Re: [Samba] RPC_S_PROCNUM_OUT_OF_RANGE
On Tue, Feb 01, 2011 at 03:50:59PM +0100, Nadine Mauch wrote: Hi, I had a linux server installed with samba 3.0.9-2.6 (SuSE 9.1) and a samba shared folder among 12 PC under WinXP/Win7. The linux server has been replaced by a new one a week ago. The new machine runs samba 3.5.4-5.1.2x86-64 with the same shared folder and the same smb.conf file. Till then, when the PCs try to connect to the samba share via explorer a window opens with the message Numéro de procédure hors de l'intervalle admis (RPC_S_PROCNUM_OUT_OF_RANGE corresponding to windows error 1745). Has anyone an idea how I could get rid of that message and gain access to the samba shared folder with the explorer ? I've registered the PCs names and passwords in smbpasswd and one user named nobody because I thought of a problem of recognition of the PCs. I've found many mails about this error but no solution. Does anyone have an idea ? Can you send a network trace of this. Information on how to create network traces can be found under http://wiki.samba.org/index.php/Capture_Packets Thanks, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Ah ok, im not very used to the mailing list system, excuse me. I just made 5 unix groups, following the SID's at the end of my post: remote users guests users Dmn admins copy users I went to the XP i had joined to the domain, and i went to user and groups management (right click, properties over my pc - management) There, i see that Domain admins is automatically mapped. And windows users group is mapped to MYDOMAIN\none automatically aswell, although i doub if thats correct. But the other arent. Are mappings automatic? or i must link NT groups to UNIX groups manually on each XP machine, except for Domain admins group? thank you SID's gathered from samba doc's http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html Well-Known Entity RID TypeEssential Domain Administrator500 UserNo Domain Guest501 UserNo Domain KRBTGT 502 UserNo Domain Admins 512 Group Yes Domain Users513 Group Yes Domain Guests 514 Group Yes Domain Computers515 Group No Domain Controllers 516 Group No Domain Certificate Admins 517 Group No Domain Schema Admins518 Group No Domain Enterprise Admins519 Group No Domain Policy Admins520 Group No Builtin Admins 544 Alias No Builtin users 545 Alias No Builtin Guests 546 Alias No Builtin Power Users 547 Alias No Builtin Account Operators 548 Alias No Builtin System Operators549 Alias No Builtin Print Operators 550 Alias No Builtin Backup Operators551 Alias No Builtin Replicator 552 Alias No Builtin RAS Servers 553 Alias No Please CC to samba list. 2011/2/4 fdel...@rojatex.com: root has adding machines privileges because root has all powers in linux and samba Yes, root (uid=0) has natively all rights on Samba. Domain Admins has privileges because that group already had privileges in windows, and samba understand that Yes, rid=512 is reserved for Domain Admins and Domain Admins has the rights natively. srvadmins has rights because i granted them with the net rpc privileges. Yes. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba constantly creating mapping
Can someone explain why samba wants to create this mapping even if it already exists? 03.02.2011 13:30, Vladimir Vassiliev пишет: Hi all, I have Samba server joined Active Directory domain based on win2008r2, using LDAP as idmap backend. Recently I upgraded from 3.3.x to 3.5.x (Sernet RPMs for Centos4). Now I constantly observe those messages in log: [2011/02/03 09:10:25.696896, 0] winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping) ldap_set_mapping_internals: Failed to add S-1-5-21-3807515285-1394671770-2144936185-513 to 21066 mapping [gidNumber] [2011/02/03 09:10:25.696927, 0] winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping) ldap_set_mapping_internals: Error was: (Already exists) [2011/02/03 09:15:16.234228, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/02/03 09:15:16.234271, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/02/03 09:15:16.234286, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2011/02/03 09:15:16.234300, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! with gidNumber increasing, although samba created mapping for this SID: dn: sambaSID=S-1-5-21-3807515285-1394671770-2144936185-513,ou=idmap,dc=corp,dc=domain objectClass: sambaIdmapEntry objectClass: sambaSidEntry gidNumber: 20042 sambaSID: S-1-5-21-3807515285-1394671770-2144936185-513 structuralObjectClass: sambaSidEntry RID 513 is standard Domain Users group, but *S-1-5-21-3807515285-1394671770-2144936185* is not AD domain: wbinfo --all-domains BUILTIN DLC CORP DLC is hostname of Samba server and CORP - AD domain. wbinfo -D corp Name : CORP Alt_Name : corp.domain SID : S-1-5-21-3642537914-689118755-2668763798 Active Directory : Yes Native : Yes Primary : Yes wbinfo -D dlc Name : DLC Alt_Name : SID : *S-1-5-21-3807515285-1394671770-2144936185* Active Directory : No Native : No Primary : No As I understand I should somehow add entry for this SID in local SAM database with net sam. But how: with net sam createlocalgroup or net sam createdomaingroup or net sam createbuiltingroup? I don't understand SAM well, please advice me how to do this. Thanks. -- Vladimir Vassiliev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
