Re: [Samba] Need suggestion for domain controller

[Daniel Müller]

Why don' t try samba4:
My thread on this list: HOWTO samba4 centos5.5 named dnsupdate drbd simple
failover

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Jack Downes
Gesendet: Montag, 9. August 2010 20:48
An: samba@lists.samba.org
Betreff: Re: [Samba] Need suggestion for domain controller

The quick solution here is to head over to turnkeylinux.org and use 
their prebuilt setup to handle this.  I've not used it  (yet), but if 
it's as good as their other stuff, it's probably quite nice.

Jack

On 07/31/10 07:34 AM, masatheesh wrote:
 Hi,

   I wish to establish domain controller based on Centos 5.x.I am
 considering below setups.

 1) Samba PDC
 2) OpenLDAP
 3) Combination of Samba PDC + LDAP

   I am confused to select one among above.Can anyone please suggest
me?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba and ms server 2008

[Daniel Müller]

Look at my thread:
HOWTO samba4 centos5.5 named dnsupdate drbd simple failover

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Rob Townley
Gesendet: Dienstag, 10. August 2010 02:59
An: gaiseric.van...@gmail.com
Cc: samba@lists.samba.org
Betreff: Re: [Samba] samba and ms server 2008

On Mon, Aug 9, 2010 at 2:07 PM, Gaiseric Vandal
gaiseric.van...@gmail.com wrote:
 http://wiki.samba.org/index.php/Windows7


 I would be pretty sure that if Windows 7 doesn't work with Samba 3.0.x
that
 Windows 2008 won't either.   Rather than compiling samba 3.4 or 3.5 from
 source I would go with Fedora Core 11 (samba 3.3.x) or  some other more
 up-to-date linux distro that has a newer version of samba included.   I
 wouldn't start anything with 3.0.xx.

 I would (maybe stating the obvious) set up a test environment 1st.     I
did
 start playing with FC13 (samba 3.5)-  not sure it behaved properly.    I
 personally would stick with FC12 which I think had samba 3.4.x included-
  since I am pretty familiar with 3.4.x but not 3.5.x.  There were
definately
 some config changes between 3.0.x and 3.4.x (group mapping, domain
trusts.)




 On 08/09/2010 02:56 PM, Peter Lawrie wrote:

 Hi
 I am about to set up a Centos server with samba and an MS server 2008 for
 a
 new customer.
 The MS server is required because he has an MSSQL application. The samba
 shares will be for everything else.
 I've previously set up centos and redhat servers as domain members with a
 2003 pdc
 before I get stuck, are there any issues I should worry about with server
 2008?
 What release of samba should I run?
 Are there any differences in configuration compared with samba3.0.33
which
 comes with centos5.5
 Peter
 No virus found in this outgoing message.
 Checked by AVG - www.avg.com
 Version: 9.0.851 / Virus Database: 271.1.1/3059 - Release Date: 08/09/10
 07:35:00



 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba


If you want to use CentOS, then your best bet would probably be :
http://enterprisesamba.com/index.php?id=123

They do have a 64 bit packages, but you have to click on the 386
packages and navigate up and down to see the x86_64 packages.   Better
yet, simply add this repo file as /etc/yum.repos.d/sernet-samba.repo
and then yum install samba3*.  Not samba, but samba3 as they name
packages differently.

http://ftp.sernet.de/pub/samba/3.5/rhel/5/sernet-samba.repo
[sernet-samba]
name=SerNet Samba Team packages (RedHat Enterprise Linux 5)
type=rpm-md
baseurl=http://ftp.sernet.de/pub/samba/3.5/rhel/5
enabled=1
gpgcheck=0


Let us know how it goes.  Are you using 2008 or 2008R2?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] home share issue: //server/homes errs, while //server/username works

[David Roid]

Hello list,

I'm running a samba server in AD domain, with some AD users explicitly
mapped into local users by username map = sambauser.map, which is a text
file.

Problem is found with explicitly mapped user, I can only access home share
by //server/ADusername, not //server/homes (using windows explorer). This
feels wrong because I also tried those AD users not listed in the map file,
they could access home share either way.

So it's bothering me, any idea what did I miss out anything or it's a samba
bug?

Bests
David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] home share issue: //server/homes errs, while //server/username works

[David Roid]

Forgot to metion that mapped AD user can login with smbclient (huh, better
than with windows explorer), but any further operation will hit the error
below.

 # smbclient //localhost/homes -U ADusername
   Enter cifs5's password:
   Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3-1.1-2362-SUSE-CODE10]
   smb: \ ls
   do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND
   Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND

smbclient //localhost/ADusername -U works just fine, again.

Samba ver = 3.5.3 and the homes share is a msdfs root.

2010/8/10 David Roid datar...@gmail.com

 Hello list,

 I'm running a samba server in AD domain, with some AD users explicitly
 mapped into local users by username map = sambauser.map, which is a text
 file.

 Problem is found with explicitly mapped user, I can only access home share
 by //server/ADusername, not //server/homes (using windows explorer). This
 feels wrong because I also tried those AD users not listed in the map file,
 they could access home share either way.

 So it's bothering me, any idea what did I miss out anything or it's a samba
 bug?

 Bests
 David

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Import samba 3 to samba 4

[Lukasz Zalewski]

On 08/08/2010 12:44 AM, Michael Wood wrote:

On 7 August 2010 19:11, Nico Kadel-Garcianka...@gmail.com  wrote:

On Mon, Aug 2, 2010 at 10:06 AM, Dave Thurstondthurs...@comcast.net  wrote:

I have searched but I have yet to find a method to import users and passwords 
from
a samba3/ldap system to samba4. Is there available a method of doing this?


Why do you need to import? Isn't the backend Kerberos and the account
informat sufficiently similar that you can simply switch over?

(I ask as someone using Samba 3, eyeing Samba 4 with interest to get
LDAP out of the hands of Active Directory.)


By default Samba 4 uses its own built in LDAP server and the OpenLDAP
backend is currently not working properly.

I have managed to migrate users from an Apple Open Directory server
(which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was
only using Open Directory for authentication of one service.  No
machines joined to OD or anything like that.

All I needed to do was dump the kerberos database, import it to
Heimdal, dump it from Heimdal again and then use the password hashes
from the Heimdal dump to create the necessary unicodePwd attributes in
Samba's directory.  After that I used ldapsearch to get hold of the
groups each user was a member of and then used ldbmodify (or perhaps
ldapmodify.  I can't remember now) to migrate them to Samba.

I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema
looks like and how it differs from what Samba 4 uses, but as long as
the password hashes are in a compatible format, I imagine it's just a
matter of slapcat or ldapsearch, munging the results and then
ldbmodify to add the users to Samba 4.

I don't know of an existing script to do this.

I have started writing a script that will pull account information 
(Users, Groups and Computers) from s3's ldap backend and import it to 
s4. its still early days though. I'm pretty sure that there will be 
loads of hurdles to jump before is in any usable state


Regards

Luk

Cc: samba-technical



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Automatic change of machine passwords seems to brake trust relationship for Windows 7 clients

[Stefan Oberwahrenbrock]

Hi Peter,

thanks for your detailed instructions for a workaround!

Just to get you right: Your proposals include changes for the win7-
clients _and_ the samba domain itself, correct? If it is possible, I 
would like to change only settings within the win7-clients (or server 
2008 R2 systems) and not the domain itself, because all other systems 
(XP, 2003, 2008) operate quite well for over one year now.

Besides, I also see the DisablePasswordChange-Option on Windows server-
systems (2003, 2008, 2008 R2) but I do not see a RefusePasswordChange-
Option. According to MS knowledgebase (http://support.microsoft.com/?
scid=kb%3Ben-us%3B154501x=7y=6) it seems to me, that the 
RefusePasswordChange-Option was only intended to be used on older 
systems (NT4, 2000). Thus, I think it will be ineffective on modern 
systems.

I would like to here your comments.

Greetings,
Stefan


Peter Rindfuss rindf...@wzb.eu wrote in news:4c600628.2010...@wzb.eu:

 On 2010-08-09 14:18, Stefan Oberwahrenbrock wrote:

 We are observing the following phenomenon: After 30 days our Windows
 7 clients lose their trust relationship with the samba domain. We
 think, that the automatic machine password change on these clients
 fails. 
 
 I posted a message about the very same problem on July 15.
 
 I think it does not always happen after 30 days (or whatever the
 change interval is set to), but only occurs when the machine password
 change time has arrived and the computer is on, but not no one is
 logged on (i.e. the login box is shown).
 
 Since we are only starting to deploy Windows 7, we simply turned the 
 machine password change off in the registry of our imaged installation
 and the few real installations. We had no more problems afterwards.
 
 
 There are three ways to change the machine password behavior:
 
 Client-Registry:
 HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 DisablePasswordChange = dword:1
 
 or
 
 Client-Registry:
 HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 MaximumPasswordAge = dword:100
 
 or
 
 Server-Registry (if you have a Windows server)
 HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 RefusePasswordChange = dword:1
 
 With Samba + OpenLDAP, set
 sambaRefuseMachinePwdChange = 1
 in the sambaDomainName= entry.
 
 Peter


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Import samba 3 to samba 4

[Stefan (metze) Metzmacher]

Am 10.08.2010 11:39, schrieb Lukasz Zalewski:
 On 08/08/2010 12:44 AM, Michael Wood wrote:
 On 7 August 2010 19:11, Nico Kadel-Garcianka...@gmail.com  wrote:
 On Mon, Aug 2, 2010 at 10:06 AM, Dave
 Thurstondthurs...@comcast.net  wrote:
 I have searched but I have yet to find a method to import users and
 passwords from
 a samba3/ldap system to samba4. Is there available a method of doing
 this?

 Why do you need to import? Isn't the backend Kerberos and the account
 informat sufficiently similar that you can simply switch over?

 (I ask as someone using Samba 3, eyeing Samba 4 with interest to get
 LDAP out of the hands of Active Directory.)

 By default Samba 4 uses its own built in LDAP server and the OpenLDAP
 backend is currently not working properly.

 I have managed to migrate users from an Apple Open Directory server
 (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was
 only using Open Directory for authentication of one service.  No
 machines joined to OD or anything like that.

 All I needed to do was dump the kerberos database, import it to
 Heimdal, dump it from Heimdal again and then use the password hashes
 from the Heimdal dump to create the necessary unicodePwd attributes in
 Samba's directory.  After that I used ldapsearch to get hold of the
 groups each user was a member of and then used ldbmodify (or perhaps
 ldapmodify.  I can't remember now) to migrate them to Samba.

 I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema
 looks like and how it differs from what Samba 4 uses, but as long as
 the password hashes are in a compatible format, I imagine it's just a
 matter of slapcat or ldapsearch, munging the results and then
 ldbmodify to add the users to Samba 4.

 I don't know of an existing script to do this.

 I have started writing a script that will pull account information
 (Users, Groups and Computers) from s3's ldap backend and import it to
 s4. its still early days though. I'm pretty sure that there will be
 loads of hurdles to jump before is in any usable state

I've something that's is almost done for users, groups and computers.

It needs a lot of cleanup, then I'll commit it to master/example/*.

Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later
we can also support ldap urls)

metze


signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Question re kerberos and plain password login

[Mark Adams]

Anyone got any thoughts about this?

On Sun, Aug 08, 2010 at 12:32:28AM +0100, Mark Adams wrote:
 Hi There,
 
 I've just upgraded to 2 new 2008 R2 domain controllers, and had been
 using 2003 integration with samba successfully. After hitting this issue
 https://bugzilla.samba.org/show_bug.cgi?id=6700 I upgraded my samba to
 3.4.8, which seems to be working OK for pc hosts.
 
 However, I used to also log in some OSX 10.5 clients in using smb, and
 now these clients are getting password failed issues. I also allow AFP
 access using netatalk, and this is working correctly, which indicates
 winbind is checking things correctly. 
 
 Is there any option needed to allow password login AND kerberos?
 
 On 3.2.4 with 2003 my config was working ok. There is no log created
 when the mac attempts to auth (unlike the log for each windows client)
 so I'm not sure where it's going wrong.
 
