[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 77f3730 auth: fix a memory leak in gssapi_get_session_key() via a646d9e s3-libads: fix a memory leak in ads_sasl_spnego_bind() from c9d61db ctdb-build: Exit if requested feature cannot be built https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 77f3730295735dc9465c8e3d07fc761c83761b6e Author: Uri Simchoni <u...@samba.org> Date: Sun Jul 3 22:50:22 2016 +0300 auth: fix a memory leak in gssapi_get_session_key() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006 Signed-off-by: Uri Simchoni <u...@samba.org> Signed-off-by: Richard Sharpe <rsha...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Wed Jul 6 00:40:15 CEST 2016 on sn-devel-144 commit a646d9e796902dcb5246eb585433d4859796be2f Author: Uri Simchoni <u...@samba.org> Date: Sun Jul 3 22:51:56 2016 +0300 s3-libads: fix a memory leak in ads_sasl_spnego_bind() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006 Signed-off-by: Uri Simchoni <u...@samba.org> Signed-off-by: Richard Sharpe <rsha...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> --- Summary of changes: auth/kerberos/gssapi_pac.c | 7 +-- source3/libads/sasl.c | 5 - 2 files changed, 5 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index 685d0ec..74c199a 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -246,6 +246,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, int diflen, i; const uint8_t *p; + *keytype = 0; if (set->count < 2) { #ifdef HAVE_GSSKRB5_GET_SUBKEY @@ -256,10 +257,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, if (gss_maj == 0) { *keytype = KRB5_KEY_TYPE(subkey); krb5_free_keyblock(NULL /* should be krb5_context */, subkey); - } else -#else - { - *keytype = 0; } #endif gss_maj = gss_release_buffer_set(_min, ); @@ -270,7 +267,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, gse_sesskeytype_oid.elements, gse_sesskeytype_oid.length) != 0) { /* Perhaps a non-krb5 session key */ - *keytype = 0; gss_maj = gss_release_buffer_set(_min, ); return NT_STATUS_OK; } @@ -280,7 +276,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, gss_maj = gss_release_buffer_set(_min, ); return NT_STATUS_INVALID_PARAMETER; } - *keytype = 0; for (i = 0; i < diflen; i++) { *keytype = (*keytype << 7) | (p[i] & 0x7f); if (i + 1 != diflen && (p[i] & 0x80) == 0) { diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 10f63e8..d76d872 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -696,7 +696,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) struct berval *scred=NULL; int rc, i; ADS_STATUS status; - DATA_BLOB blob; + DATA_BLOB blob = data_blob_null; char *given_principal = NULL; char *OIDs[ASN1_MAX_OIDS]; #ifdef HAVE_KRB5 @@ -792,6 +792,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) done: ads_free_service_principal(); TALLOC_FREE(frame); + if (blob.data != NULL) { + data_blob_free(); + } return status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1444196 testprogs/blackbox: Improve the net ads dns register tests. from 2352e49 selftest: Add test for domain join + kerberos-only auth https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1444196521d705d86650fb5b508a0cedd0a5c830 Author: Richard Sharpe <rsha...@samba.org> Date: Thu Jun 30 21:07:19 2016 -0700 testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsha...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144 --- Summary of changes: testprogs/blackbox/test_net_ads_dns.sh | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/testprogs/blackbox/test_net_ads_dns.sh b/testprogs/blackbox/test_net_ads_dns.sh index 41bc63d..8f9a91b 100755 --- a/testprogs/blackbox/test_net_ads_dns.sh +++ b/testprogs/blackbox/test_net_ads_dns.sh @@ -44,7 +44,11 @@ export UID_WRAPPER_ROOT IPADDRESS=10.1.4.111 IPADDRMAC=10.1.4.124 +UNPRIVIP=10.1.4.130 NAME=testname +UNPRIVNAME=unprivname +UNPRIVUSER=unprivuser +UNPRIVPASS=UnPrivPass1 # These tests check that privileged users can add DNS names and that # unprivileged users cannot do so. @@ -63,7 +67,17 @@ testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGR testit "The name $NAME.$REALM should not be there any longer" test X"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr " " B | tr \! N`" != X"$IPADDRESS" || failed=`expr $failed + 1` # This should be an expect_failure test ... -# testit "unprivileged users should not be able to add a DNS entry" $VALGRIND $net_tool ads dns register funnyname2.