Re: [Samba] [PATCH] Re: Using samba4 with kerberos outside of an AD realm
On Mon, 2013-01-21 at 23:25 -0700, Kyle Brantley wrote:
On 1/21/2013 9:14 PM, Kyle Brantley wrote:
On 1/21/2013 8:46 PM, Andrew Bartlett wrote:
On Mon, 2013-01-21 at 15:44 -0700, Kyle Brantley wrote:
On 1/21/2013 3:15 PM, Andrew Bartlett wrote:
On Mon, 2013-01-21 at 11:34 -0700, Kyle Brantley wrote:
Hello --
I'm trying to run a samba4 server (note: Fedora packaged version,
samba-4.0.0-174.fc18.x86_64) under a kerberos realm that isn't AD.
This is a summation of the config that I'm using (works under
samba 3.6):
security = ADS
passdb backend = tdbsam
restrict anonymous = yes
server signing = auto
client signing = auto
smb encrypt = auto
realm = MYREALM.COM
kerberos method = system keytab
However, whenever I try to access the samba server, the client
fails to
connect. I can see that a ticket has been issued for
cifs/hostn...@myrealm.com, but in /var/log/messages I get this:
Jan 21 11:27:00 elastic smbd[1573]: [2013/01/21 11:27:00.675545, 0]
../auth/kerberos/gssapi_pac.c:116(gssapi_obtain_pac_blob)
Jan 21 11:27:00 elastic smbd[1573]: obtaining PAC via GSSAPI
gss_get_name_attribute failed: The operation or option is not
available
or unsupported: No such file or directory
Jan 21 11:27:07 elastic smbd[1574]: [2013/01/21 11:27:07.559656, 0]
../auth/kerberos/gssapi_pac.c:116(gssapi_obtain_pac_blob)
Jan 21 11:27:07 elastic smbd[1574]: obtaining PAC via GSSAPI
gss_get_name_attribute failed: The operation or option is not
available
or unsupported: No such file or directory
Jan 21 11:27:07 elastic smbd[1576]: [2013/01/21 11:27:07.643158, 0]
../auth/kerberos/gssapi_pac.c:116(gssapi_obtain_pac_blob)
Jan 21 11:27:07 elastic smbd[1576]: obtaining PAC via GSSAPI
gss_get_name_attribute failed: The operation or option is not
available
or unsupported: No such file or directory
Well, no kidding there is no PAC available, it's an MIT kerberos
realm! :)
Does anyone know what I need to be doing to get this working again?
It is probably a bug in the reworked krb5 code. The code paths to
support this are still there, but clearly something doesn't trigger
correctly.
The first thing to do would be to turn up the log level, to see
what the
real failure is (the mentioned message shouldn't actually be fatal).
Then, once we rule out it being something else, it probably just
needs a
new test environment to be created in our 'make test' that tells
our AD
server to not send the PAC. This will allow this code path to be
covered, and prevent regressions.
Andrew Bartlett
As far as I can tell, prior to accepting a connection:
Full logs:
http://averageurl.com/samba/samba-log.gz
http://averageurl.com/samba/samba-strace-log.gz
I've already changed the keys out, so I'm not too worried about what
key
data is actually in those logs.
The logs were very helpful. The attached patch should fix it, or at
least move the failure to somewhere else :-). Please file the bug, so
we can get this into 4.0.2
Andrew Bartlett
Thanks. I've filed the bug
(https://bugzilla.samba.org/show_bug.cgi?id=9581) and am currently
rebuilding samba with the patch applied. I'll let you know how it goes...
--Kyle
That worked great. I've been able to enumerate the shares and connect to
them now. I validated with wireshark that the kerberos authentication
was occurring, and it looks like everything functions now thanks to your
previously attached patch.
Metze, Can you get this into master? I'll try and follow-up with a
testcase (setting the UF_NO_AUTH_DATA_REQUIRED on an account and doing a
kerberos login) soon, but this much needs to get to 4.0.2
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
From c4675579b4f42c1e05de7ae5741c5cd941039822 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett abart...@samba.org
Date: Tue, 22 Jan 2013 14:45:14 +1100
Subject: [PATCH] gensec: Allow login without a PAC by default
The sense of this test was inverted. We only want to take the ACCESS_DENIED error
if gensec:require_pac=true.