2011/2/4 fdel...@rojatex.com: I went to the XP i had joined to the domain, and i went to user and groups management (right click, properties over my pc - management) There, i see that Domain admins is automatically mapped. And windows users group is mapped to MYDOMAIN\none automatically aswell, although i doub if thats correct. But the other arent. When a Windows workstation including Windows XP has joined to a domain, Domain Admins and Domain Users always joined to its Administrators and Users respectively. This behavior is a part of Windows workstation implementation. Samba has nothing to do with it. Why MYDOMAIN\none joined to Users is that you have not created Domain Users. -- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] understanding users mapping
Perfect. I get out of the domain, added the domain users group, re-joined the domain and right there, i could see: domain admins linked to MYDOMAIN\dmnadmins domain users linked to MYDOMAIN\dmnusers So i guess, that to map any other group, lets say: REMOTE DESKTOP USERS, i would need to: 1) net groupmap add unixgroup=remote ntgroup=whatever name 2) go to the XP machine, go to remote desktop users' group, and manually add MYDOMAIN\remote Repeat again for every other group. If thats correct, then, thank you very much all, much appreciated help. Thank you, Takahashi. 2011/2/4 fdel...@rojatex.com: I went to the XP i had joined to the domain, and i went to user and groups management (right click, properties over my pc - management) There, i see that Domain admins is automatically mapped. And windows users group is mapped to MYDOMAIN\none automatically aswell, although i doub if thats correct. But the other arent. When a Windows workstation including Windows XP has joined to a domain, Domain Admins and Domain Users always joined to its Administrators and Users respectively. This behavior is a part of Windows workstation implementation. Samba has nothing to do with it. Why MYDOMAIN\none joined to Users is that you have not created Domain Users. -- TAKAHASHI Motonobu mo...@samba.gr.jp -- Fran Del Val Dpto de informática. Rojatex S.L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ADS 2008 configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/03/2011 08:54 AM, Inder wrote: Hi, I am Inderjit, and have some issues with configuration of samba with ADS 2008. I am able to connect to ADS 2008, but command getent group doesn't show always the output with ADS groups. We have more that 25000 users and domain controller is not located at same location. Could you please give me a hints or suggestions, what can be changed to solve this issue. Regards Inderjit We have a large AD deployment as well. I hope that someone in the developer group can speak to this with authority, but I theorize that there is a timeout implemented in a generalized query that broad. Remember, you are asking for a listing of ALL groups in your AD controller. I can't even get Active Directory Users and Computers nor Powershell commands to output every group. If you are able to get a listing of a specific group: getent group specificgrpname Then winbind is working properly. Why are you wanting that amount of output? There may be other commands (net) that can get you the info you want. - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1MDdkACgkQup357T5MfTaH8gCaAoYygavzFWr/N2E3+xmX+NeR mToAn1866SQFgwaqorjte+kHx94TONPR =8QA9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
On Thu, 03 Feb 2011 20:16:00 -0300, J. Echter j.ech...@elektro-mayer-echter.de wrote: User SID: S-1-5-21-3842863818-2180709222-141296495-1001 Primary Group SID:S-1-5-21-3842863818-2180709222-141296495-513 Another thing to check: User SID: S-1-5-21-3842863818-2180709222-141296495-1001 - command 'net getlocalsid' must response S-1-5-21-3842863818-2180709222-141296495 (if not, run 'net setlocalsid S-1-5-21-3842863818-2180709222-141296495'). And in your LDAP server you must to have an entry as this: sambaDomainName=your domain name with sambaSID=S-1-5-21-3842863818-2180709222-141296495 AND: I had problems with users who do not have the attribute ambaPwdLastSet Then, all my users have sambaPwdLastSet = 1 Good Luck -- Jorge C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding LDAP Backend to Samba
I just recently got mine set up after alot of help from this list (and a great deal of pain and persistence). I also got alot of insightful guidance from this doc: http://wiki.amahi.org/index.php/LDAP hth, - Joe If you type Google into Google, you can break the Internet. -- Jen Barber --Forwarded Message Attachment-- From: j...@cec.uchile.cl To: samba@lists.samba.org Date: Fri, 4 Feb 2011 12:40:29 -0300 Subject: Re: [Samba] Adding LDAP Backend to Samba On Thu, 03 Feb 2011 20:16:00 -0300, J. Echter wrote: User SID: S-1-5-21-3842863818-2180709222-141296495-1001 Primary Group SID:S-1-5-21-3842863818-2180709222-141296495-513 Another thing to check: User SID: S-1-5-21-3842863818-2180709222-141296495-1001 - command 'net getlocalsid' must response S-1-5-21-3842863818-2180709222-141296495 (if not, run 'net setlocalsid S-1-5-21-3842863818-2180709222-141296495'). And in your LDAP server you must to have an entry as this: sambaDomainName= with sambaSID=S-1-5-21-3842863818-2180709222-141296495 AND: I had problems with users who do not have the attribute ambaPwdLastSet Then, all my users have sambaPwdLastSet = 1 Good Luck -- Jorge C. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.7 release date is...
On the Samba wiki page Samba3 Release Planning, the following is stated: Thursday, February 2011 - Planned release date for Samba 3.5.7 Which of the February Thursdays will it be? 10, 17 or 24? The quoted page resides here: http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5 Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.7 release date is...
