name.string); - RET_NOMEM(info3-base.full_name.string); - info3-base.logon_script.string = - talloc_strdup(info3, orig-base.logon_script.string); - RET_NOMEM(info3-base.logon_script.string); - info3-base.profile_path.string = - talloc_strdup(info3, orig-base.profile_path.string); - RET_NOMEM(info3-base.profile_path.string); - info3-base.home_directory.string = - talloc_strdup(info3, orig-base.home_directory.string); - RET_NOMEM(info3-base.home_directory.string); - info3-base.home_drive.string = - talloc_strdup(info3, orig-base.home_drive.string); - RET_NOMEM(info3-base.home_drive.string); - - info3-base.groups.rids = - talloc_memdup(info3, orig-base.groups.rids, - (sizeof(struct samr_RidWithAttribute) * - orig-base.groups.count)); - RET_NOMEM(info3-base.groups.rids); - - info3-base.logon_server.string = - talloc_strdup(info3, orig-base.logon_server.string); - RET_NOMEM(info3-base.logon_server.string); - info3-base.domain.string = - talloc_strdup(info3, orig-base.domain.string); - RET_NOMEM(info3-base.domain.string); + if (orig-base.account_name.string) { + info3-base.account_name.string = + talloc_strdup(info3, orig-base.account_name.string); + RET_NOMEM(info3-base.account_name.string); + } + if (orig-base.full_name.string) { + info3-base.full_name.string = + talloc_strdup(info3, orig-base.full_name.string); + RET_NOMEM(info3-base.full_name.string); + } + if (orig-base.logon_script.string) { + info3-base.logon_script.string = + talloc_strdup(info3, orig-base.logon_script.string); + RET_NOMEM(info3-base.logon_script.string); + } + if (orig-base.profile_path.string) { + info3-base.profile_path.string = + talloc_strdup(info3, orig-base.profile_path.string); + RET_NOMEM(info3-base.profile_path.string); + } + if (orig-base.home_directory.string) { + info3-base.home_directory.string = + talloc_strdup(info3, orig-base.home_directory.string); + RET_NOMEM(info3-base.home_directory.string); + } + if (orig-base.home_drive.string) { + info3-base.home_drive.string = + talloc_strdup(info3, orig-base.home_drive.string); + RET_NOMEM(info3-base.home_drive.string); + } - info3-base.domain_sid = sid_dup_talloc(info3, orig-base.domain_sid); - RET_NOMEM(info3-base.domain_sid); + if (orig-base.groups.count) { + info3-base.groups.rids = + talloc_memdup(info3, orig-base.groups.rids, + (sizeof(struct samr_RidWithAttribute) * + orig-base.groups.count)); + RET_NOMEM(info3-base.groups.rids); + } + + if (orig-base.logon_server.string) { + info3-base.logon_server.string = + talloc_strdup(info3, orig-base.logon_server.string); +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 20fb373... s3:auth remove login_server from server info from 3bb8195... Fix Out of memory checks http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 20fb37320224e8ed97473e60c1b70369d8069cb5 Author: Simo Sorce sso...@redhat.com Date: Thu May 27 19:41:07 2010 -0400 s3:auth remove login_server from server info It is not used anymore, we have that information in info3-base.logon_server already --- Summary of changes: source3/auth/auth_util.c |3 --- source3/include/auth.h |2 -- 2 files changed, 0 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 854ab89..7869637 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1155,9 +1155,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* Ensure the primary group sid is at position 0. */ sort_sid_array_for_smbd(result, group_sid); - result-login_server = talloc_strdup(result, -info3-base.logon_server.string); - /* ensure we are never given NULL session keys */ if (memcmp(info3-base.key.key, zeros, sizeof(zeros)) == 0) { diff --git a/source3/include/auth.h b/source3/include/auth.h index 7996faf..ba8b23b 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -56,8 +56,6 @@ struct auth_serversupplied_info { DATA_BLOB user_session_key; DATA_BLOB lm_session_key; -char *login_server; /* which server authorized the login? */ - struct netr_SamInfo3 *info3; void *pam_handle; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f888c82... s3:auth Add comment to clarify usage of session keys. from 20fb373... s3:auth remove login_server from server info http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f888c82fe08f7bf624aad53c20aaa634662b36dd Author: Simo Sorce sso...