 Any help appreciated!
 
 Cheers,Mark
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba pdc for samba clients - job

[mancyb...@gmail.com]

Hi All, this is a samba related job request. Sorry if this is not the correct 
mailing list, feel free to point me toward a better place.

I'm looking for an how-to style documentation to configure Debian 5 (Lenny) as 
a PDC and file server
for Debian 5 (Lenny) clients.
Would prefer to use Samba (and Kerberos if needed) as the PDC and file server
and would prefer to avoid ldap integration.

The documentation must describe how to configure the server to provide the 
authentication facility (PDC),
and how to configure the client to authenticate (would prefer with GDM (gnome 
display manager) and mount the file share accordingly.

No printer handling is needed.

The clients are using the desktop manager xfce4.

I am a linux sysadmin myself so you will not be alone.

Please bid only if you have experience with this setup because this is urgent 
(2-3 days).
Budget is negotiable but I'm looking to spend around 100 USD.


Thanks for your attention,
have a nice day.
Mike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba posix_acls.c file and dir permissions

[suresh.kandukuru]

Dear samba team,
 please help me in understanding these.

1) in samba posix_acls.c why samba always setting the READ access for
the file and READ and WRITE access for directory ?
--
case S_IRUSR:
/* Ensure owner has read access. */
pace-perms |= S_IRUSR;
if (is_directory)
pace-perms |= (S_IWUSR|S_IXUSR);
and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR,
S_IWUSR, S_IXUSR);
or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR,
S_IWUSR, S_IXUSR);

---
2) I have connected a samba share from the device onto my windows xp
machine.. when I tried modify subfolder owner  write permissions , it is
simply ignoring that and setting the write permission again.

Thanks
Suresh



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA4 DDNS update samba_dnsupdate issues

[Timo Aaltonen]

On Fri, 30 Jul 2010, Daniel A. Creed wrote:

The wierd thing is I know that TSIG transfers are working because I can 
use nsupdate with the key set and it updates the records fine... So what 
TKEY is this looking for and whats the issue with it?


Sorry to barge in, but did you use the nsupdate from bind? And if so, how 
did you use it? I'm struggling with samba3 which is unable to update dns 
for me, but the nsupdate-gss script by tridge works otherwise but doesn't 
know how to update the PTR record..


t
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Windows 7 connect to FreeBSD samba

[dan dylan]

I'm having trouble connecting my windows 7 machine to my Samba server that i
set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is
3.

I followed the directions here
http://www.mrp3.com/windows-to-unix-samba.html to set it up as a domain
controller exactly.. except for adding the samba_dns_update script because i
didn't find it being asked for in the config file.

The name of my Windows computer is Pushkin-PC so like it says in the script
I added it using adduser and put it under the machines group. I added it as
Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a Pushkin-PC$
which also made me make a password.

Then the script said to finalize it by doing the command smbpasswd -m
Pushkin-PC$ .. but when I executed that command i got the errors:

Failed to set password for user Pushkin-PC$.
Failed to modify password entry for user Pushkin-PC$.

I couldn't figure out why...

Here's my config file.. all the uncommented parts:

server string = WORKGROUP
server string = Samba Server
security = user
hosts allow = 192.168.1 192.168.2 127.
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
include = /usr/local/etc/smb.conf.%m
local master = yes
os level = 33
domain master = yes
preferred master = auto
domain logons = yes
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
add user script = /usr/local/sbin/smb-add-user %u
add group script = /usr/local/sbin/smb-add-group %g
add machine script = /usr/local/sbin/smb-add-machine %u
add user to group script = /usr/local/sbin/smb-add-user-group %u %g
delete user script = /usr/local/sbin/smb-rm-user %u
delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g
delete group script = /usr/local/sbin/smb-rm-group %g

[homes]
comment = Home Directories
browseable = no
writeable = yes

[netlogon]
comment = Network Logon Service
path = /usr/local/lib/samba/netlogon
guest ok = yes
writeable = no
share modes = no

[profiles]
path = /usr/local/lib/samba/profiles
browseable = no
guest ok = yes

[printers]
comment =All Pringers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes


anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do the
following command:

\\192.168.198.137\Pushkin-PC$

the ip is the freebsd's ip running samba.

and I get the following error: The network path was not found.

Help?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 connect to FreeBSD samba

[John Drescher]

 I'm having trouble connecting my windows 7 machine to my Samba server that i
 set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba version is
 3.

3 is not a descriptive samba version. It must be 3.3 or greater.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 connect to FreeBSD samba

[tms3]

On Tuesday 10/08/2010 at 1:54 pm, dan dylan  wrote:
I'm having trouble connecting my windows 7 machine to my Samba server 
that i
set up on a FreeBSD VM. The FreeBSD version is 7.2 and the samba 
version is

3.

I followed the directions here
http://www.mrp3.com/windows-to-unix-samba.html to set it up as a 
domain
controller exactly.. except for adding the samba_dns_update script 
because i

didn't find it being asked for in the config file.

The name of my Windows computer is Pushkin-PC so like it says in the 
script
I added it using adduser and put it under the machines group. I added 
it as
Pushkin-PC$ though.. as the site showed. then I did smbpasswd -a 
Pushkin-PC$

which also made me make a password.

Then the script said to finalize it by doing the command smbpasswd -m
Pushkin-PC$ .. but when I executed that command i got the errors:

Failed to set password for user Pushkin-PC$.
Failed to modify password entry for user Pushkin-PC$.

I couldn't figure out why...

Here's my config file.. all the uncommented parts:

server string = WORKGROUP
server string = Samba Server
security = user
hosts allow = 192.168.1 192.168.2 127.
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
include = /usr/local/etc/smb.conf.%m
local master = yes
os level = 33
domain master = yes
preferred master = auto
domain logons = yes
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
add user script = /usr/local/sbin/smb-add-user %u
add group script = /usr/local/sbin/smb-add-group %g
add machine script = /usr/local/sbin/smb-add-machine %u
add user to group script = /usr/local/sbin/smb-add-user-group %u %g
delete user script = /usr/local/sbin/smb-rm-user %u
delete user from group script = /usr/local/sbin/smb-rm-user-group %u 
%g

delete group script = /usr/local/sbin/smb-rm-group %g


Where did these scripts come from?




[homes]
comment = Home Directories
browseable = no
writeable = yes

[netlogon]
comment = Network Logon Service
path = /usr/local/lib/samba/netlogon
guest ok = yes
writeable = no
share modes = no

[profiles]
path = /usr/local/lib/samba/profiles
browseable = no
guest ok = yes

[printers]
comment =All Pringers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes


anyways, when try to connect my windows pc (Pushin-PC) to samba.. i do 
the

following command:

\\192.168.198.137\Pushkin-PC$

the ip is the freebsd's ip running samba.

and I get the following error: The network path was not found.

Help?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Dumb questions

[David Gonzalez]

Hi,

I've followed Muller's HOWTO thread and it worked like a charm, except for
these errors when starting smaba on node2

mba,DC=dghvoip,DC=com using filter (uSNChanged=3524)
DsGetNCChanges with uSNChanged = 3524 flags 0x0070 on
CN=Configuration,DC=samba,DC=dghvoip,DC=com gave 0 objects (done 0/0) 0
links (done 0/0)
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED

I think I'll have to manually add a a line to named.conf to allow this host
to update DDNS records, might help.

Other question is: I have a shre I want to be viewable as with Samba3, but
hwnever I browse NetHood, I don't see my Samba4 Servers, I _do_ see them if
I do \\server\share at the command prompt or Run... window. Is there anyway
to make Samba4 shares viewable?.

Thanks.

---
David Gonzalez H.
DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS
Phone Bogotá: +(57-1)289-1168
Phone Medellin: +(57-4)247-0985
Mobile: +(57)315-838-8326
MSN: da...@planetaradio.net
Skype: davidgonzalezh
WEB: http://www.dghvoip.com/
Proud Linux User #294661
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba posix_acls.c file and dir permissions

[suresh.kandukuru]

I did not get any response . pinging it again.

Dear samba team,
 please help me in understanding these.

1) in samba posix_acls.c why samba always setting the READ access for
the file and READ and WRITE access for directory ?
--
case S_IRUSR:
/* Ensure owner has read access. */
pace-perms |= S_IRUSR;
if (is_directory)
pace-perms |= (S_IWUSR|S_IXUSR);
and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR,
S_IWUSR, S_IXUSR);
or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR,
S_IWUSR, S_IXUSR);

---
2) I have connected a samba share from the device onto my windows xp
machine.. when I tried modify subfolder owner  write permissions , it is
simply ignoring that and setting the write permission again. ofcourse
acl are enabled on that share.

Thanks
Suresh



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba posix_acls.c file and dir permissions

[Jeremy Allison]

On Tue, Aug 10, 2010 at 07:50:47PM -0400, suresh.kanduk...@emc.com wrote:
 I did not get any response . pinging it again.
 
 Dear samba team,
  please help me in understanding these.
 
 1) in samba posix_acls.c why samba always setting the READ access for
 the file and READ and WRITE access for directory ?
 --
 case S_IRUSR:
   /* Ensure owner has read access. */
   pace-perms |= S_IRUSR;
   if (is_directory)
   pace-perms |= (S_IWUSR|S_IXUSR);
   and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR,
 S_IWUSR, S_IXUSR);
   or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR,
 S_IWUSR, S_IXUSR);
 
 ---
 2) I have connected a samba share from the device onto my windows xp
 machine.. when I tried modify subfolder owner  write permissions , it is
 simply ignoring that and setting the write permission again. ofcourse
 acl are enabled on that share.

That's simply the way the POSIX ACL mapping is designed.
Onwers are given read (and for a directory) write access
by default. This maps what users expect, that the owner
of a file/directory always has access to it.

If you want more precise Windows ACL mapping, layer the
acl_xattr module on top of the default POSIX ACL mapping,
which will present a Windows view of the underlying ACL
mapping.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover

[Nico Kadel-Garcia]

On Mon, Aug 9, 2010 at 10:10 AM, Daniel Müller muel...@tropenklinik.de wrote:

 centOs5.5/samba4/named  here is a short guide setting it up to work.
 First of all do not install the bind package coming with centos 5.5!!

 Install needs for samba

 yum install libacl*  gnutls* readline* python* gdb* autoconf*

 Named installation:
 Here is a description on what to do:
 http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
 nssec-nsec3-support/
 The steps,

Thanks for the pointer.  I do have some strong suggestions for you.

* Never build RPM's as root. Always do them as a user. This takes
setting up your $HOME/.rpmmacros, but it's far safer and helps prevent
badly written or erroneous .spec files from accidentally doing rm -rf
/ or modifying your installed system files. (I just published patches
to an upstream package maintainer to prevent exactly this sort of
accidental local modification in the build process.) I'd be happy to
publish notes for it.

* If possible, build RPM's with the mock tool. This assures that
you're building them with a clean build environment, rather than with
locally modified libraries, or if you need local modifications you've
identified them all. Again, I'd be happy to publish notes.

 yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel 
 libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel 
 mysql-devel krb5-devel xmlto

Simply doing yum -y insall rpmbuild, then rpmbuild --rebuild
samba-*.src.rpm should identify the dependencies for the existing
samba packages or any *.src.rpm you work with.

 For named to compile correctly you need this 2 packages too:

 yum -y install curl*

 download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
 rch.rpm

EPEL is great, and also available at
ftp://mirrors.kernel.org/fedora-epel/5/. And whether to use i386 or
x86_64 depends on your architecture. And EPEL changes versions and
discards old ones without announcements, so your needed tool may
change behind you back..

Better to install the 'epel-release RPM from the same repository, and
disable the /etc/yum.repos.d/epel.repo if you don't want it on by
default, but use it as needed to more gracefully install and update
such packages.

Also, dnssec-conf has been obsoleted in the EPEL repository by
unbound, which I assume will also work.

 cd /usr/src/redhat/SRPMS
 wget -c
 ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
 wget -c
 ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm


 cd /usr/src/redhat/SRPMS
 wget -c
 ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
 wget -c
 ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
 onf-*.src.rpm
 rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm


Fedora 13 is out. But this doesn't work with either Fedora 12 or 13
packages, unless you've separately updated your RPM to be compatible
with current Fedora releases. That's fairly awkward to do.

