[Samba] (fwd from Bob.Jacobs@dot.pima.gov) Daemon Errors
- Forwarded message from Bob Jacobs [EMAIL PROTECTED] - From: Bob Jacobs [EMAIL PROTECTED] Subject: Daemon Errors Date: Thu, 11 Mar 2004 15:58:07 -0700 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] X-Mailer: Internet Mail Service (5.5.2653.19) X-Spam-Status: No, hits=-0.9 required=3.2 tests=BAYES_30 autolearn=ham version=2.63 I'm receiving [ID 702911 daemon.errror] on certain hours of the day. It states, (write_socket_data: write failure. Error = Broken pipe. Do you know why I'm getting these errors and what will fix them. Thanks. Bob Jacobs Pima County Department of Transportation Technical Services Division (520) 740-6784 - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OT: fyi, spam
Just as background information: our spam filter caught 14000 attempted spams in the last two weeks. Suggestions on blocking more are welcome but the vast majority is already blocked. I think we removed the @samba.org whitelist. -- Martin signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: sambaweb
Date: Tue Dec 16 05:59:37 2003 Author: mbp Update of /data/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv28600 Modified Files: download.html Log Message: NetBIOS Auditing Tool seems to have moved. Reported by Alfonso Gazo Cervero. Revisions: download.html 1.21 = 1.22 http://www.samba.org/cgi-bin/cvsweb/sambaweb/download.html.diff?r1=1.21r2=1.22
CVS update: sambaweb/GUI
Date: Tue Dec 16 06:12:48 2003 Author: mbp Update of /data/cvs/sambaweb/GUI In directory dp.samba.org:/tmp/cvs-serv31689 Modified Files: index.html Log Message: Add Smb4K Revisions: index.html 1.28 = 1.29 http://www.samba.org/cgi-bin/cvsweb/sambaweb/GUI/index.html.diff?r1=1.28r2=1.29
[Samba] Re: 'Account disabled due to email bouncing' madness
On Thu, 13 Nov 2003 21:07:56 +, Daniel Kasak wrote: We have a mail filter ( CanIt, by Roaring Penguin, see http://www.roaringpenguin.com ) that is doing a very good job indeed of blocking spam and viruses. And I certainly get a lot from this list ... so much that without the use of CanIt, I would have already had to retire my email address, and possibly even our entire domain, to avoid the constant march of crap. But ... the list server keeps locking my account, because messages are bouncing. That's how CanIt works - it bounces spam and viruses. If this is true, it's pretty stupid. Bouncing spam/worms messages is pointless because the from address is usually forged. Configure your mailserver to not send bounces and the problem will go away. CanIt probably has an option for this. So, I'd either like: 1) The virus and spam problem solved permanently ;) or Patches welcome. 2) The rules on the list server relaxed a little so I don't have to keep re-activating my account. No, I don't think so. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: sambaweb
Date: Fri Nov 14 03:24:19 2003 Author: mbp Update of /data/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv28915 Modified Files: ml-etiquette.html Log Message: Say that you may receive worms if you post to the list. Revisions: ml-etiquette.html 1.4 = 1.5 http://www.samba.org/cgi-bin/cvsweb/sambaweb/ml-etiquette.html.diff?r1=1.4r2=1.5
CVS update: sambaweb
Date: Fri Nov 14 03:25:38 2003 Author: mbp Update of /data/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv29087 Modified Files: ml-etiquette.html Log Message: Refine point about worms. Revisions: ml-etiquette.html 1.5 = 1.6 http://www.samba.org/cgi-bin/cvsweb/sambaweb/ml-etiquette.html.diff?r1=1.5r2=1.6
CVS update: sambaweb
Date: Fri Nov 14 03:28:03 2003 Author: mbp Update of /data/cvs/sambaweb In directory dp.samba.org:/home/httpd/html/samba Added Files: donations_list.html Log Message: Add file that for some reason was on the site but not in CVS Revisions: donations_list.html NONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/sambaweb/donations_list.html?rev=1.1
CVS update: sambaweb
Date: Fri Nov 14 03:46:29 2003 Author: mbp Update of /data/cvs/sambaweb In directory dp.samba.org:/home/httpd/html/samba Removed Files: donations_list.html Log Message: Oops, remove autogenerated file Revisions: donations_list.html 1.1 = NONE http://www.samba.org/cgi-bin/cvsweb/sambaweb/donations_list.html?rev=1.1
CVS update: sambaweb/support
Date: Wed Nov 12 06:23:01 2003 Author: mbp Update of /data/cvs/sambaweb/support In directory dp.samba.org:/tmp/cvs-serv16445 Modified Files: singapore.html Log Message: Add Artocol Systems Revisions: singapore.html 1.1 = 1.2 http://www.samba.org/cgi-bin/cvsweb/sambaweb/support/singapore.html.diff?r1=1.1r2=1.2
[Samba] Re: [OT]SPAM
On Tue, 14 Oct 2003 07:56:18 -0500, tvsjr wrote: Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) I don't think viruses read Usenet. I realize spammers do, but spammers are a relatively small problem compared to Outlook viruses. Protect emails anywhere the list is archived/posted Again, viruses do not read the archives. People who are receiving viruses are probably getting them because their mail was read on an infected Windows PC either by a subscriber, or by somebody subscribed to an echo list. Archives and NNTP mirrors are irrelevant. If I could stop infected people subscribing then I would, but I don't see how to do that. So the only interim solution is to not post from an address without virus filters. I don't see any reason to force anonymous posts when you can do it yourself and some people want to be non-anonymous. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [OT]SPAM
On 15 Oct 2003, David Brodbeck [EMAIL PROTECTED] wrote: I've also seen bursts of virus traffic for no apparent reason. It could be a coincidence. Correlation != causation. There's also always the question of what your ISP is doing. My ameritech.net account gets vast quantities of spam, and started getting it before I even used it! I can only assume Ameritech is selling their email list. Some spammer might have guessed david + b from a dictionary attack. (Assuming that's your account name, I don't know.) Or maybe Ameritech are selling their list. As you say, it is hard to determine exact causes when you're looking at the actions of unknown malicious agents. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SPAM
On 14 Oct 2003, J. Frisbie [EMAIL PROTECTED] wrote: Hello, I singed up for the [EMAIL PROTECTED] using a one-time email address ([EMAIL PROTECTED]) and now I get virus laden spam messages at that address about every ninety seconds -- thanks. This kind of complaint is explicitly off topic for the list: http://samba.org/samba/ml-etiquette.html It is also not a security bug. Perhaps you could run your email lists more responsibly in the future. That tone is not helpful. What would you like us to do differently? -- mbp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [OT] spam
On 14 Oct 2003, J. Frisbie [EMAIL PROTECTED] wrote: What would you like us to do differently? I see your original message was a bit misleading: you said that you singed up for the samba, but in fact you also posted to the list, thus disclosing your address. First of all: we don't disclose the subscriber addresses to anyone. The roster of list members is not available from the web page. If you subscribe and do not post, nobody will know your address. Just to be absolutely clear: - We don't disclose the subscriber addresses. - We are not sending you viruses or spam. - Sometimes spam does get onto the lists. We filter out the vast majority of it. There is no perfect filtering solution. - This is a public list. Anything you send to it can be read, used or archived by anyone in the world. We explain this reasonably clearly. - We have no control over people who might be sending you viruses. You need to complain to their network admin or your network admin or your government. ** If you want something to remain secret, do not post it. ** I personally don't think keeping your address secret is a good solution to spam, but you can try it if you want. I think we are being responsible. The problems are not of our making, and we do our best to reduce them. If you have any concrete constructive suggestions we'll consider them. I see you are posting from Outlook, which is the overwhelmingly most common virus vector. Calling us irresponsible is pretty cheeky. If Outlook went away, the email virus problem would nearly disappear overnight. [your suggestions:] You have some unscrupulous list subscriber who bombards addresses that appear on the list with viruses. If you tell me who they are, we will remove them from the list. Do not send messages to the list with machine parseable return addresess. We pass through messages with whatever address the sender uses. Some people choose to post from addresses other than their real one, and that is allowed. Of course they take the risk of not seeing direct replies. Addresses in the list archives are not easily machine parseable: http://lists.samba.org/archive/samba/msg72578.html Other people can archive it however they want. Make the reply to address the mailing list, not the person who sent the message. I don't understand how you think this would help the spam or viruses problem. If anything, it will cause more misconfigured antivirus software to send messages to the list, thus annoying everyone and just the poster. Vet your subscriber list. Since people other than subscribers can read the list archives, this too would not prevent people sending viruses to you. But leaving that aside, how do you suggest we vet it? I can't think of any test we could easily do over email that would reliably distinguish good people from evil. Are we supposed to guess that frisbie doesn't look like a real name, so we won't allow it? We could disallow people who're using insecure clients like Outlook, but unfortunately there's a large overlap with Samba's userbase. Allow only subscribers to post to the list. That has nothing to do with people sending viruses direct to you. Doing this in addition to the spam filtering we already have in place might reduce the amount of spam getting onto the list. On the other hand it would impede people who want to just ask one question, which is pretty common. We may yet do it in the future. Since many viruses forge their From address, verifying the From address may not help much anyhow. This would also block people who want to post from an obscured address. Terry suggested: Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) I think it is very useful for people who want to read through the list archives without receiving every message as its sent. It supports a use mode that's more useful to some people than either email or web archives. I will consider hiding the sender addresses. I don't have this problem with other lists (this account is subscribed to at least 20), so there's no reason why we should have these problems here, either. That is a bit of a non sequiter. I don't know what other lists you're on. Similarly high-profile lists at kernel.org or debian.org seem to have similar policies and our level of spam is as good or better. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: RE: SPAM
On Tue, 14 Oct 2003 16:13:01 -0500, Jared Rypka-Hauer wrote: Just to further confirm the idea that this mailing list is associated with the current surge in receipts of the SWEN virus, I signed up for this list when I upgraded to Samba 2.2.3 on Oct 1. An hour later I began receiving mass quantities of SWEN-infected emails. Wow, you sent mail to thousands of people and now you're getting viruses? How remarkable. Obviously samba.org is doing something wrong. Stripping emails of addresses or at LEAST putting up a warning on the signup page and Warning! Using email may cause you to receive spam. or perhaps Warning! The samba team cannot control the actions of every random idiot on the Internet. or Warning! Many samba subscribers use virus-prone Microsoft systems. providing an option to not have your email address listed to the world (not sure if that's there already or not) We never do that. As would have been obvious if you'd spent about 30 seconds to look. Objectively, I'm guessing that in the current political climate a case could be made for the idea that, having been notified their list is being targeted and should they do nothing to prevent further abuse, they could be partly liable for any damage occurring. What a shining wit. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [clug] Samba Linux 64 bits.
On 8 Oct 2003, [EMAIL PROTECTED] wrote: Hello, Is Someone can tell me if Samba is available under Linux 64bits ? If Yes, has Samba adherence(s) to Hardware platform on which Linux is running ? MoreOver, which distribution(s) ? You should ask on [EMAIL PROTECTED] However, I do believe that Samba runs on some 64-bit Linux platforms, including Itanium, PowerPC and X86-64. Any hardware dependencies are bugs and can be reported to that list. I think most distributors ship Samba. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from mynewsletter@nitegate.de) How to calculate a domain sid?
