[Samba] user.DOSATTRIB defaults to hidden?
Hi all, Is there a way to control the default DOS attributes stored in the user.DOSATTRIB value? I'm using a QNAP NAS device (running Samba) that seems to create files that have the 'hidden' DOS attribute set by the user.DOSATTRIB value as a default. The NAS device's smb.conf has the 'store dos attributes' option set to yes and each of the 'map hidden', 'map system', 'map archive' and 'map readonly' are set to no. Consequently, the DOS attributes of files are controlled by the filesystem extended attribute user.DOSATTRIB, and NOT by the executible bits of the files on the NAS. Changing the DOS attributes from a Windows machine does not modify any of the permissions (ie. the executable bits) of the files on the NAS device. However, I was able to confirm with the getfattr command on the NAS that the user.DOSATTRIB values were changing whenever changes to the DOS attributes were made from the Windows machine. I set this NAS device up recently and rsync'ed my media files to a share on it (from a Linux box). The files themselves had never existed on a Windows box. When browsing the share as guest from a Windows box, none of the files were visible (unless 'show hidden files' was enabled on the Windows box). This issue has been bothering many users of the QNAP NAS devices as well as users of some other brands too. When I first copied the files to the NAS, I assume it was Samba that would have originally set the user.DOSATTRIB values? If so, why would they be set as 'hidden' by default? From a Linux box, I am able to recursively modify the user.DOSATTRIB values using smbclient as follows: cd /mountpoint find * -type f -exec smbclient -N -c 'setmode {} -h' //server/sharename \; However, it is not clear to me why they would be set to 'hidden' in the first place. If 'store dos attributes' is set to 'yes' in smb.conf, does the 'create mask' setting affect the user.DOSATTRIB values? One other weird thing - if I unset the world readable bit on these files (from the NAS box), they are no longer hidden from the point of view of the Windows machine (though they are no longer readable). It seems like the permissions are still mapping the DOS attributes in some way even though the map hidden option is set to no. What's weird though is that it isn't one of the executable bits as documented in the Samba documentation that is modifying the hidden attribute. Grateful for any insights into these issues. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba with LDAP Authentication
Check out SASL library's On 01/10/2012 04:35 PM, steve wrote: On 01/10/2012 09:50 PM, Amit More wrote: Hello All, I want to authenticate existing LDAP users to samba shares. From what i have been reading, it seems like there are two ways to achieve this 1. Configure samba to use plaintext passwords (encrypt passwords = no in smb.conf) and configure clients to send unencrypted passwords. 2. Use smbpasswd utility to add users. Using this utility the user's samba password will be different from the LDAP password. I don't want to use plaintext authentication so cannot use the first method described here. I also want the samba password to be the same as the LDAP password and must be in sync. Is there anyway to achieve this? Can anyone please point me in the right direction? I would really appreciate your help. Thanks, Amit Hi. We have a one password solution like you describe running on openSUSE. There is a good howto here: http://digiplan.eu.org/ldap-samba-howto-v4.html It may get you started at least. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] debian samba pdc
I try to join a debian squeeze box with a debian woody samba pdc. I use samba and winbind on the squeeze box to join with the woody but keeps getting this error when doing net rpc info or net rpc testdomain root@steinerpc1:~# net rpc testjoin cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \netlogon failed with error NT_STATUS_UNSUCCESSFUL net_rpc_join_ok: failed to get schannel session key from server woodyserver for domain domain on woody box. Error was NT_STATUS_UNSUCCESSFUL Join to domain 'domain on woody box' is not valid: NT_STATUS_UNSUCCESSFUL joining to another debian squeeze pdc is possible however. i have no log files access at the debian woody box -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.10 and Windows 7 DNS Issues