To work around that, you need to extract the files and drop them ni
place manually. If you use .rpmmacros, it looks like this:

 cd $HOME/rpm/SOURCES
 for name in ../SRPMS/bind-9.6.*.src.rpm
 rpm2cpio $name | cpio -i
 mv bind.spec ../SPECS/bind.spec
 rpmbuild -bs --nodeps ../SPECS/bind.spec
done
rpmbuild -bs --nodeps
rpmbuild --rebuild ../SRPMS/bind-9.6-[whatever].el5.src.rpm

 cd /usr/src/redhat/SPECS
 rpmbuild -ba ./bind.spec

 The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or 
 /usr/src/redhat/RPMS/x86_64/ depending on your Arch.

 rpmbuild --ba ./dnssec-conf.spec

 The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/

Which is now unnecessary, due to the availability of dnssec-conf's
successor in EPEL.

 cd /usr/src/redhat/RPMS/*86*
 rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm 
 ../noarch/dnssec-conf-1.21-*.noarch.rpm

 Now bind is installed Config-File in /etc/named.conf I disabled in options:
 //dnssec-enable yes;
 //dnssec-validation yes;
 //dnssec-lookaside . trust-anchor dlv.isc.org.;

 To make bind work you have to add user named to the group named.
 Set the rights to make named work correctly
 chmod 770 /etc/named.conf
 chmod 770 /etc/named.rfc1912.zones
 chown root:named /etc/named.conf
 chown named:named /etc/named.rfc1912.zones
 chmod -R 770 /var/named
 chown -R named:named /var/named
 chown named:named /etc/rndc.key
 chown named:named /var/run/named/

named is already there from your installations of the bind RPM. Look
in the '%post' commands.

I'm going to take a break here, before getting into building Samba 4
itself. While your guidelines are helpful, I'm afraid they're off the
beaten path for RPM based installations, and I'd like to  encourage
you to update them.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Are acl_xattr and admin users option incompatible?

[Jeremy Allison]

On Wed, Jul 21, 2010 at 08:15:35AM -0400, John Mulligan wrote:
 Hello List,
 
 I've run into an interesting situation and am wondering if this is by
 design or just an interesting side effect: using both acl_xattr and
 a user in the admin users list at the same time seem to conflict.
 
 I have a tool that is running on a windows box that needs full access
 to files on a given share while ignore individual file and folder
 permissions. We were able to make that tool run as an
 admin user in smb.conf.
 
 When I run the tool with the vfs xattr_acl module turned on (for best
 compatibility with nt acls), the tests fail but when using only straight POSIX
 acls the test works. Running things manually, it appears that running
 with only POSIX acls the root user on the samba side is able to read/write
 any file as expected, but with acl_xattr turned on samba is doing some
 internal checking of the xattr acls and blocking access to the files.
 
 So my question is, is this by design or is this something that the
 samba team would consider as a bug/feature request?
 Also feel free to tell me you're doing it wrong if there is a better
 way to provide read/write access to the windows side regardless of
 the acls on the files. None of my searches turned up anything relevant,
 but its always possible that I was looking in the wrong direction.

Ok, is this with 3.5.x ?

If so, it's a bug - one that has been fixed in the 3.6.0 code
tree. The function smb1_file_se_access_check() in 3.5.x is
directly called from the acl_xattr module, and this code doesn't
taker into account the admin_user status of the calling user.

In 3.6.0 and above, the admin_user status check has been moved
directly into the smb1_file_se_access_check() function so that
it's consistent will all calls for access checking.

Let me know if you want this fix back-porting to 3.5.x, if
so, log a bug at bugzilla.samba.org and I'll create the
patch (it's a reasonably simple fix).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Dumb questions

[David Gonzalez]

Hey there,

Following up on my own problem with DDNS updates, I went on and changed
these on
file: /usr/local/samba/private/named.conf

cat /usr/local/samba/private/named.conf
# This file should be included in your main BIND configuration file
#
# For example with
# include /usr/local/samba/private/named.conf;

zone samba.dghvoip.com. IN {
type master;
file /usr/local/samba/private/dns/samba.dghvoip.com.zone;
#   include /usr/local/samba/private/named.conf.update; ##Commented
out
update-policy {
grant SAMBA.DGHVOIP.COM ms-self * A ;
grant administra...@samba.dghvoip.com wildcard * A  SRV
CNAME TXT;  grant vpnserv...@samba.dghvoip.com wildcard * A  SRV
CNAME;
grant vo...@samba.dghvoip.com wildcard * A  SRV CNAME;
grant 192.168.254.130 wildcard * A  SRV CNAME; ### Added
manually
grant 192.168.254.100 wildcard * A  SRV CNAME; ### Added
manually
};


/* we need to use check-names ignore so _msdcs A records can be
created */
check-names ignore;
};

As you see I added the hosts that could update the zone, but after that I
now get this error, altough there're tons of messages on the net regarding
this, none helped me.


Aug 10 21:30:13 voip named[2167]: client 192.168.254.160#51038: updating
zone 'samba.dghvoip.com/IN': update unsuccessful: samba.dghvoip.com: 'name
not in use' prerequisite not satisfied (YXDOMAIN)

Strange thing, I try to ping samba.dghvoip.com from the same machine where
Smaba is installed, and I get:

# ping samaba.dghvoip.com
ping: unknown host samaba.dghvoip.com

And my zone file looks like:

]# dig axfr samba.dghvoip.com

;  DiG 9.6.2-P2-RedHat-9.6.2-5.P2  axfr samba.dghvoip.com
;; global options: +cmd
samba.dghvoip.com.  604800  IN  SOA samba.dghvoip.com.
hostmaster.samba.dghvoip.com. 2010081022 172800 14400 3628800 604800
samba.dghvoip.com.  604800  IN  NS  voip.samba.dghvoip.com.
samba.dghvoip.com.  900 IN  A   192.168.254.100
samba.dghvoip.com.  900 IN  A   192.168.254.130
_kerberos.samba.dghvoip.com. 604800 IN  TXT SAMBA.DGHVOIP.COM
w2k8._mscds.samba.dghvoip.com. 604800 IN CNAME  w2k8.samba.dghvoip.com.
a51a03b2-f191-4d24-adb8-c4fb594d8de4._msdcs.samba.dghvoip.com. 604800 IN
CNAME vpnserver.samba.dghvoip.com.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samba.dghvoip.com.
900 IN SRV 0 100 88 voip.samba.dghvoip.com.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samba.dghvoip.com.
900 IN SRV 0 100 88 vpnserver.samba.dghvoip.com.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samba.dghvoip.com. 900
IN SRV 0 100 389 voip.samba.dghvoip.com.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samba.dghvoip.com. 900
IN SRV 0 100 389 vpnserver.samba.dghvoip.com.
_kerberos._tcp.dc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 88
voip.samba.dghvoip.com.
_kerberos._tcp.dc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 88
vpnserver.samba.dghvoip.com.
_ldap._tcp.dc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 389
voip.samba.dghvoip.com.
_ldap._tcp.dc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 389
vpnserver.samba.dghvoip.com.
_ldap._tcp.7620096c-a269-4881-99e1-149da78a4a36.domains._
msdcs.samba.dghvoip.com. 900 IN SRV 0 100 389 voip.samba.dghvoip.com.
_ldap._tcp.7620096c-a269-4881-99e1-149da78a4a36.domains._
msdcs.samba.dghvoip.com. 900 IN SRV 0 100 389 vpnserver.samba.dghvoip.com.
ebb75fa1-e4ac-443c-ad9d-9878e1ff3f0d._msdcs.samba.dghvoip.com. 604800 IN
CNAME voip.samba.dghvoip.com.
gc._msdcs.samba.dghvoip.com. 604800 IN  A   192.168.254.100
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samba.dghvoip.com. 900
IN SRV 0 100 3268 voip.samba.dghvoip.com.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samba.dghvoip.com. 900
IN SRV 0 100 3268 vpnserver.samba.dghvoip.com.
_ldap._tcp.gc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 3268
voip.samba.dghvoip.com.
_ldap._tcp.gc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 3268
vpnserver.samba.dghvoip.com.
_ldap._tcp.pdc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 389
voip.samba.dghvoip.com.
_ldap._tcp.pdc._msdcs.samba.dghvoip.com. 900 IN SRV 0 100 389
vpnserver.samba.dghvoip.com.
_gc._tcp.Default-First-Site-Name._sites.samba.dghvoip.com. 900 IN SRV 0 100
3268 voip.samba.dghvoip.com.
_gc._tcp.Default-First-Site-Name._sites.samba.dghvoip.com. 900 IN SRV 0 100
3268 vpnserver.samba.dghvoip.com.
_kerberos._tcp.Default-First-Site-Name._sites.samba.dghvoip.com. 900 IN SRV
0 100 88 voip.samba.dghvoip.com.
_kerberos._tcp.Default-First-Site-Name._sites.samba.dghvoip.com. 900 IN SRV
0 100 88 vpnserver.samba.dghvoip.com.
_ldap._tcp.Default-First-Site-Name._sites.samba.dghvoip.com. 900 IN SRV 0
100 389 voip.samba.dghvoip.com.
_ldap._tcp.Default-First-Site-Name._sites.samba.dghvoip.com. 900 IN SRV 0
100 389 vpnserver.samba.dghvoip.com.
_gc._tcp.samba.dghvoip.com. 900 IN  SRV 0 100 3268
voip.samba.dghvoip.com.

[Samba] Samba 3.0.37 with Windows Server 2008

[Nick Couchman]

I'm running Windows Server 2008 and trying to connect to Samba 3.0.37 on 
Opensolaris.  The Samba system is a member of a Windows Server 2008-based 
Active Directory domain - it was able to join the domain just fine - and 
Windows XP, Windows 2000, Windows Vista, and Windows 7 can connect, but Windows 
Server 2008 SP2 cannot connect.  The log file is posted below - I'm guessing 
the key is the message about krb5_rd_req with auth failed (Bad encryption 
type), but none of the solutions out there that I've looked at seem to apply - 
it doesn't seem to be the same bug as was in Windows Server 2003, and I'm not 
sure what kerberos keytab has to do with remote connections to the machine.  
Any hints would be greatly appreciate.

Thanks,
Nick

[2010/08/10 20:05:22, 5] smbd/uid.c:(338)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [LANMAN1.0]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [Windows for Workgroups 3.1a]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [LM1.2X002]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [LANMAN2.1]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [NT LM 0.12]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [SMB 2.002]
[2010/08/10 20:05:22, 5] smbd/connection.c:(182)
  claiming  0
[2010/08/10 20:05:22, 3] smbd/negprot.c:(364)
  using SPNEGO
[2010/08/10 20:05:22, 3] smbd/negprot.c:(606)
  Selected protocol NT LM 0.12
[2010/08/10 20:05:22, 5] smbd/negprot.c:(612)
  negprot index=5
[2010/08/10 20:05:22, 5] lib/util.c:(484)
[2010/08/10 20:05:22, 5] lib/util.c:(494)
  size=173
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=65535
  smb_pid=65279
  smb_uid=0
  smb_mid=0
  smt_wct=17
  smb_vwv[ 0]=5 (0x5)
  smb_vwv[ 1]=12807 (0x3207)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=24832 (0x6100)
  smb_vwv[ 8]=   82 (0x52)
  smb_vwv[ 9]=64512 (0xFC00)
  smb_vwv[10]=  243 (0xF3)
  smb_vwv[11]=  128 (0x80)
  smb_vwv[12]=39069 (0x989D)
  smb_vwv[13]=63911 (0xF9A7)
  smb_vwv[14]=52024 (0xCB38)
  smb_vwv[15]=26625 (0x6801)
  smb_vwv[16]=1 (0x1)
  smb_bcc=104
[2010/08/10 20:05:22, 3] smbd/process.c:(1083)
  Transaction 1 of length 1640
[2010/08/10 20:05:22, 5] lib/util.c:(484)
[2010/08/10 20:05:22, 5] lib/util.c:(494)
  size=1636
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=65535
  smb_pid=65279
  smb_uid=0
  smb_mid=64
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=0 (0x0)
  smb_vwv[ 2]=16644 (0x4104)
  smb_vwv[ 3]=   50 (0x32)
  smb_vwv[ 4]=0 (0x0)
  smb_vwv[ 5]=0 (0x0)
  smb_vwv[ 6]=0 (0x0)
  smb_vwv[ 7]= 1573 (0x625)
  smb_vwv[ 8]=0 (0x0)
  smb_vwv[ 9]=0 (0x0)
  smb_vwv[10]=  212 (0xD4)
  smb_vwv[11]=40960 (0xA000)
  smb_bcc=1577
[2010/08/10 20:05:22, 3] smbd/process.c:(932)
  switch message SMBsesssetupX (pid 21089) conn 0x0
[2010/08/10 20:05:22, 3] smbd/sec_ctx.c:(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/10 20:05:22, 5] auth/auth_util.c:(448)
  NT user token: (NULL)
[2010/08/10 20:05:22, 5] auth/auth_util.c:(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2010/08/10 20:05:22, 5] smbd/uid.c:(338)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1258)
  wct=12 flg2=0xc807
[2010/08/10 20:05:22, 2] smbd/sesssetup.c:(1214)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old 
resources.
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1040)
  Doing spnego session setup
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1071)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
  parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2
[2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
  parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2
[2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
  parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(699)
  reply_spnego_negotiate: Got secblob of size 1507
[2010/08/10 20:05:22, 3] libads/kerberos_verify.c:(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2010/08/10 20:05:22, 1] smbd/sesssetup.c:(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2010/08/10 20:05:22, 3] smbd/error.c:(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE
[2010/08/10 20:05:22, 5] lib/util.c:(484)