Quoting Miguel Medalha (miguelmeda...@sapo.pt): On the Samba wiki page Samba3 Release Planning, the following is stated: Thursday, February 2011 - Planned release date for Samba 3.5.7 Which of the February Thursdays will it be? 10, 17 or 24? The quoted page resides here: http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5 AFAICT, from Karolin's mails to -technical, the planned date is Thursday 10th. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via da8eb5f s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check() via fde8450 s4:rpc_server/netlogon: set *r-out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS via c1ecb99 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels via 9df59dd pidl:wscript: don't warn about pidl gammar file changes for now via db59945 pidl/wscript: only warn about grammar file changes via 5af6ff3 pidl/wscript: let the developer use the standalone build with yapp from 39a3be5 Fix a couple of missing checks on talloc returns. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit da8eb5f0d21ffa4f092a8317ed8b8e6005ac4249 Author: Stefan Metzmacher me...@samba.org Date: Tue Feb 1 14:47:05 2011 +0100 s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check() We need to check for invalid parameters before we check for access denied. metze (cherry picked from commit a4d4217dfa03bda9ace25bb4f54be5e94c09abbf) commit fde8450a210267e315262b78168dabb4e2f4b0cb Author: Stefan Metzmacher me...@samba.org Date: Tue Feb 1 10:27:35 2011 +0100 s4:rpc_server/netlogon: set *r-out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS metze (cherry picked from commit 578e87dbf223c2ad529ef5de07630ed5c25a3ad6) commit c1ecb9930f8fc9e1271d932643d6771765514991 Author: Stefan Metzmacher me...@samba.org Date: Tue Feb 1 10:21:05 2011 +0100 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels metze (cherry picked from commit 97727e106878fef1a260ab6310992fff36ea5294) commit 9df59dda6bd2c51f1d9640f9d2979dd1c07b4c0e Author: Stefan Metzmacher me...@samba.org Date: Tue Jan 18 07:20:26 2011 +0100 pidl:wscript: don't warn about pidl gammar file changes for now We may add some logic that uses git diff HEAD to detect this changes in developer mode later again. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Jan 18 08:10:06 CET 2011 on sn-devel-104 (cherry picked from commit d5173ca189a080d0bb3a56200203c32a40c4b6e3) commit db59945ac15901d90ccd12e20fe649e5f9cc4c49 Author: Stefan Metzmacher me...@samba.org Date: Thu Jan 6 13:41:08 2011 +0100 pidl/wscript: only warn about grammar file changes autobuild should protect us from having grammar files and generated files out of sync. metze (cherry picked from commit ce7cb972b0ba7ec20d05bb1c4243fa0e2b5f05c0) commit 5af6ff3e2c004ac41778cfe97d83e2d3b3abda86 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 5 12:00:01 2011 +0100 pidl/wscript: let the developer use the standalone build with yapp Waf isn't happy when files in the source directory are changed. metze (cherry picked from commit 5d8f916619b5324e33d4a1bc3c97d6cc784f4bb9) --- Summary of changes: pidl/wscript | 38 +++--- source4/rpc_server/netlogon/dcerpc_netlogon.c | 100 +--- 2 files changed, 113 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/wscript b/pidl/wscript index 8cb0c6f..e60ca20 100644 --- a/pidl/wscript +++ b/pidl/wscript @@ -1,6 +1,6 @@ #!/usr/bin/env python -import os +import os, sys, Logs from samba_utils import MODE_755 def set_options(opt): @@ -46,8 +46,6 @@ def build(bld): blib_bld = os.path.join(bld.srcnode.abspath(bld.env), 'pidl/blib') -link_command = 'rm -rf blib ln -fs blib %s' % blib_bld - bld.SET_BUILD_GROUP('final') if 'POD2MAN' in bld.env and bld.env['POD2MAN'] != '': for src, manpage in pidl_manpages.iteritems(): @@ -57,15 +55,31 @@ def build(bld): install_path=os.path.dirname(bld.EXPAND_VARIABLES('${MANDIR}/'+manpage)), target=os.path.basename(manpage)) -# we want to prefer the git version of the parsers if we can. Only if the -# source has changed do we want to re-run yapp -need_yapp_build = ('YAPP' in bld.env and ( +# we want to prefer the git version of the parsers if we can. +# Only if the source has changed do we want to re-run yapp +# But we force the developer to use the pidl standalone build +# to regenerate the files. +# TODO: only warn in developer mode and if 'git diff HEAD' +# shows a difference +warn_about_grammar_changes = ('PIDL_BUILD_WARNINGS' in bld.env and ( bld.IS_NEWER('idl.yp', 'lib/Parse/Pidl/IDL.pm') or bld.IS_NEWER('expr.yp', 'lib/Parse/Pidl/Expr.pm'))) -if need_yapp_build: -t = bld.SAMBA_GENERATOR('pidl_parser', -source='idl.yp expr.yp', -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 17c01a5 s3:rpc_server/netlogon: reject validation level 6 without ads support from 13470f1 charcnv: removed call to setlocale() (bug 7519) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 17c01a5e900d77d622f3c33a440de739e64940e4 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 3 16:11:32 2011 +0100 s3:rpc_server/netlogon: reject validation level 6 without ads support metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Feb 4 10:06:26 CET 2011 on sn-devel-104 --- Summary of changes: source3/rpc_server/srv_netlog_nt.c | 16 1 files changed, 16 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 11fa946..397c658 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1314,7 +1314,13 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) switch (r-in.validation_level) { case NetlogonValidationSamInfo: /* 2 */ case NetlogonValidationSamInfo2: /* 3 */ + break; case NetlogonValidationSamInfo4: /* 6 */ + if ((pdb_capabilities() PDB_CAP_ADS) == 0) { + DEBUG(10,(Not adding validation info level 6 + without ADS passdb backend\n)); + return NT_STATUS_INVALID_INFO_CLASS; + } break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1330,7 +1336,13 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) switch (r-in.validation_level) { case NetlogonValidationSamInfo: /* 2 */ case NetlogonValidationSamInfo2: /* 3 */ + break; case NetlogonValidationSamInfo4: /* 6 */ + if ((pdb_capabilities() PDB_CAP_ADS) == 0) { + DEBUG(10,(Not adding validation info level 6 + without ADS passdb backend\n)); + return NT_STATUS_INVALID_INFO_CLASS; + } break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1343,6 +1355,9 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) return NT_STATUS_INVALID_PARAMETER; } + /* we don't support this here */ + return NT_STATUS_INVALID_PARAMETER; +#if 0 switch (r-in.validation_level) { /* TODO: case NetlogonValidationGenericInfo: 4 */ case NetlogonValidationGenericInfo2: /* 5 */ @@ -1352,6 +1367,7 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) } break; +#endif default: return NT_STATUS_INVALID_PARAMETER; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 7ebb874 s3:rpc_server/netlogon: reject validation level 6 without ads support from da8eb5f s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 7ebb874c0cd863b61ef9655db1579e6efd788949 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 3 16:11:32 2011 +0100 s3:rpc_server/netlogon: reject validation level 6 without ads support metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Feb 4 10:06:26 CET 2011 on sn-devel-104 (cherry picked from commit 17c01a5e900d77d622f3c33a440de739e64940e4) --- Summary of changes: source3/rpc_server/srv_netlog_nt.c | 16 1 files changed, 16 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 11fa946..397c658 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1314,7 +1314,13 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) switch (r-in.validation_level) { case NetlogonValidationSamInfo: /* 2 */ case NetlogonValidationSamInfo2: /* 3 */ + break; case NetlogonValidationSamInfo4: /* 6 */ + if ((pdb_capabilities() PDB_CAP_ADS) == 0) { + DEBUG(10,(Not adding validation info level 6 + without ADS passdb backend\n)); + return NT_STATUS_INVALID_INFO_CLASS; + } break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1330,7 +1336,13 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) switch (r-in.validation_level) { case NetlogonValidationSamInfo: /* 2 */ case NetlogonValidationSamInfo2: /* 3 */ + break; case NetlogonValidationSamInfo4: /* 6 */ + if ((pdb_capabilities() PDB_CAP_ADS) == 0) { + DEBUG(10,(Not adding validation info level 6 + without ADS passdb backend\n)); + return NT_STATUS_INVALID_INFO_CLASS; + } break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1343,6 +1355,9 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) return NT_STATUS_INVALID_PARAMETER; } + /* we don't support this here */ + return NT_STATUS_INVALID_PARAMETER; +#if 0 switch (r-in.validation_level) { /* TODO: case NetlogonValidationGenericInfo: 4 */ case NetlogonValidationGenericInfo2: /* 5 */ @@ -1352,6 +1367,7 @@ static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) } break; +#endif default: return NT_STATUS_INVALID_PARAMETER; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e9c45a3 s3:lib/addrchange: set ctx-sock to -1 after close via d8d5a3f s3:lib/addrchange: remove unused pointer via ff935dd s3:lib/addrchange: let addrchange_done() retry and ignore unknown message types via 902fbd9 s3:winbindd: fix segfaults on addrchange errors and make DEBUG() statements more usefull from 17c01a5 s3:rpc_server/netlogon: reject validation level 6 without ads support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e9c45a3973c85fbe40c017724c7909fefa05b656 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:54:36 2011 +0100 s3:lib/addrchange: set ctx-sock to -1 after close The makes the code more consistent with similar destructors. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Feb 4 15:52:55 CET 2011 on sn-devel-104 commit d8d5a3fb3a7754a71ba78399ab0fdcd8b3854dfa Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:53:38 2011 +0100 s3:lib/addrchange: remove unused pointer metze commit ff935ddf8b22be269abb730904d324efb1e3e8f2 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:32:41 2011 +0100 s3:lib/addrchange: let addrchange_done() retry and ignore unknown message types Messages like RTM_NEWLINK should be just ignored. metze commit 902fbd91a19c414b61bc18ef24d7d84b30d37b1b Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:29:42 2011 +0100 s3:winbindd: fix segfaults on addrchange errors and make DEBUG() statements more usefull metze --- Summary of changes: source3/lib/addrchange.c| 24 +--- source3/winbindd/winbindd.c |9 ++--- 2 files changed, 23 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/addrchange.c b/source3/lib/addrchange.c index f3606e2..8cd3c19 100644 --- a/source3/lib/addrchange.c +++ b/source3/lib/addrchange.c @@ -28,7 +28,6 @@ struct addrchange_context { int sock; - uint8_t *buf; }; static int addrchange_context_destructor(struct addrchange_context *c); @@ -77,12 +76,14 @@ static int addrchange_context_destructor(struct addrchange_context *c) { if (c-sock != -1) { close(c-sock); - c-sock = 0; + c-sock = -1; } return 0; } struct addrchange_state { + struct tevent_context *ev; + struct addrchange_context *ctx; uint8_t buf[8192]; struct sockaddr_storage fromaddr; socklen_t fromaddr_len; @@ -104,14 +105,15 @@ struct tevent_req *addrchange_send(TALLOC_CTX *mem_ctx, if (req == NULL) { return NULL; } + state-ev = ev; + state-ctx = ctx; state-fromaddr_len = sizeof(state-fromaddr); - - subreq = recvfrom_send(state, ev, ctx-sock, + subreq = recvfrom_send(state, state-ev, state-ctx-sock, state-buf, sizeof(state-buf), 0, state-fromaddr, state-fromaddr_len); if (tevent_req_nomem(subreq, req)) { - return tevent_req_post(req, ev); + return tevent_req_post(req, state-ev); } tevent_req_set_callback(subreq, addrchange_done, req); return req; @@ -166,8 +168,16 @@ static void addrchange_done(struct tevent_req *subreq) state-type = ADDRCHANGE_DEL; break; default: - DEBUG(10, (Got unexpected type %d\n, h-nlmsg_type)); - tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS); + DEBUG(10, (Got unexpected type %d - ignoring\n, h-nlmsg_type)); + + state-fromaddr_len = sizeof(state-fromaddr); + subreq = recvfrom_send(state, state-ev, state-ctx-sock, + state-buf, sizeof(state-buf), 0, + state-fromaddr, state-fromaddr_len); + if (tevent_req_nomem(subreq, req)) { + return; + } + tevent_req_set_callback(subreq, addrchange_done, req); return; } diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 701f7a0..3a76231 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -1142,8 +1142,9 @@ static void winbindd_init_addrchange(TALLOC_CTX *mem_ctx, } req = addrchange_send(state, ev, state-ctx); if (req == NULL) { - DEBUG(10, (addrchange_send failed\n)); + DEBUG(0, (addrchange_send failed\n)); TALLOC_FREE(state); + return; } tevent_req_set_callback(req, winbindd_addr_changed, state); } @@ -1162,6 +1163,7 @@ static void
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f60398d s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) via ac4127a s3-auth: add copy_netr_SamBaseInfo(). from e9c45a3 s3:lib/addrchange: set ctx-sock to -1 after close http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f60398d7b20869d7b09d81854f3727fdcd897430 Author: Günther Deschner g...@samba.org Date: Fri Jan 7 17:28:29 2011 +0100 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104 commit ac4127a9f432f762cb728c161d7fbf80de31b60e Author: Günther Deschner g...@samba.org Date: Tue Jan 11 15:08:41 2011 +0100 s3-auth: add copy_netr_SamBaseInfo(). Guenther Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/Makefile.in|3 +- source3/auth/auth_domain.c |1 + source3/auth/auth_netlogond.c |1 + source3/auth/server_info.c | 62 +++ source3/rpc_client/cli_netlogon.c | 62 +-- source3/rpc_client/cli_netlogon.h |2 + source3/rpc_client/util_netlogon.c | 63 source3/rpc_client/util_netlogon.h |5 +++ source3/winbindd/winbindd.h|1 + source3/winbindd/winbindd_cm.c |1 + source3/winbindd/winbindd_pam.c| 59 - source3/wscript_build |2 +- 12 files changed, 198 insertions(+), 64 deletions(-) create mode 100644 source3/rpc_client/util_netlogon.c create mode 100644 source3/rpc_client/util_netlogon.h Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 09cd713..ebfee9f 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -375,7 +375,8 @@ LIBCLI_SAMR_OBJ = librpc/gen_ndr/ndr_samr_c.o \ rpc_client/cli_samr.o LIBCLI_NETLOGON_OBJ = librpc/gen_ndr/ndr_netlogon_c.o \ - rpc_client/cli_netlogon.o + rpc_client/cli_netlogon.o \ + rpc_client/util_netlogon.o LIBCLI_EPMAPPER_OBJ = librpc/gen_ndr/ndr_epmapper_c.o diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 0f541cd..05421de 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -309,6 +309,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, user_info-client.domain_name, /* domain name */ user_info-workstation_name, /* workstation name */ chal, /* 8 byte challenge. */ + 3, /* validation level */ user_info-password.response.lanman, /* lanman 24 byte response */ user_info-password.response.nt, /* nt 24 byte response */ info3); /* info3 out */ diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index 889371c..1e3ccb1 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -88,6 +88,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, user_info-client.domain_name, /* domain name */ user_info-workstation_name, /* workstation name */ (uchar *)auth_context-challenge.data, /* 8 byte challenge. */ + 3, /* validation level */ user_info-password.response.lanman, /* lanman 24 byte response */ user_info-password.response.nt, /* nt 24 byte response */ info3); /* info3 out */ diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 01c7a96..0f62983 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -21,6 +21,7 @@ #include ../lib/crypto/arcfour.h #include ../librpc/gen_ndr/netlogon.h #include ../libcli/security/security.h +#include rpc_client/util_netlogon.h #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -490,66 +491,15 @@
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 7add712 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) via 0a1d8c2 s3-auth: add copy_netr_SamBaseInfo(). via 3eb4f82 s3:lib/addrchange: set ctx-sock to -1 after close via cc62408 s3:lib/addrchange: remove unused pointer via b53b401 s3:lib/addrchange: let addrchange_done() retry and ignore unknown message types via 060ee24 s3:winbindd: fix segfaults on addrchange errors and make DEBUG() statements more usefull from 7ebb874 s3:rpc_server/netlogon: reject validation level 6 without ads support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 7add712498fe93603b1b2c633e097ce8fbdf Author: Günther Deschner g...@samba.org Date: Fri Jan 7 17:28:29 2011 +0100 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104 (cherry picked from commit f60398d7b20869d7b09d81854f3727fdcd897430) commit 0a1d8c2b2218bdc77938ab0f33aa4431e6aae3ea Author: Günther Deschner g...