Andrew Bartlett
---
auth/gensec/gensec_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index d732213..64952b1 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -42,7 +42,7 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
if (!pac_blob) {
- if (!gensec_setting_bool(gensec_security-settings, gensec, require_pac, false)) {
+ if (gensec_setting_bool(gensec_security-settings, gensec, require_pac, false)) {
DEBUG(1, (Unable to find PAC in ticket from %s, failing to allow access\n,
principal_string));
[Samba] problem joining AD domain
Hi I'm trying to make a Linux server (RHEL 5.3) join my company's ADS domain. The company's domain is built from serveral kerberos realms and Windows domain. the Linux FQDN resolves to the name of one of the kerberos realms we have, but I was asked to to have the linux server join a different kerberos realm and windows Domain. When I attempt to run the command: 'net ads join -U [account] -w [domain]. I get the following error: Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I know it's possible because it was done in the company in the past (unfortunately) the sysadmin that did it no longer works here and no one else knows how to reproduce how he did it. I know this email is scarce on helpfull information. I simply don't know what information to supply (I have the output of join with -d 4 and -d 10 debug levels). TIA Paolo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mapping SIDUID (and reverse)
Hi Further to my previous mail on this problem, I've found that when I connect to the Samba server from a Windows 7 PC, the log.winbindd-idmap file reports the following messages: On opening the file share: \\fs01: [2013/01/21 11:18:42.474060, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config CSS [2013/01/21 11:18:42.722730, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config NT AUTHORITY [2013/01/21 11:18:42.726528, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config AD [2013/01/21 11:18:42.736245, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config CSS (CSS and AD are both Active Directory domains in the same forest). When I open the contents of the share and mouse-over a file, the following is logged: [2013/01/21 11:20:20.821208, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/01/21 11:20:20.823030, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_jsmith [2013/01/21 11:20:20.823250, 5] passdb/pdb_interface.c:1347(pdb_default_uid_to_sid) pdb_default_uid_to_sid: Did not find user jsmith (4510) [2013/01/21 11:20:21.279879, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 The user jsmith is both a NIS Unix user and a Windows AD user in the CSS domain. When I right-click onthe file and select Properties, then select the Security tab, I see the list of ACLs listed by SID before they are resolved. In the above instance, the user jsmith SID is S-1-22-1-4510. A couple of seconds later this is resolved to Unix User\jsmith. I've checked that the 4510 in the SID is the same as the Unix UID stored in NIS. If I open the properties of another file and add an ACL entry for user CSS\jsmith, the following is logged: [2013/01/22 11:17:27.030191, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/01/22 11:17:27.031587, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user jsmith [2013/01/22 11:17:27.031765, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is jsmith [2013/01/22 11:17:27.034069, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [jsmith]! [2013/01/22 11:17:27.034825, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 The entry appears in the file properties box correctly (as CSS\jsmith) and when I now open the properties of the original file, the file is now owned by CSS\jsmith and not Unix User\jsmith. I would like it so that it always maps the Unix UID to the CSS domain SID. Is this possible? Please can someone advise what I'm doing wrong? Thanks!!! JR This is the output of testparm: [global] workgroup = CSS realm = CSS.AD.COMPANYNAME.CO.UK server string = Samba %v security = ADS kerberos method = system keytab log file = /var/log/samba/smbd.log max log size = 50 max protocol = SMB2 unix extensions = No load printers = No printcap name = /dev/null disable spoolss = Yes template shell = /bin/bash idmap config * : range = 500-99 idmap config * : backend = nss ea support = Yes printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j dfree command = /usr/local/bin/dfree [zfsshare] comment = ZFS share path = /testpool/samba read only = No inherit permissions = Yes map archive = No map readonly = no store dos attributes = Yes wide links = Yes vfs objects = shadow_copy2, streams_xattr, zfsacl zfsacl:acesort = dontcare nfs4:mode = special nfs4:chown = yes nfs4:acedup = merge shadow:format = GMT-%Y.%m.%d-%H.%M.%S shadow:snapdir = .zfs/snapshot shadow:basedir = /testpool/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Use backends
Hi, Can I have two passdb backend in my smb.conf ? Thanks ! Rodrigo Faria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Samba 4] Issues with uidNumber and gidNumber in AD for Linux clients
Hi, I am still experimenting with Samba 4 and I'd like to serve both Windows and Linux clients with Samba (standalone AD server). The Windows-side is already working well. For serving Linux-clients I need to store the users' uidNumber and gidNumber in the Active Directory. This is how I do that: 1. Create a user test with samba-tool 2. Get the internal UID which was assigned to this user by Samba through wbinfo 3. Add the UID to CN=test,CN=Users,CN=DOMAIN as uidNumber 4. Add gidNumber=100 (Domain Users) to CN=test,CN=Users,CN=DOMAIN With the correct nss_ldap setup (mainly attribute mappings) the Linux boxes can now get their passwd/shadow/group information directly from AD. The Linux user now has the exact same attributes and groups as the Windows user. Now the issue is that Samba needs a group with the same gidNumber as the uidNumber for each user to work correctly in this setup (see why in #9521 [1]). The only logical way of doing that is storing this gidNumber as the user's primary group in the AD. This way the user loses the membership in the group Domain Users (gidNumber 100), though - at least on the Linux side. Are there any thoughts on how to solve this? Is this maybe a Samba issue or is my setup just wrong? Regards, Frederik [1] https://bugzilla.samba.org/show_bug.cgi?id=9521 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Use backends