This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this 

Build status as of Tue Aug 10 06:00:01 2010

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-08-09 
00:00:04.0 -0600
+++ /home/build/master/cache/broken_results.txt 2010-08-10 00:00:04.0 
-0600
@@ -1,4 +1,4 @@
-Build status as of Mon Aug  9 06:00:02 2010
+Build status as of Tue Aug 10 06:00:01 2010
 
 Build counts:
 Tree Total  Broken Panic 
@@ -17,7 +17,7 @@
 samba_3_master 32 31 1 
 samba_3_next 32 32 6 
 samba_4_0_test 32 32 0 
-samba_4_0_waf 36 34 0 
+samba_4_0_waf 36 33 0 
 talloc   32 7  0 
 tdb  30 8  0 
 

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  78fa58f... libcli/auth/ntlmssp: remove outdated comment. The 
version flag is well understood now.
   via  d84a2ae... s3: fix the waf build.
   via  1e83b36... libcli/auth Move some source3/ NTLMSSP functions to the 
common code. libcli/auth Use true and false rather than True and False in 
common code
  from  e0f79da... Fix bug #7608 - Win7 SMB2 authentication causes smbd 
panic

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 78fa58f8c36a111b5231a979aaa8b89a29ec815f
Author: Günther Deschner g...@samba.org
Date:   Tue Aug 10 11:51:01 2010 +0200

libcli/auth/ntlmssp: remove outdated comment. The version flag is well 
understood now.

Guenther

commit d84a2aeb6405f37d485a2108c05c932518dcd272
Author: Günther Deschner g...@samba.org
Date:   Tue Aug 10 11:39:04 2010 +0200

s3: fix the waf build.

Guenther

commit 1e83b36afb67c43d99c4fdd2a8eba0da5da5b95e
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 18:16:32 2010 +1000

libcli/auth Move some source3/ NTLMSSP functions to the common code.
libcli/auth Use true and false rather than True and False in common code

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

---

Summary of changes:
 libcli/auth/ntlmssp.c |   58 +
 libcli/auth/ntlmssp_private.h |7 ++
 libcli/auth/ntlmssp_server.c  |   53 
 source3/Makefile.in   |3 +-
 source3/libsmb/ntlmssp.c  |   87 --
 source3/wscript_build |3 +-
 source4/auth/ntlmssp/ntlmssp.c|  110 -
 source4/auth/ntlmssp/ntlmssp_server.c |   30 -
 source4/auth/ntlmssp/wscript_build|7 ++-
 9 files changed, 128 insertions(+), 230 deletions(-)
 create mode 100644 libcli/auth/ntlmssp_server.c


Changeset truncated at 500 lines:

diff --git a/libcli/auth/ntlmssp.c b/libcli/auth/ntlmssp.c
index 1be764e..b7f14c1 100644
--- a/libcli/auth/ntlmssp.c
+++ b/libcli/auth/ntlmssp.c
@@ -74,3 +74,61 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
if (neg_flags  NTLMSSP_NEGOTIATE_56)
DEBUGADD(4, (  NTLMSSP_NEGOTIATE_56\n));
 }
+
+void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
+ uint32_t neg_flags, bool allow_lm)
+{
+   if (neg_flags  NTLMSSP_NEGOTIATE_UNICODE) {
+   ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_OEM;
+   ntlmssp_state-unicode = true;
+   } else {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_UNICODE;
+   ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_OEM;
+   ntlmssp_state-unicode = false;
+   }
+
+   if ((neg_flags  NTLMSSP_NEGOTIATE_LM_KEY)  allow_lm) {
+   /* other end forcing us to use LM */
+   ntlmssp_state-neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
+   ntlmssp_state-use_ntlmv2 = false;
+   } else {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_LM_KEY;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_NTLM2)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_NTLM2;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_128)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_128;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_56)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_56;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_KEY_EXCH)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_KEY_EXCH;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_SIGN)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_SIGN;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_SEAL)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_SEAL;
+   }
+
+   if (!(neg_flags  NTLMSSP_NEGOTIATE_VERSION)) {
+   ntlmssp_state-neg_flags = ~NTLMSSP_NEGOTIATE_VERSION;
+   }
+
+   if ((neg_flags  NTLMSSP_REQUEST_TARGET)) {
+   ntlmssp_state-neg_flags |= NTLMSSP_REQUEST_TARGET;
+   }
+}
diff --git a/libcli/auth/ntlmssp_private.h b/libcli/auth/ntlmssp_private.h
index e2044ee..cb91987 100644
--- a/libcli/auth/ntlmssp_private.h
+++ b/libcli/auth/ntlmssp_private.h
@@ -42,3 +42,10 @@ union ntlmssp_crypt_state {
 /* The following definitions come from libcli/auth/ntlmssp.c  */
 
 void debug_ntlmssp_flags(uint32_t neg_flags);
+void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
+ uint32_t 

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  4969b3d... s3:ntlmssp Always call ntlmssp_sign_init()
   via  617ec07... s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for 
now
   via  d112557... s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
   via  f6cc686... s3:ntlmssp Don't reply with the LM_KEY negotiation flag 
when not available
   via  3c0a17a... s3:ntlmssp Don't use the lm key if the user didn't 
supply one.
   via  f744e42... s3:ntlmssp Add extra DEBUG() message for auth system 
failures
   via  e0c94d1... s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'
  from  78fa58f... libcli/auth/ntlmssp: remove outdated comment. The 
version flag is well understood now.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4969b3de632c1545d7ea5997c52b85aa4baaf4d8
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 20:48:17 2010 +1000

s3:ntlmssp Always call ntlmssp_sign_init()

There is no code path that sets nt_status before this point, without
a return.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit 617ec0733dad40c9441b1e1533fb3d99bf22c24f
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 20:41:54 2010 +1000

s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for now

This code will, I hope, soon be merged in common, and the Samba4
use case does not currently support talloc_tos() properly.  Use another
context for now.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit d112557a05b23480abd3f2f52c1c7b8ded2b4f66
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 20:24:35 2010 +1000

s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2

This is another 'belts and braces' check to avoid the use of the
weak 'LM_KEY' encryption when the client has chosen NTLMv2.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit f6cc686036281ee9b467ba18e96ee5086b89bef7
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 19:43:06 2010 +1000

s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not available

This ensures the client isn't confused and we don't enter this
weaker authentication scheme when we don't really, really need to.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit 3c0a17a1274df1b38b3acd9335192cd78730b01c
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 19:01:34 2010 +1000

s3:ntlmssp Don't use the lm key if the user didn't supply one.

This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session.  If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit f744e42bd08cd724da09b5b04bafb68de07888cc
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 18:35:25 2010 +1000

s3:ntlmssp Add extra DEBUG() message for auth system failures

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit e0c94d14b3ddc6f20e8f37b2a01b045ca2ad7375
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 18:18:51 2010 +1000

s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'

This will allow this to be handled via common code in the future

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

---

Summary of changes:
 source3/libsmb/ntlmssp.c |   42 +++---
 1 files changed, 31 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 784a347..6815358 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -325,11 +325,13 @@ static NTSTATUS ntlmssp_server_negotiate(struct 
ntlmssp_state *ntlmssp_state,
}
}
 
-   ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth());
+   ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, 
ntlmssp_state-allow_lm_key);
 
/* Ask our caller what challenge they would like in the packet */
status = ntlmssp_state-get_challenge(ntlmssp_state, cryptkey);
if (!NT_STATUS_IS_OK(status)) {
+   DEBUG(1, (ntlmssp_server_negotiate: backend doesn't give a 
challenge: %s\n,
+ nt_errstr(status)));
return status;
}
 
@@ -414,7 +416,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct 
ntlmssp_state *ntlmssp_state,
 
if (DEBUGLEVEL = 10) {
struct CHALLENGE_MESSAGE *challenge = talloc(
- 

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  75adca6... libcli/auth Make the source3/ implementation of the 
NTLMSSP server common
   via  979b672... s3:ntlmssp Split the NTLMSSP server into before and 
after authentication
  from  4969b3d... s3:ntlmssp Always call ntlmssp_sign_init()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 75adca63f21ab4b415e0f909a54972d8dd57a153
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 21:31:21 2010 +1000

libcli/auth Make the source3/ implementation of the NTLMSSP server common

This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

commit 979b672dcb013ed38a312b280fa6c0642469649b
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 6 20:53:39 2010 +1000

s3:ntlmssp Split the NTLMSSP server into before and after authentication

This allows for a future where the auth subsystem is async, and the
session key generation needs to happen in a callback.

This code is originally reworked into this style by metze for the
source4/ implementation.

The other change here is to introduce an 'out_mem_ctx', which makes
the API match that used in source4.