@samba.org Date: Tue Jan 11 15:08:41 2011 +0100 s3-auth: add copy_netr_SamBaseInfo(). Guenther Signed-off-by: Stefan Metzmacher me...@samba.org (cherry picked from commit ac4127a9f432f762cb728c161d7fbf80de31b60e) commit 3eb4f829cca3299cec22f54d3e4906ca71f10994 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:54:36 2011 +0100 s3:lib/addrchange: set ctx-sock to -1 after close The makes the code more consistent with similar destructors. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Feb 4 15:52:55 CET 2011 on sn-devel-104 (cherry picked from commit e9c45a3973c85fbe40c017724c7909fefa05b656) commit cc62408ba58b1f8c4a18a2d565c692203cb124b3 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:53:38 2011 +0100 s3:lib/addrchange: remove unused pointer metze (cherry picked from commit d8d5a3fb3a7754a71ba78399ab0fdcd8b3854dfa) commit b53b40157cc9ea390b30cdf07085d85f721dcf28 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:32:41 2011 +0100 s3:lib/addrchange: let addrchange_done() retry and ignore unknown message types Messages like RTM_NEWLINK should be just ignored. metze (cherry picked from commit ff935ddf8b22be269abb730904d324efb1e3e8f2) commit 060ee243e758db4281a0ce10e959a67dd2d13494 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 4 12:29:42 2011 +0100 s3:winbindd: fix segfaults on addrchange errors and make DEBUG() statements more usefull metze (cherry picked from commit 902fbd91a19c414b61bc18ef24d7d84b30d37b1b) --- Summary of changes: source3/Makefile.in|3 +- source3/auth/auth_domain.c |1 + source3/auth/auth_netlogond.c |1 + source3/auth/server_info.c | 62 +++ source3/lib/addrchange.c | 24 ++ source3/rpc_client/cli_netlogon.c | 62 +-- source3/rpc_client/cli_netlogon.h |2 + source3/rpc_client/util_netlogon.c | 63 source3/rpc_client/util_netlogon.h |5 +++ source3/winbindd/winbindd.c|9 +++-- source3/winbindd/winbindd.h|1 + source3/winbindd/winbindd_cm.c |1 + source3/winbindd/winbindd_pam.c| 59 - source3/wscript_build |2 +- 14 files changed, 221 insertions(+), 74 deletions(-) create mode 100644 source3/rpc_client/util_netlogon.c create mode 100644 source3/rpc_client/util_netlogon.h Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 09cd713..ebfee9f 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -375,7 +375,8 @@ LIBCLI_SAMR_OBJ = librpc/gen_ndr/ndr_samr_c.o \ rpc_client/cli_samr.o LIBCLI_NETLOGON_OBJ = librpc/gen_ndr/ndr_netlogon_c.o \ - rpc_client/cli_netlogon.o + rpc_client/cli_netlogon.o \ + rpc_client/util_netlogon.o LIBCLI_EPMAPPER_OBJ = librpc/gen_ndr/ndr_epmapper_c.o diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 0f541cd..05421de 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -309,6 +309,7 @@ static NTSTATUS
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 1b1d52a charcnv: removed call to setlocale() (bug 7519) from 7add712 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 1b1d52a39df782fa04b53f06e210cf48d38a0e4e Author: Andrew Tridgell tri...@samba.org Date: Fri Feb 4 16:04:30 2011 +1100 charcnv: removed call to setlocale() (bug 7519) We don't need this setlocale() call, and it can break applications that use our libraries Thanks to Milan Crha for pointing this out Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Fri Feb 4 06:51:01 CET 2011 on sn-devel-104 (cherry picked from commit 13470f11ee47da446eb7094c29dbc8ff402aede9) --- Summary of changes: lib/util/charset/charcnv.c | 10 -- 1 files changed, 0 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/charset/charcnv.c b/lib/util/charset/charcnv.c index f8aeea3..59b36e3 100644 --- a/lib/util/charset/charcnv.c +++ b/lib/util/charset/charcnv.c @@ -139,16 +139,6 @@ static smb_iconv_t get_conv_handle(struct smb_iconv_convenience *ic, if (initialised == false) { initialised = true; - -#ifdef LC_ALL - /* we set back the locale to C to get ASCII-compatible - toupper/lower functions. For now we do not need - any other POSIX localisations anyway. When we - should really need localized string functions one - day we need to write our own ascii_tolower etc. - */ - setlocale(LC_ALL, C); -#endif } if (ic-conv_handles[from][to]) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via f96b11d Move the oplock file with byte range locks check to the correct place, where we're making oplock decisions. (cherry picked from commit 8d8242cdfd4aec4be87c81022b7a53acfa8ffaaf) from 1b1d52a charcnv: removed call to setlocale() (bug 7519) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit f96b11d61b8a32dbbf321d0c85b0b0e7514e61de Author: Jeremy Allison j...@samba.org Date: Fri Feb 4 15:32:09 2011 -0800 Move the oplock file with byte range locks check to the correct place, where we're making oplock decisions. (cherry picked from commit 8d8242cdfd4aec4be87c81022b7a53acfa8ffaaf) --- Summary of changes: source3/smbd/open.c | 15 +++ source3/smbd/oplock.c | 17 - 2 files changed, 15 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index f236243..0ef2b3a 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1011,6 +1011,17 @@ static bool delay_for_exclusive_oplocks(files_struct *fsp, return false; } +static bool file_has_brlocks(files_struct *fsp) +{ + struct byte_range_lock *br_lck; + + br_lck = brl_get_locks_readonly(fsp); + if (!br_lck) + return false; + + return br_lck-num_locks 0 ? true : false; +} + static void grant_fsp_oplock_type(files_struct *fsp, int oplock_request, bool got_level2_oplock, @@ -1029,6 +1040,10 @@ static void grant_fsp_oplock_type(files_struct *fsp, DEBUG(10,(grant_fsp_oplock_type: oplock type 0x%x on file %s\n, fsp-oplock_type, fsp_str_dbg(fsp))); return; + } else if (lp_locking(fsp-conn-params) file_has_brlocks(fsp)) { + DEBUG(10,(grant_fsp_oplock_type: file %s has byte range locks\n, + fsp_str_dbg(fsp))); + fsp-oplock_type = NO_OPLOCK; } if (is_stat_open(fsp-access_mask)) { diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index c3c41d1..a2ba010 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -52,17 +52,6 @@ void break_kernel_oplock(struct messaging_context *msg_ctx, files_struct *fsp) msg, MSG_SMB_KERNEL_BREAK_SIZE); } -static bool file_has_brlocks(files_struct *fsp) -{ - struct byte_range_lock *br_lck; - - br_lck = brl_get_locks_readonly(fsp); - if (!br_lck) - return false; - - return br_lck-num_locks 0 ? true : false; -} - / Attempt to set an oplock on a file. Succeeds if kernel oplocks are disabled (just sets flags) and no byte-range locks in the file. Returns True @@ -72,12 +61,6 @@ static bool file_has_brlocks(files_struct *fsp) bool set_file_oplock(files_struct *fsp, int oplock_type) { if (fsp-oplock_type == LEVEL_II_OPLOCK) { - if (lp_locking(fsp-conn-params) file_has_brlocks(fsp)) { - DEBUG(10, (Refusing level2 oplock because of - byte-range locks on the file\n)); - return false; - } - if (koplocks !(koplocks-flags KOPLOCKS_LEVEL2_SUPPORTED)) { DEBUG(10, (Refusing level2 oplock, kernel oplocks -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ece9498 Move the oplock file with byte range locks check to the correct place, where we're making oplock decisions. from f60398d s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ece94989b8a9e39d080d58bb82958c201af79f0d Author: Jeremy Allison j...@samba.org Date: Fri Feb 4 15:32:09 2011 -0800 Move the oplock file with byte range locks check to the correct place, where we're making oplock decisions. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Feb 5 01:18:14 CET 2011 on sn-devel-104 --- Summary of changes: source3/smbd/open.c | 15 +++ source3/smbd/oplock.c | 17 - 2 files changed, 15 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index f236243..0ef2b3a 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1011,6 +1011,17 @@ static bool delay_for_exclusive_oplocks(files_struct *fsp, return false; } +static bool file_has_brlocks(files_struct *fsp) +{ + struct byte_range_lock *br_lck; + + br_lck = brl_get_locks_readonly(fsp); + if (!br_lck) + return false; + + return br_lck-num_locks 0 ? true : false; +} + static void grant_fsp_oplock_type(files_struct *fsp, int oplock_request, bool got_level2_oplock, @@ -1029,6 +1040,10 @@ static void grant_fsp_oplock_type(files_struct *fsp, DEBUG(10,(grant_fsp_oplock_type: oplock type 0x%x on file %s\n, fsp-oplock_type, fsp_str_dbg(fsp))); return; + } else if (lp_locking(fsp-conn-params) file_has_brlocks(fsp)) { + DEBUG(10,(grant_fsp_oplock_type: file %s has byte range locks\n, + fsp_str_dbg(fsp))); + fsp-oplock_type = NO_OPLOCK; } if (is_stat_open(fsp-access_mask)) { diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index c3c41d1..a2ba010 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -52,17 +52,6 @@ void break_kernel_oplock(struct messaging_context *msg_ctx, files_struct *fsp) msg, MSG_SMB_KERNEL_BREAK_SIZE); } -static bool file_has_brlocks(files_struct *fsp) -{ - struct byte_range_lock *br_lck; - - br_lck = brl_get_locks_readonly(fsp); - if (!br_lck) - return false; - - return br_lck-num_locks 0 ? true : false; -} - / Attempt to set an oplock on a file. Succeeds if kernel oplocks are disabled (just sets flags) and no byte-range locks in the file. Returns True @@ -72,12 +61,6 @@ static bool file_has_brlocks(files_struct *fsp) bool set_file_oplock(files_struct *fsp, int oplock_type) { if (fsp-oplock_type == LEVEL_II_OPLOCK) { - if (lp_locking(fsp-conn-params) file_has_brlocks(fsp)) { - DEBUG(10, (Refusing level2 oplock because of - byte-range locks on the file\n)); - return false; - } - if (koplocks !(koplocks-flags KOPLOCKS_LEVEL2_SUPPORTED)) { DEBUG(10, (Refusing level2 oplock, kernel oplocks -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 57b267e Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first. (cherry picked from commit b8035a9b353ac63d421402748d7bd7ec71cbb076) from f96b11d Move the oplock file with byte range locks check to the correct place, where we're making oplock decisions. (cherry picked from commit 8d8242cdfd4aec4be87c81022b7a53acfa8ffaaf) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 57b267ee2bc9ff67555e3b926e5035362c9ba638 Author: Jeremy Allison j...@samba.org Date: Fri Feb 4 17:48:10 2011 -0800 Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first. (cherry picked from commit b8035a9b353ac63d421402748d7bd7ec71cbb076) --- Summary of changes: source3/include/proto.h |4 +- source3/modules/nfs4_acls.c |8 ++-- source3/smbd/posix_acls.c | 117 +++--- source3/smbd/vfs.c | 30 +++ 4 files changed, 78 insertions(+), 81 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 4c7d4f3..94cd0a9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5158,8 +5158,7 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, struct security_descriptor **ppdesc); NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, uint32_t security_info, struct security_descriptor **ppdesc); -int try_chown(connection_struct *conn, struct smb_filename *smb_fname, - uid_t uid, gid_t gid); +NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid); NTSTATUS append_parent_acl(files_struct *fsp, const struct security_descriptor *pcsd, struct security_descriptor **pp_new_sd); @@ -5606,6 +5605,7 @@ int vfs_stat_smb_fname(struct connection_struct *conn, const char *fname, int vfs_lstat_smb_fname(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf); NTSTATUS vfs_stat_fsp(files_struct *fsp); +NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid); /* The following definitions come from utils/passwd_util.c */ diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index e2f9fe3..6e6b015 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -765,14 +765,14 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, if (((newUID != (uid_t)-1) (sbuf.st_ex_uid != newUID)) || ((newGID != (gid_t)-1) (sbuf.st_ex_gid != newGID))) { - if(try_chown(fsp-conn, fsp-fsp_name, newUID, -newGID)) { + status = try_chown(fsp, newUID, newGID); + if (!NT_STATUS_IS_OK(status)) { DEBUG(3,(chown %s, %u, %u failed. Error = %s.