From: rodrigo tavares rodrigofar...@yahoo.com.br Date: Tue, 22 Jan 2013 05:08:40 -0800 (PST) Can I have two passdb backend in my smb.conf ? Thanks ! After Samba 3.0.23, only one passdb backend is allowed. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Posted this question once already -- no response. Password expiry problem
On Tue, 2013-01-15 at 17:53 +, ray klassen wrote: Solved this problem gentle rant This is precisely the sort of question that should be answerable on this list. as no one run into this before? I've brought it up twice here and several times on the irc channel with no response, but the solution was simple enough /gentle rant anyway here it is. So that it goes in the mailing list and others can find it. /etc/smbldap-tools/smbldap.conf includes a line that says defaultMaxPasswordAge=45 FYI, I've never used smbldap-tools. This affects the sambaPwdMustChange date stamp attribute in the ldap user record at the time smbldap-passwd is run. sambaPwdMustChange appears to trump the user X flag and the maximum password age system policy Maybe that's the nature of the samba 3.x beast. Yes, that matches my recollection [I could be wrong]. The password policy just controlled the calculation of sambaPwdMustChange. I recall just going in sometimes and manually setting sambaPwdMustChange to some value like 12 in order to force a user to change there password on their next logon, and moving the value way up to avoid expiration. The precedent of one value over the other was never expressly documented AFAIK. I *assumed*, and it seemed to be true, that the more specific value [sambaPwdMustChange] would win. Maybe it has to be that way if you are using LDAP. Now that Samba 4 is out probably no one will want to comment on that. :) I suggest you upgrade yesterday. Samba4 is a much better PDC that Samba3 ever thought about being on the brightest most optimistic spring day. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap users with users samba
From: rodrigo tavares rodrigofar...@yahoo.com.br Date: Tue, 22 Jan 2013 03:17:44 -0800 (PST) Hello, I create one user, with the command. smbldap-useradd -a -P user The option -a (atributtes samba) and -P call smbldap-passwd. This command make atributtes. Then, i try to login in domain, but some error. root@replica:~# smbclient -L localhost -U user Enter user's password: session setup failed: NT_STATUS_LOGON_FAILURE Because you set: - passdb backend = ldapsam:ldap://10.65.8.95 passdb backend = tdbsam - in your smb.conf. If you set a parameter twice in smb.conf, latter one is enabled. So you use tdbsam now. --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Samba 4] Issues with uidNumber and gidNumber in AD for Linux clients
2013-01-22 15:52 keltezéssel, Fred F írta: Hi, I am still experimenting with Samba 4 and I'd like to serve both Windows and Linux clients with Samba (standalone AD server). The Windows-side is already working well. For serving Linux-clients I need to store the users' uidNumber and gidNumber in the Active Directory. This is how I do that: 1. Create a user test with samba-tool 2. Get the internal UID which was assigned to this user by Samba through wbinfo 3. Add the UID to CN=test,CN=Users,CN=DOMAIN as uidNumber 4. Add gidNumber=100 (Domain Users) to CN=test,CN=Users,CN=DOMAIN With the correct nss_ldap setup (mainly attribute mappings) the Linux boxes can now get their passwd/shadow/group information directly from AD. The Linux user now has the exact same attributes and groups as the Windows user. Now the issue is that Samba needs a group with the same gidNumber as the uidNumber for each user to work correctly in this setup (see why in #9521 [1]). The only logical way of doing that is storing this gidNumber as the user's primary group in the AD. This way the user loses the membership in the group Domain Users (gidNumber 100), though - at least on the Linux side. Are there any thoughts on how to solve this? Is this maybe a Samba issue or is my setup just wrong? Regards, Frederik [1] https://bugzilla.samba.org/show_bug.cgi?id=9521 I don't agree, because users can be members of multiple groups, not just the group identified as their primary group Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fail-over, redundancy, bdc, multi-dc-domain
I'm aware of, at least generally, how one would have done a BDC/Redundant server under OpenLDAP Samba3. However, rolling your own multi-domain-controller was fairly daunting [for me] under Samba3 / OpenLDAP. I've been very interested in Samba4 for the more integrated nature of having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I can screw it up horribly.] However I'm also interested in how one can handle fail-over. I don't need something totally seamless and big-iron style. A backup box that would need some manual intervention would be fine. So, something like an rsync'd backup box where the shared files/accounts/etc are perhaps an hour out of date, and that would require 15 minutes to bring up as a primary would be an acceptable solution. That's not to say I wouldn't want something better, but that's kind of the low end of the acceptable scale. I've done some searches on the list and spent a while looking for examples but I don't easily find any. [Using searches with: samba4 bdc, redundant, backup, etc. There are a ton of very old articles on the list, but almost nothing I could find specifically on Samba4.] Could some kind soul point me either to: 1) Search terms more likely to produce results, or some discussion threads or 2) wiki/how-to's on how to accomplish something in the neighborhood on this subjet? [Option #2 preferred.] As a note, I'd be glad to help document this/provide a here's what I did and how, provided it's something reasonable for me to apply to the situation I'm referring to - so I'm more than glad to contribute back where I can. TIA -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain
On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote: I'm aware of, at least generally, how one would have done a BDC/Redundant server under OpenLDAP Samba3. However, rolling your own multi-domain-controller was fairly daunting [for me] under Samba3 / OpenLDAP. Yea... that is an understatement. Replication... OpenLDAP... shivers/. It was rough, and then they switched to cn=config. Never bothered to make a single administrative tool worth @^@*@ and that-one-developer harassed and insulted and was a general @*%^@*$ to anyone who tried [including me] - tools are for whimps! [and, you know, people who have stuff to do, those whimps!]. Sad, OpenLDAP is a really great project/product. I've been very interested in Samba4 for the more integrated nature of having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I can screw it up horribly.] Yep, it does that. Yay! Or you can look at it as one-stop horrible screw up; kill it, and you kill everything. However I'm also interested in how one can handle fail-over. I don't need something totally seamless and big-iron style. A backup box that would need some manual intervention would be fine. So, something like an rsync'd backup box where the shared files/accounts/etc are perhaps an hour out of date, and that would require 15 minutes to bring up as a primary would be an acceptable solution. It does hot-replication of the SAM (at least). In theory it does replication of DNS [if you are using internal DNS] but there might be some bugs there. It doesn't replicate the sysvol [yet], you gotta do that yourself, old-school. That's not to say I wouldn't want something better, but that's kind of the low end of the acceptable scale. It is above your acceptable out-of-the-box. I've done some searches on the list and spent a while looking for examples but I don't easily find any. [Using searches with: samba4 bdc, redundant, backup, etc. There are a ton of very old articles on the list, but almost nothing I could find specifically on Samba4.] Create a DC, add a another DC, done. Move on. Could some kind soul point me either to: 1) Search terms more likely to produce results, or some discussion threads or 2) wiki/how-to's on how to accomplish something i the neighborhood on this subjet? [Option #2 preferred.] The Samba4 wiki! http://wiki.samba.org/index.php/Samba4 And you need to read up on Active Directory. As a note, I'd be glad to help document this/provide a here's what I did and how, provided it's something reasonable for me to apply to the situation I'm referring to - so I'm more than glad to contribute back where I can. Create an account on the wiki. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] I have a problem with printing on samba4
I have a problem with printing on samba4. Everytime I try to connect to my printer or even try to change its properties or anything it won't let me connect and do anything with the printer and when I do this the smbd log says: [2013/01/22 19:07:25.991058, 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1736(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\ samba4server.samba4.keyedinsoft.com [2013/01/22 19:07:26.097079, 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1736(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\ samba4server.samba4.keyedinsoft.com [2013/01/22 19:07:26.222868, 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1736(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\ samba4server.samba4.keyedinsoft.com [2013/01/22 19:07:26.331781, 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1736(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\ samba4server.samba4.keyedinsoft.com [2013/01/22 19:07:26.455268, 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1736(_spoolss_OpenPrinterEx) _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \\ samba4server.samba4.keyedinsoft.com Please Could someone please help me with this error. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem joining AD domain
On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino paolo.sup...@gmail.com wrote: Hi I'm trying to make a Linux server (RHEL 5.3) join my company's ADS domain. The company's domain is built from serveral kerberos realms Stop *right* there. If you have RHEL, and you've been regularly applying updates, you've automatically updated to RHEL 5.9 since its release a few weeks ago. RHEL 5.3 is now 4 yours old and you should *not* use it for any security sensitive functions like the critical Kerberos authentication in an ADS domain, without the Red Hat published system updates. So do the system updates first. and Windows domain. the Linux FQDN resolves to the name of one of the kerberos realms we have, but I was asked to to have the linux server join a different kerberos realm and windows Domain. When I attempt to run the command: 'net ads join -U [account] -w [domain]. I get the following error: Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. I know it's possible because it was done in the company in the past (unfortunately) the sysadmin that did it no longer works here and no one else knows how to reproduce how he did it. Are you using the built-in Samba 3.0.33, the available samba3x tool that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If you're using the built-in Samba 3.0.33 or the samba3x package, you should be able to use authconfig to set all of this in PAM,a nd only need net ads to register the particular host with AD credentials. And are you making sure to use net ads join -U 'admin@remotedomain' -w 'remotedomain', if the DNS domain does not match the AD domain? You might also install, and try working with, the X-based version of the system-config-authentication command which provides reasonable GUI options for most of this. I know this email is scarce on helpfull information. I simply don't know what information to supply (I have the output of join with -d 4 and -d 10 debug levels). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 8 and roaming profiles hosted on Samba - NO ONE does this?
On 20.12.2012 20:59, Nick wrote: Windows XP and Windows 7 work fine. Clean profile, imported profiles, etc.With Windows 8, there seems to be some sort of profile corruption when the profile syncs. It always seems to trip up on files related to Internet Explorer. \Favorites, \Links, \IECompatCache, .url files, etc. I am experiencing exactly the same issues. I've checked the security rights and the problem cannot be from them. What could be the problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via a2d6884 BUG 9574: Fix a possible null pointer dereference in
spoolss.
via 43810c8 s3-rpc_server: Fix a possible null pointer dereference.
from cd9c1a0 samr: Make use of posix_openpt
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit a2d68842ea33733fa7900831ed10e73f820afcf7
Author: Andreas Schneider a...@samba.org
Date: Fri Jan 18 18:04:17 2013 +0100
BUG 9574: Fix a possible null pointer dereference in spoolss.
If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.
Reviewed-by: David Disseldorp dd...@samba.org
Autobuild-User(master): David Disseldorp dd...@samba.org
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
(cherry picked from commit c38fb0b106b62e42a5b75b1c78386bb8912c7d7e)
commit 43810c80936c8f509cc2adba6193dd4c55325875
Author: Andreas Schneider a...@samba.org
Date: Mon Dec 17 15:31:21 2012 +0100
s3-rpc_server: Fix a possible null pointer dereference.