Andrew Bartlett

Signed-off-by: Günther Deschner g...@samba.org

---

Summary of changes:
 libcli/auth/ntlmssp_private.h |6 +
 libcli/auth/ntlmssp_server.c  |  524 +
 source3/libsmb/ntlmssp.c  |  457 +
 source4/auth/ntlmssp/ntlmssp_server.c |  521 +
 4 files changed, 539 insertions(+), 969 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/ntlmssp_private.h b/libcli/auth/ntlmssp_private.h
index cb91987..ff7b285 100644
--- a/libcli/auth/ntlmssp_private.h
+++ b/libcli/auth/ntlmssp_private.h
@@ -49,3 +49,9 @@ void ntlmssp_handle_neg_flags(struct ntlmssp_state 
*ntlmssp_state,
 
 const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
uint32_t neg_flags, uint32_t *chal_flags);
+NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out);
+NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
+TALLOC_CTX *out_mem_ctx,
+const DATA_BLOB request, DATA_BLOB *reply);
diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c
index 30b5541..844a0b4 100644
--- a/libcli/auth/ntlmssp_server.c
+++ b/libcli/auth/ntlmssp_server.c
@@ -23,6 +23,10 @@
 #include includes.h
 #include ../libcli/auth/ntlmssp.h
 #include ../libcli/auth/ntlmssp_private.h
+#include ../librpc/gen_ndr/ndr_ntlmssp.h
+#include ../libcli/auth/ntlmssp_ndr.h
+#include ../libcli/auth/libcli_auth.h
+#include ../lib/crypto/crypto.h
 
 /**
  * Determine correct target name flags for reply, given server role
@@ -51,3 +55,523 @@ const char *ntlmssp_target_name(struct ntlmssp_state 
*ntlmssp_state,
return ;
}
 }
+
+/**
+ * Next state function for the Negotiate packet
+ *
+ * @param ntlmssp_state NTLMSSP state
+ * @param out_mem_ctx Memory context for *out
+ * @param in The request, as a DATA_BLOB.  reply.data must be NULL
+ * @param out The reply, as an allocated DATA_BLOB, caller to free.
+ * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
+ */
+
+NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB request, DATA_BLOB *reply)
+{
+   DATA_BLOB struct_blob;
+   uint32_t neg_flags = 0;
+   uint32_t ntlmssp_command, chal_flags;
+   uint8_t cryptkey[8];
+   const char *target_name;
+   NTSTATUS status;
+
+   /* parse the NTLMSSP packet */
+#if 0
+   file_save(ntlmssp_negotiate.dat, request.data, request.length);
+#endif
+
+   if (request.length) {
+   if ((request.length  16) || !msrpc_parse(ntlmssp_state, 
request, Cdd,
+ NTLMSSP,
+ ntlmssp_command,
+ neg_flags)) {
+   DEBUG(1, (ntlmssp_server_negotiate: failed to parse 
NTLMSSP Negotiate of length %u\n,
+   (unsigned int)request.length));
+   dump_data(2, request.data, request.length);
+   return NT_STATUS_INVALID_PARAMETER;
+   

[SCM] Samba Shared Repository - branch v3-6-test updated

[Günther Deschner]

The branch, v3-6-test has been updated
   via  9673c7f... cleanups: Trailing spaces, line length, etc... (cherry 
picked from commit 28c74564c5bd3c972745deaa904ec8695f21ea1f)
   via  398020f... s3-dcerpc: Use dcerpc_guess_sizes in the server code 
too. (cherry picked from commit 57bd974e5865212641f6941dd875bc1bc4967ed9)
   via  c12e4f2... s3-dceprc: Improve dcerpc_guess_sizes() interface
   via  da1b08d... s3-dcerpc: rationalize packet creation in the server code
   via  191f069... s3-dcerpc: Make function to guess pdu sizes common. 
(cherry picked from commit a9d3a596a7c4d7e5775751cbce74e2fb07ce2192)
   via  3a8a549... s3-dceprc: consolidate use of dcerpc_push_dcerpc_auth() 
(cherry picked from commit 9329a9fe848761e2835ff58123d8f64d8bab35b2)
   via  6d550ef... s3-dcerpc: Remove unused functions (cherry picked from 
commit da6c246aacc298ec0c7536289afbd9e0d99ea130)
   via  88cf1c1... s3-dcerpc: use common spengo wrapper code for client 
SPNEGO/NTLMSSP (cherry picked from commit 
186f93633b4890c444115ac4eed109aa24f20b44)
   via  04f397f... s3-dcerpc: add sign/seal support when using SPNEGO/KRB5 
(cherry picked from commit 984438ca1522bfc2d882b2e3e7e8db187577e05a)
   via  3bf1347... s3-dcerpc: Add SPNEGO incapsulation for KRB5 auth
   via  9132f34... rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal 
is set for ntlmssp (cherry picked from commit 
e286b9c0bd7bf553f216d7c8288bb75a6b3dde95)
   via  db8bd28... s3-dcerpc: Try to fix build when gssapi_ext.h is not 
available (cherry picked from commit e8ac4a8b82798ef0691d384f59d880dc38b56592)
   via  24b0188... Do not refernece pipe_auth_data directly in 
dcerpc_gssapi.c (cherry picked from commit 
7c9c075987e7cdb2d5cb6311876f088f907e46f2)
   via  0ce9b97... s3-dcerpc: Avoid ifdef, it is handled within 
dcerpc_gssapi.c already (cherry picked from commit 
d17abc69f690ccc845a0a1d6d291b6e21ce86b3d)
   via  bcb5b48... smbd: Fix build warning (cherry picked from commit 
c4b3c9ec0f2efa937529160999f7e44bcad3591f)
   via  b8979bb... s3-dcerpc: Add sign/seal with gssapi (cherry picked from 
commit 7eaa15af2c5b544946bfb2b8c522ba9677527972)
   via  6841746... s3-dcerpc: Add next authentication step with gssapi 
(cherry picked from commit 1abcbd70aed327ae5233423ce74662241fa9d21a)
   via  c09e659... s3-decrpc: Introduce gssapi support for dcerpc krb5 auth
   via  acd1abe... rpcclient: Use DCERPC_AUTH_LEVEL_CONNECT if no sign/seal 
is set for krb5 auth (cherry picked from commit 
72088096af8dbf57cbc85c71cd0eef4447e7560d)
   via  be1c095... s3-dcerpc: Refactor calculate_data_len_tosend() (cherry 
picked from commit 183e0a0d9f87bc619cd832decf5745be1d28f598)
   via  a448126... s3-dcerpc: Add auth trailer only when appropriate. 
(cherry picked from commit c08d684f4ef679831e8fed69cd87e4d9b06cb3e0)
   via  42eb8ca... s3-dcerpc: consolidate unmarshalling of dcerpc_auth 
(cherry picked from commit 866f85e31973de356c3843836d5cacdbdf245e32)
   via  268df6f... s3-dcerpc: revive cli_rpc_pipe_open_krb5() (cherry 
picked from commit 146af48d4887e8fa0c66bf53aa5f204366648478)
   via  d92aab4... misc: Remove unused structure elements (cherry picked 
from commit 250e341e0aad67c2f70fea597f34deadea1d2ccc)
   via  881236a... s3-rpcclient: Allow choosing spnego mech: (ntlm/krb5) 
(cherry picked from commit b00f9a0a2d3b692dd12e182a2a4a7979c626dec7)
   via  05dc21c... s3-dcerpc: Use dcerpc_AuthType in pipe_auth_data (cherry 
picked from commit 2463a871776bb4de8653d6a44469d2adb3ec9418)
   via  810c4a6... s3-dcerpc: Cleanup and refactor create_rpc_bind_req() 
(cherry picked from commit 1e915d231d4191bf3a0bb54ba99a31ad6b2afd3b)
   via  fda83be... s3-auth: Remove unimplemented functions (cherry picked 
from commit 3c3237dd0afa37ba0e545424f5008973b645cf96)
   via  304081a... s3-dcerpc: Set flags directly instead of calling 
unimplemented functions. (cherry picked from commit 
bfe53d414548cd8a0226136b73cf2b766b6a61ef)
   via  fecb756... s3-dcerpc: Use dcerpc_check_auth in client code too 
(cherry picked from commit 7407c979a1469997c9277c501787b5f16aac)
   via  4c5995b... s3-dcerpc: Make dcerpc_check_auth() common code (cherry 
picked from commit 9565e3f6a7ef2fb590558eb7b29c6c2fc657fca9)
   via  b0363df... s3-dcerpc: Add the same paranoia checks we have in the 
client code (cherry picked from commit 5f2cca6b2a7b8b7bad4a47a2bd31174c45fa2611)
   via  63ada38... s3-dcerpc: Split auth checking into a generic function. 
(cherry picked from commit 49a8c2965d2982e6510609fa9772a56597494641)
   via  d923df6... s3-dcerpc do not pass pipes_struct to 
dcesrv_auth_request() (cherry picked from commit 
1fc71c9c6ff26f2d49f314b8425c6cd4c91683f3)
   via  6850e68... s3-dcerpc: Make dcesrv_auth_request() return NTSTATUS 
codes (cherry picked from commit 2ce169ce187cc7229aecdc3e5cd889c5194956aa)
   via  d586cdb... s3-dcerpc: Use the common dcerpc_add_auth_footer() in 
the 

[SCM] Samba Shared Repository - branch v3-6-test updated

[Günther Deschner]

The branch, v3-6-test has been updated
   via  1b58b1e... s3-waf: fix the build.
   via  163cd49... s3-dcerpc: fix some uninitialized variables build 
warnings.
   via  dcc0314... s3-build: fix some c++ build warnings.
  from  9673c7f... cleanups: Trailing spaces, line length, etc... (cherry 
picked from commit 28c74564c5bd3c972745deaa904ec8695f21ea1f)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 1b58b1ecd0fc920e3433c2f67b3b88be81b226fe
Author: Günther Deschner g...@samba.org
Date:   Wed Aug 4 14:55:10 2010 +0200

s3-waf: fix the build.

Guenther
(cherry picked from commit 4b17ff4a9088860646e127b17df18d415dbdc97d)

commit 163cd49b09102976036b9425043d921bbcb851f8
Author: Günther Deschner g...@samba.org
Date:   Tue Aug 3 15:55:20 2010 +0200

s3-dcerpc: fix some uninitialized variables build warnings.

Guenther
(cherry picked from commit 64b26affe0afa2999130cdd4f1d521dccd877c9c)

commit dcc0314f06bd607757ae534f0626f016c521ca90
Author: Günther Deschner g...@samba.org
Date:   Sun Aug 1 15:34:52 2010 +0200

s3-build: fix some c++ build warnings.

Guenther
(cherry picked from commit 322b52419485b882658c53c21f86e5bdfa82b71f)

---

Summary of changes:
 source3/librpc/rpc/dcerpc_gssapi.c |4 ++--
 source3/librpc/rpc/dcerpc_spnego.c |4 ++--
 source3/rpc_client/cli_pipe.c  |2 +-
 source3/rpc_server/srv_pipe.c  |2 +-
 source3/wscript_build  |6 +-
 5 files changed, 11 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/rpc/dcerpc_gssapi.c 
b/source3/librpc/rpc/dcerpc_gssapi.c
index c9496ab..2de46b5 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -310,7 +310,7 @@ static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, 
OM_uint32 min)
goto done;
}
gss_maj = gss_display_status(gss_min, min, GSS_C_MECH_CODE,
-discard_const(gss_mech_krb5),
+(gss_OID)discard_const(gss_mech_krb5),
 msg_ctx, msg_min);
if (gss_maj) {
goto done;
@@ -394,7 +394,7 @@ NTSTATUS gse_seal(TALLOC_CTX *mem_ctx, struct gse_context 
*gse_ctx,
if (!signature-length) {
return NT_STATUS_INTERNAL_ERROR;
}
-   signature-data = talloc_size(mem_ctx, signature-length);
+   signature-data = (uint8_t *)talloc_size(mem_ctx, signature-length);
if (!signature-data) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/librpc/rpc/dcerpc_spnego.c 
b/source3/librpc/rpc/dcerpc_spnego.c
index a0832ce..5627a0d 100644
--- a/source3/librpc/rpc/dcerpc_spnego.c
+++ b/source3/librpc/rpc/dcerpc_spnego.c
@@ -68,7 +68,7 @@ NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
   uint32_t add_gss_c_flags,
   struct spnego_context **spnego_ctx)
 {
-   struct spnego_context *sp_ctx;
+   struct spnego_context *sp_ctx = NULL;
NTSTATUS status;
 
status = spnego_context_init(mem_ctx,
@@ -97,7 +97,7 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
const char *password,
struct spnego_context **spnego_ctx)
 {
-   struct spnego_context *sp_ctx;
+   struct spnego_context *sp_ctx = NULL;
NTSTATUS status;
 
status = spnego_context_init(mem_ctx,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index dcbb816..87575cb 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2747,7 +2747,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
   struct rpc_pipe_client **presult)
 {
struct rpc_pipe_client *result;
-   struct pipe_auth_data *auth;
+   struct pipe_auth_data *auth = NULL;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
NTSTATUS status;
 
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 899073b..436e5be 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -205,7 +205,7 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
 
 bool create_next_pdu(struct pipes_struct *p)
 {
-   size_t pdu_size;
+   size_t pdu_size = 0;
NTSTATUS status;
 
/*
diff --git a/source3/wscript_build b/source3/wscript_build
index 9d33fd1..1babb54 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -241,6 +241,7 @@ LIBSMB_ERR_SRC = '${LIBSMB_ERR_SRC0} ${LIBSMB_ERR_SRC1} 
${REG_PARSE_PRS_SRC}'
 LIBSMB_SRC0 = '''
../libcli/auth/ntlm_check.c
libsmb/ntlmssp.c
+ 

