Re: [Samba] wbinfo command generate a winbindd core dump
On Tue, Oct 04, 2011 at 11:48:04PM +0200, Harry Jede wrote: OS Debian squeeze # wbinfo -V Version 3.5.6 ute@alix:~$ wbinfo --getdcname=KRONPRINZ Could not get dc name for KRONPRINZ As root and as unprivilegd user, this command results in a winbind core dump. This smells severely like https://bugzilla.samba.org/show_bug.cgi?id=7730 which was fixed in Samba 3.5.8. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] wbinfo command generate a winbindd core dump
Am Dienstag, 18. Oktober 2011 schrieben Sie: On Tue, Oct 04, 2011 at 11:48:04PM +0200, Harry Jede wrote: OS Debian squeeze # wbinfo -V Version 3.5.6 ute@alix:~$ wbinfo --getdcname=KRONPRINZ Could not get dc name for KRONPRINZ As root and as unprivilegd user, this command results in a winbind core dump. This smells severely like https://bugzilla.samba.org/show_bug.cgi?id=7730 which was fixed in Samba 3.5.8. I dont have a 3.5.8 avaiable, but in $ wbinfo -V Version 3.5.11 it is fixed and I cannot produce a core dump. Fine. Volker -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file_mode and dir_mode options ignored
Hi there. I'm using samba3x-3.5.4-0.83.el5_7.2 on CentOS release 5.7 x86_64 to mount a Terastation filesystem. The file_mode and dir_mode options to mount.cifs seem to be ignored; I systematically get a drwxrwxrwx permission, no matter what values I provide for these options: # mount.cifs //terastation/Backup /bkp/BackupPC/ -o credentials=/etc/samba/terastation.cred, uid=backuppc,gid=backuppc,file_mode=0640,dir_mode=0750 # ls -la /bkp drwxr-x--- 3 root backuppc 4096 Oct 18 11:23 . drwxr-xr-x 24 root root 4096 Oct 17 12:30 .. drwxrwxrwx 7 backuppc backuppc0 Oct 5 17:59 BackupPC What gives? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file_mode and dir_mode options ignored
From: Christian Roche christian.ro...@shabakkat.com Date: Tue, 18 Oct 2011 11:59:21 + Hi there. I'm using samba3x-3.5.4-0.83.el5_7.2 on CentOS release 5.7 x86_64 to mount a Terastation filesystem. The file_mode and dir_mode options to mount.cifs seem to be ignored; I systematically get a drwxrwxrwx permission, no matter what values I provide for these options: Try noperm option instead of file_mode and dir_mode. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mac OS X / MS Office save issues and possible .TemporaryItems fix
-Original Message- From: Craig White [mailto:craigwh...@azapple.com] Sent: Saturday, October 15, 2011 3:06 PM To: samba@lists.samba.org Subject: Re: [Samba] Mac OS X / MS Office save issues and possible .TemporaryItems fix On Sat, 2011-10-15 at 15:53 +, Nathan A Friedl wrote: We have an issue where Macs that try to save MS Office files on our 3.5.11 samba servers occasionally get error messages such as There has been a network or file permission error. The network connection may be lost.” When this happens, the user often has to save the file to their local drive and then copy it over to the network share. After doing some research, we suspect the issue may be related to the .TemporaryItems folder that MS Office creates on any drive that it opens a file on (described here: http://prowiki.isc.upenn.edu/wiki/MS_Office_and_Network_Volumes ). MS Office apparently continually modifies the permissions on this folder and can occasionally prevent a user from opening a file due to wonky permissions. Yesterday we created a .TemporaryItems folder for every share and set the default acl to be rwx for all, as there's no way that Office should be able to change that. We're hoping that will solve the problem, but we've been unable to replicate these problems ourselves so we're just waiting to see if the errors appear again. Are we on the right track here, or do you suspect something else may be going on? Do you have any suggestions for other things to try? Additionally, we've been having a hard time determining a good logging level. When we up the logging, the Macs can rotate the logs quite quickly as they touch every file in a folder whenever the folder is opened. What would your suggestion be for a proper logging level to monitor these issues? Thanks for your time, gosh that's a real old problem and the solution is painful. You should be able to google the issue/resolution. The issue is that one each local Macintosh, the first user created is uid #500 and the next is #501, etc. On probably about 70% of the Mac's, the primary user is the only user and he is uid 500. Likewise, other users simultaneously open files on the server with the same uid # and Microsoft Office just plays havoc (I wonder if they fixed this problem with Office 2008?) Anyway, the only way to permanently fix this problem is to have unique UID's assigned to each user on each Macintosh (at one location, I used LDAP for authenticating users on each Mac). The user can also 'copy' existing files from the server to their desktop, make their changes and then move it back to the server when they are finished (ugh). Otherwise, you can use Libre Office which doesn't suffer from the same issues ;-) Craig Thanks for the advice Craig. I should have mentioned that we're in the process of binding our Macs to our Active Directory domain. We've got Services for UNIX installed on the domain servers and have verified that they have the correct domain uids when logged into their Macs. Oddly enough, some domain users have still had these Office problems on their home shares (which only they have access to). In addition, some of the complaints have come from Office 2011 users, so it doesn't appear that Microsoft has changed anything. We are hopeful that forcing the rwx acls for all users on the .TemporaryItems folder has resolved this (we've had no reports of these problems since before we made the change on Friday), but I wanted to check and see if anyone has any other ideas for things we could be looking at here...and suggestions for the proper logging level to help monitor this issue. Best, Nate -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] template options ignored
Hi, i have installed samba 3.5.11 on centos 5 and samba 3.6.0 on centos 6. Both system are connected to a Microsoft Domain. AD Users can resolved and getent passwd username or wbinfo -i username works. Now I have setup some template options in my smb.conf: template shell = /sbin/nologin template homedir = /home/%U This options seems to be completely ignored. getent passwd username and wbinfo -i username returns the configured values from AD. Are there other options that affect this behavior? Did I understand the options wrong? -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] template options ignored
From: Zabel, Daniel daniel.za...@coremedia.com Date: Tue, 18 Oct 2011 17:12:45 +0200 i have installed samba 3.5.11 on centos 5 and samba 3.6.0 on centos 6. Both system are connected to a Microsoft Domain. AD Users can resolved and getent passwd username or wbinfo -i username works. Now I have setup some template options in my smb.conf: template shell = /sbin/nologin template homedir = /home/%U This options seems to be completely ignored. getent passwd username and wbinfo -i username returns the configured values from AD. How do you configure winbind nss info parameter? And have you tried against newly created AD user when you examine shell and homedir for the user? --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file_mode and dir_mode options ignored
Hi there. I'm using samba3x-3.5.4-0.83.el5_7.2 on CentOS release 5.7 x86_64 to mount a Terastation filesystem. The file_mode and dir_mode options to mount.cifs seem to be ignored; I systematically get a drwxrwxrwx permission, no matter what values I provide for these options: Try noperm option instead of file_mode and dir_mode. Hi Motonobu, thanks for your answer. However noperm doesn't seem to do what I need. I want to restrict access on the CentOS system to the backuppc user exclusively. The only way I've been able to do that up to now is to put the mountpoint in a restricted subdirectory. It kind of works but it's not optimal. Do you have an idea what the problem here is? Is it related to the Terastation itself? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating user accounts Samba 3.5.3 to Windows 2003 (2008)