Having a hard time getting Samba 3.5.10 on Centos 6 and Windows 7 to play nice. The Windows 7 clients are on a windows domain, DFBFL.ad.foo.com, but the Samba server is not a member of this domain. Security level in samba is set to USER. I can successfully browe and access samba shares utilizing the IP, \\10.70.147.151\file:///\\10.70.147.151\, but cannot using the DNS name, \\hhl-webdev\file:///\\hhl-webdev\ or \\HHL-WEBDEV\file:///\\HHL-WEBDEV\ or \\HHL-WEBDEV.DFBFL.AD.FOO.COM\file:///\\HHL-WEBDEV.DFBFL.AD.FOO.COM\. Hitting it via DNS name results in continual password prompts. Processes running: [root@hhl-webdevmailto:root@hhl-webdev samba]# netstat -anp | grep mbd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 12381/smbd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 12381/smbd udp 0 0 10.70.147.255:137 0.0.0.0:* 12392/nmbd udp 0 0 10.70.147.151:137 0.0.0.0:* 12392/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 12392/nmbd udp 0 0 10.70.147.255:138 0.0.0.0:* 12392/nmbd udp 0 0 10.70.147.151:138 0.0.0.0:* 12392/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 12392/nmbd unix 2 [ ] DGRAM 9890070 12392/nmbd SMB.CONF: [global] workgroup = DFBFL netbios name = HHL-WEBDEV log file = /var/log/samba/log.%m security = user passdb backend = tdbsam [homes] comment = Home Directories browseable = no writable = yes Nslookup on windows: C:\Windows\System32nslookup HHL-WEBDEV Server: dfbfldc01.dfbfl.ad.harte-hanks.com Address: 10.70.147.13 Non-authoritative answer: Name: HHL-WEBDEV.harte-hanks.com Address: 10.70.147.151 C:\Windows\System32ping hhl-webdev Pinging hhl-webdev.harte-hanks.com [10.70.147.151] with 32 bytes of data: Reply from 10.70.147.151: bytes=32 time1ms TTL=64 Reply from 10.70.147.151: bytes=32 time1ms TTL=64 Reply from 10.70.147.151: bytes=32 time1ms TTL=64 Ping statistics for 10.70.147.151: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-3.6.0-server frequent crashes
Greetings, I have a samba server deployed. The machine has these: cpu: amd64 -4 cores motherboard :GA-990XA-UD3 with 6 sata ports and StarTech 2 Port SATA 6Gbps PCIe SATA Card memory: 16GBytes disks:raid 10 (6 disks) os:cblfs/linux kernel-3.1.5 pure 64bit and samba-3.6.0 The machine in deployed as a data-storage-devicefor windows7-based machines doing 3d graphics rendering using 3d-StudioMax. There are 8 client machines with plans to expand this to ~20. The rendering machins do frequent writes and reads to the samba server which also runs linux software raid (RAID10).The smb.conf has these: [global] workgroup = WORKGROUP netbios name = WHATEVER server string = Samba %v on (%L) encrypt passwords = True security = user smb passwd file = /etc/smbpasswd log file = /var/log/sambaUSER-log.%m socket options = IPTOS_LOWDELAY TCP_NODELAY hosts allow = 192.168.0. 127. host deny = 0.0.0.0/0 interfaces = eth* lo bind interfaces only = yes dos charset = cp850 unix charset = ISO-8859-1 load printers = yes max log size = 50 local master = yes printing = cups guest account = guest os level = 99 dns proxy = no wins support = yes #[ipc$] #hosts allow = 192.168.0.0/24 127.0.0.1 #hosts deny = 0.0.0.0/0 [homes] comment = Home Directories valid users = %S read only = no browseable = no [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes printable = yes browseable = yes writable = no create mask = 0700 public = yes there is no firewall yet It is a new setup and the server is crashing daily. We do not know the cause of the crashes but here are some unusual ways the server us currently used: --a) because of work pressures 8 users are logged in with the same name to write to a publically accessible share. Could is be the cause of the crashes? --b) Could there be a mismatch of sata types as the startech sata card though rated as the same 6Gbps transfer speed as motherbard-integrated raid , is a different asic AND IF SO could this be causing the problems? --c)Are there settings in smb.conf which can increase the data-transferred rate vin the eternet ( bonding NIC's for example) and if so how so. Advice would be much appreciated. sincerely lux-integ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] MSDFS on [homes] share for two samba servers
Hello list, we have two samba servers on two localities with bigger distance between them. On both localities there are organizational staff working. And I am trying to configure homedirectories for all of staff in this way: - all users will have same beginning part of URL path where is their homedir located (i.e. \\files.example.com\loginname) for unification and central acces - but because the lower speed link between both localities there is need to locate homedirs: -- for locality A - on server A on that locality -- for locality B - on server B on that locality fine, thats are requirements. So I have decided to use MSDFS in combination with [homes] in this way: - on server A (which will acts as files.example.com) there will be homedirs MSDFS links for users on locality B pointed to their real homedirs on server B (with classic symlink syntax user_on_locality_B - msdfs:IP_of_server_B\user_on_locality_B ) So if user Bob from locality B will access its homedir, it will be transparently redirected from Server A to its homedir on closest server B. this is nice theory. but in practicle, is this feasible with current version of samba 3.x? What is the best practicles for cases like this mine? Is there any way for dispatching homedirs to two/more servers? thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Newbie question but an Easy one