- Forwarded message from Adrian Stabiszewski [EMAIL PROTECTED] - From: Adrian Stabiszewski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: How to calculate a domain sid? Date: Mon, 22 Sep 2003 11:01:01 +0200 Hi! I am working on a possibility to prepare an LDAP directory without having samba runing. How can I generate a domain sid like S-1-5-21-AA-B-CC? Does it depend on the name of the domain? Or are those As, Bs and Cs just random numbers? Thanks. Adrian. - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from Michael.Pedigo@motorola.com) Core Dump issue with Solaris8 and 2.2.8a
- Forwarded message from Pedigo Michael-G17060 [EMAIL PROTECTED] - From: Pedigo Michael-G17060 [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: Core Dump issue with Solaris8 and 2.2.8a Date: Tue, 23 Sep 2003 10:40:16 -0500 Hello, I am NOT an advanced UNIX admin and am fairly new to Samba, and am seeking your advice for this issue. It would seem that when I install the new Samba 2.2.8a on Solaris8 systems that SWAT core dumps. You are prompted for username and password...and once the authentication takes place, the SWAT tool never comes up, and a core dump is found in the swat directory. I called SUN on this and they seemed to be aware of the issue, but does not support Samba except in Solaris9. Are you aware of this issue, and do you know how to remedy? I appreciate any help or direction you are willing to provide! Thanks, Michael T. Pedigo Systems Administrator -- Engineering Systems Motorola -- Automotive Communications and Electronics Systems 847-862-2359 -- [EMAIL PROTECTED] - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from botelho@lenep.uenf.br) Help.
- Forwarded message from Botelho [EMAIL PROTECTED] - From: Botelho [EMAIL PROTECTED] Subject: Help. Date: Wed, 23 Jul 2003 15:48:43 - X-Mailer: UebiMiau 2.7.2 X-Spam-Status: No, hits=-19.1 required=4.0 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,MSG_ID_ADDED_BY_MTA_2, USER_IN_MORE_SPAM_TO version=2.55 Hi, How can i implement a Recycled ( = Window$ ) on SAMBA. I have some problem becose the clients delete some files, and i don't know how to implement a garbage (Recycled) on SAMBA. There is a folder called Recycled in the Window$. I need this on the SAMBA. Sorry my bad English. I am studing yet. Luciano Botelho Mota ___ Mensagem enviada pelo WebMail LENEP ___ Mailman mailing list [EMAIL PROTECTED] http://lists.samba.org/mailman/listinfo/mailman - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbwrapper
On 11 Aug 2003, [EMAIL PROTECTED] wrote: Unless I am going mad I cannot seem to find any documentation on smbwrapper at the Samba web site. [Paul, this kind of question is better sent to [EMAIL PROTECTED], not the admin address.] There is an smbwrapper/README [attached] file in the source distribution. Note that smbwrapper will probably not work with recent Linux distributions because the mechanism that lets it hook in has been removed. ,[ smbwrapper/README ] | | This is a prelodable shared library that provides SMB client services | for existing executables. Using this you can simulate a smb | filesystem. | | *** This is code under development. Some things don't work yet *** | | Currently this code has been tested on: | | - Linux 2.0 with glibc2 (RH5.1) | - Linux 2.1 with glibc2 | - Solaris 2.5.1 with gcc | - Solaris 2.6 with gcc | - SunOS 4.1.3 with gcc | - IRIX 6.4 with cc | - OSF1 with gcc | | | It probably won't run on other systems without some porting. If you | have a different system then see the file PORTING. | | To use it you need to do this: | | 1) build smbwrapper.so using the command make smbwrapper | 3) run smbsh | | You will be asked for a username and password. After that you will be | returned to a shell prompt. It is actually a subshell running with | smbwrapper enabled. | | Now try to access /smb/SERVER for some SMB server name and see what | happens. If you use the -W option to set your workgroup or have | workgroup set in your smb.conf then listing /smb/ should list all SMB | servers in your workgroup. | | | OPTIONS | --- | | -U username |specify the username and optional password (as user%password) | | -d debug level | This is an integer that controls the internal debug level of smbw. It | defaults to 0, which means no debug info. | | -l logfile | The place where smbw debug logs are put. If this is not set then | stderr is used. | | -P prefix | The root of the SMB filesystem. This defaults to /smb/ but you can | set it to any name you like. | | -W workgroup | This is the workgroup used for browsing (ie. listing machines in the | /smb/ directory). It defaults to the one set in smb.conf. | | -R resolve order | This allows you to override the setting of the name resolve order | from smb.conf | | | ATTRIBUTE MAPPING | - | | smbwrapper does an inverse attribute maping to what Samba does. This | means that the archive bit appears as the user execute bit, the system | bit appears as the group execute bit and the hidden bit appears as the | other execute bit. You can control these with chmod. The mapping can | be enabled an disabled using the normal smb.conf controls (ie. map | archive, map system and map hidden). | | Read-only files appear as non-writeable by everyone. Writeable files | appear as writeable by the current user. | | | WHAT WORKS | -- | | Things that I have tried and do seem to work include: | | emacs, tar, ls, cmp, cp, rsync, du, cat, rm, mv, less, more, wc, head, | tail, bash, tcsh, mkdir, rmdir, vim, xedit, diff | | things that I know don't work: | | anything executing from the share | anything that uses mmap | redirection within shells to smbsh files | | If you want to help with the development of this code then join the | samba-technical mailing list. | | ` -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from mamaya@ingenieriagerencial.com) s/390
- Forwarded message from Marco Amaya [EMAIL PROTECTED] - From: Marco Amaya [EMAIL PROTECTED] Subject: s/390 Date: Thu, 24 Jul 2003 13:34:44 -0600 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Spam-Status: No, hits=-5.4 required=4.0 tests=BAYES_01,USER_AGENT_MOZILLA_UA version=2.55 Hi i try to find the samba for s/390 but i can't find it help me pleas thanks - End forwarded message - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: hi ....
On 22 Jul 2003, Gustavo Barbosa [EMAIL PROTECTED] wrote: Hi, Can you tell me if the winbind and samba realy works well? Yes, they do work well. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from lordtm@poczta.onet.pl) Few questions...
- Forwarded message from =?ISO-8859-2?Q?Pawe=B3 Siwek?= [EMAIL PROTECTED] - From: =?ISO-8859-2?Q?Pawe=B3 Siwek?= [EMAIL PROTECTED] Subject: Few questions... Date: Wed, 23 Jul 2003 9:45:25 +0200 To: [EMAIL PROTECTED] X-Mailer: onet.poczta X-Spam-Status: No, hits=-19.1 required=4.0 tests=BAYES_30,HTML_10_20,INVALID_DATE,USER_IN_MORE_SPAM_TO version=2.55 Hello :) I am Red Hat 9.0 user and I started my adeventure with samba yesterday. I didn't need to make extra configuration because RH installer did everything for me as I guess. What I want to achive is setup the print server. I added to CUPS all printers in my network, which works with JetDirect protocol. I added it loged in as a root, and in this session when I want to print a test page it works without any problems. Problems starts while I try to use the printers in Windows 2000. When I tape in explorer \\computer_ip I can see all the printeres that are isntalled in linux, without any login message. When I try to add printers from Control Panel\Add printer menu and I choose network printer and type computer IP, there doesn't appear any list with all printers. To add printer I must type \\computer_IP\printer_name . How can I fix it? After choosing printer windows says that there are no good drivers in the host and I should choose drivers manualy. How can I make the drivers install automatically from samba server? Finally when I add the printer I can see that the Printer status is OK, the printer is connected etc.. BUT I cannot print even a test page but in linux I can print anything I want in the same printer. What can be a problem? Thank you in advance for all help Pawel Siwek PS Sorry 4 me english :) ___ Mailman mailing list [EMAIL PROTECTED] http://lists.samba.org/mailman/listinfo/mailman - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Tech Request
On 29 Jul 2003, [EMAIL PROTECTED] wrote: I just looked back over your site, and can't find where I got the link from. I'll look further and let you know. I have looked at the section you point me to, but still have no idea what I'm looking at. As I said, I'm new to Unix and don't yet understand all the language of bin, tar, etc. My advice would be to get a copy of The Complete FreeBSD, or some other good introductory Unix book. http://www.oreilly.com/catalog/cfreebsd/ You will probably have other questions as you go along and that book will help you through them more efficiently than asking questions and waiting for replies. Is there a simple to follow document that says: 1. On the Unix server type ... at the command line or execute ... with the exact spelling of the commands. 2. On the Windows XP machine, load... 3. Next, map a drive to the Unix server. Yes, this one is pretty concise: http://hr.uoregon.edu/davidrl/samba/ -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [DE] (fwd) frage an die sambagurus
- Forwarded message from Ruediger Honzatko [EMAIL PROTECTED] - From: Ruediger Honzatko [EMAIL PROTECTED] Subject: frage an die sambagurus Date: Wed, 02 Apr 2003 16:03:12 +0200 To: [EMAIL PROTECTED] Organization: Schenker CO AG User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Bogosity: No, tests=bogofilter, spamicity=0.010333, version=0.10.2 An welche Maillingliste muss ich mich wenden bei so einen Problem??? Danke fuer die Antwort - Hallo Ich habe seit 2 Monaten hin und wieder das Problem das beim samba-2.2.5-124 unter SuSE 8.1 die Prozesse einiger User gewaltig schnell in die hoehe schiessen. Das sieht dann ca. so aus: Manfred 1 Katharina 1 Hans 1 Thaler 1 Christine 2 Uschi 2 GAbriele 2 Ruediger 2 Frank 2 Thomas 2 Gerald 2 Erich 3 Thomas 4 Christina 93 Claudia 373 Kerber 754 Birgit 1718 Rausbekommen tu ich diese Daten mit dem folgenden Bash script: #! /bin/bash for i in `strings /var/lib/samba/sessionid.tdb | grep ^a | sort -u`; do echo -n $i; strings /var/lib/samba/sessionid.tdb | grep ^$i | wc -l; done | sort -n -k2,2 Sobald 3000 Sessions im gesamt erreicht sind kann sich niemand mehr neu anmelden (neues Netzlaufwerk verbinden). Als Clients laufen bei uns Win 98, ME XP 2000 und Linux. Bei den Linuxclients ist es aber noch nicht vorgekommen das Sie die Prozessanzahl in die hoehe getrieben haetten. Was mir an der Sache noch komisch vorkommt ist das wenn ich am Sambaserver ein smbstatus |grep -i Kerber eingebe gerade mal 3 verbundene Netzlaufwerke sehe und offen sind von dem User auch nur 5 Dateien. Weiss einer von euch deswegen rat??? Ich bin schon gans hilflos. Gruss Ruediger - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
very interesting!
I just noticed this in the libc manual. http://www.gnu.org/manual/glibc-2.2.5/html_node/Backtraces.html It could be pretty cool to have this built in to smb_panic(). -- Martin
Re: very interesting!
On 20 Mar 2003, Richard Sharpe [EMAIL PROTECTED] wrote: On Fri, 21 Mar 2003, Martin Pool wrote: I just noticed this in the libc manual. http://www.gnu.org/manual/glibc-2.2.5/html_node/Backtraces.html It could be pretty cool to have this built in to smb_panic(). But is it portable? It would of course have to be only used conditionally. But there's no reason why it couldn't be ifdefd. For the server I work on where gdb is not normally installed it would be highly useful. -- Martin
Re: 2.2.8 compile problem
On 17 Mar 2003, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: checking whether to use included popt... ./popt checking configure summary... configure: error: summary failure. Aborting config Have a look in config.log. If you can't work out what's wrong from that, post the *relevant* sections to the [EMAIL PROTECTED] users list. -- Martin
overmalloc_safe_strcpy?