Hi all, I need some help with the following problem: I need to migrate a bunch of user accounts to another domain on a Windows 2003 server (eventually to 2008R2, but that step seemed to big to do in one go). To keep all access rights etc. correct, I need to get the SID history set correctly as well. From what I've researched so far, I'm aware of http://lists.samba.org/archive/samba/2005-April/103743.html and http://lists.samba.org/archive/samba/2005-June/107028.html which basically state that this migration should be possible using ADMT. As far as I know, I have all prerequisites in places as listed in those postings, however, I still cannot get ADMT to run. It does find the Samba server and recognises it as domain controller for OLDDOMAIN, but when I ask it to migrate SID history as well, I get a rather cryptic error Could not verify auditing and TcpipClientSupport on domains. Will not be able to migrate Sid's. The system cannot find the file specified. Unfortunately, Aunt Google does not have much on that one... Neither tshark nor Process Monitor nor the Samba logs provided any additional clues (that I would recognise), so this was a dead end for the time being. After having checked and re-checked domain trusts, administrator accounts (with equal passwords), SID filters being off, ... on both machines, I then tried a different approach: The sidhist.vbs script from the 2003 support tools, which in theory should be able to accomplish the same. However, when I try to run this script, I also get an error: Error 0x800706BA, Unable to read the configuration information of the computer SAMBA_DC. The error was: The RPC server is unavailable. I've done a lot of searching on this one as well, I even went as far as running tshark on the connection to see whether that would yield any clues - but came up empty yet again. Unfortunately, I'm now at the end of my - limited - knowledge of both Samba and Windows and would therefore like to ask whether anyone on this list may be able to hit me with the appropriate clue stick and/or point me in the direction of the proper TFM. Any tips for solving or even just debugging this are most welcome. Thanks in advance, Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating user accounts Samba 3.5.3 to Windows 2003 (2008)
Am 18.10.2011 17:58 schrieb ITSEF Admin: Hi all, I need some help with the following problem: I need to migrate a bunch of user accounts to another domain on a Windows 2003 server (eventually to 2008R2, but that step seemed to big to do in one go). To keep all access rights etc. correct, I need to get the SID history set correctly as well. From what I've researched so far, I'm aware of http://lists.samba.org/archive/samba/2005-April/103743.html and http://lists.samba.org/archive/samba/2005-June/107028.html which basically state that this migration should be possible using ADMT. As far as I know, I have all prerequisites in places as listed in those postings, however, I still cannot get ADMT to run. It does find the Samba server and recognises it as domain controller for OLDDOMAIN, but when I ask it to migrate SID history as well, I get a rather cryptic error Could not verify auditing and TcpipClientSupport on domains. Will not be able to migrate Sid's. The system cannot find the file specified. Unfortunately, Aunt Google does not have much on that one... Neither tshark nor Process Monitor nor the Samba logs provided any additional clues (that I would recognise), so this was a dead end for the time being. After having checked and re-checked domain trusts, administrator accounts (with equal passwords), SID filters being off, ... on both machines, I then tried a different approach: The sidhist.vbs script from the 2003 support tools, which in theory should be able to accomplish the same. However, when I try to run this script, I also get an error: Error 0x800706BA, Unable to read the configuration information of the computer SAMBA_DC. The error was: The RPC server is unavailable. I've done a lot of searching on this one as well, I even went as far as running tshark on the connection to see whether that would yield any clues - but came up empty yet again. Unfortunately, I'm now at the end of my - limited - knowledge of both Samba and Windows and would therefore like to ask whether anyone on this list may be able to hit me with the appropriate clue stick and/or point me in the direction of the proper TFM. Any tips for solving or even just debugging this are most welcome. Thanks in advance, Thomas Hi Thomas! We did a complete migration from Samba 3.5.9 to Windows2008R2 - but we did not find any windows tool that was helpful to migrate the password and the sid history. So we installed a AD domain with a Win2008R2 Server and joined a Samba 4 pre 17. Then we migrated all (6000!) accounts with the windows based active directory migration tool version 2 (all higher ones are not working) and run a script that converted the hash from password in the form that Samba 4 stores it and feed that together with the sid history into the Samba 4 database directly (with ldbedit tools). Samba synced that with the win2008R2 Server and that was almost working Almost meens, that a windows 7 client can only authenticate (the user of course) if its request hits a samba server and if the password never expire flag is set. If a user sets its password on the new AD domain then it was working with a win2008R2 server too. WinXP does not show this behaviour. We force the users to change there passwords quickly so we could shut down the Sambas a few days after the migration. The Sid history was working without any problems, from the beginning. That is/was our working way regars Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntlm_auth NT_STATUS_INVALID_HANDLE with windbind
Thank you very much for your answer; a very detailed answer! I hope you will find few more minutes to clarify the things I didn't understand... particularly the Fumiyas law :-) wbinfo should show three domains: # wbinfo -m BULITIN YOUR_DOMAIN YOUR_SERVER In my case MY_SERVER is missing. # net getdomainsid SID for local machine YOUR_SERVER is: LOCAL-SID SID for domain YOUR_DOMAIN is: DOMAIN-SID Ok. In my case local and domain sids are the same # ldapsearch -xLLL ((objectclass=sambaDomain)(sambaDomainName=*)) I don't use ldap, but the simple tdbsam. I'm trying to switch to openldap, but I'm in trouble as far as I can't find a working guide. As you can confirm later, for example, smbldaptools has some bugs but I have never read about them. and finally # wbinfo --ping-dc MUST succeed Ok, it succeed As SATOH Fumiyas tells us, one SHOULD join without a running winbindd Daemon. # net rpc join -S localhost -U administrator One are NOT joining localhost! One join $HOSTNAME!! Sorry, I don't understand.. Verify with # net rpc testjoin Join to 'YOUR_DOMAIN' is OK ..but this works :-) and # pdbedit -v $HOSTNAME$ Account Flags:[S ] User SID: DOMAIN-SID-SERVER-RID Primary Group SID:DOMAIN-SID-515 Ok, but I have a problem: the PG-SID ends with 3007 Primary Group SID:DOMAIN-SID-3007 All our machines have this issue.. because # net groupmap list|grep 3007 Domain Computers (DOMAIN-SID-3007) - msmachines I don't know why.. I remember it was 515.. I'm confused, it's very strange. How can I have changed it? Many other SID ends in 30xx I don't know if this can cause the following problem. # wbinfo -a user%secret plaintext password authentication succeeded challenge/response password authentication succeeded and this fails It works for me with Samba 3.5.6 and also with 3.5.11 from backports :-) Perfect, so I'm sure I can make it works :-) Are you using the windbind.conf workaround? Step-by-step guide You should verify these three groups: # net sam list builtin administrators guests users For me guest is missing # net sam show administrators BUILTIN\administrators is a Local Group with SID S-1-5-32-544 # net sam show guests BUILTIN\guests is a Local Group with SID S-1-5-32-546 # net sam show users BUILTIN\users is a Local Group with SID S-1-5-32-545 Finally a perfect result! :-) and verify that these groups have their default members: # net rpc group members Administrators YOUR_DOMAIN\Domain Admins # net rpc group members guests YOUR_DOMAIN\Domain Guests # net rpc group members users YOUR_DOMAIN\Domain Users Strange, it ask me for root's password, but: Could not connect to server 127.0.0.1 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE You must have a valid idmap alloc setup and have stored the secret in secrets.tdb smb.conf: I hope idmap secret refers to a ldpap password. will store user and passord in secrets.tdb, so that winbindd has enough rights to work. If your administrator account has uidnumber=0, you may use this account. stop samba, start winbind, start samba wait some seconds, winbindd will now create the third domain which has the name of your PDCs hostname. I lost myself.. because I cant' distinguish the ldap from the tdbsam operations. In my case, with tdbsam, winbind needs to find a password in secret.tdb? HINT when I checked winbindd.conf with testparm, I have get some errors, until I put an empty or comment line before the line with the include statement :-) . Here it doesn't need it :-) I will try to know how is possible to have Sid ending in 3007, but I'm sure I have some problem in the tdbsam database as far I can't delete some machine accounts. Probably it could be better to solve this problem before all others (tdbbackup -s should be enaugh.. ). Alessandro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Codepage Problem?