Please send all questions to the list as well. I can not always answer in a timely fashion. -- Forwarded message -- From: Craig Ham mrc...@wsa.net Date: Wed, Jan 11, 2012 at 3:36 PM Subject: Re: [Samba] Newbie question but an Easy one To: John Drescher dresche...@gmail.com John So I've got Ubuntu and Samba server up and running. I create a user in linux and on samba, both same username and password. I get to a workstation and double click the server name, I enter the samba username and password but fail to log in. What am I missing? On Tue, Nov 22, 2011 at 12:51 PM, John Drescher dresche...@gmail.com wrote: Our school needs to replace our Novell server. We have a collection of XP Pro computers and a few XP Home, Win98, Win95 and Win2000 computers. All we need is file sharing. Can Samba be setup so that all these computers can access a file share (F:\ or G:\) and run the program on the client pc? Yes of course. What would be the minimum HW required for Samba server? This depends on what type of performance you need. You can run samba on 2W arm based cpus if you want. John -- Mr. Craig Ham Technology Coordinator Westminster Schools of Augusta 3067 Wheeler Road Augusta, GA 30909 (706) 731-5260 x2314 Fax (706) 731-5274 -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Newbie question but an Easy one
On Wed, Jan 11, 2012 at 03:36:03PM -0500, Craig Ham wrote: Jeremy So I've got Ubuntu and Samba server up and running. I create a user in linux and on samba, both same username and password. I get to a workstation and double click the server name, I enter the samba username and password but fail to log in. What am I missing? Please ask questions like this on the sa...@samba.org mailing list. For a short answer, you need to ensure that the Samba users is created using smbpasswd -a username, with the same Windows password. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-3.6.0-server frequent crashes
On Wed, Jan 11, 2012 at 05:28:59PM +, luxInteg wrote: Greetings, I have a samba server deployed. The machine has these: cpu: amd64 -4 cores motherboard :GA-990XA-UD3 with 6 sata ports and StarTech 2 Port SATA 6Gbps PCIe SATA Card memory: 16GBytes disks:raid 10 (6 disks) os:cblfs/linux kernel-3.1.5 pure 64bit and samba-3.6.0 The machine in deployed as a data-storage-devicefor windows7-based machines doing 3d graphics rendering using 3d-StudioMax. There are 8 client machines with plans to expand this to ~20. The rendering machins do frequent writes and reads to the samba server which also runs linux software raid (RAID10).The smb.conf has these: [global] workgroup = WORKGROUP netbios name = WHATEVER server string = Samba %v on (%L) encrypt passwords = True security = user smb passwd file = /etc/smbpasswd log file = /var/log/sambaUSER-log.%m socket options = IPTOS_LOWDELAY TCP_NODELAY hosts allow = 192.168.0. 127. host deny = 0.0.0.0/0 interfaces = eth* lo bind interfaces only = yes dos charset = cp850 unix charset = ISO-8859-1 load printers = yes max log size = 50 local master = yes printing = cups guest account = guest os level = 99 dns proxy = no wins support = yes #[ipc$] #hosts allow = 192.168.0.0/24 127.0.0.1 #hosts deny = 0.0.0.0/0 [homes] comment = Home Directories valid users = %S read only = no browseable = no [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes printable = yes browseable = yes writable = no create mask = 0700 public = yes there is no firewall yet It is a new setup and the server is crashing daily. We do not know the cause of the crashes but here are some unusual ways the server us currently used: When you say the server is crashing daily do you mean kernel panics/freezes ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 kerberos and kinit
Hi After starting Samba 4, before anyone can do anything, Administrator has to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0 with an expiry time. I've created a host principal and put it into the keytab: samba-tool spn add host someuser samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE How can I keep Samba 4 up without having to get a new Administrator ticket every 10 hours? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] user.DOSATTRIB defaults to hidden?