$REALM 10.1.4.112 -U$USERNAME%$PASSWORD && failed=`expr $failed + 1` +testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` + +LDIF="dn: CN=$UNPRIVUSER,CN=users,DC=samba,DC=example,DC=com+changetype: modify+replace: userAccountControl+userAccountControl: 512" + +echo $LDIF | tr '+' '\n' | ./bin/ldbmodify -Uadministrator%locDCpass1 -H ldap://localdc.samba.example.com -i +STATUS=$? + +testit "We should have enabled the account" test $STATUS -eq 0 || failed=`expr $failed + 1` + +#Unprivileged users should be able to add new names +testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1` # This should work as well testit "machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM $IPADDRMAC -P || failed=`expr $failed + 1` @@ -72,6 +86,9 @@ testit "machine account should be able to add a DNS entry net ads dns register m # and spaces from the output. Thew will screw up the comparison syntax. testit "We should be able to see the new name membername.$REALM using -P" [ X"`$VALGRIND $net_tool ads dns gethostbyname $SERVER membername.$REALM -P | tr \! N | tr " " B`" = X"$IPADDRMAC" ] || failed=`expr $failed + 1` +#Unprivileged users should not be able to overwrite other's names +testit_expect_failure "Unprivileged users should not be able modify existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1` + testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=`expr $failed + 1` # The complicated pipeline is to ensure that we remove exclamation points -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a8c737f s3:utils/net: Add new option 'unregister' in 'net ads dns' command. from e0777da s4:dsdb/tests: add pwdLastSet tests https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a8c737fc93a8c4ccc5999cb52344945be750cef5 Author: Shyamsunder Rathi <shyam.ra...@nutanix.com> Date: Sun Jun 26 16:26:53 2016 -0700 s3:utils/net: Add new option 'unregister' in 'net ads dns' command. This new option allows DNS names to be unregistered and removes all IP entries for a given name in the specified AD server. Signed-off-by: Shyamsunder Rathi <shyam.ra...@nutanic.com> Reviewed-by: Richard SHarpe <rsha...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Mon Jun 27 20:43:26 CEST 2016 on sn-devel-144 --- Summary of changes: source3/utils/net_ads.c | 104 source3/utils/net_dns.c | 4 +- source3/utils/net_dns.h | 2 +- 3 files changed, 100 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5feecc9..e6b9fdc 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1142,7 +1142,7 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, TALLOC_CTX *ctx, ADS_STRUCT *ads, const char *machine_name, const struct sockaddr_storage *addrs, - int num_addrs) + int num_addrs, bool remove_host) { struct dns_rr_ns *nameservers = NULL; int ns_count = 0, i; @@ -1232,6 +1232,14 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, flags &= ~DNS_UPDATE_UNSIGNED_SUFFICIENT; } + /* +* Do not return after PROBE completion if this function +* is called for DNS removal. +*/ + if (remove_host) { + flags &= ~DNS_UPDATE_PROBE_SUFFICIENT; + } + status = NT_STATUS_UNSUCCESSFUL; /* Now perform the dns update - we'll try non-secure and if we fail, @@ -1239,7 +1247,13 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, fstrcpy( dns_server, nameservers[i].hostname ); - dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs, flags); + dns_err = DoDNSUpdate(dns_server, + dnsdomain, + machine_name, + addrs, + num_addrs, + flags, + remove_host); if (ERR_DNS_IS_OK(dns_err)) { status = NT_STATUS_OK; goto done; @@ -1270,7 +1284,7 @@ static NTSTATUS net_update_dns_ext(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname, struct sockaddr_storage *iplist, - int num_addrs) + int num_addrs, bool remove_host) { struct sockaddr_storage *iplist_alloc = NULL; fstring machine_name; @@ -1285,7 +1299,11 @@ static NTSTATUS net_update_dns_ext(struct net_context *c, return NT_STATUS_INVALID_PARAMETER; } - if (num_addrs == 0 || iplist == NULL) { + /* +* If remove_host is true, then remove all IP addresses associated with +* this hostname from the AD server. +*/ + if (!remove_host && (num_addrs == 0 || iplist == NULL)) { /* * Get our ip address * (not the 127.0.0.x address but a real ip address) @@ -1300,7 +1318,7 @@ static NTSTATUS net_update_dns_ext(struct net_context *c, } status = net_update_dns_internal(c, mem_ctx, ads, machine_name, -iplist, num_addrs); +iplist, num_addrs, remove_host); SAFE_FREE(iplist_alloc); return status; @@ -1310,7 +1328,7 @@ static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_S { NTSTATUS status; - status = net_update_dns_ext(c, mem_ctx, ads, hostname, NULL, 0); + status = net_update_dns_ext(c, mem_ctx, ads, hostname, NULL, 0, false);