On Mon, Oct 17, 2011 at 11:57:13PM +0200, Philipp Schmiedeknecht wrote: Hi, I have the following logs in log.smbd: - [2011/10/17 16:40:54.464688, 3] smbd/process.c:1485(process_smb) Transaction 2732 of length 200 (0 toread) [2011/10/17 16:40:54.464704, 3] smbd/process.c:1294(switch_message) switch message SMBntcreateX (pid 19814) conn 0x7fa6eeb5d430 [2011/10/17 16:40:54.464753, 3] smbd/msdfs.c:746(dfs_redirect) dfs_redirect: Not redirecting \vera\Extern\SomeFolder\Sîÿÿ. [2011/10/17 16:40:54.464768, 3] smbd/msdfs.c:757(dfs_redirect) dfs_redirect: Path \vera\Extern\SomeFolder\Sîÿÿ converted to non-dfs path SomeFolder/Sîÿÿ [2011/10/17 16:40:54.464804, 3] smbd/vfs.c:851(check_reduced_name) check_reduced_name [SomeFolder/Sîÿÿ] [/raid/extern] [2011/10/17 16:40:54.464839, 3] smbd/vfs.c:1008(check_reduced_name) check_reduced_name: SomeFolder/Sîÿÿ reduced to /raid/extern/SomeFolder/Sîÿÿ [2011/10/17 16:40:54.464855, 3] smbd/vfs.c:851(check_reduced_name) check_reduced_name [SomeFolder/Sîÿÿ] [/raid/extern] [2011/10/17 16:40:54.464889, 3] smbd/vfs.c:1008(check_reduced_name) check_reduced_name: SomeFolder/Sîÿÿ reduced to /raid/extern/SomeFolder/Sîÿÿ [2011/10/17 16:40:54.464912, 3] smbd/dosmode.c:166(unix_mode) unix_mode(SomeFolder/Sîÿÿ) returning 0744 [2011/10/17 16:40:54.464927, 3] smbd/vfs.c:851(check_reduced_name) check_reduced_name [SomeFolder/Sîÿÿ] [/raid/extern] [2011/10/17 16:40:54.464961, 3] smbd/vfs.c:1008(check_reduced_name) check_reduced_name: SomeFolder/Sîÿÿ reduced to /raid/extern/SomeFolder/Sîÿÿ [2011/10/17 16:40:54.464978, 3] smbd/error.c:80(error_packet_set) error packet at smbd/error.c(160) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND - Sîÿÿ of course is no existing file. Is this caused by a wrong codepage configuration? In my smb.conf no codepage is configured That should mean utf8. Is \vera\Extern\SomeFolder\Sîÿÿ actually the path sent by the client ? Can you look at a wireshark trace, or a debug level 10 log ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-10-18-0840/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-10-18-0840/samba3.stderr http://git.samba.org/autobuild.flakey/2011-10-18-0840/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-10-18-0840/samba4.stderr http://git.samba.org/autobuild.flakey/2011-10-18-0840/samba4.stdout The top commit at the time of the failure was: commit 5954a37997a786a8808ee2544b594a0c90f1c893 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 18 11:33:33 2011 +1100 lib/param: Remove parameters for wins and spoolss databases This removes the smb.conf parameters per-database, replacing these with hard-coded database names in well known (and configurable) directories. The wins.ldb is now always in the state dir, rather than being in both state and lock dir (ie, a bug). Less smb.conf parameters means less parameters to try and sync up between the loadparm subsystems. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Oct 18 05:39:54 CEST 2011 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9b407ee s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array from 5954a37 lib/param: Remove parameters for wins and spoolss databases http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed Author: Stefan Metzmacher me...@samba.org Date: Mon Oct 17 14:20:45 2011 +0200 s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104 --- Summary of changes: source4/auth/unix_token.c | 48 +--- 1 files changed, 31 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c index b7657aa..765bf06 100644 --- a/source4/auth/unix_token.c +++ b/source4/auth/unix_token.c @@ -33,28 +33,27 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, struct security_token *token, struct security_unix_token **sec) { - int i; + uint32_t s, g; NTSTATUS status; struct id_map *ids; struct composite_context *ctx; - *sec = talloc(mem_ctx, struct security_unix_token); /* we can't do unix security without a user and group */ if (token-num_sids 2) { return NT_STATUS_ACCESS_DENIED; } - ids = talloc_array(mem_ctx, struct id_map, token-num_sids); - NT_STATUS_HAVE_NO_MEMORY(ids); + *sec = talloc_zero(mem_ctx, struct security_unix_token); + if (*sec == NULL) { + return NT_STATUS_NO_MEMORY; + } - (*sec)-ngroups = token-num_sids - 2; - (*sec)-groups = talloc_array(*sec, gid_t, (*sec)-ngroups); - NT_STATUS_HAVE_NO_MEMORY((*sec)-groups); + ids = talloc_zero_array(mem_ctx, struct id_map, token-num_sids); + NT_STATUS_HAVE_NO_MEMORY(ids); - for (i=0;itoken-num_sids;i++) { - ZERO_STRUCT(ids[i].xid); - ids[i].sid = token-sids[i]; - ids[i].status = ID_UNKNOWN; + for (s=0; s token-num_sids; s++) { + ids[s].sid = token-sids[s]; + ids[s].status = ID_UNKNOWN; } ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token-num_sids, ids); @@ -63,8 +62,20 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, status = wbc_sids_to_xids_recv(ctx, ids); NT_STATUS_NOT_OK_RETURN(status); - if (ids[0].xid.type == ID_TYPE_BOTH || - ids[0].xid.type == ID_TYPE_UID) { + g = token-num_sids; + if (ids[0].xid.type != ID_TYPE_BOTH) { + g--; + } + (*sec)-ngroups = g; + (*sec)-groups = talloc_array(*sec, gid_t, (*sec)-ngroups); + NT_STATUS_HAVE_NO_MEMORY((*sec)-groups); + + g=0; + if (ids[0].xid.type == ID_TYPE_BOTH) { + (*sec)-uid = ids[0].xid.id; + (*sec)-groups[g] = ids[0].xid.id; + g++; + } else if (ids[0].xid.type == ID_TYPE_UID) { (*sec)-uid = ids[0].xid.id; } else { return NT_STATUS_INVALID_SID; @@ -73,14 +84,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, if (ids[1].xid.type == ID_TYPE_BOTH || ids[1].xid.type == ID_TYPE_GID) { (*sec)-gid = ids[1].xid.id; + (*sec)-groups[g] = ids[1].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } - for (i=0;i(*sec)-ngroups;i++) { - if (ids[i+2].xid.type == ID_TYPE_BOTH || - ids[i+2].xid.type == ID_TYPE_GID) { - (*sec)-groups[i] = ids[i+2].xid.id; + for (s=2; s token-num_sids; s++) { + if (ids[s].xid.type == ID_TYPE_BOTH || + ids[s].xid.type == ID_TYPE_GID) { + (*sec)-groups[g] = ids[s].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 56328a4 s3/doc: add man page for aio_fork vfs module from 9b407ee s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6 Author: Björn Jacke b...@sernet.de Date: Tue Oct 18 10:54:56 2011 +0200 s3/doc: add man page for aio_fork vfs module thanks to Volker for the content Autobuild-User: Björn Jacke b...@sernet.de Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104 --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml | 86 1 files changed, 86 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_aio_fork.