On Wed, Jan 11, 2012 at 07:48:35PM +1100, x20120...@brindabella.org wrote: Hi all, Is there a way to control the default DOS attributes stored in the user.DOSATTRIB value? I'm using a QNAP NAS device (running Samba) that seems to create files that have the 'hidden' DOS attribute set by the user.DOSATTRIB value as a default. The NAS device's smb.conf has the 'store dos attributes' option set to yes and each of the 'map hidden', 'map system', 'map archive' and 'map readonly' are set to no. Consequently, the DOS attributes of files are controlled by the filesystem extended attribute user.DOSATTRIB, and NOT by the executible bits of the files on the NAS. Changing the DOS attributes from a Windows machine does not modify any of the permissions (ie. the executable bits) of the files on the NAS device. However, I was able to confirm with the getfattr command on the NAS that the user.DOSATTRIB values were changing whenever changes to the DOS attributes were made from the Windows machine. I set this NAS device up recently and rsync'ed my media files to a share on it (from a Linux box). The files themselves had never existed on a Windows box. When browsing the share as guest from a Windows box, none of the files were visible (unless 'show hidden files' was enabled on the Windows box). This issue has been bothering many users of the QNAP NAS devices as well as users of some other brands too. When I first copied the files to the NAS, I assume it was Samba that would have originally set the user.DOSATTRIB values? If so, why would they be set as 'hidden' by default? From a Linux box, I am able to recursively modify the user.DOSATTRIB values using smbclient as follows: cd /mountpoint find * -type f -exec smbclient -N -c 'setmode {} -h' //server/sharename \; However, it is not clear to me why they would be set to 'hidden' in the first place. If 'store dos attributes' is set to 'yes' in smb.conf, does the 'create mask' setting affect the user.DOSATTRIB values? No. One other weird thing - if I unset the world readable bit on these files (from the NAS box), they are no longer hidden from the point of view of the Windows machine (though they are no longer readable). It seems like the permissions are still mapping the DOS attributes in some way even though the map hidden option is set to no. What's weird though is that it isn't one of the executable bits as documented in the Samba documentation that is modifying the hidden attribute. Grateful for any insights into these issues. Samba won't set the files as hidden by default. When you first copy files to the server from the Windows box do a debug level 10 of one file copy and see if you can see what might be going wrong. No version of Samba from samba.org will set the files as hidden by default. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 kerberos and kinit
2012-01-11 23:48 keltezéssel, steve írta: Hi After starting Samba 4, before anyone can do anything, Administrator has to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0 with an expiry time. I've created a host principal and put it into the keytab: samba-tool spn add host someuser samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE How can I keep Samba 4 up without having to get a new Administrator ticket every 10 hours? Thanks, Steve That looks really strange. Could you send your smb.conf an output from ls -R /path/to/your/samba4/installation (assuming you aren't using some prepackaged version, but you've done a classic configure, make, make install). I've cc-ed samba-technical. Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 kerberos and kinit
On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote: 2012-01-11 23:48 keltezéssel, steve írta: Hi After starting Samba 4, before anyone can do anything, Administrator has to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0 with an expiry time. I've created a host principal and put it into the keytab: samba-tool spn add host someuser samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE How can I keep Samba 4 up without having to get a new Administrator ticket every 10 hours? Thanks, Steve That looks really strange. Indeed. Samba does not require a valid ticket in /tmp/krb5cc_0 to operate. It creates it's own internal credentials cache when required using the machine account password. Something else is going on here. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d7dcbcc lib/param: avoid talloc_reference() in copy_service() from 97818fd s3-rpcclient: add deldriverex flags argument http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d7dcbcc42d9a8424ec2204a220b3b912b7be2f70 Author: Stefan Metzmacher me...@samba.org Date: Wed Jan 11 13:47:08 2012 +0100 lib/param: avoid talloc_reference() in copy_service() The memory reduction compared of talloc_reference() over talloc_strdup() is typically very low. As the strings are typically short compared to the talloc header overhead. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed Jan 11 16:13:50 CET 2012 on sn-devel-104 --- Summary of changes: lib/param/loadparm.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 949c404..03ee8f3 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2140,7 +2140,7 @@ static void copy_service(struct loadparm_service *pserviceDest, /* If we already have same option, override it */ if (strcmp(pdata-key, data-key) == 0) { talloc_free(pdata-value); - pdata-value = talloc_reference(pdata, + pdata-value = talloc_strdup(pdata, data-value); not_added = false; break; @@ -2151,8 +2151,8 @@ static void copy_service(struct loadparm_service *pserviceDest, paramo = talloc_zero(pserviceDest, struct parmlist_entry); if (paramo == NULL) smb_panic(OOM); - paramo-key = talloc_reference(paramo, data-key); - paramo-value = talloc_reference(paramo, data-value); + paramo-key = talloc_strdup(paramo, data-key); + paramo-value = talloc_strdup(paramo, data-value); DLIST_ADD(pserviceDest-param_opt, paramo); } data = data-next; -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via b4789d9 Update copyright policy as discussed on list from 53c2a44 Make API a directory, so http://devel.samba.org/API/ works. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit b4789d954b4160f6610adebf3075d05c91d41a18 Author: Lars Müller l...@samba.org Date: Wed Jan 11 18:53:10 2012 +0100 Update copyright policy as discussed on list --- Summary of changes: devel/copyright-policy.html | 173 --- 1 files changed, 147 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/devel/copyright-policy.html b/devel/copyright-policy.html index 9eaadc6..a1d2962 100644 --- a/devel/copyright-policy.html +++ b/devel/copyright-policy.html @@ -4,32 +4,153 @@ h2Samba Copyright Policy/h2 -pThe Samba Team has a policy of asking for contributions to be made -under the personal copyright of the contributor, instead of a -corporate copyright./p - -pThere are three reasons for the establishment of this policy:/p - -ol - liIndividual copyrights make copyright registration in the US a - simpler process./li - liIf Samba is copyrighted by individuals rather than corporations, - decisions regarding enforcement and protection of copyright will, - more likely, be made in the interests of the project, and not - in the interests of any corporation's shareholders./li - liIf we ever need to relicense a portion of the code -- as has happened - in the past with making tdb and ldb LGPL -- contacting individuals - for permission to do so is much easier than contacting a company, - especially in the case of companies that have moved on and no longer - have an interest in Samba./li -/ol - -h2Copyright assignment/h2 - -pIf personal copyright is not feasible for a contribution you wish - to make, then we can also accept contributions which have copyright - assigned to the Software Freedom Conservancy. Please contact a Samba - Team member for more information on copyright assignment. +p +Samba is a project with distributed copyright ownership, which means +we prefer the copyright on parts of Samba to be held by individuals +rather than corporations if possible. There are historical legal +reasons for this, but one of the best ways to explain it is that it's +much easier to work with individuals who have ownership than corporate +legal departments if we ever need to make reasonable compromises with +people using and working with Samba. +/p + +p +We track the ownership of every part of Samba via a href= +http://git.samba.org/;git/a, our source code +control system, so we know the provenance of every piece of code that +is committed to Samba. +/p + +p +So if possible, if you're doing Samba changes on behalf of a company +who normally owns all the work you do please get them to assign +personal copyright ownership of your changes to you as an individual, +that makes things very easy for us to work with and avoids bringing +corporate legal departments into the picture. +/p + +p +If you can't do this we can still accept patches from you owned by +your employer under a standard employment contract with corporate +copyright ownership. It just requires a simple set-up process first. +/p + +p +We use a process very similar to the way things are done in the Linux +kernel community, so it should be very easy to get a sign off from +your corporate legal department. The only changes we've made are to +accommodate the licenses we use, which are +a href=http://www.gnu.org/licenses/gpl-3.0;GPLv3/a and +a href=http://www.gnu.org/licenses/lgpl-3.0;LGPLv3/a (or later) +whereas the Linux kernel uses +a href=http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;GPLv2/a. +/p + +p +The process is called signing. +/p + +h2How to sign your work/h2 + +p +Once you have permission to contribute to Samba from +your employer, simply email a copy of the following text +from your corporate email address to a href= +mailto:contribut...