For developer mode, this seems to be the same as safe_strcpy: we clobber the specified region at runtime. Otherwise, it skips the static CHECK_STRING_SIZE call. I think this is meant to allow you to call it passing the address of an array whose size is less than the maxlength passed to safe_strcpy. CHECK_STRING_SIZE would normally trap on this because it expects either a string pointer, or an exact fit? Is that right? If so I'll add a comment to this effect -- and perhaps a plea not to use it in new code. -- Martin
Re: CVS update: samba/source
On 15 Mar 2003, [EMAIL PROTECTED] wrote: This patch also includes a 'marker' of the last caller to clobber_region (ie, the function that called pstrcpy() that called clobber_region) to assist in debugging problems that may have smashed the stack. This is printed at smb_panic() time. (Original idea and patch by metze). *Very* clever! -- Martin
Re: CVS update: samba/source/lib
On 18 Mar 2003, [EMAIL PROTECTED] wrote: First of all, do a char-by-char walk through both buffers until we get to a non-ascii character, or a difference between the strings. This prefix can be directly compared without needing to call into iconv. This should be much faster for strings that are either all ascii, or differ near the start. Wow. I was just testing this under Valgrind (equiv to, say, a 50MHz CPU) and a simple strcasecmp takes a noticeable time with the old code, and less than a second with the new one. This should be a big win. -- Martin
(fwd) amigasamba?
Does anyone know about this? - Forwarded message from Larry Urquhart [EMAIL PROTECTED] - From: Larry Urquhart [EMAIL PROTECTED] Subject: amigasamba Date: Wed, 12 Mar 2003 21:28:49 -0800 To: [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Bogosity: No, tests=bogofilter, spamicity=0.024176, version=0.10.2 Hi. I don't know if this is the right place to ask this but I have been trying to visit the web site of www.amigasamba.org for over a week and it is off line. What's up ? I have questions to ask the administrator. Cheers Larry - End forwarded message - -- Martin
Re: tdb, valgrind, and mmap
On 13 Mar 2003, [EMAIL PROTECTED] wrote: 2 - Use IO not mmap when running under valgrind. Not so nice. thats why we have the 'use mmap = no' smb.conf option. It seems to work quite well and is fast enough for testing. OK, thanks. -- Martin
Re: [scottprive@earthlink.net: Re: Information on Samba QA process,Regression testsuites]
Please let's have this conversation on the list. I have Martin's notes.txt (Notes on Samba Testing Framework for Unittests). I think I misunderstood, and assumed there was a working (if immature) basic framework that hadn't been checked in yet. OK, we're at the planning stage? Some questions: We have some tiny tests but are basically still in planning. Tim and myself, and other people, are getting very annoyed with the lack of tests and we want to fix it soon. I'm going to commit our code into HEAD today or tomorrow. 1) For a supporting test framework, have you looked at STAF? I wish I had looked into STAF when I started my system tests. I ended up writing a whole lot of ssh/expect-driven functions to remotely reconfigure servers and clients, and of course installing/configuring Cygwin ssh on each NT box. This is the IBM suite? I think I've seen it before. I'll have a look at it. I feel a bit of NIH and would like a simple framework customized to our needs, but I'll try to look at STAF with an open mind. The above example is generating actions on clients, but STAF can also be used as an interface to maintain a resource pool. This was the first problem you were trying to solve, correct? 2) What value do you see in a distributed system suite, one that uses the same code path as clients... ex: a NT client using net use to attach a remote drivemap? Yes, I think both approaches are valuable. Driving NT clients is perhaps a bit harder: there needs to be some means to coordinate and drive them remotely. Testing via Samba client gives a somewhat less valid test, because there could be corresponding bugs in both our client and server. But it might be easier. I am wondering if system tests are redundant, but it's something I can code alone since I understand the requirements. For lower-level tests, I understand less and would wait for your first tests so I could study it, and then I'd need a suggested test to automate. 3) In the meantime of unit-planning, what else can do to help out? I already have a network environment I can work in here: one 2K PDC, an XP client, RH 8.0, plus on instance of VMWare on each box if I need older versions of Windows, etc. Learn Python :-) Write a draft test plan for some aspect of Samba. Point out problems that we'll hit in the future that we haven't thought of yet. ...? -- Martin
Re: [Samba] Does the SWAT tool come with the Red Hat 8.0distribution?
On 10 Mar 2003, [EMAIL PROTECTED] wrote: Perhaps you could post your specific thoughts on what an automated editor I understand that by using a GUI rather than command line will in some cases make things easier. My experiance with Samba is that I had to research, implement and test many hours to get it working (albiet, I have a very highly specialized env, Post produstion, where file security, performance and paths must be the same on all platforms here - MacOSX, Linux, Windows, SGI). If you feel Swat is a value add (it may be), it doesn't seem like it would be hard to not del lines starting with #. Some people seem to like it. A little more consideration of the problem will show that for a program to preserve comments when it is not capable of understanding their contents is quite hard. - Do the comments pertain to the line above or the line below, or to a whole block of lines? - Does the comment contain commented-out inactive code? - If a line is removed, should the comment next to it go too? - If lines are reordered what happens to the comments? I'm not sure what Samba uses to edit the file and generate a new one but why not rely on utils like grep and sed? Regular IO. At least three reasons: - producing gred/sed commands is much harder than just editing the damn thing - that doesn't solve the problem of understanding what the comments *mean* - grep/sed editing will be less reliable than directly writing the file. I'm not trying to be insulting to Samba.org, I'm just hard on technology and when it does something unexpected, I get uncomfortable. The great thing about open source is that you can scratch your own itches. The bad thing is that you have to watch esr scratching his itches in public. ;-) -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RESOLVED!!: [Samba] Struggling to get SAMBA and Windows workingtogether --- RESOLVED!
On 10 Mar 2003, David Jackson [EMAIL PROTECTED] wrote: this did it, joining the Linux Server to the domain and changing the smb.conf to use a password server fixed the problem. Great. now the next thing is to get the permissions to create files in the shared directory (Access is denied when trying to create a directory on the LInux share). anyone know where i can look fo r information on create modes? http://www.google.com/search?q=samba+create+mode http://us1.samba.org/samba/docs/man/smb.conf.5.html#CREATEMASK 62,000 matches. :-) But check ownership of the files is as it should be first. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
scalability of print_queue_update
I've been testing injection of many jobs (thousands) into a print queue, and am noticing that appliance_head samba seems to spend heaps of time in print_queue_update, trying to reconcile the output of lpq with samba's database. In particular, this is causing smbspool to give warnings because print_job_end is taking a long time to complete. (10s for tiny files.) One approach that was discussed a while ago is to have the lpd notify samba when jobs are completed, deleted, or changed. It could either give all the details sufficient to update the record, or (much simpler) just send an smbcontrol message to rescan the queue. Another approach, which I suppose is really just skirting the issue, would be to never run the update function while a client is waiting, but rather just at intervals when the timer expires. Possibly a separate smbd process might be forked to do this. Alternatively we might say that 40,000 jobs is a silly number to have queued. :-) I think we can also improve the efficiency of the current code without restructuring it; I'll send a patch for that shortly. Any thoughts on how this might be done better in 3.x? -- Martin
bug? non-default hash sizes in tdb
tdb (all branches) has the behaviour that when opening an existing database, if you don't specify the right hash size, the open will fail with EIO. This means for example that tdbtool can't open printing tdbs after jra's change to increase their has size to 5000. Wouldn't it be reasonable to ignore the hash_size parameter to tdb_open_ex when opening an existing tdb, and just use whatever is in the header? -- Martin
Re: scalability of print_queue_update
On 11 Mar 2003, [EMAIL PROTECTED] wrote: Doh ! Yeah, that's a really good idea. Wish I'd thought of it :-). Good, I'll send you a patch then. It would make the stress tests of a certain person in Roseville much harder to destroy Samba :-). I imagine her work as being similar to somebody testing new cars by driving from San Francisco to Boston with the park brake on. :-) :-) -- Martin
tdb, valgrind, and mmap
If you use tdbs under valgrind, and in particular if you run tdbtorture, you may get spurious uninitialized value warnings. I think this is because valgrind doesn't understand that the mmap'd area may be written to by other processes. Memory can, from the point of view of the grinded process, spontaneously become initialized. I can think of a few solutions. 1 - Write suppressions for Valgrind so that it doesn't complain about this. Probably the most reasonable but people need to remember to use them. 2 - Use IO not mmap when running under valgrind. Not so nice. 3 - Use the special valgrind macros to mark memory as valid at the right time. Probably too hard, and I'm not sure that any one process will ever really know which parts are valid. Any comments? -- Martin
valgrind_strlen?
Some files have a little valgrind_strlen function in there, I suppose to work around a Valgrind bug. Does anyone know what the bug was? There might be a cleaner solution. -- Martin
Re: CVS update: sambaweb
On 11 Mar 2003, [EMAIL PROTECTED] wrote: I now have a *homepage* ! Woo ! (Cribbed shamelessly from tridge :-). If I were you, I'd make it more clear that I can't work out how to install Samba is not urgent enough to call you. What software did you use to make the funny face? :-) -- Martin
Re: Clean up winbindd locking
On 8 Mar 2003, Andrew Bartlett [EMAIL PROTECTED] wrote: On Sat, 2003-03-08 at 21:20, Tim Potter wrote: On Sat, Mar 08, 2003 at 09:10:23PM +1100, Andrew Bartlett wrote: Is there any reason I should not apply this patch to Samba HEAD? I think the patch was eaten by Mailman. Please re-send as text/plain. Without even seeing the patch (-: it's definitely a good idea. That looks very nice. -- Martin
Re: Information on Samba QA process, Regression testsuites
On 9 Mar 2003, Scott Prive [EMAIL PROTECTED] wrote: Thanks Tim. So far, most of the tests I've seen in CVS are unit- or small-tests, but as a software tester I'm more interested in integration tests... which it sounds like you and Martin are working on. Our framework is intended to eventually cover everything up to about the system-test level, where you will run Samba tests against a number of NT or Samba servers to check network interoperation. A more-developed test suite using the same framework and design principles is used in distcc: http://cvs.samba.org/cgi-bin/cvsweb/distcc/test/ It is partially inspired by the very good Subversion test suite. Any concrete practical suggestions you have on the design would be welcome. If it's less than 3MB, please email what you have. (Sent by private mail) This is in a private samba cvs directory; we'll probably make it public in the future. The design notes (not completely up-to-date) are attached. -- Martin Notes on Samba Testing Framework for Unittests -- This is to be read after reading the notes.txt from comfychair. I'm proposing a slightly more concrete description of what's described there. The model of having tests require named resources looks useful for incorporation into a framework that can be run by many people in widely different environments. Some possible environments for running the test framework in are: - Casual downloader of Samba compiling from source and just wants to run 'make check'. May only have one Unix machine and a handful of clients. - Samba team member with access to a small number of other machines or VMware sessions. - PSA developer who may not have intimate knowledge of Samba internals and is only interested in testing against the PSA. - Non-team hacker wanting to run test suite after making small hacks. - Build farm environment (loaner machine with no physical access or root privilege). - HP BAT. Developers in most of these environments are also potential test case authors. It should be easy for people unfamiliar with the framework to write new tests and have them work. We should provide examples and the existing tests should well written and understandable. Different types of tests: - Tests that check Samba internals and link against libbigballofmud.so. For example: - Upper/lowercase string functions - user_in_list() for large lists - Tests that use the Samba Python extensions. - Tests that execute Samba command line programs, for example smbpasswd. - Tests that require other resources on the network such as domain controllers or PSAs. - Tests that are performed on the documentation or the source code such as: - grep for common spelling mistakes made by abartlet (-: - grep for company copyright (IBM, HP) - Link to other existing testing frameworks (smbtorture, abartlet's bash based build farm tests) I propose a TestResourceManager which would be instantiated by a test case. The test case would require(resourcename) as part of its constructor and raise a comfychair.NotRun exception if the resource was not present. A TestResource class could be defined which could read a configuration file or examine a environment variable and register a resource only if some condition was satisfied. It would be nice to be able to completely separate the PSA testing from the test framework. This would entail being able to define test resources dynamically, possibly with a plugin type system. class TestResourceManager: def __init__(self, name): self.resources = {} def register(self, resource): name = resource.name() if self.resources.has_key(name): raise Test manager already has resource %s % name self.resources[name] = resource def require(self, resource_name): if not self.resources.has_key(resource_name): raise Test manager does not have resources %s % resource_name class TestResource: def __init__(self, name): self.name = name def name(self): return self.name import os trm = TestResourceManager() if os.getuid() == 0: trm.register(TestResource(root)) A config-o-matic Python module can take a list of machines and administrator%password entries and classify them by operating system version and service pack. These resources would be registered with the TestResourceManager. Some random thoughts about named resources for network servers: require(nt4.sp3) require(nt4.domaincontroller) require(psa) Some kind of format for location of passwords, libraries: require(exec(smbpasswd)) require(lib(bigballofmud)) maybe require(exec.smbpasswd) looks nicer... The require() function could return a dictionary of configuration information or some handle to fetch dynamic information on.