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml new file mode 100644 index 000..af69d9a --- /dev/null +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -0,0 +1,86 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=vfs_aio_fork.8 + +refmeta + refentrytitlevfs_aio_fork/refentrytitle + manvolnum8/manvolnum + refmiscinfo class=sourceSamba/refmiscinfo + refmiscinfo class=manualSystem Administration tools/refmiscinfo + refmiscinfo class=version3.6/refmiscinfo +/refmeta + + +refnamediv + refnamevfs_aio_fork/refname + refpurposeimplement async I/O in Samba vfs/refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandvfs objects = aio_fork/command + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + + paraThis VFS module is part of the + citerefentryrefentrytitlesamba/refentrytitle + manvolnum7/manvolnum/citerefentry suite./para + + paraThe commandaio_fork/command VFS module enables async + I/O for Samba on platforms where the system level Posix AIO + interface is insufficient. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor. /para + + paraTo work around all these limitations, the aio_fork module + was written. It uses forked helper processes instead of the + internal Posix AIO interface to create asynchronousity for + read and write calls. It has no parameters, it will create + helper processes when async requests come in as needed. Idle + helper processes will be removed every 30 seconds. + /para + + paraThis module is stackable./para + +/refsect1 + + +refsect1 + titleEXAMPLES/title + + paraStraight forward use:/para + +programlisting +smbconfsection name=[cooldata]/ + smbconfoption name=path/data/ice/smbconfoption + smbconfoption name=vfs objectsaio_fork/smbconfoption +/programlisting + +/refsect1 + +refsect1 + titleVERSION/title + + paraThis man page is correct for version 3.6.0 of the Samba suite. + /para +/refsect1 + +refsect1 + titleAUTHOR/title + + paraThe original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed./para + +/refsect1 + +/refentry -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 94799db s3-auth move the s3 auth context onto gensec_ntlmssp once we start via fa12756 s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c via f9b0426 s3-ntlmssp split auth_ntlmssp_client_start() into two parts via fbd s3-rpc_client remove cli_auth_ntlmssp_data_destructor from 56328a4 s3/doc: add man page for aio_fork vfs module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 94799db9b5d33ded34ad3e934da673a44d48094a Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 18 16:34:27 2011 +1100 s3-auth move the s3 auth context onto gensec_ntlmssp once we start We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104 commit fa1275610b3c7cad75b5b86ae4b32d8781d1acc0 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 18 16:16:02 2011 +1100 s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans-gensec_security) everywhere. Andrew Bartlett commit f9b042641f9c6615f6a4b102f0182de545d6a19a Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 17 20:19:11 2011 +1100 s3-ntlmssp split auth_ntlmssp_client_start() into two parts This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett commit fbdade7d54b19bfcdc2addc685abd165eddf Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 17 20:00:02 2011 +1100 s3-rpc_client remove cli_auth_ntlmssp_data_destructor This can be an ordinary talloc child without causing any problem. This seems to have been inherited from a time when ntlmssp_client_start() returned malloc() based memory. Andrew Bartlett --- Summary of changes: source3/auth/auth_ntlmssp.c|4 +- source3/include/ntlmssp_wrap.h | 17 ++- source3/librpc/crypto/cli_spnego.c | 11 +- source3/libsmb/clifsinfo.c | 11 +- source3/libsmb/ntlmssp_wrap.c | 281 +--- source3/rpc_client/cli_pipe.c | 20 +-- 6 files changed, 229 insertions(+), 115 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 7509840..e22db82 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -406,7 +406,7 @@ NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const talloc_get_type_abort(auth_ntlmssp_state-gensec_security-private_data, struct gensec_ntlmssp_context); - gensec_ntlmssp-auth_context = auth_ntlmssp_state-auth_context; + gensec_ntlmssp-auth_context = talloc_move(gensec_ntlmssp, auth_ntlmssp_state-auth_context); return NT_STATUS_OK; } @@ -464,7 +464,7 @@ NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_sta talloc_get_type_abort(auth_ntlmssp_state-gensec_security-private_data, struct gensec_ntlmssp_context); - gensec_ntlmssp-auth_context = auth_ntlmssp_state-auth_context; + gensec_ntlmssp-auth_context = talloc_move(gensec_ntlmssp, auth_ntlmssp_state-auth_context); return NT_STATUS_OK; } diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index 863c359..bfbfdeb 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -26,10 +26,12 @@ struct gensec_security; struct auth_ntlmssp_state { /* used only by server implementation */ struct auth_context *auth_context; - struct gensec_security *gensec_security; - + /* used only by the client implementation */ - struct ntlmssp_state *ntlmssp_state; + struct cli_credentials *credentials; + + /* used by both */ + struct gensec_security *gensec_security; }; NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans, @@ -74,9 +76,8 @@ NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx, const DATA_BLOB request, DATA_BLOB *reply); -NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx, - const char *netbios_name, - const char *netbios_domain, - bool use_ntlmv2, - struct auth_ntlmssp_state
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 31c00e9 Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455). from 47f1e50 WHATSNEW: Update changes since 3.6.0. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 31c00e9314e735505590f98565dcb5aa58453d0e Author: Wilco Baan Hofman wi...@baanhofman.nl Date: Mon Oct 17 21:24:41 2011 +0200 Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455). Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104 (cherry picked from commit c52b571506874987ba626c25e9692fbe2251b7e2) --- Summary of changes: source3/auth/server_info.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index c6d68c2..dc5b15f 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -279,8 +279,8 @@ static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3, if (info3-base.primary_gid == rid) continue; /* store domain group rid */ - groups-rids[i].rid = rid; - groups-rids[i].attributes = attributes; + groups-rids[groups-count].rid = rid; + groups-rids[groups-count].attributes = attributes; groups-count++; continue; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 51f87fc s3/doc: add man page for aio_fork vfs module from 31c00e9 Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 51f87fce55d160abed6b04ea27f53f254d2db474 Author: Björn Jacke b...