This variable can be set to NULL in an earlier function call.
Found by Coverity.
Signed-off-by: Andreas Schneider a...@samba.org
Reviewed-by: Günther Deschner g...@samba.org
(cherry picked from commit 72e02c73b64f1ff56b2d53ec63d68486a4f1ff90)
---
Summary of changes:
source3/rpc_server/spoolss/srv_spoolss_nt.c |6 --
1 files changed, 4 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index b5949e4..a5579c2 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -4442,7 +4442,8 @@ static WERROR enum_all_printers_info_1_name(TALLOC_CTX
*mem_ctx,
DEBUG(4,(enum_all_printers_info_1_name\n));
- if ((servername[0] == '\\') (servername[1] == '\\')) {
+ if (servername != NULL
+ (servername[0] == '\\') (servername[1] == '\\')) {
s = servername + 2;
}
@@ -4477,7 +4478,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX
*mem_ctx,
listed. Windows responds to this call with a
WERR_CAN_NOT_COMPLETE so we should do the same. */
- if (servername[0] == '\\' servername[1] == '\\') {
+ if (servername != NULL
+ (servername[0] == '\\') (servername[1] == '\\')) {
s = servername + 2;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 069f102 BUG 9378: Add extra attributes for AD printer publishing.
via 31d61ad printing: Remove invalid free from error path.
from a2d6884 BUG 9574: Fix a possible null pointer dereference in
spoolss.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 069f1029a76c9b9c0a48ac7cb3d2c5f45c3a231c
Author: David Disseldorp dd...@samba.org
Date: Thu Jan 17 13:21:25 2013 +0100
BUG 9378: Add extra attributes for AD printer publishing.
Currently attempting to publish a printer in AD fails with Object class
violation, due to a number of missing attributes in the LDAP request.
Reviewed-by: Andreas Schneider a...@samba.org
commit 31d61ad8f9c850c302c83a65af8474545723ea1c
Author: David Disseldorp dd...@samba.org
Date: Fri Jan 18 11:48:20 2013 +0100
printing: Remove invalid free from error path.
Reviewed-by: Andreas Schneider a...@samba.org
---
Summary of changes:
source3/printing/nt_printing_ads.c | 87 +++-
1 files changed, 85 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/printing/nt_printing_ads.c
b/source3/printing/nt_printing_ads.c
index 67046bc..5a0cd24 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -87,6 +87,86 @@ done:
talloc_free(tmp_ctx);
}
+static WERROR nt_printer_info_to_mods(TALLOC_CTX *ctx,
+ struct spoolss_PrinterInfo2 *info2,
+ ADS_MODLIST *mods)
+{
+ char *info_str;
+
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTERNAME, info2-sharename);
+ ads_mod_str(ctx, mods, SPOOL_REG_SHORTSERVERNAME, global_myname());
+ ads_mod_str(ctx, mods, SPOOL_REG_SERVERNAME, get_mydnsfullname());
+
+ info_str = talloc_asprintf(ctx, %s\\%s,
+ get_mydnsfullname(), info2-sharename);
+ if (info_str == NULL) {
+ return WERR_NOMEM;
+ }
+ ads_mod_str(ctx, mods, SPOOL_REG_UNCNAME, info_str);
+
+ info_str = talloc_asprintf(ctx, %d, 4);
+ if (info_str == NULL) {
+ return WERR_NOMEM;
+ }
+ ads_mod_str(ctx, mods, SPOOL_REG_VERSIONNUMBER, info_str);
+
+ /* empty strings in the mods list result in an attrubute error */
+ if (strlen(info2-drivername) != 0)
+ ads_mod_str(ctx, mods, SPOOL_REG_DRIVERNAME, info2-drivername);
+ if (strlen(info2-location) != 0)
+ ads_mod_str(ctx, mods, SPOOL_REG_LOCATION, info2-location);
+ if (strlen(info2-comment) != 0)
+ ads_mod_str(ctx, mods, SPOOL_REG_DESCRIPTION, info2-comment);
+ if (strlen(info2-portname) != 0)
+ ads_mod_str(ctx, mods, SPOOL_REG_PORTNAME, info2-portname);
+ if (strlen(info2-sepfile) != 0)
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTSEPARATORFILE,
info2-sepfile);
+
+ info_str = talloc_asprintf(ctx, %u, info2-starttime);
+ if (info_str == NULL) {
+ return WERR_NOMEM;
+ }
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTSTARTTIME, info_str);
+
+ info_str = talloc_asprintf(ctx, %u, info2-untiltime);
+ if (info_str == NULL) {
+ return WERR_NOMEM;
+ }
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTENDTIME, info_str);
+
+ info_str = talloc_asprintf(ctx, %u, info2-priority);
+ if (info_str == NULL) {
+ return WERR_NOMEM;
+ }
+ ads_mod_str(ctx, mods, SPOOL_REG_PRIORITY, info_str);
+
+ if (info2-attributes PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS) {
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTKEEPPRINTEDJOBS, TRUE);
+ } else {
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTKEEPPRINTEDJOBS, FALSE);
+ }
+
+ switch (info2-attributes 0x3) {
+ case 0:
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTSPOOLING,
+ SPOOL_REGVAL_PRINTWHILESPOOLING);
+ break;
+ case 1:
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTSPOOLING,
+ SPOOL_REGVAL_PRINTAFTERSPOOLED);
+ break;
+ case 2:
+ ads_mod_str(ctx, mods, SPOOL_REG_PRINTSPOOLING,
+ SPOOL_REGVAL_PRINTDIRECT);
+ break;
+ default:
+ DEBUG(3, (unsupported printer attributes %x\n,
+ info2-attributes));
+ }
+
+ return WERR_OK;
+}
+
static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
ADS_STRUCT *ads,
struct spoolss_PrinterInfo2 *pinfo2)
@@ -167,12 +247,15 @@ static WERROR nt_printer_publish_ads(struct
messaging_context *msg_ctx,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9aca528 Tests: Fix the display of test vars in screen --testenv
via b1e2313 libcli-acl: add documentation
via 65396ad drsuapi: Add documentation
via d7bbd18 drepl-notify: change misleading message
from 0a4a4ba devel-script: add options for RODC and partial replica for
replicate flags
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9aca52877a3f6f59887098ebb8e664922c8c7aad
Author: Matthieu Patou m...@matws.net
Date: Thu Jan 3 14:33:45 2013 -0800
Tests: Fix the display of test vars in screen --testenv
The form bash -c echo important stuff blabla bla LD_LIBARY_PATH bash
is not working in screen when it's working in xterm and the in_screen
script already wrap all the command within a bash shell so there is no
need to re-force bash as the echo will execute in a bash shell
Signed-off-by: Matthieu Patou m...@matws.net
Reviewed-by: Andrew Bartlett abart...@samba.org
Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Tue Jan 22 13:03:52 CET 2013 on sn-devel-104
commit b1e231384a9245a191ef5e004544d7cafe17e036
Author: Matthieu Patou m...@matws.net
Date: Sun Oct 14 01:01:08 2012 -0700
libcli-acl: add documentation
Reviewed-by: Andrew Bartlett abart...@samba.org
commit 65396adaad18821568f727a223c38c36a2b16291
Author: Matthieu Patou m...@matws.net
Date: Sun Oct 14 01:04:51 2012 -0700
drsuapi: Add documentation
Reviewed-by: Andrew Bartlett abart...@samba.org
commit d7bbd182b33441a0a4e91c00a31de29b2b09f59a
Author: Matthieu Patou m...@matws.net
Date: Mon Oct 15 22:15:17 2012 -0700
drepl-notify: change misleading message
Reviewed-by: Andrew Bartlett abart...@samba.org
---
Summary of changes:
libcli/security/access_check.c | 20 +++-
selftest/selftest.pl| 15 ---
source4/dsdb/repl/drepl_notify.c|2 +-
source4/rpc_server/drsuapi/updaterefs.c | 21 ++---
4 files changed, 46 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index f0a7b66..936ffca 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -374,7 +374,25 @@ static const struct GUID *get_ace_object_type(struct
security_ace *ace)
return NULL;
}
-/* modified access check for the purposes of DS security
+/**
+ * @brief Perform directoryservice (DS) related access checks for a given user
+ *
+ * Perform DS access checks for the user represented by its security_token, on
+ * the provided security descriptor. If an tree associating GUID and access
+ * required is provided then object access (OA) are checked as well. *
+ * @param[in] sd The security descritor against which the
required
+ * access are requested
+ *
+ * @param[in] token The security_token associated with the user to
+ * test
+ *
+ * @param[in] access_desired A bitfield of rights that must be granted for
the
+ * given user in the specified SD.
+ *
+ * If one
+ * of the entry in the tree grants all the requested rights for the given GUID
+ * FIXME
+ * tree can be null if not null it's the
* Lots of code duplication, it will ve united in just one
* function eventually */
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 4ac5aeb..639c8a2 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -849,13 +849,7 @@ if ($opt_testenv) {
my $envvarstr = exported_envvars_str($testenv_vars);
- my @term = ();
- if ($ENV{TERMINAL}) {
- @term = ($ENV{TERMINAL});
- } else {
- @term = (xterm, -e);
- }
- my @term_args = (bash, -c, echo -e \
+ my @term_args = (echo -e \
Welcome to the Samba4 Test environment '$testenv_name'
This matches the client environment used in make test
@@ -867,6 +861,13 @@ SMB_CONF_PATH=\$SMB_CONF_PATH
$envvarstr
\ LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash);
+ my @term = ();
+ if ($ENV{TERMINAL}) {
+ @term = ($ENV{TERMINAL});
+ } else {
+ @term = (xterm, -e);
+ unshift(@term_args, (bash, -c));
+ }
system(@term, @term_args);
diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c
index cd248d5..905fe5f 100644
--- a/source4/dsdb/repl/drepl_notify.c
+++ b/source4/dsdb/repl/drepl_notify.c
@@ -195,7 +195,7 @@ static void dreplsrv_notify_op_callback(struct tevent_req
*subreq)
ldb_dn_get_linearized(op-source_dsa-partition-dn),
nt_errstr(status),
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d56b456 s3-winbind: fix the build of idmap_ldap.
from 9aca528 Tests: Fix the display of test vars in screen --testenv
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d56b4560b585c613b65b05a9224c9e11f5038318
Author: Günther Deschner g...@samba.org
Date: Tue Jan 22 11:54:19 2013 +0100
s3-winbind: fix the build of idmap_ldap.