[PATCH] draft: better string overflow checking (was: memorycorruption in SAMBA_3_0)
I was thinking about Andrew's fstring-overflow patch from a few weeks ago: for developer builds, it touches the last byte of a string buffer to check that it's as long as it should be. This should be reasonably helpful in catching string overflows on the heap, but not so good on the stack, because the program can probably write arbitrarily far past stack variables without trapping, even under Valgrind. Writing a \0 in there will damage *something* and probably make the program crash, but it won't be very obvious. I think this might have been what Jerry saw the other day. I think this patch is better: it thoroughly clobbers the contents of string buffers to make any fstring/pstring/dynamic confusion obvious. Here is an example that is caught in developer builds with this patch, but is hard to catch otherwise: #include includes.h int main(void) { fstring dest; pstrcpy(dest, hello); return 0; } This fails with an obvious message under gdb: #0 0xf1f1f1f1 in ?? () Cannot access memory at address 0xf1f1f1f1 Please don't apply this yet because I want to see if it catches any bugs, but I'd love to hear comments. --- util_str.c.~1.83.~ 2003-03-05 15:24:08.0 +1100 +++ util_str.c 2003-03-05 15:57:16.0 +1100 @@ -430,6 +430,27 @@ BOOL str_is_all(const char *s,char c) return True; } + +/** + * In developer builds, clobber a region of memory. + * + * If we think a string buffer is longer than it really is, this ought + * to make the failure obvious, by segfaulting (if in the heap) or by + * killing the return address (on the stack), or by trapping under a + * memory debugger. + * + * This is meant to catch possible string overflows, even if the + * actual string copied is not big enough to cause an overflow. + **/ +void clobber_region(char *dest, size_t len) +{ +#ifdef DEVELOPER + /* F1 is odd and 0xf1f1f1f1 shouldn't be a valid pointer */ + memset(dest, 0xF1, len); +#endif +} + + /** Safe string copy into a known length string. maxlength does not include the terminating zero. @@ -444,13 +465,7 @@ char *safe_strcpy(char *dest,const char return NULL; } -#ifdef DEVELOPER - /* We intentionally write out at the extremity of the destination -* string. If the destination is too short (e.g. pstrcpy into mallocd -* or fstring) then this should cause an error under a memory -* checker. */ - dest[maxlength] = '\0'; -#endif + clobber_region(dest, maxlength+1); if (!src) { *dest = 0; @@ -499,6 +514,8 @@ char *safe_strcat(char *dest, const char dest[maxlength] = 0; return NULL; } + + clobber_region(dest + dest_len, maxlength - src_len); memcpy(dest[dest_len], src, src_len); dest[dest_len + src_len] = 0; @@ -516,6 +533,8 @@ char *alpha_strcpy(char *dest, const cha { size_t len, i; + clobber_region(dest, maxlength); + if (!dest) { DEBUG(0,(ERROR: NULL dest in alpha_strcpy\n)); return NULL; @@ -554,8 +573,12 @@ char *alpha_strcpy(char *dest, const cha char *StrnCpy(char *dest,const char *src,size_t n) { char *d = dest; + + clobber_region(dest, n+1); + if (!dest) return(NULL); + if (!src) { *dest = 0; return(dest); @@ -576,6 +599,8 @@ char *strncpyn(char *dest, const char *s char *p; size_t str_len; + clobber_region(dest, n+1); + p = strchr_m(src, c); if (p == NULL) { DEBUG(5, (strncpyn: separator character (%c) not found\n, c)); -- Martin
Re: [Samba] [Fwd: Re: GCC 3.3 release criteria]
Dan Kegel [EMAIL PROTECTED] wrote gcc is a great compiler, but as of gcc3.2.2, it can't compile Samba on Sparc with -O2. This has been marked as a high priority bug in the gcc bug tracking system, and should be fixed before the next release. To make such regressions less likely in the future, it would be helpful if somebody were to look at http://gcc.gnu.org/testing/ and submit a build-and-test guide for Samba to the maintainer of that page. This would make it more likely the gcc volunteers will do regression testing of new releases of gcc against Samba. Thanks for suggesting this. One problem is that Samba does not have a very good automated test suite yet. It would be hard for somebody trying to test gcc to know whether they had built a working Samba or not. So they might catch bugs which cause gcc to abort, but perhaps not code generation bugs. Perhaps you could try to summarize the Samba install instructions in the format the gcc folks want, and then forward it to the samba-technical list for review? -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd) FW: Starting a process from a windows client
- Forwarded message from Scattergood, Ivan [EMAIL PROTECTED] - I am hoping to run a Unix process from code running on a windows client, I am told this can be done using Samba, does any one have any example code to do this? Regards Ivan Scattergood London Software Development - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from johanhusselman@cks.co.za) Please help with smbprinting
- Forwarded message from Johan Husselmann [EMAIL PROTECTED] - From: Johan Husselmann [EMAIL PROTECTED] Subject: Please help with smb printing Date: Sat, 22 Feb 2003 19:17:40 +0200 To: [EMAIL PROTECTED] X-Mailer: Microsoft Outlook Express 6.00.2600. Can tou please help me to setup smb printing from red hat 7.3 to a windows2000 server with a epson lx300 printer connected. If you can mail me documention on how to setup smb printing to the windows server and how should the smb.conf file look like. email: [EMAIL PROTECTED] Thank you Johan Husselman - End forwarded message - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: win2000 server, linux client
On 21 Feb 2003, Marco Eyzaguirre [EMAIL PROTECTED] wrote: I have a win2000 domain controller in subnet 172.17.0.x and a linux server in 172.17.20.x (DHCP assign) The DC not solve the ip / netbiosname relation (A record i think..) like a win98 / NT /2000 If i ping the linux server from outside 172.17.20.x i receive this : ping 172.17.20.1 -- response ping dgalinux -- time out (dgalinux is the netbiosname of the linux server) Is this a problem of samba? i was searching a solution, patch or something like that, but i found nothing.. i have Redhat linux 8.0 and Samba 2.2.5 No, this is probably a routing or networking problem, not a Samba problem. Please try asking in a Linux support group -- you can probably find a Spanish language one. -- Martin
Re: technical support
On 19 Feb 2003, HAKIZIMANA Claude [EMAIL PROTECTED] wrote: Can you help me? You need to ask this kind of question on the users list, [EMAIL PROTECTED] -- Martin
[PATCH] leak in init_valid_table
util_unistr.c/init_valid_table in HEAD and 3.0 causes a 64k leak every time the configuration is loaded if there is no valid.dat file installed. (The pointer to the malloc'd valid_table is clobbered by the call to map_file.) It looks like it is intended that the valid table be recreated on each reload in case the dos codepage has changed. Is that right? The commit comment for 1.87 says that this should remove the need for valid.dat. Rather than fixing the leak I wonder if it would be better to now just remove valid.dat support altogether? If you don't want to do that, I think this patch will remove the leak. --- util_unistr.c.~1.99.~ 2003-02-21 14:05:33.0 +1100 +++ util_unistr.c 2003-02-21 14:14:20.0 +1100 @@ -105,27 +105,34 @@ static int check_dos_char(smb_ucs2_t c) **/ void init_valid_table(void) { - static int initialised; static int mapped_file; int i; const char *allowed = .!#$%'()_-@^`~; + uint8 *valid_file; - if (initialised mapped_file) return; - initialised = 1; + if (mapped_file) { + /* Can't unmap files, so stick with what we have */ + return; + } - valid_table = map_file(lib_path(valid.dat), 0x1); - if (valid_table) { + valid_file = map_file(lib_path(valid.dat), 0x1); + if (valid_file) { + valid_table = valid_file; mapped_file = 1; return; } - /* Otherwise, using a dynamically loaded one. */ + /* Otherwise, we're using a dynamically created valid_table. +* It might need to be regenerated if the code page changed. +* We know that we're not using a mapped file, so we can +* free() the old one. */ if (valid_table) free(valid_table); DEBUG(2,(creating default valid table\n)); valid_table = malloc(0x1); - for (i=0;i128;i++) valid_table[i] = isalnum(i) || - strchr(allowed,i); + for (i=0;i128;i++) + valid_table[i] = isalnum(i) || strchr(allowed,i); + for (;i0x1;i++) { smb_ucs2_t c; SSVAL(c, 0, i); -- Martin
Re: [Samba] Samba processes
DON'T SEND USER QUESTIONS TO SAMBA-TECHNICAL. Just curios under what circumstances the smbd runs as user id process ( unix id ) Broadly: it runs as a user when doing operations on behalf of that user, and as root when doing system tasks. and running as root is a security risk? No. If you want to offer smb services then it must run as root. If you don't need the service don't run the daemon. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from spoteet@hotmail.com) Windows 2000 Terminal Server RoamingProfiles
- Forwarded message from S Poteet [EMAIL PROTECTED] - Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from hotmail.com (dav61.sea2.hotmail.com [207.68.164.196]) by lists.samba.org (Postfix) with ESMTP id 7E67D2C05E for [EMAIL PROTECTED]; Tue, 18 Feb 2003 00:15:19 + (GMT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Feb 2003 16:15:15 -0800 X-Originating-IP: [66.68.162.152] From: S Poteet [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Windows 2000 Terminal Server Roaming Profiles Date: Mon, 17 Feb 2003 06:14:15 -0600 Message-ID: 000501c2d67e$168eb5f0$0301a8c0@ts1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0006_01C2D64B.CBF5CC90 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-OriginalArrivalTime: 18 Feb 2003 00:15:15.0556 (UTC) FILETIME=[CFB60240:01C2D6E2] Link: File-List Setting: Samba 2.2.7a PDC, Win2k Terminal Server (member of Samba PDC) Are there any settings within samba to set roaming profiles for Terminal sessions? A MS 2K DC has separate profile settings for Term Services. wsp - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd) HELP!HELP!