@sernet.de Date: Tue Oct 18 10:54:56 2011 +0200 s3/doc: add man page for aio_fork vfs module thanks to Volker for the content Autobuild-User: Björn Jacke b...@sernet.de Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104 (cherry picked from commit 56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6) --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml | 86 1 files changed, 86 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_aio_fork.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml new file mode 100644 index 000..af69d9a --- /dev/null +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -0,0 +1,86 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=vfs_aio_fork.8 + +refmeta + refentrytitlevfs_aio_fork/refentrytitle + manvolnum8/manvolnum + refmiscinfo class=sourceSamba/refmiscinfo + refmiscinfo class=manualSystem Administration tools/refmiscinfo + refmiscinfo class=version3.6/refmiscinfo +/refmeta + + +refnamediv + refnamevfs_aio_fork/refname + refpurposeimplement async I/O in Samba vfs/refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandvfs objects = aio_fork/command + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + + paraThis VFS module is part of the + citerefentryrefentrytitlesamba/refentrytitle + manvolnum7/manvolnum/citerefentry suite./para + + paraThe commandaio_fork/command VFS module enables async + I/O for Samba on platforms where the system level Posix AIO + interface is insufficient. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor. /para + + paraTo work around all these limitations, the aio_fork module + was written. It uses forked helper processes instead of the + internal Posix AIO interface to create asynchronousity for + read and write calls. It has no parameters, it will create + helper processes when async requests come in as needed. Idle + helper processes will be removed every 30 seconds. + /para + + paraThis module is stackable./para + +/refsect1 + + +refsect1 + titleEXAMPLES/title + + paraStraight forward use:/para + +programlisting +smbconfsection name=[cooldata]/ + smbconfoption name=path/data/ice/smbconfoption + smbconfoption name=vfs objectsaio_fork/smbconfoption +/programlisting + +/refsect1 + +refsect1 + titleVERSION/title + + paraThis man page is correct for version 3.6.0 of the Samba suite. + /para +/refsect1 + +refsect1 + titleAUTHOR/title + + paraThe original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed./para + +/refsect1 + +/refentry -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c48f8ae s3/doc: add man page for aio_fork vfs module from c6e2256 Fix bug #8515 - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c48f8ae21b8279b9b62aca5e04eb1547c6dbd9c6 Author: Björn Jacke b...@sernet.de Date: Tue Oct 18 10:54:56 2011 +0200 s3/doc: add man page for aio_fork vfs module thanks to Volker for the content Autobuild-User: Björn Jacke b...@sernet.de Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104 (cherry picked from commit 56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6) (cherry picked from commit 51f87fce55d160abed6b04ea27f53f254d2db474) Fix bug #8256 (vfs_aio_fork is undocumented). --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml | 86 1 files changed, 86 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_aio_fork.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml new file mode 100644 index 000..af69d9a --- /dev/null +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -0,0 +1,86 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=vfs_aio_fork.8 + +refmeta + refentrytitlevfs_aio_fork/refentrytitle + manvolnum8/manvolnum + refmiscinfo class=sourceSamba/refmiscinfo + refmiscinfo class=manualSystem Administration tools/refmiscinfo + refmiscinfo class=version3.6/refmiscinfo +/refmeta + + +refnamediv + refnamevfs_aio_fork/refname + refpurposeimplement async I/O in Samba vfs/refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandvfs objects = aio_fork/command + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + + paraThis VFS module is part of the + citerefentryrefentrytitlesamba/refentrytitle + manvolnum7/manvolnum/citerefentry suite./para + + paraThe commandaio_fork/command VFS module enables async + I/O for Samba on platforms where the system level Posix AIO + interface is insufficient. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor. /para + + paraTo work around all these limitations, the aio_fork module + was written. It uses forked helper processes instead of the + internal Posix AIO interface to create asynchronousity for + read and write calls. It has no parameters, it will create + helper processes when async requests come in as needed. Idle + helper processes will be removed every 30 seconds. + /para + + paraThis module is stackable./para + +/refsect1 + + +refsect1 + titleEXAMPLES/title + + paraStraight forward use:/para + +programlisting +smbconfsection name=[cooldata]/ + smbconfoption name=path/data/ice/smbconfoption + smbconfoption name=vfs objectsaio_fork/smbconfoption +/programlisting + +/refsect1 + +refsect1 + titleVERSION/title + + paraThis man page is correct for version 3.6.0 of the Samba suite. + /para +/refsect1 + +refsect1 + titleAUTHOR/title + + paraThe original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed./para + +/refsect1 + +/refentry -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e07423a s3-docs: Adapt version... from c48f8ae s3/doc: add man page for aio_fork vfs module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e07423a0d55437fcc85d205214315a21d452cee7 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 18 20:39:49 2011 +0200 s3-docs: Adapt version... in man vfs_aio_fork. Karolin --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml index af69d9a..6eeebef 100644 --- a/docs-xml/manpages-3/vfs_aio_fork.8.xml +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -7,7 +7,7 @@ manvolnum8/manvolnum refmiscinfo class=sourceSamba/refmiscinfo refmiscinfo class=manualSystem Administration tools/refmiscinfo - refmiscinfo class=version3.6/refmiscinfo + refmiscinfo class=version3.5/refmiscinfo /refmeta @@ -69,7 +69,7 @@ refsect1 titleVERSION/title - paraThis man page is correct for version 3.6.0 of the Samba suite. + paraThis man page is correct for version 3.5.0 of the Samba suite. /para /refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 06e007d WHATSNEW: Update changes since 3.6.0. from 51f87fc s3/doc: add man page for aio_fork vfs module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 06e007da09f5162dc2fea60e2c799b516ce475e2 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 18 20:45:34 2011 +0200 WHATSNEW: Update changes since 3.6.0. Karolin --- Summary of changes: WHATSNEW.txt |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2474e04..53c1cc4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -80,7 +80,12 @@ o David Disseldorp dd...