Guenther
Signed-off-by: Günther Deschner g...@samba.org
Reviewed-by: Andrew Bartlett abart...@samba.org
Autobuild-User(master): Günther Deschner g...@samba.org
Autobuild-Date(master): Tue Jan 22 14:43:40 CET 2013 on sn-devel-104
---
Summary of changes:
source3/winbindd/wscript_build |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build
index 0d826f0..7e80727 100644
--- a/source3/winbindd/wscript_build
+++ b/source3/winbindd/wscript_build
@@ -65,7 +65,8 @@ bld.SAMBA3_MODULE('idmap_ldap',
deps='smbldap smbldaphelper pdb',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_ldap'),
- enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ldap') and
bld.CONFIG_SET(HAVE_LDAP))
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_ldap') and
bld.CONFIG_SET(HAVE_LDAP),
+ allow_undefined_symbols=True)
bld.SAMBA3_MODULE('idmap_nss',
subsystem='idmap',
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 988350c libcli/auth: fix void function cannot return value error
from d56b456 s3-winbind: fix the build of idmap_ldap.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 988350ccefbe8f22eb1814e071386ef2dfe6d6dd
Author: Andrew Bartlett abart...@samba.org
Date: Mon Jan 21 10:45:10 2013 +1100
libcli/auth: fix void function cannot return value error
Reviewed-by: Jeremy Allison j...@samba.org
Autobuild-User(master): Jeremy Allison j...@samba.org
Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104
---
Summary of changes:
libcli/auth/credentials.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 9d3df9f..2f14374 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -583,7 +583,7 @@ void netlogon_creds_decrypt_samlogon_validation(struct
netlogon_creds_Credential
uint16_t validation_level,
union netr_Validation
*validation)
{
- return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
+ netlogon_creds_crypt_samlogon_validation(creds, validation_level,
validation, false);
}
@@ -591,7 +591,7 @@ void netlogon_creds_encrypt_samlogon_validation(struct
netlogon_creds_Credential
uint16_t validation_level,
union netr_Validation
*validation)
{
- return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
+ netlogon_creds_crypt_samlogon_validation(creds, validation_level,
validation, true);
}
--
Samba Shared Repository
[SCM] CTDB repository - branch master updated - ctdb-2.1-8-gb054193
The branch, master has been updated via b054193d1d19a8eef998fa690899501f79badb8a (commit) via 109f428aa34f8f4cc0329880d2f4a5593a6cc6f3 (commit) via 258092aaf6b7a9bdc14f0fb35e8bd7f7dc742b3f (commit) via d202b2fdd4fd70172e5e44583627b57a1b7ad2ed (commit) via 3c6a9b73364c9543366fa033c778145dc7a152a9 (commit) via 95fc493a7d4145f976cb3fe928d9e92faec4dd71 (commit) via 506ecd186759675a1cf50a0a05a285fee03fc51e (commit) from 0e651e9da0f1f3c836b4474612ab13d0ccd272d9 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit b054193d1d19a8eef998fa690899501f79badb8a Author: Mathieu Parent math.par...@gmail.com Date: Mon Jan 14 17:48:01 2013 +0100 common: Don't lie on unimplemented gratuitous arp Signed-off-by: Mathieu Parent math.par...@gmail.com commit 109f428aa34f8f4cc0329880d2f4a5593a6cc6f3 Author: Mathieu Parent math.par...@gmail.com Date: Mon Jan 14 17:21:01 2013 +0100 tests: Test portability Curiously test_ctdb_sys_check_iface_exists fails on Linux Signed-off-by: Mathieu Parent math.par...@gmail.com commit 258092aaf6b7a9bdc14f0fb35e8bd7f7dc742b3f Author: Mathieu Parent math.par...@gmail.com Date: Mon Jan 14 12:13:24 2013 +0100 common: FreeBSD+kFreeBSD: Implement get_process_name (same as in Linux) Signed-off-by: Mathieu Parent math.par...@gmail.com commit d202b2fdd4fd70172e5e44583627b57a1b7ad2ed Author: Mathieu Parent math.par...@gmail.com Date: Mon Jan 14 11:23:46 2013 +0100 common: Detailed platform-specific FIXME Signed-off-by: Mathieu Parent math.par...@gmail.com commit 3c6a9b73364c9543366fa033c778145dc7a152a9 Author: Mathieu Parent math.par...