@redhat.com Date: Thu May 27 20:40:22 2010 -0400 s3:auth Add comment to clarify usage of session keys. Explain why we have what looks like a duplicate of session keys. It is in fact not a duplicate. --- Summary of changes: source3/include/auth.h | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/auth.h b/source3/include/auth.h index ba8b23b..fbd73ae 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -53,6 +53,16 @@ struct auth_serversupplied_info { NT_USER_TOKEN *ptok; + /* This is the final session key, as used by SMB signing, and +* (truncated to 16 bytes) encryption on the SAMR and LSA pipes +* when over ncacn_np. +* It is calculated by NTLMSSP from the session key in the info3, +* and is set from the Kerberos session key using +* krb5_auth_con_getremotesubkey(). +* +* Bootom line, it is not the same as the session keys in info3. +*/ + DATA_BLOB user_session_key; DATA_BLOB lm_session_key; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ca8e22... s3-lanman: Fix api_RNetUserGetInfo level 2 marshalling offset calculation. via c5eeb0d... s3-auth: fix c++ buildwarnings. via 38d69ca... s3-build: remove duplicate ndr_krb5pac.h inclusion. via 6d19475... s3-build: use ndr_misc.h where needed. via 66adb84... s3-build: only use ndr_samr.h where needed. via 60079f5... s3-idl: fix some missing dependencies to other IDL files. via 30eeb1e... s3-rpc_client: move protos to init_netlogon.h from f888c82... s3:auth Add comment to clarify usage of session keys. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ca8e2252b14811b9221acc95a510ab6a84f580f Author: Günther Deschner g...@samba.org Date: Fri May 28 00:02:15 2010 +0200 s3-lanman: Fix api_RNetUserGetInfo level 2 marshalling offset calculation. 54 + 4 = 58 (and not 60). Found by torture test. Guenther commit c5eeb0d155bc49fe7ead2a601bdd1bffaa5b119c Author: Günther Deschner g...@samba.org Date: Fri May 28 02:47:12 2010 +0200 s3-auth: fix c++ buildwarnings. Guenther commit 38d69ca547d6eaead316d990dc140a8250cf64d2 Author: Günther Deschner g...@samba.org Date: Fri May 28 02:20:21 2010 +0200 s3-build: remove duplicate ndr_krb5pac.h inclusion. Guenther commit 6d194756e00c73672bbd43c9a5eb9efc93a84567 Author: Günther Deschner g...@samba.org Date: Fri May 28 02:20:02 2010 +0200 s3-build: use ndr_misc.h where needed. Guenther commit 66adb84e46489a94ea49fc70d93dfe90a601617c Author: Günther Deschner g...@samba.org Date: Fri May 28 02:18:21 2010 +0200 s3-build: only use ndr_samr.h where needed. Guenther commit 60079f59b09d5f05ac1f09b015ec9bd765269035 Author: Günther Deschner g...@samba.org Date: Fri May 28 02:16:38 2010 +0200 s3-idl: fix some missing dependencies to other IDL files. Guenther commit 30eeb1e3d90e93a52d81503d022218b7b6521071 Author: Günther Deschner g...@samba.org Date: Fri May 28 01:19:25 2010 +0200 s3-rpc_client: move protos to init_netlogon.h Guenther --- Summary of changes: source3/auth/server_info.c |4 ++-- source3/include/proto.h| 32 source3/libads/kerberos.c |1 + source3/librpc/idl/libnet_join.idl |2 +- source3/librpc/idl/libnetapi.idl |2 ++ source3/librpc/idl/secrets.idl |2 ++ source3/librpc/idl/wbint.idl |2 +- source3/libsmb/passchange.c|1 + source3/rpc_client/cli_netlogon.c |1 + source3/rpc_client/init_netlogon.c |1 + source3/rpc_client/init_netlogon.h |5 + source3/rpc_server/srv_lsa_hnd.c |1 + source3/rpcclient/cmd_test.c |1 + source3/smbd/lanman.c | 32 source3/utils/net_rpc_shell.c |1 + 15 files changed, 48 insertions(+), 40 deletions(-) create mode 100644 source3/rpc_client/init_netlogon.h Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 27f0487..2545e7d 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -431,7 +431,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, } if (orig-base.groups.count) { - info3-base.groups.rids = + info3-base.groups.rids = (struct samr_RidWithAttribute *) talloc_memdup(info3, orig-base.groups.rids, (sizeof(struct samr_RidWithAttribute) * orig-base.groups.count)); @@ -455,7 +455,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, } if (orig-sidcount) { - info3-sids = talloc_memdup(info3, orig-sids, + info3-sids = (struct netr_SidAttr *)talloc_memdup(info3, orig-sids, (sizeof(struct netr_SidAttr) * orig-sidcount)); RET_NOMEM(info3-sids); diff --git a/source3/include/proto.h b/source3/include/proto.h index 8c3f05e..cc14658 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -177,7 +177,18 @@ NTSTATUS auth_winbind_init(void); /* The following definitions come from auth/server_info.c */ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx); - +NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, + uint8_t *pipe_session_key, + size_t pipe_session_key_len, + struct netr_SamInfo2 *sam2); +NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, +