- Forwarded message from ???H?? [EMAIL PROTECTED] - DEAR ALL: I NEED YOUR HELP. I MANAGE AN AIX/R6 VER4.3. I WANT TO STORE DATA TO AN IBM PC SERVER. PLEASE TELL ME HOW TO INSTALL AND GET SAMBA FOR AIX VER 4.3. AND HOW TO SETUP SAMBA MAKE THAT AIX CANSTORE DATA TO AIX. THANKS VIGGEN - End forwarded message - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: SEGFAULT in HEAD
On 20 Feb 2003, Stefan (metze) Metzmacher [EMAIL PROTECTED] wrote: and the backtrace: #0 0x40325079 in wait4 () from /lib/libc.so.6 #1 0x4039d944 in __DTOR_END__ () from /lib/libc.so.6 #2 0x402c80e6 in system () from /lib/libc.so.6 #3 0x08183e8c in smb_panic (why=0x8221974 internal error) at lib/util.c:1406 #4 0x08174423 in fault_report (sig=11) at lib/fault.c:41 #5 0x08174476 in sig_fault (sig=11) at lib/fault.c:61 #6 signal handler called #7 0x402f1990 in free () from /lib/libc.so.6 (I'm probably telling you something you already know, but anyhow...) The fault occurred here. A segv in free() typically indicates that the heap has been corrupted at some earlier point, perhaps by writing over a dynamic buffer, a double-free() or something similar. A less common cause is passing a bad pointer to free(). The best way to debug this is to recreate the problem under Valgrind, or something like dmalloc or Purify. #8 0x080a3340 in reply_trans2 (conn=0x8312828, inbuf=0x404a7008 , outbuf=0x404c8008 , length=76, bufsize=131072) at smbd/trans2.c:3318 #9 0x080b442f in switch_message (type=50, inbuf=0x404a7008 , outbuf=0x404c8008 , size=76, bufsize=131072) at smbd/process.c:758 #10 0x080b44d0 in construct_reply (inbuf=0x404a7008 , outbuf=0x404c8008 , size=76, bufsize=131072) at smbd/process.c:788 #11 0x080b478e in process_smb (inbuf=0x404a7008 , outbuf=0x404c8008 ) at smbd/process.c:889 #12 0x080b5058 in smbd_process () at smbd/process.c:1291 #13 0x0807546f in main (argc=2, argv=0xb824) at smbd/server.c:904 #14 0x4029a7ee in __libc_start_main () from /lib/libc.so.6 -- Martin msg06230/pgp0.pgp Description: PGP signature
3.0 commit policy?
What is the commit policy for 3.0? Should all changes be moved from HEAD except ones that are explicitly too risky? Or only bug fixes? What about documentation? -- Martin
source location for samba test harnesses
After talking to Tim, I wanted to start committing to HEAD some test harnesses that will exercise internal bits of Samba, such as StrCaseCmp to start with. These will be small C files that link to -lbigballofmud and allow particular functions to be exercised from the command line, with a view to eventually calling them from a Python testing framework. They compile to relatively small executables, and they won't be built by default. What is a good location for the source? torture/ seems to be the closest existing directory. -- Martin
Re: [Samba] samba in a High Availability Configuration
On 18 Feb 2003, Matt Schillinger [EMAIL PROTECTED] wrote: I'm sorry to post High availability oriented questions to this list, but I was wondering about some samba configuration parameters and what options are available. You're welcome, this is on-topic here. What I am interested in, is seamless failover, completely hidden from the client in the middle of a copy.. Hopefully, they would only see a stall in the copy.. My understanding is that this is very hard (or impossible) to do at the moment. There is a lot of complicated statefulness in the CIFS protocol (unlike, say, NFS) and so switching to another server in the middle of an operation would, at the least, require a great deal of new development work in Samba. There would need to be some kind of shared storage between the two machines holding everything the server needs to know about active connections. This would be much deeper than just what's in the tdbs. Perhaps somebody more experienced can give more details. The best you can do is allow that connection to fail and then for the client to reconnect. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Networking linux machines in windows environment
On 19 Feb 2003, raj rajesh kalagarla [EMAIL PROTECTED] wrote: HI, I am a new user to this group. Presently I am doing networking linux machines in my windows network environment. I am able to access linux server from windows machines but I am not able to access linux server from linux workstation. Is samba server is enough for doing this task? Or some thing else is needed? You can use Samba and smbmount for this, but you might be better off using a native unix-unix protocol like NFS: http://nfs.sourceforge.net/nfs-howto/intro.html#WHAT -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Annoying Minor Bug In Winbind 2.2.x
On 18 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: I'm sorry - I'm probably doing something dumb, but I still get failures even with this patch - first, if I save the patch as it appeared in my Outlook window, then line 25 consists of a single left brace char, which results in : You can also download the patch from here http://pserver.samba.org/cgi-bin/cvsweb/samba/source/lib/util_sock.c.diff?r1=1.16.4.36r2=1.16.4.37 In general you can try using view source to get a version that's not folded/spindled/mutilated by Outlook, or the very cool unwrapdiff to try to fix the line wrapping. Thanks for persisting. -- Martin
(fwd from rsharpe@richardsharpe.com) Re: CVS update: samba/source/lib
-- Martin
(fwd from rsharpe@richardsharpe.com) Re: CVS update: samba/source/lib
doh doh doh - Forwarded message from Richard Sharpe [EMAIL PROTECTED] - From: Richard Sharpe [EMAIL PROTECTED] Subject: Re: CVS update: samba/source/lib Date: Wed, 19 Feb 2003 11:57:57 +1100 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] User-Agent: Mutt/1.5.3i On Wed, 19 Feb 2003 [EMAIL PROTECTED] wrote: Date: Wed Feb 19 00:27:38 2003 Author: jmcd Update of /home/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv11042/lib Modified Files: util_str.c Log Message: base64_decode() with heimdal libs, so I've renamed it base64_decode_inplace(). ^ Hmmm, I think there is a verb missing above, like rocks, or sucks, etc. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com - End forwarded message - -- Martin
Re: Annoying Minor Bug In Winbind 2.2.x
On 17 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: OK - I've been trying to apply the patch that Tim posted (to supersede Martin's first cut) to the Samba 2.2.7a source file for util_sock.c, but get errors applying the patch no matter what I do. Thanks for trying that. I guess the posted patch was against CVS, so could someone please repost the patch for the 2.2.7a-rel version of the file ? I'll do that. -- Martin If it's worth doing, it's worth doing for money.
Re: Annoying Minor Bug In Winbind 2.2.x
On 17 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: Here's what I get if I apply the posted patch : As I said I'll send you an update just for 2.2. But in general, in case you're interested, here are some tips on applying mismatched patches: MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c patch-util_sock.txt.orig patching file util_sock.c Hunk #1 succeeded at 1018 with fuzz 2 (offset 133 lines). Hunk #2 FAILED at 1037. Hunk #3 FAILED at 1094. 2 out of 3 hunks FAILED -- saving rejects to file util_sock.c.rej In general the best thing to do now is leave the main diff alone, and only work on the rejected parts in the .rej file. Basically you need to work out why patch thinks the 2.2 source file doesn't look like the before version of the rejected patch. After deleting the line containing #ifdef HAVE_UNIXSOCKET (because I noticed it doesn't appear in my 2.2.7a version of util_sock.c), I get a little further : MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c patch-util_sock.txt patching file util_sock.c Hunk #1 succeeded at 1018 with fuzz 2 (offset 133 lines). patch: malformed patch at line 102: @@ -966,25 +961,26 @@ Do you mean you deleted that line from the patch? That's probably what is causing the malformed patch error: the line numbers in the patch no longer add up. However, if you install the patchutils package, then you can run recountdiff to fix the lines up after you edit a diff, and it should then apply. patchutils is very very cool. -- Martin
interesting fact about StrCaseCmp
StrCaseCmp (and strequal) in HEAD has the interesting side-effect that it only compares the first PSTRING_LEN (1024) bytes of the strings. I suppose comparing strings longer than that is probably a bit unlikely, but it still seems kind of dangerous. Would it be OK to change it to use dynamic allocation? -- Martin
Re: interesting fact about StrCaseCmp
On 18 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote: Possibly only for long strings? But then that is probably micro-optimization. If we really cared about optimizing this function, then we would compare character-by-character rather than converting both strings to uppercase first. This is a bit hard for some wierd encodings I know, but it ought to be possible to do it in charcnv.c. The case where we compare, for example, a thousand-character string to the empty string is ridiculously slow at the moment. I don't know if this is a problem for Samba overall or not, so I'm not touching it at the moment. int StrCaseCmp(const char *s, const char *t) { pstring buf1, buf2; unix_strupper(s, strlen(s)+1, buf1, sizeof(buf1)); unix_strupper(t, strlen(t)+1, buf2, sizeof(buf2)); return strcmp(buf1,buf2); } -- Martin
Re: Detecting true64
On 17 Feb 2003, [EMAIL PROTECTED] wrote: Does anyone know how to detect a truu64 system in configure.in ? I'm going through my patchlist and there is a big optimisation that can be done on systems where the getgrnam() call works (True64 is listed as the only broken system) and I'd like to add this to all branches by adding a BROKEN_GETGRNAM define for True64. Note that it really is Tru64. I guess misspelling makes it more dynamic. config.guess should detect a hostname of something like alphaev7-dec-osf4.0f See e.g. http://studio.imagemagick.org/pipermail/magick-bugs/2002-November/000881.html configure.in should call AC_CANONICAL_HOST, and then examine $host_os, probably with something like case $host_os in osf*) ;; The config.guess is actually quite old compared to the current GNU distribution, so I might update that in HEAD and 3_0. This might improve correctness or robustness in detecting some platforms. -- Martin We use Film Gimp on all talking animal jobs -- Caroline Dahllöf
Doxygen janitor?