@gmail.com Date: Sun Jan 13 14:15:20 2013 +0100 build: Update config.guess 2012-12-30 and config.sub to 2013-01-11 Signed-off-by: Mathieu Parent math.par...@gmail.com commit 95fc493a7d4145f976cb3fe928d9e92faec4dd71 Author: Mathieu Parent math.par...@gmail.com Date: Sat Jan 12 16:43:03 2013 +0100 doc: allows to - allows one to Signed-off-by: Mathieu Parent math.par...@gmail.com commit 506ecd186759675a1cf50a0a05a285fee03fc51e Author: Mathieu Parent math.par...@gmail.com Date: Sat Jan 12 15:14:48 2013 +0100 build: Add missing LDFLAGS Original Author: Simon Ruderich si...@ruderich.org Signed-off-by: Mathieu Parent math.par...@gmail.com --- Summary of changes: Makefile.in|9 +- common/system_aix.c| 11 +- common/system_freebsd.c| 27 ++- common/system_gnu.c| 13 +- common/system_kfreebsd.c | 28 ++- config.guess | 426 config.sub | 274 +- config/ctdb.sysconfig |2 +- doc/ctdbd.1.xml|2 +- tests/src/ctdb_porting_tests.c | 305 10 files changed, 768 insertions(+), 329 deletions(-) mode change 100755 = 100644 config.guess mode change 100755 = 100644 config.sub create mode 100644 tests/src/ctdb_porting_tests.c Changeset truncated at 500 lines: diff --git a/Makefile.in b/Makefile.in index fef2e45..e704d63 100755 --- a/Makefile.in +++ b/Makefile.in @@ -104,6 +104,7 @@ TEST_BINS=tests/bin/ctdb_bench tests/bin/ctdb_fetch tests/bin/ctdb_fetch_one \ tests/bin/ctdb_takeover_tests tests/bin/ctdb_update_record \ tests/bin/ctdb_update_record_persistent \ tests/bin/ctdb_tool_libctdb tests/bin/ctdb_tool_stubby \ + tests/bin/ctdb_porting_tests \ @INFINIBAND_BINS@ BINS = bin/ctdb @CTDB_SCSI_IO@ bin/smnotify bin/ping_pong bin/ltdbtool @CTDB_PMDA@ @@ -173,7 +174,7 @@ bin/ctdb: $(CTDB_CLIENT_OBJ) tools/ctdb.o tools/ctdb_vacuum.o libctdb/libctdb.a bin/ltdbtool: tools/ltdbtool.o $(TDB_OBJ) @echo Linking $@ - @$(CC) $(CFLAGS) -o $@ $+ $(TDB_LIBS) + @$(CC) $(CFLAGS) -o $@ $+ $(TDB_LIBS) $(LIB_FLAGS) bin/smnotify: utils/smnotify/gen_xdr.o utils/smnotify/gen_smnotify.o utils/smnotify/smnotify.o $(POPT_OBJ) @echo Linking $@ @@ -195,7 +196,7 @@ utils/smnotify/gen_smnotify.c: utils/smnotify/smnotify.x utils/smnotify/smnotify bin/ping_pong: utils/ping_pong/ping_pong.o @echo Linking $@ - @$(CC) $(CFLAGS) -o $@ utils/ping_pong/ping_pong.o + @$(CC) $(CFLAGS) -o $@ utils/ping_pong/ping_pong.o $(LIB_FLAGS) bin/pmdactdb: $(CTDB_CLIENT_OBJ) utils/pmda/pmda_ctdb.o @echo Linking $@ @@ -257,6 +258,10 @@ tests/bin/ctdb_persistent: $(CTDB_CLIENT_OBJ) tests/src/ctdb_persistent.o @echo Linking $@ @$(CC) $(CFLAGS) -o $@ tests/src/ctdb_persistent.o $(CTDB_CLIENT_OBJ) $(LIB_FLAGS) +tests/bin/ctdb_porting_tests: $(CTDB_CLIENT_OBJ) tests/src/ctdb_porting_tests.o + @echo Linking $@ + $(CC)
[SCM] CTDB repository - branch master updated - ctdb-2.1-9-g124e2a4
The branch, master has been updated
via 124e2a471aeda9c900fd898178a30522d7d74221 (commit)
from b054193d1d19a8eef998fa690899501f79badb8a (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit 124e2a471aeda9c900fd898178a30522d7d74221
Author: Amitay Isaacs ami...@gmail.com
Date: Wed Jan 23 14:35:47 2013 +1100
recoverd: Fix printing of node flags from local information
Signed-off-by: Amitay Isaacs ami...@gmail.com
---
Summary of changes:
server/ctdb_recoverd.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c
index 0f8aa91..bffe2be 100644
--- a/server/ctdb_recoverd.c
+++ b/server/ctdb_recoverd.c
@@ -3699,7 +3699,7 @@ static void main_loop(struct ctdb_context *ctdb, struct
ctdb_recoverd *rec,
nodemap-nodes[j].pnn,
nodemap-nodes[i].pnn,
remote_nodemaps[j]-nodes[i].flags,
- nodemap-nodes[j].flags));
+ nodemap-nodes[i].flags));
if (i == j) {
DEBUG(DEBUG_ERR,(Use flags 0x%02x from
remote node %d for cluster update of its own flags\n,
remote_nodemaps[j]-nodes[i].flags, j));
update_flags_on_all_nodes(ctdb,
nodemap, nodemap-nodes[i].pnn, remote_nodemaps[j]-nodes[i].flags);
--
CTDB repository