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  303089f... s4:dsdb/common/util.c - provide a call which returns the 
forest function level
   via  3b1d74f... libds/common/flags.h - fix a comment's typo
   via  e53fc12... s4:dsdb/common/util.c - use LDB constants whenever 
possible
  from  75adca6... libcli/auth Make the source3/ implementation of the 
NTLMSSP server common

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 303089f5b8ced9fb80ed76cb0205f0cdf11fc530
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Mon Aug 9 19:52:00 2010 +0200

s4:dsdb/common/util.c - provide a call which returns the forest function 
level

Sooner or later we'll need this too since not all operations depend only on 
the
current's domain function level (see the MS-ADTS docs).

commit 3b1d74f4b677842a0cbe16ba29be7d672c07b87c
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Mon Aug 9 19:48:03 2010 +0200

libds/common/flags.h - fix a comment's typo

commit e53fc1228f12ff2ce2c84936e38fef3b5ae311c4
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Mon Aug 9 19:45:45 2010 +0200

s4:dsdb/common/util.c - use LDB constants whenever possible

---

Summary of changes:
 libds/common/flags.h   |2 +-
 source4/dsdb/common/util.c |   33 +++--
 2 files changed, 24 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libds/common/flags.h b/libds/common/flags.h
index be1e839..021db2a 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -172,7 +172,7 @@
 
 /* domainFunctionality, forestFunctionality and 
domainControllerFunctionality in the rootDSE */
 #define DS_DOMAIN_FUNCTION_20000
-#define DS_DOMAIN_FUNCTION_2003_MIXED  1 /* Not a valid/meaningfulxs
+#define DS_DOMAIN_FUNCTION_2003_MIXED  1 /* Not a valid/meaningful
   * domainControllerFunctionality
   * Level */
 #define DS_DOMAIN_FUNCTION_20032
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 52ba81d..7c5fd8a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1831,7 +1831,7 @@ bool samdb_is_pdc(struct ldb_context *ldb)
}
 
ret = ldb_search(ldb, tmp_ctx, dom_res, ldb_get_default_basedn(ldb), 
LDB_SCOPE_BASE, dom_attrs, NULL);
-   if (ret) {
+   if (ret != LDB_SUCCESS) {
DEBUG(1,(Searching for fSMORoleOwner in %s failed: %s\n, 
 ldb_dn_get_linearized(ldb_get_default_basedn(ldb)), 
 ldb_errstring(ldb)));
@@ -1877,7 +1877,7 @@ bool samdb_is_gc(struct ldb_context *ldb)
 
/* Query cn=ntds settings, */
ret = ldb_search(ldb, tmp_ctx, res, samdb_ntds_settings_dn(ldb), 
LDB_SCOPE_BASE, attrs, NULL);
-   if (ret) {
+   if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return false;
}
@@ -1903,7 +1903,7 @@ int samdb_search_for_parent_domain(struct ldb_context 
*ldb, TALLOC_CTX *mem_ctx,
TALLOC_CTX *local_ctx;
struct ldb_dn *sdn = dn;
struct ldb_result *res = NULL;
-   int ret = 0;
+   int ret = LDB_SUCCESS;
const char *attrs[] = { NULL };
 
local_ctx = talloc_new(mem_ctx);
@@ -2350,7 +2350,7 @@ struct ldb_dn *samdb_domain_to_dn(struct ldb_context 
*ldb, TALLOC_CTX *mem_ctx,
domain_ref_attrs,

((nETBIOSName=%s)(objectclass=crossRef)), 
escaped_domain);
-   if (ret_domain != 0) {
+   if (ret_domain != LDB_SUCCESS) {
return NULL;
}
 
@@ -2361,7 +2361,7 @@ struct ldb_dn *samdb_domain_to_dn(struct ldb_context 
*ldb, TALLOC_CTX *mem_ctx,
LDB_SCOPE_BASE,
domain_ref2_attrs,
(objectclass=domain));
-   if (ret_domain != 0) {
+   if (ret_domain != LDB_SUCCESS) {
return NULL;
}
 
@@ -2895,7 +2895,7 @@ int samdb_ntds_options(struct ldb_context *ldb, uint32_t 
*options)
}
 
ret = ldb_search(ldb, tmp_ctx, res, samdb_ntds_settings_dn(ldb), 
LDB_SCOPE_BASE, attrs, NULL);
-   if (ret) {
+   if (ret != LDB_SUCCESS) {
goto failed;
}
 
@@ -2922,7 +2922,7 @@ const char* samdb_ntds_object_category(TALLOC_CTX 
*tmp_ctx, struct ldb_context *
struct ldb_result *res;
 
ret = ldb_search(ldb, tmp_ctx, res, samdb_ntds_settings_dn(ldb), 
LDB_SCOPE_BASE, attrs, NULL);
-   if (ret) {
+   if (ret != LDB_SUCCESS) {
goto failed;
}

Re: s4:objectclass LDB module - implement additional delete constraint checks

[Matthias Dieter Wallnöfer]

Hi ekacnet,

Matthieu Patou wrote:

Could it be possible to be a bit less violent here ?
This change breaks upgradeprovision in full mode when upgrading at 
least alpha10 but I'm pretty sure that alpha8,9 and 11 are broken too ...


The thing is that old provision do not have the rid_set ... it seems :
everything what I implement is stated in MS-ADTS and is tested by me 
against Windows Server as far as possible.
If you need weaker checks (e.g. in the objectclass LDB module) then 
please use the RELAX control - this should bypass them.


Matthias

[SCM] Samba Shared Repository - branch v3-6-test updated

[Jeremy Allison]

The branch, v3-6-test has been updated
   via  4acb48e... librpc/idl/mgmt.idl: add missing size_is()
   via  31bc9ad... pidl:NDR: correctly handle bracket arrays with 'string'
   via  7853a6d... s3:smbd: fix valgrind warning, sizeof(16) != 16...
   via  6af4ce4... s3:rpc_server: fix valgrind warning
   via  bc64c9a... s3:rpc_server: fix memory leaks in 
rpc_pipe_internal_dispatch()
  from  1b58b1e... s3-waf: fix the build.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 4acb48edc00c0b82d3c6e63128f147bf8188a5b5
Author: Stefan Metzmacher me...@samba.org
Date:   Thu Aug 5 17:19:16 2010 +0200

librpc/idl/mgmt.idl: add missing size_is()

metze
(cherry picked from commit ad94ae980462dc4c581a2fa1d7e927c2ae625c19)

commit 31bc9ad0c08eba2b79b09ce0a9c0f2a2e98a9646
Author: Stefan Metzmacher me...@samba.org
Date:   Thu Aug 5 16:10:37 2010 +0200

pidl:NDR: correctly handle bracket arrays with 'string'

metze
(cherry picked from commit 0a7f749bc80d9846b97cd22cd503473a205aaafd)

commit 7853a6d4bbb9c2f0dcacb950fe353ff77701d227
Author: Stefan Metzmacher me...@samba.org
Date:   Sun Aug 8 09:21:57 2010 +0200

s3:smbd: fix valgrind warning, sizeof(16) != 16...

metze
(cherry picked from commit ac9f06c9b93ada5d0e8331a122e199a8f69049a3)

commit 6af4ce44d0c2d75652a8cad99eae9071595fe19f
Author: Stefan Metzmacher me...@samba.org
Date:   Sun Aug 8 09:23:00 2010 +0200

s3:rpc_server: fix valgrind warning

metze
(cherry picked from commit cc6951243d5641e2185ed9dee3b6ee4de07d217b)

commit bc64c9ab1b4e58ad1475c82e8f97c9ad9f50a9c5
Author: Stefan Metzmacher me...@samba.org
Date:   Sat Aug 7 14:27:27 2010 +0200

s3:rpc_server: fix memory leaks in rpc_pipe_internal_dispatch()

metze
(cherry picked from commit 66412bfc76dc8b7337f3690ec75b14542a3df11e)

---

Summary of changes:
 librpc/idl/mgmt.idl|2 +-
 pidl/lib/Parse/Pidl/NDR.pm |4 
 source3/rpc_server/rpc_ncacn_np_internal.c |7 +++
 source3/rpc_server/srv_pipe.c  |1 +
 source3/smbd/negprot.c |2 +-
 5 files changed, 14 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/idl/mgmt.idl b/librpc/idl/mgmt.idl
index 35857f2..17c8cc4 100644
--- a/librpc/idl/mgmt.idl
+++ b/librpc/idl/mgmt.idl
@@ -70,6 +70,6 @@ interface mgmt
WERROR mgmt_inq_princ_name (
[in]uint32  authn_proto,
[in]uint32  princ_name_size,
-   [out]   [string,charset(DOS)] uint8 princ_name[]
+   [out]   [string,size_is(princ_name_size),charset(DOS)] 
uint8 princ_name[]
);
 }
diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index a875ec8..1b45010 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -124,6 +124,10 @@ sub GetElementLevelTable($$)
if ($d eq *) {
$is_conformant = 1;
if ($size = shift @size_is) {
+   if (has_property($e, string)) {
+   $is_string = 1;
+   delete($e-{PROPERTIES}-{string});
+   }
} elsif ((scalar(@size_is) == 0) and has_property($e, 
string)) {
$is_string = 1;
delete($e-{PROPERTIES}-{string});
diff --git a/source3/rpc_server/rpc_ncacn_np_internal.c 
b/source3/rpc_server/rpc_ncacn_np_internal.c
index 9bb5428..2393f94 100644
--- a/source3/rpc_server/rpc_ncacn_np_internal.c
+++ b/source3/rpc_server/rpc_ncacn_np_internal.c
@@ -291,16 +291,23 @@ static NTSTATUS rpc_pipe_internal_dispatch(struct 
rpc_pipe_client *cli,
}
 
if (!cmds[i].fn(cli-pipes_struct)) {
+   data_blob_free(cli-pipes_struct-in_data.data);
+   data_blob_free(cli-pipes_struct-out_data.rdata);
+   talloc_free_children(cli-pipes_struct-mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
 
status = internal_ndr_pull(mem_ctx, cli, table, opnum, r);
if (!NT_STATUS_IS_OK(status)) {
+   data_blob_free(cli-pipes_struct-in_data.data);
+   data_blob_free(cli-pipes_struct-out_data.rdata);
+   talloc_free_children(cli-pipes_struct-mem_ctx);
return status;
}
 
data_blob_free(cli-pipes_struct-in_data.data);
data_blob_free(cli-pipes_struct-out_data.rdata);
+   talloc_free_children(cli-pipes_struct-mem_ctx);
 
return NT_STATUS_OK;
 }
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 436e5be..e704d75 100644
--- 

Re: s4:objectclass LDB module - implement additional delete constraint checks

[Matthieu Patou]

 Matthias,



Hi ekacnet,

Matthieu Patou wrote:

Could it be possible to be a bit less violent here ?
This change breaks upgradeprovision in full mode when upgrading at 
least alpha10 but I'm pretty sure that alpha8,9 and 11 are broken too 
...


The thing is that old provision do not have the rid_set ... it seems :
everything what I implement is stated in MS-ADTS and is tested by me 
against Windows Server as far as possible.
If you need weaker checks (e.g. in the objectclass LDB module) then 
please use the RELAX control - this should bypass them.


No pb to test it again a windows server but you have not to forget that 
some people (and they are more and more numerous) do not have always a 
provision with the state of art objects in it (otherwise I won't spend 
my time on upgradeprovision).


In this particular case you could have made the test a bit different as 
if the attribute do not exists we are not removing it so it won't hit 
the test, using the relax control is not the best solution as it is a 
kind of sledgehammer. Also you can ask yourself and the list of the 
effect of what you are adding to the samdb code with existing provision.


Matthieu.

--
Matthieu Patou
Samba Teamhttp://samba.org

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  067b572... s4:objectclass LDB module - weak the check for the 
rIDSet delete constraint
  from  303089f... s4:dsdb/common/util.c - provide a call which returns the 
forest function level

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 067b5721c71cbc0004ea59d357e79cd4fc8d8954
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Tue Aug 10 21:01:11 2010 +0200

s4:objectclass LDB module - weak the check for the rIDSet delete 
constraint

Perform it only when a rIDSet does exist. Requested by ekacnet for
upgradeprovision.