@suse.de * BUG 8520: Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements. +o Wilco Baan Hofman wi...@baanhofman.nl +* BUG 8455: Fix uninitialized memory problem in group_sids_to_info3. + + o Björn Jacke b...@sernet.de +* BUG 8256: Add man vfs_aio_fork. * BUG 8363: Fix build of vfs_prealloc on SLES8. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 605d7d9 pdb-interface: Do not use unid_t here from 94799db s3-auth move the s3 auth context onto gensec_ntlmssp once we start http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 605d7d965a33d6a4be632dde9b15abb42801fdaf Author: Simo Sorce i...@samba.org Date: Tue Oct 18 10:44:52 2011 -0400 pdb-interface: Do not use unid_t here This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104 --- Summary of changes: source3/include/passdb.h|4 ++-- source3/passdb/lookup_sid.c | 14 -- source3/passdb/pdb_ads.c| 13 ++--- source3/passdb/pdb_interface.c | 36 source3/passdb/pdb_ldap.c | 15 --- source3/passdb/pdb_samba4.c | 13 ++--- source3/passdb/py_passdb.c |7 --- source3/winbindd/idmap_passdb.c |9 + 8 files changed, 59 insertions(+), 52 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/passdb.h b/source3/include/passdb.h index cd3880c..70b21c9 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -563,7 +563,7 @@ struct pdb_methods bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid, struct dom_sid *sid); bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid, - union unid_t *id, enum lsa_SidType *type); + uid_t *uid, gid_t *gid, enum lsa_SidType *type); uint32_t (*capabilities)(struct pdb_methods *methods); bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid); @@ -868,7 +868,7 @@ bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value); bool pdb_get_seq_num(time_t *seq_num); bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid); bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid); -bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id, +bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid, enum lsa_SidType *type); uint32_t pdb_capabilities(void); bool pdb_new_rid(uint32_t *rid); diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a02c941..cfc78ad 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1193,11 +1193,12 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) enum lsa_SidType type; if (sid_check_is_in_our_domain(psid)) { - union unid_t id; + uid_t uid; + gid_t gid; bool ret; become_root(); - ret = pdb_sid_to_id(psid, id, type); + ret = pdb_sid_to_id(psid, uid, gid, type); unbecome_root(); if (ret) { @@ -1207,7 +1208,7 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) sid_type_lookup(type))); return false; } - *puid = id.uid; + *puid = uid; goto done; } @@ -1234,7 +1235,6 @@ done: static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) { GROUP_MAP *map; - union unid_t id; enum lsa_SidType type; map = talloc_zero(NULL, GROUP_MAP); @@ -1260,10 +1260,12 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) } if (sid_check_is_in_our_domain(psid)) { + uid_t uid; + gid_t gid; bool ret; become_root(); - ret = pdb_sid_to_id(psid, id, type); + ret = pdb_sid_to_id(psid, uid, gid, type); unbecome_root(); if (ret) { @@ -1274,7 +1276,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) sid_type_lookup(type))); return false; } - *pgid = id.gid; + *pgid = gid; goto done; } diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 5742534..8dc9585 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -2204,7 +2204,7 @@ static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid, } static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid, - union unid_t *id, enum
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47aa9ed lib/util: skip single hex digit at the end of the input sting - fix potential segfault via cb47890 lib/util: fix function header comment to strhex_to_str() via 5d91a26 lib/util: untangle assignent from check in strhex_to_str() via 196fd14 s3-util: dbwrap_tool: add fetch fuctions for hex and string via 140b5d7 s3-util: dbwrap_tool: add store hex function via 4874e1f selftest:Samba3: fix signature for check_or_start() via dd6b413 selftest:Samba3: fix a message printed when starting winbindd from 605d7d9 pdb-interface: Do not use unid_t here http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47aa9ed82f67758c3b4d9ab46dd8dd65508a10eb Author: Michael Adam ob...@samba.org Date: Tue Oct 18 18:10:00 2011 +0200 lib/util: skip single hex digit at the end of the input sting - fix potential segfault The second of two digits was read without checking for the length of the input string. For a non-zero-terminated input string, this might have caused a segfault. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Oct 18 22:32:59 CEST 2011 on sn-devel-104 commit cb47890cf2734afff502cf8b95635ebc75bc5974 Author: Michael Adam ob...@samba.org Date: Tue Oct 18 18:07:54 2011 +0200 lib/util: fix function header comment to strhex_to_str() The description did not match the function's behaviour. commit 5d91a2680e594d47ed137b45f79738bddb641cea Author: Michael Adam ob...@samba.org Date: Tue Oct 18 18:03:10 2011 +0200 lib/util: untangle assignent from check in strhex_to_str() commit 196fd147888efec3e1f79efd1e54f5a99e3dd544 Author: Björn Baumbach b...@sernet.de Date: Mon Oct 17 16:08:38 2011 +0200 s3-util: dbwrap_tool: add fetch fuctions for hex and string Signed-off-by: Michael Adam ob...@samba.org commit 140b5d790a8d87eb59e117ad25c7c441f887d6fc Author: Björn Baumbach b...@sernet.de Date: Mon Oct 17 16:05:52 2011 +0200 s3-util: dbwrap_tool: add store hex function Allows the user to store hex blobs in a tdb. Signed-off-by: Michael Adam ob...@samba.org commit 4874e1f5b3a4b959050012d5135be7c1df38552b Author: Michael Adam ob...@samba.org Date: Tue Oct 18 11:37:25 2011 +0200 selftest:Samba3: fix signature for check_or_start() commit dd6b413a57f76abb92110fcce67c957084db80b3 Author: Michael Adam ob...@samba.org Date: Tue Oct 18 11:34:22 2011 +0200 selftest:Samba3: fix a message printed when starting winbindd --- Summary of changes: lib/util/util.c | 28 ++- selftest/target/Samba3.pm |4 +- source3/utils/dbwrap_tool.c | 107 +- 3 files changed, 122 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.c b/lib/util/util.c index b700f37..133bd0d 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -689,15 +689,15 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c) } /** - Routine to get hex characters and turn them into a 16 byte array. - the array can be variable length, and any non-hex-numeric - characters are skipped. 