Is there any kind of consensus (he says, hopefully) that Doxygen is a good idea? If I'm looking at code is it OK to cleanup comments into standard form? -- Martin
Re: interesting fact about StrCaseCmp
On 18 Feb 2003, [EMAIL PROTECTED] wrote: What exactly do you want to do here ? I'm not clear what you mean? The thing I noticed is that StrCaseCmp (and indeed many charcnv function) truncate strings to 1024 characters. I got here following a Valgrind assertion which may or may not be related, but it certainly seems like a bug. What I was proposing in the first instance was to use talloced or malloced buffers rather than a fixed 1024 byte space. There are already some charcnv routines that do this and in any case it is straightforward to do it for other cases using the standard measure-allocate-copy method. Andrew expressed concern that allocating buffers would be inefficient, but these functions are already extremely inefficient so I don't think an extra malloc would matter. In fact, it's worse, because unix_strupper (for example) uses a 1024-*byte* buffer to hold a UCS2 string. I don't think it will overflow, but it will truncate any strings that pass through down to 512 characters. It's not so hard to imagine a 512-character string. Basically I just wanted to push on with moving away from pstrings/fstrings, which I understood from Andrew Tim to be the current direction. -- Martin
Re: CVS update: samba/source/rpc_parse
On 18 Feb 2003, [EMAIL PROTECTED] wrote: Please merge all these changes to 3.0 as well. OK. -- Martin
Re: [Samba] samba Digest, Vol 2, Issue 54
On 15 Mar 2003, [EMAIL PROTECTED] wrote: O email [EMAIL PROTECTED] foi alterado para [EMAIL PROTECTED], entretanto a sua mensagem foi redirecionada para o novo email. Atenciosamente, American BankNote Ltda This person has been unsubscribed. Please engage brain before starting autoresponder. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[PATCH] string_to_sid audit
In several cases, the return code from string_to_sid is not checked. So if the user enters a syntactically invalid SID, the program will proceed to use uninitialized data. This patch checks for a few such cases that I found. Can somebody please review it? Index: groupdb/mapping.c === RCS file: /data/cvs/samba/source/groupdb/mapping.c,v retrieving revision 1.44 diff -u -U6 -r1.44 mapping.c --- groupdb/mapping.c 2 Jan 2003 09:07:02 - 1.44 +++ groupdb/mapping.c 17 Feb 2003 04:21:37 - @@ -301,13 +301,17 @@ if(!init_group_mapping()) { DEBUG(0,(failed to initialize group mapping)); return(False); } map.gid=gid; - string_to_sid(map.sid, sid); + if (!string_to_sid(map.sid, sid)) { + DEBUG(0, (string_to_sid failed: %s, sid)); + return False; + } + map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); map.systemaccount=systemaccount; map.priv_set.count=priv_set.count; Index: nsswitch/wb_client.c === RCS file: /data/cvs/samba/source/nsswitch/wb_client.c,v retrieving revision 1.40 diff -u -U6 -r1.40 wb_client.c --- nsswitch/wb_client.c7 Aug 2002 07:28:24 - 1.40 +++ nsswitch/wb_client.c17 Feb 2003 04:21:37 - @@ -53,13 +53,14 @@ fstrcpy(request.data.name.dom_name, dom_name); fstrcpy(request.data.name.name, name); if ((result = winbindd_request(WINBINDD_LOOKUPNAME, request, response)) == NSS_STATUS_SUCCESS) { - string_to_sid(sid, response.data.sid.sid); + if (!string_to_sid(sid, response.data.sid.sid)) + return False; *name_type = (enum SID_NAME_USE)response.data.sid.type; } return result == NSS_STATUS_SUCCESS; } @@ -155,13 +156,14 @@ result = winbindd_request(WINBINDD_UID_TO_SID, request, response); /* Copy out result */ if (result == NSS_STATUS_SUCCESS) { - string_to_sid(sid, response.data.sid.sid); + if (!string_to_sid(sid, response.data.sid.sid)) + return False; } else { sid_copy(sid, global_sid_NULL); } return (result == NSS_STATUS_SUCCESS); } @@ -221,13 +223,14 @@ result = winbindd_request(WINBINDD_GID_TO_SID, request, response); /* Copy out result */ if (result == NSS_STATUS_SUCCESS) { - string_to_sid(sid, response.data.sid.sid); + if (!string_to_sid(sid, response.data.sid.sid)) + return False; } else { sid_copy(sid, global_sid_NULL); } return (result == NSS_STATUS_SUCCESS); } Index: python/py_lsa.c === RCS file: /data/cvs/samba/source/python/py_lsa.c,v retrieving revision 1.16 diff -u -U6 -r1.16 py_lsa.c --- python/py_lsa.c 23 Dec 2002 23:53:55 - 1.16 +++ python/py_lsa.c 17 Feb 2003 04:21:37 - @@ -232,23 +232,29 @@ memset(sids, 0, num_sids * sizeof(DOM_SID)); for (i = 0; i num_sids; i++) { PyObject *obj = PyList_GetItem(py_sids, i); - string_to_sid(sids[i], PyString_AsString(obj)); + if (!string_to_sid(sids[i], PyString_AsString(obj))) { + PyErr_SetString(PyExc_ValueError, string_to_sid +failed); + return NULL; + } } } else { /* Just a single element */ num_sids = 1; sids = (DOM_SID *)talloc(hnd-mem_ctx, sizeof(DOM_SID)); - string_to_sid(sids[0], PyString_AsString(py_sids)); + if (!string_to_sid(sids[0], PyString_AsString(py_sids))) { + PyErr_SetString(PyExc_ValueError, string_to_sid failed); + return NULL; + } } ntstatus = cli_lsa_lookup_sids(hnd-cli, hnd-mem_ctx, hnd-pol, num_sids, sids, domains, names, types); Index: rpc_parse/parse_net.c === RCS file: /data/cvs/samba/source/rpc_parse/parse_net.c,v retrieving revision 1.102 diff -u -U6 -r1.102 parse_net.c --- rpc_parse/parse_net.c 14 Feb 2003 23:04:02 - 1.102 +++ rpc_parse/parse_net.c 17 Feb 2003 04:21:38 - @@ -882,17 +882,19 @@ *ppsids = (DOM_SID2 *)talloc_zero(ctx, count * sizeof(DOM_SID2));
asking smart/polite questions (was Re: [Samba] !!ATTENTION NEWBIES!!)
On 13 Feb 2003, Neal Lawson [EMAIL PROTECTED] wrote: Well, i dont , feel that the newbies comment was in the spirit of the open source, This list is here to help people, and if sombody is asking a question, its part of the opensource comunity's responsibilty to try to help I don't know where you get this responsibility idea. I don't remember seeing your name on my paycheque. If you perceive a responsibility, you should answer questions or write documentation yourself. I'm a nice guy. I like helping people. But it really shits me that some people think that I'm *obliged* to help random people on the Internet, and that they're allowed to make rude and illiterate demands of free software developers. Not being fluent in English or being new to Linux is absolutely fine. Acting like an ass is not. I'm saying this in a constructive spirit: it is a demonstrable fact that well-formed, polite, thoughtful questions get answers and other ones get deleted. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] !!ATTENTION NEWBIES!!
On 13 Feb 2003, Pierrick Brossin [EMAIL PROTECTED] wrote: You can also do what I do. Nicely answer the question and then point out a few pieces of material that could assist that newb in expanding their knowledge to a level closer to those of us who were once newbs ourselves. You may make more friends, gain respect and also flex the muscles within your own mind going over the little things that you might not have looked at in a little while. And please, if you see something strange or incorrect in the manual, then point it out so that it can be corrected. I think all Chris was asking for was a little respect on both sides: please do your homework before asking a question, and please treat nicely people who do ask. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: query about rpcclient process_cmd:
On 13 Feb 2003, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Hash: SHA1 On Thu, 13 Feb 2003, Martin Pool wrote: rpcclient.c/process_cmd has if (cmd[strlen(cmd) - 1] == '\n') cmd[strlen(cmd) - 1] = '\0'; if (!next_token(p, buf, , sizeof(buf))) { return NT_STATUS_OK; } /* strip the trainly \n if it exsists */ len = strlen(buf); if (buf[len-1] == '\n') buf[len-1] = '\0'; Isn't the second check for newline redundant? Looks like it to me. Actually, Tim made the very good suggestion that we ought to change this to use popt, rather than the current half-assed string handling. I might make a patch to do this later. -- Martin msg06064/pgp0.pgp Description: PGP signature
Re: password quality script aka --with-cracklib replacement
On 14 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote: a) If we want the password-quality script to handle this, I think we'll all agree, storing clear text password is really not a good idea. Perhaps the interface should provide the new encrypted passwords to the external program -- if administrators don't have easy access to the encrypted password, some will probably endup use the cleartext one :( I think this complicates the issue - smbd would then be involved in key management etc - and that just gets messy. A generally useful interface needs to provide the cleartext password. (For example, as I mentioned earlier, our domain controller forbids passwords which have too many characters in common with an earlier password. I can't see this in the Domain Controller Security Policy, but perhaps it's a plug in or configured somewhere else.) Hopefully we can ship enough standard modules that people won't want to write random insecure implementations. But if they want to, they can. We already use PAM, and we should use it for all the things it's intended to do, but this is not something it was intended to do. I really disagree, I think this is exactly the sort of thing PAM is good for: providing a standard interface for doing authentication-related things, without needing to invent a new interface for each. PAM replaces a pile of little messy solutions and we should really not add a new custom protocol back in. Using PAM also allows the code to be reused for passwords changed through other mechanisms (web interfaces, ...) (Because we are not asking it to store the password). I don't understand this one... Having PAM modules which check a proposed password change rather than storing it is absolutely fine -- look at the existing strength-checking systems. http://www.kernel.org/pub/linux/libs/pam/modules.html Basically PAM just provides a standard way of having a little conversation about a new password. Ain't people moving towards pdb LDAP backend using the included LDAP support in Samba instead of using PAM? LDAP and PAM solve different problems. PAM is the interface from the application to the security module; LDAP is the database. It could make sense to have a module which talks PAM to Samba and stores its data in LDAP. We could add an attribute password quality runas root (true/false) in smb.conf . Should we? Only add it if you can describe a case where running it as root wouldn't work. 5) Protocol Do we agree on the following for version: 1\n? I think you should use a PAM API rather than a subprocess. But if you insist on a subprocess, I think this is OK. The script would only send a different value if it was found that MS was using a different value. Allowing a hexadecimal number is both perfectly practical, and solves this little issue. Yes, please just send the number. -- Martin
Re: password quality script aka --with-cracklib replacement
On 14 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote: Do we even need to save the decrypted password? A colleague once saved old encrypted passwords to allow the do they really know the old one test to be done via challange-response. Different scripts might want to store various things derived from the old password. If you want to prevent reuse of old passwords, then you should store the result of some kind of trapdoor function applied to the function. Hashing the password is desirable because it helps avoid compromise of old passwords if an attacker accesses the database. However, some people want to check that the new password is not similar to a previous password, using some kind of soundex or edit-distance algorithm. I'm pretty sure NT domain controllers can do this, or be programmed to do so. This requires storing the unencrypted old passwords so that you can do such comparisons. (Or I suppose you could be really smart and invent a hashed format such that similar passwords produce similar hashes, without allowing the password to be retrieved from the hash.) But in general I think you want to allow the script the chance of having the unencrypted, unhashed, password. If it wants to discard information then it can. -- Martin msg06067/pgp0.pgp Description: PGP signature
Re: password quality script aka --with-cracklib replacement