@samba.org;contribut...@samba.org/a +/p + +pre +code +Samba Developer's Certificate of Origin. Version 1.0 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I +have the right to submit it under the appropriate +version of the GNU General Public License; or + +(b) The contribution is based upon previous work that, to the best +of my knowledge, is covered under an appropriate open source +license and I have the right under that license to submit that +work with modifications, whether created in whole or in part +by me, under the GNU General Public License, in the +appropriate version; or + +(c) The contribution was provided directly to me by some other +person who certified (a) or (b) and I have not modified +it. + +(d) I
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f15cf91 Second part of fix for bug #8673 - NT ACL issue. via 6aafd86 First part of fix for bug #8673 - NT ACL issue. from d7dcbcc lib/param: avoid talloc_reference() in copy_service() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f15cf9176df974c8a460db3ce74abf38d3f552ae Author: Jeremy Allison j...@samba.org Date: Tue Jan 10 12:58:13 2012 -0800 Second part of fix for bug #8673 - NT ACL issue. Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104 commit 6aafd8684b92eede3c83f1af49c23cef2deb7e03 Author: Jeremy Allison j...@samba.org Date: Tue Jan 10 12:52:01 2012 -0800 First part of fix for bug #8673 - NT ACL issue. Simplify the logic in the unlink/rmdir calls - makes it readable (and correct). --- Summary of changes: libcli/security/access_check.c |7 +++-- source3/modules/vfs_acl_common.c | 49 -- 2 files changed, 35 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 6bb64ae..1b02a86 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -158,6 +158,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, { uint32_t i; uint32_t bits_remaining; + uint32_t explicitly_denied_bits = 0; *access_granted = access_desired; bits_remaining = access_desired; @@ -232,15 +233,15 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, break; case SEC_ACE_TYPE_ACCESS_DENIED: case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: - if (bits_remaining ace-access_mask) { - return NT_STATUS_ACCESS_DENIED; - } + explicitly_denied_bits |= (bits_remaining ace-access_mask); break; default:/* Other ACE types not handled/supported */ break; } } + bits_remaining |= explicitly_denied_bits; + done: if (bits_remaining != 0) { *access_granted = bits_remaining; diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index bf535c5..e162bb9 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -647,17 +647,23 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle, { int ret; + /* Try the normal rmdir first. */ ret = SMB_VFS_NEXT_RMDIR(handle, path); - if (!(ret == -1 (errno == EACCES || errno == EPERM))) { - DEBUG(10,(rmdir_acl_common: unlink of %s failed %s\n, - path, - strerror(errno) )); - return ret; + if (ret == 0) { + return 0; + } + if (errno == EACCES || errno == EPERM) { + /* Failed due to access denied, + see if we need to root override. */ + return acl_common_remove_object(handle, + path, + true); } - return acl_common_remove_object(handle, - path, - true); + DEBUG(10,(rmdir_acl_common: unlink of %s failed %s\n, + path, + strerror(errno) )); + return -1; } static int unlink_acl_common(struct vfs_handle_struct *handle, @@ -665,21 +671,28 @@ static int unlink_acl_common(struct vfs_handle_struct *handle, { int ret; + /* Try the normal unlink first. */ ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname); - if (!(ret == -1 (errno == EACCES || errno == EPERM))) { - DEBUG(10,(unlink_acl_common: unlink of %s failed %s\n, - smb_fname-base_name, - strerror(errno) )); - return ret; - } - /* Don't do anything fancy for streams. */ - if (smb_fname-stream_name) { - return ret; + if (ret == 0) { + return 0; } + if (errno == EACCES || errno == EPERM) { + /* Failed due to access denied, + see if we need to root override. */ - return