\n, fsp_str_dbg(fsp), (unsigned int)newUID, (unsigned int)newGID, -strerror(errno))); - return map_nt_error_from_unix(errno); +nt_errstr(status))); + return status; } DEBUG(10,(chown %s, %u, %u succeeded.\n, diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 880d5b9..8707ff7 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3526,105 +3526,73 @@ NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, Try to chown a file. We will be able to chown it under the following conditions. 1) If we have root privileges, then it will just work. - 2) If we have SeTakeOwnershipPrivilege we can change the user to the current user. - 3) If we have SeRestorePrivilege we can change the user to any other user. + 2) If we have SeRestorePrivilege we can change the user + group to any other user. + 3) If we have SeTakeOwnershipPrivilege we can change the user to the current user. 4) If we have write permission to the file and dos_filemodes is set then allow chown to the currently authenticated user. / -int try_chown(connection_struct *conn, struct smb_filename *smb_fname, - uid_t uid, gid_t gid) +NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) { - int ret; - files_struct *fsp; + NTSTATUS status; - if(!CAN_WRITE(conn)) { - return -1; + if(!CAN_WRITE(fsp-conn)) { + return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via df34e80 Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first. from ece9498 Move the oplock file with byte range locks check to the correct place, where we're making oplock decisions. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit df34e804fc1a44e6ff096fbaf7a643778e857481 Author: Jeremy Allison j...@samba.org Date: Fri Feb 4 17:48:10 2011 -0800 Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104 --- Summary of changes: source3/include/proto.h |4 +- source3/modules/nfs4_acls.c |8 ++-- source3/smbd/posix_acls.c | 117 +++--- source3/smbd/vfs.c | 30 +++ 4 files changed, 78 insertions(+), 81 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 4c7d4f3..94cd0a9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5158,8 +5158,7 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, struct security_descriptor **ppdesc); NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, uint32_t security_info, struct security_descriptor **ppdesc); -int try_chown(connection_struct *conn, struct smb_filename *smb_fname, - uid_t uid, gid_t gid); +NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid); NTSTATUS append_parent_acl(files_struct *fsp, const struct security_descriptor *pcsd, struct security_descriptor **pp_new_sd); @@ -5606,6 +5605,7 @@ int vfs_stat_smb_fname(struct connection_struct *conn, const char *fname, int vfs_lstat_smb_fname(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf); NTSTATUS vfs_stat_fsp(files_struct *fsp); +NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid); /* The following definitions come from utils/passwd_util.c */ diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index e2f9fe3..6e6b015 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -765,14 +765,14 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, if (((newUID != (uid_t)-1) (sbuf.st_ex_uid != newUID)) || ((newGID != (gid_t)-1) (sbuf.st_ex_gid != newGID))) { - if(try_chown(fsp-conn, fsp-fsp_name, newUID, -newGID)) { + status = try_chown(fsp, newUID, newGID); + if (!NT_STATUS_IS_OK(status)) { DEBUG(3,(chown %s, %u, %u failed. Error = %s.\n, fsp_str_dbg(fsp), (unsigned int)newUID, (unsigned int)newGID, -strerror(errno))); - return map_nt_error_from_unix(errno); +nt_errstr(status))); + return status; } DEBUG(10,(chown %s, %u, %u succeeded.\n, diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 880d5b9..8707ff7 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3526,105 +3526,73 @@ NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, Try to chown a file. We will be able to chown it under the following conditions. 1) If we have root privileges, then it will just work. - 2) If we have SeTakeOwnershipPrivilege we can change the user to the current user. - 3) If we have SeRestorePrivilege we can change the user to any other user. + 2) If we have SeRestorePrivilege we can change the user + group to any other user. + 3) If we have SeTakeOwnershipPrivilege we can change the user to the current user. 4) If we have write permission to the file and dos_filemodes is set then allow chown to the currently authenticated user. / -int try_chown(connection_struct *conn, struct smb_filename *smb_fname, - uid_t uid, gid_t gid) +NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) { - int ret; - files_struct *fsp; + NTSTATUS status; - if(!CAN_WRITE(conn)) { - return -1; + if(!CAN_WRITE(fsp-conn)) { + return NT_STATUS_MEDIA_WRITE_PROTECTED; } /* Case (1). */ - /* try the direct way first