On 12 Feb 2003, Andrew Bartlett [EMAIL PROTECTED] wrote: Because we don't have the old password, doing this via PAM doesn't work. The pam_cracklib module doesn't apply the test if it's run as root, and won't run without the old password as a normal user. I know it won't work with the existing pam_cracklib module. What I was asking was whether it is possible to write a new module that connects using PAM and which does provide the right checks, rather than inventing a new plugin interface. The PAM module might store previous passwords in a database (e.g. tdb) that it maintains. Every time a password is set, it gets put in there, with any other appropriate information (date?). When a new password-setting attempt is made, it checks against the history, plus other strength checks. I know PAM's configuration method is a bit gross, but standard is better than better. Since libraries can't be setuid it would need to be invoked by smbd as root, but that probably make sense anyhow as you say. Personally I would use something like a tdbpacked string, which avoids worries about strange characters or string parsing, and is easy to handle in C, Perl, and Python. This is an interesting idea - but how available is the interface for our particular custom string format? There is a Python library to decode them. Writing one for Perl would be quite trivial: perhaps 100 lines and half an hour. NT_STATUS_OK # New password accepted NT_STATUS_ACCESS_DENIED # Error occured in the script NT_STATUS_PASSWORD_RESTRICTION # Too short, weak, etc. I suggested the string - I don't think sending the hex value adds much, and makes it less self-documenting. Parsing the string is trivial, as we already have the lookup routines (I use it for a custom-hack auth module). We could certainly allow both - which would allow a new NTSTATUS code to be used in the unlikely event a useful one appears in this context. You can perhaps imagine a script that wants to be a proxy to some other service that returns arbitrary error codes, so translating to and from strings would be a waste of time and effort. So we ought to at least allow numeric values, as you say. Why make it optional, though? There's already space for a human-readable description string. Presumably the script will use symbolic names for all the values, so the code will be self-documenting which is the most important part. All these protocols send numeric values, so it's better to be consistent. (For example, wbinfo prints out hex ntstatus values.) -- Martin
samba doxygen autogeneration
I've set up a cron script to autogenerate Doxygen from HEAD, 2_2 and APPLIANCE_HEAD on samba.org: http://samba.org/doxygen/ This rebuilds every day from the anoncvs checkout. Thanks to Andrew for reminding me to do this. -- Martin
Re: Winbindd limited by select
On 12 Feb 2003, Michael Steffens [EMAIL PROTECTED] wrote: It's 60 by default after installation, but is tunable (with reboot). Maybe hp should sell per-fd licences :-/ The solution (and this should also work on other platforms) was to have winbindd housekeep its client connections by shutting down idle connections, and have clients reconnect when required: http://lists.samba.org/pipermail/samba-technical/2003-February/042210.html The threshold was chosen to be 100 active connections, which keeps winbindd well below 300 FDs. Below 140, actually, including network sockets and open database and log files. I wonder how well it would work to have one winbindd process per n clients, in addition to shutting down idle clients... -- Martin msg06032/pgp0.pgp Description: PGP signature
query about rpcclient process_cmd:
rpcclient.c/process_cmd has if (cmd[strlen(cmd) - 1] == '\n') cmd[strlen(cmd) - 1] = '\0'; if (!next_token(p, buf, , sizeof(buf))) { return NT_STATUS_OK; } /* strip the trainly \n if it exsists */ len = strlen(buf); if (buf[len-1] == '\n') buf[len-1] = '\0'; Isn't the second check for newline redundant? -- Martin
Re: CVS update: samba/source/printing
On 12 Feb 2003, [EMAIL PROTECTED] wrote: $ cvs log -r1.9.2.14 tdb/tdbutil.c revision 1.9.2.14 date: 2002/11/27 01:51:43; author: jra; state: Exp; lines: +21 -25 SMBencrypt needs dos codepage also. Change tdb_pack/unpack to take a function pointer applied to all strings if it exists. Jeremy. Sorry about that. I'll watch for these nasty differences more closely in future. The patch I originally sent for this kept them in line -- it would have been better to do the conversion in the HP Python code than to put this in tdbpack. I'm sure you had a good reason in the heat of battle though. -- Martin
Re: rpcclient adddriver: core dump
On 12 Feb 2003, Ronan Waide [EMAIL PROTECTED] wrote: Samba HEAD Looks like it's triggered by not closing quotes: [root@workst1 root]# rpcclient -U admin%passwd -W GROUP workst1 -d2 added interface ip=192.168.168.250 bcast=192.168.168.255 nmask=255.255.255.0 rpcclient $ adddriver Windows 4.0 HP CL 8500 - PCL:HPCPCLA.DLL:HP_LJ85.PPD:HPCPCLA1.DLL:H Segmentation fault i'll have a look. (the second param to addriver is incomplete due to a cut-and-paste mishap; hitting return on it produces the segv.) -- Martin
ml-etiquette (was Re: CVS update: sambaweb)
On 12 Feb 2003, [EMAIL PROTECTED] wrote: Update of /data/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv30335 Modified Files: archives.html Added Files: ml-etiquette.html Log Message: adding note about ml etiquette That looks good. I added a link to this to the listinfo page. -- Martin
Re: password quality script aka --with-cracklib replacement
On 11 Feb 2003, Pierre Belanger [EMAIL PROTECTED] wrote: What is it? I have my own comments at the end ... From the documentation I wrote (even if I'm French I think it's not that bad!?!?!?): This looks good to me. Would it be possible to do this as a PAM module called by Samba? (Possibly not, or not appropriate, but I thought I'd ask.) Presumably if the script is set in the smb.conf but can't be run then Samba ought to fail closed and deny the change request. Is there any need to allow changes by the administrator to bypass this check? Full path to the script that will be called when a request for change password is received. It will be run by smbd as non-ROOT. The script is responsible to accept or refuse the new password based on its own rules. As an example, it can be a script refusing a weak password based on a dic- tionary word. OK, that sounds good. For things like preventing password reuse the script will need to keep a database of (probably hashed) old passwords. It's probably best to keep this functionality out of smbd. Are there permissions problems in the script maintaining state such as this? The interface ought to define whether the script will be run under the uid of the person whose password is being changed. Perhaps some scripts will need to be setgid to store information in a file not accessible to the user -- after all the point of this is to impose restrictions on what the user can do. In fact, it seems to me that to be really secure, this operation *must not* be done under the uid whose password is being changed: enforcing security from a process under the control of that user is very weak. Samba back end communicates with the password quality program by writing data to its STDIN and reading data from its STDOUT. Samba writes a block of data in Field:value\n terminated by a .\n at the beginning of a new line. 1) smbd to --- Password quality script STDIN Version:smbd-version-string\n Username:username\n Fullname:fullname\n Password:new-password\n .\n This seems conceptually good, but I have a few comments on the format. The interface definition ought to say that the strings are sent in UTF-8. Using \n for a delimiter seems like asking for trouble; such as a fullname or new password containing that character. I'd suggest \0. I don't think this has to be a human-readable protocol. I am not sure that the headings like Version: really add much. If you're going to use something like RFC822 then it ought to be a closer match, with a space after the colon. Similarly, rather than the final dot, why not close the connection? Perhaps it would be better to specify the protocol version, rather than the smbd version? i.e. just send Version: 1 at first. A script written today doesn't know what future version numbers will be. Personally I would use something like a tdbpacked string, which avoids worries about strange characters or string parsing, and is easy to handle in C, Perl, and Python. NTStatus:ntstatus-string\n Result:result-string\n .\n The ntstatus-string value must used one the pre- defined NTSTATUS (nterr.h) values. In this context: NT_STATUS_OK # New password accepted NT_STATUS_ACCESS_DENIED # Error occured in the script NT_STATUS_PASSWORD_RESTRICTION # Too short, weak, etc. I think you should send the hex value, not the string. The result-string value is used to provide informa- tion (debug info) to smbd. For examples: NTStatus:NT_STATUS_PASSWORD_RESTRICTION\n Result:Password is based on dictionary word\n or NTStatus:NT_STATUS_OK\n Result:New password is accepted\n smbd will always return an error to the client and does not change the current password unless the NTStatus value is equal to NT_STATUS_OK and the exit status of the script equal to 0. Default: password quality script = empty string Example: password quality script = /usr/local/samba/sbin/password-quality.pl Do you wonder why sending the smbd-version-string? Perhaps in the future a new NTSTATUS will be added. The only way for the external program to know if it can use the new value is by knowing the version of Samba! There are other possible examples. If you send the hex value, then it doesn't matter if Samba understands the code or not -- it can just pass it back to the client. Anyhow, I don't think it's likely that the script authors will know
background updates of print queues via a dedicated process
The Samba 3.0 roadmap mentions this as a wishlist item for 3.x. I'm interested in looking at it. Has anybody else already worked on it? It seemed like it would involve a separate smbd process repeatedly parsing the output of lpq and feeding it into a database, rather than this being done on-demand from a regular smbd child. I suppose when some change is noticed it will have to send a message to prod other smbds. It might be good for there to also be a way for the spooler to notify Samba when something has happened, so as to avoid polling. This seems like it might help print server efficiency with many jobs or printers. Am I on the right track? -- Martin msg05981/pgp0.pgp Description: PGP signature
Re: background updates of print queues via a dedicated process
On 11 Feb 2003, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: It seemed like it would involve a separate smbd process repeatedly parsing the output of lpq and feeding it into a database, rather than this being done on-demand from a regular smbd child. I suppose when some change is noticed it will have to send a message to prod other smbds. or the child smbd can always assume that it is up to date (of course locking during an update makes sure that a smbd doesn't get a half done queue listing). I was thinking of the way smbd needs to notify waiting clients when the print queue changes. I guess the notification doesn't need to happen straight away. It might be good for there to also be a way for the spooler to notify Samba when something has happened, so as to avoid polling. CUPS might support this. I dunno. or it could be added to lpd of course. Yes, this might be added to the hp lpd, for example. Generating and parsing 50,000 lines of lpq output has got to be less efficient than lpq just sending job 585 complete as appropriate. This is kind of a second-stage task though. -- Martin msg05984/pgp0.pgp Description: PGP signature
Re: background updates of print queues via a dedicated process
On 12 Feb 2003, Tim Potter [EMAIL PROTECTED] wrote: My idea which I've probably told a couple of you is to use kernel dnotify stuff to work out when jobs are spooled or removed. So a daemon would get a signal when a spool file is created and add that to printing.tdb. When the file completes spooling lpd deletes it and the daemon gets another signal saying that file has deleted. A problem with that is that it exposes the internals of the lpd to samba, whereas at the moment they're more or less hidden. (Consider a spooler which has nested queue directories, like squid or Postfix.) But I'll leave space to add this mechanism as well. -- Martin
Re: Annoying Minor Bug In Winbind 2.2.x
On 7 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: Thanks - that was it. I now have a script /usr/local/bin/winbind, which does umask 000 /etc/init.d/winbind $1 umask 027 and everything is working ok now - I can stop restart winbind to my heart's content without any problem (well no socket directory permissions problems anyway ;-) You would be better off -- and you would be helping us too -- if you would apply the patch and let us know if it works. (I'm pretty sure it will, but it's always worth testing.) That way, rather than a temporary workaround, there will be a proper fix for future releases. Thanks, [ I'm afraid I always run with umask=027 ... it's a hangover from my mainframe days ... I can't get away from the idea that you should grant only the access that is needed ... all files world-readable by default ? ... Just Say No ] That's fine, winbindd ought to work with that. -- Martin
[PATCH] umask audit
Following on from the bug in winbindd this morning I did a quick grep for umask. In HEAD/client/client.c main(), there is a pair of calls to umask. It looks to me like they're trying to retrieve the current umask without changing it. However, the retrieved value is never used. (Did I miss something?) Therefore I think the calls ought to be deleted. --- client.c.~1.230.~ 2003-01-13 15:46:34.0 +1100 +++ client.c2003-02-07 15:33:13.0 +1100 @@ -73,8 +73,6 @@ extern BOOL tar_reset; /* clitar bits end */ -static mode_t myumask = 0755; - static BOOL prompt = True; static int printmode = 1; @@ -2756,8 +2754,6 @@ static void remember_query_host(const ch pstrcpy(workgroup,lp_workgroup()); load_interfaces(); - myumask = umask(0); - umask(myumask); if (getenv(USER)) { pstrcpy(username,getenv(USER)); This code was apparently copied and pasted into rpctorture.c and is also redundant there. --- rpctorture.c.~1.12.~2002-02-04 11:53:12.0 +1100 +++ rpctorture.c2003-02-07 15:35:08.0 +1100 @@ -225,7 +225,6 @@ enum client_action pstring term_code; BOOL got_pass = False; char *cmd_str=; - mode_t myumask = 0755; enum client_action cli_action = CLIENT_NONE; int nprocs = 1; int numops = 100; @@ -290,9 +289,6 @@ enum client_action setup_logging(pname, True); - myumask = umask(0); - umask(myumask); - if (!get_myname(global_myname)) { fprintf(stderr, Failed to get my hostname.\n); -- Martin