0xnn or 0Xnn is specially catered - for. - - valid examples: 0A5D15; 0x15, 0x49, 0xa2; 59\ta9\te3\n - - -**/ + * Routine to get hex characters and turn them into a byte array. + * the array can be variable length. + * - 0xnn or 0Xnn is specially catered for. + * - The first non-hex-digit character (apart from possibly leading 0x + * finishes the conversion and skips the rest of the input. + * - A single hex-digit character at the end of the string is skipped. + * + * valid examples: 0A5D15; 0x123456 + */ _PUBLIC_ size_t strhex_to_str(char *p, size_t p_len, const char *strhex, size_t strhex_len) { size_t i = 0; @@ -711,14 +711,18 @@ _PUBLIC_ size_t strhex_to_str(char *p, size_t p_len, const char *strhex, size_t i += 2; /* skip two chars */ } - for (; i strhex_len strhex[i] != 0; i++) { - if (!(p1 = strchr(hexchars, toupper((unsigned char)strhex[i] + for (; i+1 strhex_len strhex[i] != 0 strhex[i+1] != 0; i++) { + p1 = strchr(hexchars, toupper((unsigned char)strhex[i])); + if (p1 == NULL) { break; + } i++; /* next hex digit */ - if (!(p2 = strchr(hexchars, toupper((unsigned char)strhex[i] + p2 = strchr(hexchars, toupper((unsigned char)strhex[i])); + if (p2 == NULL) { break; + } /* get the two nybbles */ hinybble = PTR_DIFF(p1, hexchars); diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c17455d..2f23ae3 100755
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8d54bdb vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths. via f5ae41d The last argument to atalk_build_paths() is always false, remove it. from 47aa9ed lib/util: skip single hex digit at the end of the input sting - fix potential segfault http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8d54bdb5e199b2198990ee8d572662a128506337 Author: Jeremy Allison j...@samba.org Date: Tue Oct 18 11:54:53 2011 -0700 vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Oct 19 00:05:45 CEST 2011 on sn-devel-104 commit f5ae41d8235fe54ca04542877059aaa2e287b0c2 Author: Jeremy Allison j...@samba.org Date: Tue Oct 18 11:24:35 2011 -0700 The last argument to atalk_build_paths() is always false, remove it. --- Summary of changes: source3/modules/vfs_netatalk.c | 31 ++- 1 files changed, 14 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c index 8d2c9b7..3e5606b 100644 --- a/source3/modules/vfs_netatalk.c +++ b/source3/modules/vfs_netatalk.c @@ -34,8 +34,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, const char *fname, char **adbl_path, char **orig_path, SMB_STRUCT_STAT *adbl_info, -SMB_STRUCT_STAT *orig_info, -bool fake_dir_create_times); +SMB_STRUCT_STAT *orig_info); static int atalk_unlink_file(const char *path); @@ -61,8 +60,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, const char *fname, char **adbl_path, char **orig_path, SMB_STRUCT_STAT *adbl_info, -SMB_STRUCT_STAT *orig_info, -bool fake_dir_create_times) +SMB_STRUCT_STAT *orig_info) { int ptr0 = 0; int ptr1 = 0; @@ -75,7 +73,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, #if 0 DEBUG(3, (ATALK: PATH: %s[%s]\n, path, fname)); #endif - if (strstr(path, APPLEDOUBLE) || strstr(fname, APPLEDOUBLE)) { + if (strstr_m(path, APPLEDOUBLE) || strstr_m(fname, APPLEDOUBLE)) { DEBUG(3, (ATALK: path %s[%s] already contains %s\n, path, fname, APPLEDOUBLE)); return -1; } @@ -88,7 +86,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, /* get pointer to last '/' */ ptr1 = atalk_get_path_ptr(*orig_path); - sys_lstat(*orig_path, orig_info, fake_dir_create_times); + sys_lstat(*orig_path, orig_info, false); if (S_ISDIR(orig_info-st_ex_mode)) { *adbl_path = talloc_asprintf(ctx, %s/%s/%s/, @@ -103,7 +101,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, #if 0 DEBUG(3, (ATALK: DEBUG:\n%s\n%s\n, *orig_path, *adbl_path)); #endif - sys_lstat(*adbl_path, adbl_info, fake_dir_create_times); + sys_lstat(*adbl_path, adbl_info, false); return 0; } @@ -128,7 +126,7 @@ static void atalk_add_to_list(name_compare_entry **list) if (cur_list) { for (i = 0, count = 0; cur_list[i].name; i ++, count ++) { - if (strstr(cur_list[i].name, APPLEDOUBLE)) + if (strstr_m(cur_list[i].name, APPLEDOUBLE)) return; } } @@ -237,7 +235,7 @@ static int atalk_rmdir(struct vfs_handle_struct *handle, const char *path) * from this module, gotta use talloc stuff.. */ - strstr(path, APPLEDOUBLE) ? (add = False) : (add = True); + strstr_m(path, APPLEDOUBLE) ? (add = False) : (add = True); if (!(ctx = talloc_init(remove_directory))) goto exit_rmdir; @@ -276,7 +274,7 @@ static int atalk_rename(struct vfs_handle_struct *handle, if (atalk_build_paths(talloc_tos(), handle-conn-origpath, oldname, adbl_path, orig_path, adbl_info, - orig_info, false) != 0) + orig_info) != 0) goto exit_rename; if (S_ISDIR(orig_info.st_ex_mode) || S_ISREG(orig_info.st_ex_mode)) { @@ -319,13 +317,13 @@ static int atalk_unlink(struct vfs_handle_struct *handle, if (!handle-conn-hide_list) return ret; for (i = 0; handle-conn-veto_list[i].name; i ++) { - if (strstr(handle-conn-veto_list[i].name, APPLEDOUBLE)) + if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fbf1748 s3: Avoid a winbind 100% cpu loop from 8d54bdb vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fbf17489844a5cfc6d1da8c431ce0194ed4c3f72 Author: Volker Lendecke v...@samba.org Date: Tue Oct 18 21:36:44 2011 +0200 s3: Avoid a winbind 100% cpu loop When a DC goes down hard, winbind can end up in a 100% CPU loop. The next (small) RPC request to the DC ends up as a trans2 request. If the connection goes down, we end up trying to discard the request via the loop in cli_state_notify_pending(). Because this is a trans2 request, cli_smb_req_unset_pending will not kick in. Thus the pending array will always remain at length 1. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/async_smb.c |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index efeb328..dce1b74 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -287,6 +287,14 @@ static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status) req = cli-conn.pending[0]; state = tevent_req_data(req, struct cli_smb_state); + if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_BROKEN)) { + /* +* We're dead. No point waiting for trans2 +* replies. +*/ + state-mid = 0; + } + cli_smb_req_unset_pending(req); /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e1d2b47 s3-docs: Add a clarification note for nss_info primary group membership calculation. via 5543e6c s3-docs: Document Services for Unix 2.0 (sfu20) nss_info ldap schema support. from fbf1748 s3: Avoid a winbind 100% cpu loop http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e1d2b47693375760473829056650bfe44f277a18 Author: Günther Deschner g...