---

Summary of changes:
 source4/dsdb/samdb/ldb_modules/objectclass.c |   18 ++
 1 files changed, 10 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c 
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 9c2e416..548d51e 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -1366,20 +1366,22 @@ static int objectclass_do_delete(struct oc_context *ac)
}
 
/* DC's rIDSet object */
+   /* Perform this check only when it does exist - this is needed in order
+* to don't let existing provisions break. */
ret = samdb_rid_set_dn(ldb, ac, dn);
-   if (ret != LDB_SUCCESS) {
+   if ((ret != LDB_SUCCESS)  (ret != LDB_ERR_NO_SUCH_OBJECT)) {
return ret;
}
-
-   if (ldb_dn_compare(ac-req-op.del.dn, dn) == 0) {
+   if (ret == LDB_SUCCESS) {
+   if (ldb_dn_compare(ac-req-op.del.dn, dn) == 0) {
+   talloc_free(dn);
+   ldb_asprintf_errstring(ldb, objectclass: Cannot delete 
%s, it's the DC's rIDSet object!,
+  
ldb_dn_get_linearized(ac-req-op.del.dn));
+   return LDB_ERR_UNWILLING_TO_PERFORM;
+   }
talloc_free(dn);
-   ldb_asprintf_errstring(ldb, objectclass: Cannot delete %s, 
it's the DC's rIDSet object!,
-  
ldb_dn_get_linearized(ac-req-op.del.dn));
-   return LDB_ERR_UNWILLING_TO_PERFORM;
}
 
-   talloc_free(dn);
-
/* crossRef objects regarding config, schema and default domain NCs */
if (samdb_find_attribute(ldb, ac-search_res-message, objectClass,
 crossRef) != NULL) {


-- 
Samba Shared Repository

Re: s4:objectclass LDB module - implement additional delete constraint checks

[Matthias Dieter Wallnöfer]

Hi ekacnet,

no I've understood what you mean - and yes, I can bypass the check when 
the rIDSet doesn't exist. I will push a patch.


Matthias

Matthieu Patou wrote:

 Matthias,



Hi ekacnet,

Matthieu Patou wrote:

Could it be possible to be a bit less violent here ?
This change breaks upgradeprovision in full mode when upgrading at 
least alpha10 but I'm pretty sure that alpha8,9 and 11 are broken 
too ...


The thing is that old provision do not have the rid_set ... it seems :
everything what I implement is stated in MS-ADTS and is tested by me 
against Windows Server as far as possible.
If you need weaker checks (e.g. in the objectclass LDB module) then 
please use the RELAX control - this should bypass them.


No pb to test it again a windows server but you have not to forget 
that some people (and they are more and more numerous) do not have 
always a provision with the state of art objects in it (otherwise I 
won't spend my time on upgradeprovision).


In this particular case you could have made the test a bit different 
as if the attribute do not exists we are not removing it so it won't 
hit the test, using the relax control is not the best solution as it 
is a kind of sledgehammer. Also you can ask yourself and the list of 
the effect of what you are adding to the samdb code with existing 
provision.


Matthieu.

[SCM] Samba Shared Repository - branch v3-6-test updated

[Jeremy Allison]

The branch, v3-6-test has been updated
   via  7651996... s3:utils/net_rpc_service.c: we also need some ndr_pull 
functions
   via  dba6d93... s3:libnet/libnet_samsync.c: we also need some ndr_pull 
functions
   via  46be277... s3:rpcclient: we also need some ndr_pull functions
  from  4acb48e... librpc/idl/mgmt.idl: add missing size_is()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 765199607a07dfff1e37da9e897ca89fbe72f5ad
Author: Stefan Metzmacher me...@samba.org
Date:   Fri Aug 6 14:50:31 2010 +0200

s3:utils/net_rpc_service.c: we also need some ndr_pull functions

metze
(cherry picked from commit 1c515fb94b9bc4d432aa6435e352cb8294f436e2)

commit dba6d936ccea25800ab278d5b506049f590b57df
Author: Stefan Metzmacher me...@samba.org
Date:   Fri Aug 6 14:51:54 2010 +0200

s3:libnet/libnet_samsync.c: we also need some ndr_pull functions

metze
(cherry picked from commit 08cf7ac7a0d885ca4bf733c7f7f705b3f2a30e92)

commit 46be277ad6e707d03739541d07ebf6ae05b58293
Author: Stefan Metzmacher me...@samba.org
Date:   Fri Aug 6 14:52:58 2010 +0200

s3:rpcclient: we also need some ndr_pull functions

metze
(cherry picked from commit d6eb42cc619206c280edd732b1b56563a21e8f4d)

---

Summary of changes:
 source3/libnet/libnet_samsync.c  |1 +
 source3/rpcclient/cmd_eventlog.c |1 +
 source3/rpcclient/cmd_lsarpc.c   |1 +
 source3/rpcclient/cmd_netlogon.c |1 +
 source3/rpcclient/cmd_samr.c |1 +
 source3/rpcclient/cmd_srvsvc.c   |1 +
 source3/utils/net_rpc_service.c  |1 +
 7 files changed, 7 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c
index 5c42aca..6668be2 100644
--- a/source3/libnet/libnet_samsync.c
+++ b/source3/libnet/libnet_samsync.c
@@ -26,6 +26,7 @@
 #include ../lib/crypto/crypto.h
 #include ../libcli/samsync/samsync.h
 #include ../libcli/auth/libcli_auth.h
+#include ../librpc/gen_ndr/ndr_netlogon.h
 #include ../librpc/gen_ndr/cli_netlogon.h
 
 /**
diff --git a/source3/rpcclient/cmd_eventlog.c b/source3/rpcclient/cmd_eventlog.c
index 941909e..8c4ed49 100644
--- a/source3/rpcclient/cmd_eventlog.c
+++ b/source3/rpcclient/cmd_eventlog.c
@@ -20,6 +20,7 @@
 
 #include includes.h
 #include rpcclient.h
+#include ../librpc/gen_ndr/ndr_eventlog.h
 #include ../librpc/gen_ndr/cli_eventlog.h
 
 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 1cc16fb..9db316f 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -23,6 +23,7 @@
 #include includes.h
 #include rpcclient.h
 #include ../libcli/auth/libcli_auth.h
+#include ../librpc/gen_ndr/ndr_lsa.h
 #include ../librpc/gen_ndr/cli_lsa.h
 #include rpc_client/cli_lsarpc.h
 
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 0917bad..4419485 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -22,6 +22,7 @@
 #include includes.h
 #include rpcclient.h
 #include ../libcli/auth/libcli_auth.h
+#include ../librpc/gen_ndr/ndr_netlogon.h
 #include ../librpc/gen_ndr/cli_netlogon.h
 #include rpc_client/cli_netlogon.h
 #include secrets.h
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 367c3b8..37c63ae 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -25,6 +25,7 @@
 #include includes.h
 #include rpcclient.h
 #include ../libcli/auth/libcli_auth.h
+#include ../librpc/gen_ndr/ndr_samr.h
 #include ../librpc/gen_ndr/cli_samr.h
 #include rpc_client/cli_samr.h
 #include rpc_client/init_samr.h
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 890151e..91e9404 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -22,6 +22,7 @@
 
 #include includes.h
 #include rpcclient.h
+#include ../librpc/gen_ndr/ndr_srvsvc.h
 #include ../librpc/gen_ndr/cli_srvsvc.h
 
 /* Display server query info */
diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c
index 9ab82b5..631a5a1 100644
--- a/source3/utils/net_rpc_service.c
+++ b/source3/utils/net_rpc_service.c
@@ -18,6 +18,7 @@
 
 #include includes.h
 #include utils/net.h
+#include ../librpc/gen_ndr/ndr_svcctl.h
 #include ../librpc/gen_ndr/cli_svcctl.h
 
 struct svc_state_msg {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

[Jeremy Allison]

The branch, v3-6-test has been updated
   via  dfc1cf9... pidl:NDR: correctly handle no pointer bracket arrays 
with 'string'
  from  7651996... s3:utils/net_rpc_service.c: we also need some ndr_pull 
functions

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit dfc1cf9e57b5cbdf924287d7b2f9c3c8284a54cf
Author: Stefan Metzmacher me...@samba.org
Date:   Mon Aug 9 19:38:30 2010 +0200

pidl:NDR: correctly handle no pointer bracket arrays with 'string'

metze
(cherry picked from commit a22989a54afd411a8d038110c7df2c545b4121b7)

---

Summary of changes:
 pidl/lib/Parse/Pidl/NDR.pm |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index 1b45010..4c327a3 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -124,7 +124,7 @@ sub GetElementLevelTable($$)
if ($d eq *) {
$is_conformant = 1;
if ($size = shift @size_is) {
-   if (has_property($e, string)) {
+   if ($e-{POINTERS}  1 and has_property($e, 
string)) {
$is_string = 1;
delete($e-{PROPERTIES}-{string});
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Kamen Mazdrashki]

The branch, master has been updated
   via  03bfd42... s4-test: Implement DRS-RPC-msDSIntId test case
   via  d595f07... s4-dsdb: fix attributes_by_msDS_IntId index sorting
   via  06f5985... s4-test: Move dsdb_schema loading into public function
   via  c30f9bd... s4-test: Move RPC-DSSYNC test in DRS-RPC test suite
   via  da074f1... s4-test: Move dssync.c to torture/drs/rpc
   via  f3c0689... s4-test: strip trailing white-spaces
  from  067b572... s4:objectclass LDB module - weak the check for the 
rIDSet delete constraint

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 03bfd4290f70ab2de46ccd82a429fda57c8c6bb9
Author: Kamen Mazdrashki kame...@samba.org
Date:   Tue Aug 10 01:08:19 2010 +0300

s4-test: Implement DRS-RPC-msDSIntId test case

commit d595f070f6ab7c6c8732c3c3a4ca39d37bcca3b4
Author: Kamen Mazdrashki kame...@samba.org
Date:   Tue Aug 10 21:05:47 2010 +0300

s4-dsdb: fix attributes_by_msDS_IntId index sorting

commit 06f59855a7b4fcc6f4957d9e1a8e29e387397b50
Author: Kamen Mazdrashki kame...@samba.org
Date:   Sat Aug 7 12:52:07 2010 +0300

s4-test: Move dsdb_schema loading into public function

I will use this function for tests implementation later

commit c30f9bd7345cddd85502eb9d099279606959f447
Author: Kamen Mazdrashki kame...@samba.org
Date:   Thu Aug 5 04:55:04 2010 +0300

s4-test: Move RPC-DSSYNC test in DRS-RPC test suite

commit da074f10e3900413a134ee8143c68f05563da13f
Author: Kamen Mazdrashki kame...@samba.org
Date:   Thu Aug 5 18:37:24 2010 +0300

s4-test: Move dssync.c to torture/drs/rpc

commit f3c06892eccac1169a73615637bf82bf956ce523
Author: Kamen Mazdrashki kame...@samba.org
Date:   Thu Aug 5 18:35:35 2010 +0300

s4-test: strip trailing white-spaces

---

Summary of changes:
 source4/dsdb/schema/schema_set.c |6 +-
 source4/selftest/tests.sh|2 +-
 source4/torture/drs/drs_init.c   |3 +
 source4/torture/drs/drs_util.c   |   94 +++
 source4/torture/drs/rpc/dssync.c | 1064 
 source4/torture/drs/rpc/msds_intid.c |  643 +++
 source4/torture/drs/wscript_build|2 +-
 source4/torture/rpc/dssync.c | 1120 --
 source4/torture/rpc/rpc.c|1 -
 source4/torture/wscript_build|2 +-
 10 files changed, 1812 insertions(+), 1125 deletions(-)
 create mode 100644 source4/torture/drs/rpc/dssync.c
 create mode 100644 source4/torture/drs/rpc/msds_intid.c
 delete mode 100644 source4/torture/rpc/dssync.c