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1d9f9f4 Indention and url cleanup from b4789d9 Update copyright policy as discussed on list http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1d9f9f42bf34700bc72ae2255cd7e9486bad0a5f Author: Lars Müller l...@samba.org Date: Wed Jan 11 23:34:48 2012 +0100 Indention and url cleanup --- Summary of changes: devel/copyright-policy.html | 44 +++--- 1 files changed, 20 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/devel/copyright-policy.html b/devel/copyright-policy.html index a1d2962..c513282 100644 --- a/devel/copyright-policy.html +++ b/devel/copyright-policy.html @@ -40,8 +40,8 @@ We use a process very similar to the way things are done in the Linux kernel community, so it should be very easy to get a sign off from your corporate legal department. The only changes we've made are to accommodate the licenses we use, which are -a href=http://www.gnu.org/licenses/gpl-3.0;GPLv3/a and -a href=http://www.gnu.org/licenses/lgpl-3.0;LGPLv3/a (or later) +a href=http://www.gnu.org/licenses/gpl-3.0.html;GPLv3/a and +a href=http://www.gnu.org/licenses/lgpl-3.0.html;LGPLv3/a (or later) whereas the Linux kernel uses a href=http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;GPLv2/a. /p @@ -69,30 +69,26 @@ By making a contribution to this project, I certify that: have the right to submit it under the appropriate version of the GNU General Public License; or -(b) The contribution is based upon previous work that, to the best -of my knowledge, is covered under an appropriate open source -license and I have the right under that license to submit that -work with modifications, whether created in whole or in part -by me, under the GNU General Public License, in the -appropriate version; or +(b) The contribution is based upon previous work that, to the best of +my knowledge, is covered under an appropriate open source license +and I have the right under that license to submit that work with +modifications, whether created in whole or in part by me, under +the GNU General Public License, in the appropriate version; or (c) The contribution was provided directly to me by some other -person who certified (a) or (b) and I have not modified -it. - -(d) I understand and agree that this project and the -contribution are public and that a record of the -contribution (including all metadata and personal -information I submit with it, including my sign-off) is -maintained indefinitely and may be redistributed -consistent with the Samba Team's policies and the -requirements of the GNU GPL where they are relevant. - -(e) I am granting this work to this project under the terms of both -the GNU General Public License and the GNU Lesser General Public -License as published by the Free Software Foundation; either version -3 of these Licenses, or (at the option of the project) any later -version. +person who certified (a) or (b) and I have not modified it. + +(d) I understand and agree that this project and the contribution are +public and that a record of the contribution (including all +metadata and personal information I submit with it, including my +sign-off) is maintained indefinitely and may be redistributed +consistent with the Samba Team's policies and the requirements of +the GNU GPL where they are relevant. + +(e) I am granting this work to this project under the terms of both the +GNU General Public License and the GNU Lesser General Public License +as published by the Free Software Foundation; either version 3 of +these Licenses, or (at the option of the project) any later version. http://www.gnu.org/licenses/gpl-3.0.html http://www.gnu.org/licenses/lgpl-3.0.html -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a0827cf Use lt gt instead of and from 1d9f9f4 Indention and url cleanup http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a0827cfde431613eaf439f6bc9925e0a439d8d34 Author: Lars Müller l...@samba.org Date: Wed Jan 11 23:50:11 2012 +0100 Use lt gt instead of and --- Summary of changes: devel/copyright-policy.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/devel/copyright-policy.html b/devel/copyright-policy.html index c513282..42caac5 100644 --- a/devel/copyright-policy.html +++ b/devel/copyright-policy.html @@ -109,7 +109,7 @@ above, add a line that states: pre code - Signed-off-by: Random J Developer ran...@developer.example.org + Signed-off-by: Random J Developer ltran...@developer.example.orggt /code /pre -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ddc1f3d Ensure we always free aio_ex on all error paths by moving the TALLOC_FREE call out of smbd_aio_complete_aio_ex() and into the caller. from f15cf91 Second part of fix for bug #8673 - NT ACL issue. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ddc1f3df5183081aeb7c5b97b7fa4426c772346d Author: Jeremy Allison j...@samba.org Date: Wed Jan 11 16:37:48 2012 -0800 Ensure we always free aio_ex on all error paths by moving the TALLOC_FREE call out of smbd_aio_complete_aio_ex() and into the caller. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu Jan 12 03:10:52 CET 2012 on sn-devel-104 --- Summary of changes: source3/modules/vfs_aio_fork.c|1 + source3/modules/vfs_aio_pthread.c |3 ++- source3/smbd/aio.c|3 +-- 3 files changed, 4 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 01eb97d..bcd7c6a 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -434,6 +434,7 @@ static void handle_aio_completion(struct event_context *event_ctx, aio_ex = (struct aio_extra *)child-aiocb-aio_sigevent.sigev_value.sival_ptr; smbd_aio_complete_aio_ex(aio_ex); + TALLOC_FREE(aio_ex); } static int aio_child_destructor(struct aio_child *child) diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_pthread.c index 82611b0..b6d4e1e 100644 --- a/source3/modules/vfs_aio_pthread.c +++ b/source3/modules/vfs_aio_pthread.c @@ -296,7 +296,7 @@ static void aio_pthread_handle_completion(struct event_context *event_ctx, DEBUG(10,(aio_pthread_handle_completion: jobid %d completed\n, jobid )); - + TALLOC_FREE(aio_ex); } / @@ -424,6 +424,7 @@ static void aio_pthread_handle_immediate(struct tevent_context *ctx, TALLOC_FREE(pjobid); aio_ex = (struct aio_extra *)pd-aiocb-aio_sigevent.sigev_value.sival_ptr; smbd_aio_complete_aio_ex(aio_ex); + TALLOC_FREE(aio_ex); } / diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 07b8388..44081f6 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -67,6 +67,7 @@ static void smbd_aio_signal_handler(struct tevent_context *ev_ctx, info-si_value.sival_ptr; smbd_aio_complete_aio_ex(aio_ex); + TALLOC_FREE(aio_ex); } @@ -931,8 +932,6 @@ void smbd_aio_complete_aio_ex(struct aio_extra *aio_ex) if (!handle_aio_completed(aio_ex, ret)) { return; } - - TALLOC_FREE(aio_ex); } / -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6764e4f samba-tool:dns: DNS names are case insensitive via 44a85e3 s4-rpc:dnsserver: DNS names are case insensitive from ddc1f3d Ensure we always free aio_ex on all error paths by moving the TALLOC_FREE call out of smbd_aio_complete_aio_ex() and into the caller. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6764e4f20d30a7ed63b02290c718cd24008f3c00 Author: Amitay Isaacs ami...@gmail.com Date: Thu Jan 12 15:11:12 2012 +1100 samba-tool:dns: DNS names are case insensitive Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104 commit 44a85e3752ceaacdcc39a6a1d0faa0ff3d3db004 Author: Amitay Isaacs ami...@gmail.com Date: Thu Jan 12 15:10:42 2012 +1100 s4-rpc:dnsserver: DNS names are case insensitive --- Summary of changes: source4/rpc_server/dnsserver/dcerpc_dnsserver.c |8 source4/rpc_server/dnsserver/dnsdata.c | 18 +- source4/rpc_server/dnsserver/dnsutils.c |8 source4/scripting/python/samba/netcmd/dns.py|6 +++--- 4 files changed, 20 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c index fac99e1..5733a51 100644 --- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c @@ -1433,7 +1433,7 @@ static WERROR dnsserver_complex_operate_server(struct dnsserver_state *dsstate, *typeid_out = DNSSRV_TYPEID_DP_INFO; for (p = dsstate-partitions; p; p = p-next) { - if (strcmp(p-pszDpFqdn, rin-String) == 0) { + if (strcasecmp(p-pszDpFqdn, rin-String) == 0) { dpinfo = talloc_zero(mem_ctx, struct DNS_RPC_DP_INFO); W_ERROR_HAVE_NO_MEMORY(dpinfo); @@ -1720,7 +1720,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, W_ERROR_HAVE_NO_MEMORY_AND_FREE(name, tmp_ctx); /* search all records under parent tree */ - if (strcmp(name, z-name) == 0) { + if (strcasecmp(name, z-name) == 0) { ret = ldb_search(dsstate-samdb, tmp_ctx, res, z-zone_dn, LDB_SCOPE_ONELEVEL, attrs, (objectClass=dnsNode)); } else { @@ -1746,7 +1746,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, (ldb_qsort_cmp_fn_t)dns_name_compare); /* Build a tree of name components from dns name */ - if (strcmp(name, z-name) == 0) { + if (strcasecmp(name, z-name) == 0) { tree = dns_build_tree(tmp_ctx, @, res); } else { tree = dns_build_tree(tmp_ctx, name, res); @@ -1853,7 +1853,7 @@ static WERROR dnsserver_update_record(struct dnsserver_state *dsstate, W_ERROR_HAVE_NO_MEMORY(tmp_ctx); /* If node_name is @ or zone name, dns record is @ */ - if (strcmp(node_name, @) == 0 || strcmp(node_name, z-name) == 0) { + if (strcmp(node_name, @) == 0 || strcasecmp(node_name, z-name) == 0) { name = talloc_strdup(tmp_ctx, @); } else { name = dns_split_node_name(tmp_ctx, node_name, z-name); diff --git a/source4/rpc_server/dnsserver/dnsdata.c b/source4/rpc_server/dnsserver/dnsdata.c index b2ab2d9..50be4bc 100644 --- a/source4/rpc_server/dnsserver/dnsdata.c +++ b/source4/rpc_server/dnsserver/dnsdata.c @@ -204,7 +204,7 @@ char *dns_split_node_name(TALLOC_CTX *tmp_ctx, const char *node_name, const char } else { match = 0; for (i=1; i=zcount; i++) { - if (strcmp(nlist[ncount-i], zlist[zcount-i]) != 0) { + if (strcasecmp(nlist[ncount-i], zlist[zcount-i]) != 0) { break; } match++; @@ -535,7 +535,7 @@ static struct dns_tree *dns_tree_find(struct dns_tree *tree, int ncount, char ** if (strcmp(tree-name, @) == 0) { start = 0; } else { - if (strcmp(tree-name, nlist[ncount-1]) != 0) { + if (strcasecmp(tree-name, nlist[ncount-1]) != 0) { return NULL; } start = 1; @@ -549,7 +549,7 @@ static struct dns_tree *dns_tree_find(struct dns_tree *tree, int ncount, char ** } next = NULL; for (j=0; jnode-num_children; j++) { - if (strcmp(nlist[(ncount-1)-i], node-children[j]-name) == 0) { + if