@samba.org Date: Wed Oct 19 00:31:07 2011 +0200 s3-docs: Add a clarification note for nss_info primary group membership calculation. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Wed Oct 19 03:10:40 CEST 2011 on sn-devel-104 commit 5543e6c8e5e642b97339ab03a39431c63c949502 Author: Günther Deschner g...@samba.org Date: Wed Oct 19 00:19:58 2011 +0200 s3-docs: Document Services for Unix 2.0 (sfu20) nss_info ldap schema support. Guenther --- Summary of changes: docs-xml/manpages-3/idmap_ad.8.xml |7 ++- docs-xml/smbdotconf/winbind/winbindnssinfo.xml |8 +--- 2 files changed, 11 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml index fbadaf2..96a093d 100644 --- a/docs-xml/manpages-3/idmap_ad.8.xml +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -60,12 +60,17 @@ /para/listitem /varlistentry varlistentry - termschema_mode = lt;rfc2307 | sfu gt;/term + termschema_mode = lt;rfc2307 | sfu | sfu20gt;/term listitempara Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. + For SFU 3.0 or 3.5 please choose sfu, for SFU 2.0 + please choose sfu20. + + Please note that primary group membership is currently always calculated + via the primaryGroupID LDAP attribute. /para/listitem /varlistentry /variablelist diff --git a/docs-xml/smbdotconf/winbind/winbindnssinfo.xml b/docs-xml/smbdotconf/winbind/winbindnssinfo.xml index 318727c..ceff0f6 100644 --- a/docs-xml/smbdotconf/winbind/winbindnssinfo.xml +++ b/docs-xml/smbdotconf/winbind/winbindnssinfo.xml @@ -18,14 +18,16 @@ /listitem listitem - paraparameter moreinfo=nonelt;sfu | rfc2307 gt;/parameter + paraparameter moreinfo=nonelt;sfu | sfu20 | rfc2307 gt;/parameter - When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft Services for Unix (SFU) LDAP schema, winbind can retrieve the login shell and the home - directory attributes directly from your Directory Server. Note that + directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose + sfu, if you use SFU 2.0 please choose sfu20. Note that retrieving UID and GID from your ADS-Server requires to use parameter moreinfo=noneidmap config DOMAIN:backend/parameter = ad - as well. + as well. The primary group membership is currently + always calculated via the primaryGroupID LDAP attribute. /para /listitem /itemizedlist -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 416bf1c samba.getopt: Add some basic tests. via aa7240e samba.getopt: Keep exception message when setting a lp option fails. via eb388cd samba-tool: Improve getopt.py error handling via 20f2034 samba-tool: Improve getopt.py error handling via 8dbf799 samba-tool: Improve getopt.py error handling via 0c342f8 samba-tool: Improve getopt.py error handling from e1d2b47 s3-docs: Add a clarification note for nss_info primary group membership calculation. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 416bf1c677e52b52c1447bb0901f9a12930abdf4 Author: Jelmer Vernooij jel...@samba.org Date: Wed Oct 19 03:35:22 2011 +0200 samba.getopt: Add some basic tests. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Wed Oct 19 05:04:33 CEST 2011 on sn-devel-104 commit aa7240e6cf9d2fcec660116f891fc9c7d6ce39bc Author: Jelmer Vernooij jel...@samba.org Date: Wed Oct 19 01:30:40 2011 +0200 samba.getopt: Keep exception message when setting a lp option fails. commit eb388cddacb42ae30f4ebb2fc846982132d3ad06 Author: Giampaolo Lauria laur...@yahoo.com Date: Mon Oct 17 15:34:47 2011 -0400 samba-tool: Improve getopt.py error handling Modified code to handle -k and --kerberos options to: 1. Throw the correct exception 2. On error, display the correct user's specified option commit 20f2034f380cf13b41ad5054a50edef72e18a6c2 Author: Giampaolo Lauria laur...@yahoo.com Date: Mon Oct 17 15:31:30 2011 -0400 samba-tool: Improve getopt.py error handling Throw an exception when the --option value is invalid commit 8dbf79941f029e7ddcb347c7436038c47eb8115e Author: Giampaolo Lauria laur...@yahoo.com Date: Mon Oct 17 15:28:52 2011 -0400 samba-tool: Improve getopt.py error handling Throw an exception when --option value is not in the form a=b commit 0c342f89860a4f64faf62340741b740603907c0e Author: Giampaolo Lauria laur...@yahoo.com Date: Mon Oct 17 15:22:01 2011 -0400 samba-tool: Improve getopt.py error handling Raise exception when -d or --debuglevel value is 0 --- Summary of changes: source4/scripting/python/samba/getopt.py | 22 ++--- source4/scripting/python/samba/tests/getopt.py | 57 source4/selftest/tests.py |1 + 3 files changed, 73 insertions(+), 7 deletions(-) create mode 100644 source4/scripting/python/samba/tests/getopt.py Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index f939180..8a9d4e5 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -64,6 +64,9 @@ class SambaOptions(optparse.OptionGroup): self._configfile = arg def _set_debuglevel(self, option, opt_str, arg, parser): +if arg 0: +raise optparse.OptionValueError(invalid %s option value: %s % +(opt_str, arg)) self._lp.set('debug level', str(arg)) def _set_realm(self, option, opt_str, arg, parser): @@ -72,10 +75,14 @@ class SambaOptions(optparse.OptionGroup): def _set_option(self, option, opt_str, arg, parser): if arg.find('=') == -1: -print(--option takes a 'a=b' argument) -sys.exit(1) +raise optparse.OptionValueError( +--option option takes a 'a=b' argument) a = arg.split('=') -self._lp.set(a[0], a[1]) +try: +self._lp.set(a[0], a[1]) +except Exception, e: +raise optparse.OptionValueError( +invalid --option option value %r: %s % (arg, e)) def get_loadparm(self): Return loadparm object with data specified on the command line. @@ -105,7 +112,7 @@ class VersionOptions(optparse.OptionGroup): sys.exit(0) -def parse_kerberos_arg(arg): +def parse_kerberos_arg(arg, opt_str): if arg.lower() in [yes, 'true', '1']: return MUST_USE_KERBEROS elif arg.lower() in [no, 'false', '0']: @@ -113,7 +120,8 @@ def parse_kerberos_arg(arg): elif arg.lower() in [auto]: return AUTO_USE_KERBEROS else: -raise optparse.BadOptionError(invalid kerberos option: %s % arg) +raise optparse.OptionValueError(invalid %s option value: %s % +(opt_str, arg)) class CredentialsOptions(optparse.OptionGroup): @@ -159,7 +167,7 @@ class CredentialsOptions(optparse.OptionGroup): self.ipaddress = arg def _set_kerberos(self, option, opt_str, arg, parser): -self.creds.set_kerberos_state(parse_kerberos_arg(arg)) +self.creds.set_kerberos_state(parse_kerberos_arg(arg, opt_str))