Re: [PATCH] umask audit
In addition, wrepld sets its umask to 0. Is that really necessary? -- Martin
Re: [Samba] Can't unzip package
On 28 Jan 2003, Christian Campbell [EMAIL PROTECTED] wrote: I just upgraded to Solaris 8, and downloaded the the following binary package from www.samba.org http://www.samba.org : samba-2.2.7-sol8-suncc-64bit.pkg.gz When trying to gunzip it, here is my output: /home/ccampbell # gunzip samba-2.2.7-sol8-suncc-64bit.pkg.gz gunzip: samba-2.2.7-sol8-suncc-64bit.pkg.gz: not in gzip format It's OK on Samba.org. This is the MD5sum: 24487f0c928d37e453a109eb1271d13f /home/ftp/pub/samba/Binary_Packages/solaris/Sparc/samba-2.2.7-sol8-suncc-64bit.pkg.gz -- Martin msg13275/pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Patch for Samba 2.2.6 2.2.7 to work on OS X
On 16 Jan 2003, [EMAIL PROTECTED] wrote: On Thu, Jan 16, 2003 at 01:07:34AM -0500, Michael Bennett wrote: [setregid() fails] So... comments? Does the patch Do The Right Thing? Think this patch or something similar could get merged sometime? :) A patch like that would get accepted immediately. Without it, we have to write the feature test. I think the setuid demystified paper describes how to do setregid() reliably and portably. -- Martin
Re: CVS update: sambaweb/support
On 28 Jan 2003, [EMAIL PROTECTED] wrote: Date: Tue Jan 28 07:58:16 2003 Author: idra Update of /data/cvs/sambaweb/support In directory dp.samba.org:/tmp/cvs-serv18414 Modified Files: italy.html Log Message: new company ATLINK SRL Thanks! -- Martin
[Samba] list filtering
Because of the enormous amount of traffic being generated by Windows viruses[0] I have turned on Mailman attachment filtering on the high-traffic samba.org lists. Lists will now pass only text/plain MIME parts through to the list. multipart/alternative messages with both text and html forms will have the HTML form removed, and messages in only HTML will be squashed to text. Messages which cannot be handled in any of these ways will be rejected. To send patches or log files to the list, you need to either insert them inline into your message, or make sure they're marked as text/plain. On most systems, just making the name be *.txt should be sufficient. I hope everybody's enjoying their SQL Server experience :-) -- Martin samba.org postmaster [0] ... automated notifications about viruses, users complaining about viruses, users complaining about automated notification, users complaining about users complaining, scanners complaining about perfectly ordinary attachments, etc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
list filtering
Because of the enormous amount of traffic being generated by Windows viruses[0] I have turned on Mailman attachment filtering on the high-traffic samba.org lists. Lists will now pass only text/plain MIME parts through to the list. multipart/alternative messages with both text and html forms will have the HTML form removed, and messages in only HTML will be squashed to text. Messages which cannot be handled in any of these ways will be rejected. To send patches or log files to the list, you need to either insert them inline into your message, or make sure they're marked as text/plain. On most systems, just making the name be *.txt should be sufficient. I hope everybody's enjoying their SQL Server experience :-) -- Martin samba.org postmaster [0] ... automated notifications about viruses, users complaining about viruses, users complaining about automated notification, users complaining about users complaining, scanners complaining about perfectly ordinary attachments, etc
[Samba] (fwd from sascha.bieler@radiogong.de) Samba 3alpha21
Sascha, please send your message to the mailing list in future, not to the list administrator. Where do people get the idea that this is the right address?? - Forwarded message from Radio Gong 2000 GmbH Co. KG [Technik] [EMAIL PROTECTED] - From: Radio Gong 2000 GmbH Co. KG [Technik] [EMAIL PROTECTED] Subject: Samba 3alpha21 Date: Mon, 20 Jan 2003 10:57:06 +0100 To: [EMAIL PROTECTED] X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Bogosity: No, tests=bogofilter, spamicity=0.00, version=0.9.1.2 Hi MastersOfSamba, at the weekend I felt a little bit like I have to help you in bug finding in the 3alpha21-release and I installed it over my pretty good working 2.2.7a. First of all I have to say that my samba is working as PDC emulating an NT4-DC. And i saw some very strange things. 1. Profiling is no longer working while using the same smb.conf as I used with 2.2.7a 2. In the shares I fond some new files, no one has created. Also I found some folders with the same names and this several times. For Example, I had 5 folders named 'K' or just three files named 'B'. I was not able to delete them and when I replaced the 3alpha21 against the old 2.2.7a the don't exist any longer. Greetings and hope this will help you a bit Sascha P.S.: If you like to have my smb.conf - let me know Radio Gong 2000 GmbH Co KG Sascha Bieler Technischer Leiter Franz-Joseph-Strasse 14 80801 München Fon: 089 - 38 166 181 - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[patch] winbindd: try to fix 'restrict anonymous=1'
hp CR1501 and friends This patch tries to make winbindd cope with the security option 'restrict anonymous=1' on NT4 and W2kS. When this option is set, the DC disallows SAMR calls on unauthenticated connections, but does allow LSA translations between names and sids. Obviously winbindd can't be fully functional in this case, but it ought to be able to still do these operations -- in particular, with this patch wbinfo -n works, while it does not work without it. I'm not sure this is right yet but I'd appreciate comments. If this is correct, I think it ought to be ported to HEAD and 3.0 as well. It seems to work for me. As Tim suggested I used both built in (Administrator) and otherwise (jrhacker) SIDs for testing. This partially reverts the cached failure case, and possibly causes winbindd to hammer on dcs that just don't want to talk to it. You can imagine a more detailed fix that specifically detects the ra=1 case and handles it by using only LSA. From what I know, it doesn't seem specifically handling that, though perhaps it would be so in HEAD. Incidentally, gdb remote mode absolutely rocks for debugging appliances. Thanks to Tim for patient help. Index: nsswitch/winbindd_cache.c === RCS file: /data/cvs/samba/source/nsswitch/winbindd_cache.c,v retrieving revision 1.5.2.8 diff -u -r1.5.2.8 winbindd_cache.c --- nsswitch/winbindd_cache.c 31 Oct 2002 23:56:32 - 1.5.2.8 +++ nsswitch/winbindd_cache.c 20 Jan 2003 10:43:58 - @@ -201,7 +201,8 @@ refresh the domain sequence number. If force is True then always refresh it, no matter how recently we fetched it */ -static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) +static NTSTATUS refresh_sequence_number(struct winbindd_domain *domain, + BOOL force) { NTSTATUS status; unsigned time_diff; @@ -210,7 +211,7 @@ /* see if we have to refetch the domain sequence number */ if (!force (time_diff lp_winbind_cache_time())) { - return; + return NT_STATUS_OK; } status = wcache-backend-sequence_number(domain, domain-sequence_number); @@ -238,6 +239,8 @@ DEBUG(10, (refresh_sequence_number: seq number is now %d\n, domain-sequence_number)); + + return status; } /* @@ -276,8 +279,18 @@ TDB_DATA data; struct cache_entry *centry; TDB_DATA key; + NTSTATUS result; - refresh_sequence_number(domain, False); + result = refresh_sequence_number(domain, False); + + /* Treat an access denied result from refresh_sequence_number as a + cache miss. Access denied is returned when the domain + controller disallows anonymous access. Perhaps we should treat + any error as a miss although that might increase the time it + takes winbindd to determine if a domain controller is down. */ + + if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) + return NULL; va_start(ap, format); smb_xvasprintf(kstr, format, ap); @@ -738,9 +751,15 @@ do_query: ZERO_STRUCTP(sid); - /* Return status value returned by seq number check */ + /* If the seq number check indicated that there is a problem +* with this DC, then return that status... except for +* access_denied. This is special because the dc may be in +* restrict anonymous = 1 mode, in which case it will deny +* most unauthenticated operations, but *will* allow the LSA +* name-to-sid that we try as a fallback. */ - if (!NT_STATUS_IS_OK(domain-last_status)) + if (!(NT_STATUS_IS_OK(domain-last_status) + || NT_STATUS_EQUAL(domain-last_status, NT_STATUS_ACCESS_DENIED))) return domain-last_status; status = cache-backend-name_to_sid(domain, name, sid, type); @@ -784,9 +803,16 @@ do_query: *name = NULL; - /* Return status value returned by seq number check */ - if (!NT_STATUS_IS_OK(domain-last_status)) + /* If the seq number check indicated that there is a problem +* with this DC, then return that status... except for +* access_denied. This is special because the dc may be in +* restrict anonymous = 1 mode, in which case it will deny +* most unauthenticated operations, but *will* allow the LSA +* sid-to-name that we try as a fallback. */ + + if (!(NT_STATUS_IS_OK(domain-last_status) + || NT_STATUS_EQUAL(domain-last_status, NT_STATUS_ACCESS_DENIED))) return domain-last_status; status = cache-backend-sid_to_name(domain, mem_ctx, sid, name, type); -- Martin
Re: smbmount doesn't complain about wrong arguments
On 19 Jan 2003, Christian Jaeger [EMAIL PROTECTED] wrote: Hello I don't have the time to pursue this further at the moment, just wanted to note it: The arguments syntax of smbmount 2.2.3a (smbfs of Debian stable) requires that one gives -o before further options like username=... . Without -o, the username=.. setting is *silently* ignored. I've spent about an hour trying to find out why I couldn't log in now.. I'd say this is a bug. Is there a reason that smbmount doesn't complain? The argument parser is a mess and ought to be fixed. -- Martin
[PATCH] fix pointer error in appl_head loadparm.c
hp CR 1548 This patch fixes a problem I observed where there were error messages relating to getpwent /usr/bin/passwd, which is obviously a pretty unlikely username. Investigation showed that the problem comes from the 1.247.2.52 patch to loadparm.c (appliance_head only), which replaces some configuration parameters with two-entry arrays containing both dos and unix values. The complicated macros for decoding these things has an error which caused the array indexing to be carried out one level too high in the tree of pointers. (We got a[1][0] when we wanted a[0][1], basically.) So the core change is * (ptr[1]) into (* ptr)[1] The attached patch is a minimally-intrusive attempt to fix this. It also removes some unncessary typecasts which might mask warnings without apparently doing anything useful. I have to say it still looks pretty crufty, but I didn't want to risk a larger change, and in any case this particular problem is only in appliance_head. It seems that in the current code any caller to the lp_*_dos() functions will get the wrong value! Can somebody please review this? --- loadparm.c.~1.247.2.54.~2003-01-07 16:12:23.0 +1100 +++ loadparm.c 2003-01-17 15:46:36.0 +1100 @@ -1518,28 +1518,38 @@ static char *lp_string(const char *s, BO /* - In this section all the functions that are used to access the - parameters from the rest of the program are defined + In this section all the functions that are used to access the + parameters from the rest of the program are defined */ #define FN_GLOBAL_STRING(fn_name,ptr) \ - char *fn_name(void) {return lp_string(*(char **)(ptr) ? *(char **)(ptr) : ,False);} + char *fn_name(void) {return lp_string(*(ptr) ? *(ptr) : ,False);} + #define FN_GLOBAL_STRING_UNIX(fn_name,ptr) \ - char *fn_name(void) {return lp_string((*(char **)((ptr))[UNIX_STRING_OFFSET]) ? *(char **)((ptr)[UNIX_STRING_OFFSET]) : , False);} + char *fn_name(void) {return lp_string((*(ptr))[UNIX_STRING_OFFSET] ? (* +(ptr))[UNIX_STRING_OFFSET] : , False);} + +/* ptr is a pointer to an array of 2 pointers to strings */ #define FN_GLOBAL_STRING_DOS(fn_name,ptr) \ - char *fn_name(void) {return lp_string((*(char **)((ptr))[DOS_STRING_OFFSET]) ? *(char **)((ptr)[DOS_STRING_OFFSET]) : , True);} + char *fn_name(void) {return lp_string((*(ptr))[DOS_STRING_OFFSET] ? (* +(ptr))[DOS_STRING_OFFSET] : , True);} + #define FN_GLOBAL_CONST_STRING(fn_name,ptr) \ -const char *fn_name(void) {return(const char *)(*(char **)(ptr) ? *(char **)(ptr) : );} +const char *fn_name(void) {return (*(ptr) ? *(ptr) : );} + #define FN_GLOBAL_CONST_STRING_UNIX(fn_name,ptr) \ -const char *fn_name(void) {return(const char *)(*(char **)((ptr)[UNIX_STRING_OFFSET]) ? *(char **)((ptr)[UNIX_STRING_OFFSET]) : );} +const char *fn_name(void) {return (*(ptr))[UNIX_STRING_OFFSET] ? +(*(ptr))[UNIX_STRING_OFFSET] : ;} + #define FN_GLOBAL_CONST_STRING_DOS(fn_name,ptr) \ -const char *fn_name(void) {return(const char *)(*(char **)((ptr)[DOS_STRING_OFFSET]) ? *(char **)((ptr)[DOS_STRING_OFFSET]) : );} +const char *fn_name(void) {return (*(ptr))[DOS_STRING_OFFSET] ? +(*(ptr))[DOS_STRING_OFFSET] : ;} + #define FN_GLOBAL_LIST(fn_name,ptr) \ char **fn_name(void) {return(*(char ***)(ptr));} + #define FN_GLOBAL_BOOL(fn_name,ptr) \ BOOL fn_name(void) {return(*(BOOL *)(ptr));} + #define FN_GLOBAL_CHAR(fn_name,ptr) \ char fn_name(void) {return(*(char *)(ptr));} + #define FN_GLOBAL_INTEGER(fn_name,ptr) \ int fn_name(void) {return(*(int *)(ptr));} -- Martin msg05409/pgp0.pgp Description: PGP signature