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index b8ed7ca..344e9bb 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -230,6 +230,10 @@ static int dsdb_compare_attribute_by_attributeID_id(struct 
dsdb_attribute **a1,
 {
return uint32_cmp((*a1)-attributeID_id, (*a2)-attributeID_id);
 }
+static int dsdb_compare_attribute_by_msDS_IntId(struct dsdb_attribute **a1, 
struct dsdb_attribute **a2)
+{
+   return uint32_cmp((*a1)-msDS_IntId, (*a2)-msDS_IntId);
+}
 static int dsdb_compare_attribute_by_attributeID_oid(struct dsdb_attribute 
**a1, struct dsdb_attribute **a2)
 {
return strcasecmp((*a1)-attributeID_oid, (*a2)-attributeID_oid);
@@ -345,7 +349,7 @@ static int dsdb_setup_sorted_accessors(struct ldb_context 
*ldb,
/* sort the arrays */
TYPESAFE_QSORT(schema-attributes_by_lDAPDisplayName, 
schema-num_attributes, dsdb_compare_attribute_by_lDAPDisplayName);
TYPESAFE_QSORT(schema-attributes_by_attributeID_id, 
schema-num_attributes, dsdb_compare_attribute_by_attributeID_id);
-   TYPESAFE_QSORT(schema-attributes_by_msDS_IntId, 
schema-num_int_id_attr, dsdb_compare_attribute_by_attributeID_id);
+   TYPESAFE_QSORT(schema-attributes_by_msDS_IntId, 
schema-num_int_id_attr, dsdb_compare_attribute_by_msDS_IntId);
TYPESAFE_QSORT(schema-attributes_by_attributeID_oid, 
schema-num_attributes, dsdb_compare_attribute_by_attributeID_oid);
TYPESAFE_QSORT(schema-attributes_by_linkID, schema-num_attributes, 
dsdb_compare_attribute_by_linkID);
 
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index 1dd507e..bc4543c 100755
--- a/source4/selftest/tests.sh
+++ b/source4/selftest/tests.sh
@@ -166,7 +166,7 @@ fi
 # that they stay passing
 ncacn_np_tests=RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT 
RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-SAMSYNC RPC-SAMBA3-SESSIONKEY 
RPC-SAMBA3-GETUSERNAME RPC-SAMBA3-LSA RPC-SAMBA3-BIND RPC-SAMBA3-NETLOGON 
RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT
 ncalrpc_tests=RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT 
RPC-MULTIBIND RPC-NETLOGON RPC-DRSUAPI RPC-ASYNCBIND RPC-LSALOOKUP 

[SCM] CTDB repository - branch 1.0.112 updated - ctdb-1.0.111-136-g83fcabe

[Ronnie Sahlberg]

The branch, 1.0.112 has been updated
   via  83fcabed2d3014df4112f9644c3186e205b28ad6 (commit)
   via  1a595bad79aa2b6994c9098b86f06bf38444e23c (commit)
  from  e19ef366984223fe94f878aecb50d05990f1ced7 (commit)

http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.0.112


- Log -
commit 83fcabed2d3014df4112f9644c3186e205b28ad6
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Wed Aug 11 12:46:33 2010 +1000

New version 1.0.112-33

commit 1a595bad79aa2b6994c9098b86f06bf38444e23c
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Wed Aug 11 12:37:51 2010 +1000

Add a new event :ipreallocated
This is called everytime a reallocation is performed.

While STARTRECOVERY/RECOVERED events are only called when
we do ipreallocation as part of a full database/cluster recovery,
this new event can be used to trigger on when we just do a light
failover due to a node becomming unhealthy.

I.e. situations where we do a failover but we do not perform a full
cluster recovery.

Use this to trigger for natgw so we select a new natgw master node
when failover happens and not just when cluster rebuilds happen.

---

Summary of changes:
 common/ctdb_util.c |3 ++-
 config/events.d/11.natgw   |2 +-
 include/ctdb.h |1 +
 packaging/RPM/ctdb.spec.in |7 ++-
 server/ctdb_takeover.c |   19 ---
 server/eventscript.c   |1 +
 6 files changed, 27 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/common/ctdb_util.c b/common/ctdb_util.c
index 9dc6d7a..835bbfd 100644
--- a/common/ctdb_util.c
+++ b/common/ctdb_util.c
@@ -664,5 +664,6 @@ const char *ctdb_eventscript_call_names[] = {
monitor,
status,
shutdown,
-   reload
+   reload,
+   ipreallocated
 };
diff --git a/config/events.d/11.natgw b/config/events.d/11.natgw
index c872837..2fc232a 100755
--- a/config/events.d/11.natgw
+++ b/config/events.d/11.natgw
@@ -45,7 +45,7 @@ case $1 in
ctdb setnatgwstate on
;;
 
-recovered|updatenatgw)
+recovered|updatenatgw|ipreallocated)
MYPNN=`ctdb pnn | cut -d: -f2`
NATGWMASTER=`ctdb natgwlist | head -1 | sed -e s/ .*//`
NATGWIP=`ctdb natgwlist | head -1 | sed -e s/^[^ ]* *//`
diff --git a/include/ctdb.h b/include/ctdb.h
index cc83495..294fe01 100644
--- a/include/ctdb.h
+++ b/include/ctdb.h
@@ -695,6 +695,7 @@ enum ctdb_eventscript_call {
CTDB_EVENT_STATUS,  /* Report service status: no args. */
CTDB_EVENT_SHUTDOWN,/* CTDB shutting down: no args. */
CTDB_EVENT_RELOAD,  /* magic */
+   CTDB_EVENT_IPREALLOCATED,   /* when a takeover_run() completes */
CTDB_EVENT_MAX
 };
 
diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in
index 7a09368..a71cacf 100644
--- a/packaging/RPM/ctdb.spec.in
+++ b/packaging/RPM/ctdb.spec.in
@@ -5,7 +5,7 @@ Vendor: Samba Team
 Packager: Samba Team sa...@samba.org
 Name: ctdb
 Version: 1.0.112
-Release: 32
+Release: 33
 Epoch: 0
 License: GNU GPL version 3
 Group: System Environment/Daemons
@@ -125,6 +125,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_docdir}/ctdb/tests/bin/ctdb_transaction
 
 %changelog
+* Tue Aug 11 2010 : Version 1.0.112-33
+ - CQ : S1019290
+   Add a new event ipreallocated so that we can update the natgw
+   configuration also when normal/light failovers occur and not just when
+   heavy/full database recoveries/cluster rebuilds trigger.
 * Tue Aug 10 2010 : Version 1.0.112-32
  - Dont check if natgw is enabled or not in the natgw script
  - disable the check if winbind is ok
diff --git a/server/ctdb_takeover.c b/server/ctdb_takeover.c
index cb65f29..208a6c6 100644
--- a/server/ctdb_takeover.c
+++ b/server/ctdb_takeover.c
@@ -737,10 +737,10 @@ create_merged_ip_list(struct ctdb_context *ctdb)
  */
 int ctdb_takeover_run(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap)
 {
-  int i, num_healthy, retries, num_ips;
+   int i, num_healthy, retries, num_ips;
struct ctdb_public_ip ip;
struct ctdb_public_ipv4 ipv4;
-   uint32_t mask;
+   uint32_t mask, *nodes;
struct ctdb_public_ip_list *all_ips, *tmp_ip;
int maxnode, maxnum=0, minnode, minnum=0, num;
TDB_DATA data;
@@ -749,7 +749,6 @@ int ctdb_takeover_run(struct ctdb_context *ctdb, struct 
ctdb_node_map *nodemap)
struct ctdb_client_control_state *state;
TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
 
-
ZERO_STRUCT(ip);
 
/* Count how many completely healthy nodes we have */
@@ -1057,6 +1056,20 @@ finished:
return -1;
}
 
+
+   /* tell all nodes to update natwg */
+   /* send the flags update natgw on all connected nodes */
+   data.dptr  = discard_const(ipreallocated);
+   

[SCM] CTDB repository - branch 1.0.112 updated - ctdb-1.0.111-137-g1d1d475

[Ronnie Sahlberg]

The branch, 1.0.112 has been updated
   via  1d1d475d7e18620330aaee95038c40b27e5496d4 (commit)
  from  83fcabed2d3014df4112f9644c3186e205b28ad6 (commit)

http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.0.112


- Log -
commit 1d1d475d7e18620330aaee95038c40b27e5496d4
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Wed Aug 11 14:42:44 2010 +1000

add some extra debugging statements to the client side code sending controls
and failing. in particular the GETRECMASTER control

---

Summary of changes:
 client/ctdb_client.c |   24 +++-
 1 files changed, 19 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/client/ctdb_client.c b/client/ctdb_client.c
index 7caa5cb..0b65466 100644
--- a/client/ctdb_client.c
+++ b/client/ctdb_client.c
@@ -282,6 +282,11 @@ int ctdb_socket_connect(struct ctdb_context *ctdb)
ctdb-daemon.queue = ctdb_queue_setup(ctdb, ctdb, ctdb-daemon.sd, 
  CTDB_DS_ALIGNMENT, 
  ctdb_client_read_cb, ctdb);
+   if (ctdb-daemon.queue == NULL) {
+   DEBUG(DEBUG_ERR,(__location__  Failed to setup queue to 
daemon\n));
+   return -1;
+   }
+
return 0;
 }
 
@@ -835,6 +840,7 @@ struct ctdb_client_control_state *ctdb_control_send(struct 
ctdb_context *ctdb,
 
ret = ctdb_client_queue_pkt(ctdb, (c-hdr));
if (ret != 0) {
+   DEBUG(DEBUG_ERR,(__location__  Failed to queue packet to ctdb 
daemon\n));
talloc_free(state);
return NULL;
}
@@ -864,6 +870,7 @@ int ctdb_control_recv(struct ctdb_context *ctdb,
}
 
if (state == NULL) {
+   DEBUG(DEBUG_ERR,(__location__  ctdb_control_recv called with 
state==NULL\n));
return -1;
}
 
@@ -879,12 +886,12 @@ int ctdb_control_recv(struct ctdb_context *ctdb,
}
 
if (state-state != CTDB_CONTROL_DONE) {
-   DEBUG(DEBUG_ERR,(__location__  ctdb_control_recv failed\n));
+   DEBUG(DEBUG_ERR,(__location__  ctdb_control_recv failed with 
state:%d\n, state-state));
if (state-async.fn) {
state-async.fn(state);
}
talloc_free(tmp_ctx);
-   return -1;
+   return -2;
}
 
if (state-errormsg) {
@@ -896,7 +903,7 @@ int ctdb_control_recv(struct ctdb_context *ctdb,
state-async.fn(state);
}
talloc_free(tmp_ctx);
-   return -1;
+   return -3;
}
 
if (outdata) {
@@ -1122,9 +1129,16 @@ struct ctdb_client_control_state *
 ctdb_ctrl_getrecmaster_send(struct ctdb_context *ctdb, TALLOC_CTX *mem_ctx, 
struct timeval timeout, uint32_t destnode)
 {
-   return ctdb_control_send(ctdb, destnode, 0, 
+   struct ctdb_client_control_state *state;
+
+   state = ctdb_control_send(ctdb, destnode, 0, 
   CTDB_CONTROL_GET_RECMASTER, 0, tdb_null, 
   mem_ctx, timeout, NULL);
+   if (state == NULL) {
+   DEBUG(DEBUG_ERR,(__location__  Failed to send getrecmaster 
control to node %u\n, destnode));
+   }
+
+   return state;
 }
 
 int ctdb_ctrl_getrecmaster_recv(struct ctdb_context *ctdb, TALLOC_CTX 
*mem_ctx, struct ctdb_client_control_state *state, uint32_t *recmaster)
@@ -1134,7 +1148,7 @@ int ctdb_ctrl_getrecmaster_recv(struct ctdb_context 
*ctdb, TALLOC_CTX *mem_ctx,
 
ret = ctdb_control_recv(ctdb, state, mem_ctx, NULL, res, NULL);
if (ret != 0) {
-   DEBUG(DEBUG_ERR,(__location__  ctdb_ctrl_getrecmaster_recv 
failed\n));
+   DEBUG(DEBUG_ERR,(__location__  ctdb_ctrl_getrecmaster_recv 
failed with error:%d\n, ret));
return -1;
}
 


-- 
CTDB repository