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8813faf libutil: Support systemd 230 from becc43b krb5_wrap: Fix build error when not using heimdal. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8813faffe3ce4b598b626afea4bf90405c8129d8 Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 22 11:13:15 2016 +0200 libutil: Support systemd 230 systemd 230 version finally deprecated libsystemd-daemon/libsystemd-journal split and put everything in libsystemd library. Make sure HAVE_LIBSYSTEMD define is supported in the code (we already have it defined by the waf). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Richard Sharpe <rsha...@samba.org> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Mon Jun 27 00:01:55 CEST 2016 on sn-devel-144 --- Summary of changes: lib/util/debug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/debug.c b/lib/util/debug.c index 95b3d95..ed89944 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -102,7 +102,7 @@ static struct { .fd = 2 /* stderr by default */ }; -#if defined(WITH_SYSLOG) || defined(HAVE_LIBSYSTEMD_JOURNAL) +#if defined(WITH_SYSLOG) || defined(HAVE_LIBSYSTEMD_JOURNAL) || defined(HAVE_LIBSYSTEMD) static int debug_level_to_priority(int level) { /* @@ -183,7 +183,7 @@ static void debug_syslog_log(int msg_level, } #endif /* WITH_SYSLOG */ -#ifdef HAVE_LIBSYSTEMD_JOURNAL +#if defined(HAVE_LIBSYSTEMD_JOURNAL) || defined(HAVE_LIBSYSTEMD) #include static void debug_systemd_log(int msg_level, const char *msg, const char *msg_no_nl) @@ -255,7 +255,7 @@ static struct debug_backend { }, #endif -#ifdef HAVE_LIBSYSTEMD_JOURNAL +#if defined(HAVE_LIBSYSTEMD_JOURNAL) || defined(HAVE_LIBSYSTEMD) { .name = "systemd", .log = debug_systemd_log, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b95b2be A small improvement to the DEBUG message when pass-through authentication fails with ACCESS_DENIED. Increased it to log level 1 so it will print out and pointed to Restrict NTLM as the setting so people know what to look for. from 7b6d1a2 talloc: Test that talloc magic differs between processes. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b95b2be8451e7804704dc2046b6c3eb35f79220e Author: Richard Sharpe <rsha...@samba.org> Date: Sat Oct 10 17:58:59 2015 -0700 A small improvement to the DEBUG message when pass-through authentication fails with ACCESS_DENIED. Increased it to log level 1 so it will print out and pointed to Restrict NTLM as the setting so people know what to look for. Signed-off-by: Richard Sharpe <rsha...@samba.org> Reviewed-by: Uri Simchoni <u...@samba.org> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Sun Oct 11 06:28:05 CEST 2015 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_pam.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 329db62..0ea146b 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1428,8 +1428,9 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, rpc changetrustpw' */ if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) { - DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned " -"ACCESS_DENIED. Maybe the trust account " + DEBUG(1,("winbind_samlogon_retry_loop: sam_logon returned " +"ACCESS_DENIED. Maybe the DC has Restrict " +"NTLM set or the trust account " "password was changed and we didn't know it. " "Killing connections to domain %s\n", domainname)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f25a5c9 Fix a few small spelling mistakes in DEBUG messages to reduce confusion for those trying to debug stuff. from 5709dec vfs_commit: set the fd on open before calling SMB_VFS_FSTAT https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f25a5c9e84e802bc7005d6bd400cbf784fb30fdf Author: Richard Sharpe <rsha...@samba.org> Date: Wed Oct 7 17:19:38 2015 -0700 Fix a few small spelling mistakes in DEBUG messages to reduce confusion for those trying to debug stuff. Signed-off-by: Richard Sharpe <rsha...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Thu Oct 8 08:48:06 CEST 2015 on sn-devel-104 --- Summary of changes: source3/smbd/server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7b2b055..ca9fb9e 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -705,7 +705,7 @@ static bool smbd_open_one_socket(struct smbd_parent_context *parent, ifss, true); if (s->fd == -1) { - DEBUG(0,("smbd_open_once_socket: open_socket_in: " + DEBUG(0,("smbd_open_one_socket: open_socket_in: " "%s\n", strerror(errno))); TALLOC_FREE(s); /* @@ -723,7 +723,7 @@ static bool smbd_open_one_socket(struct smbd_parent_context *parent, set_blocking(s->fd, False); if (listen(s->fd, SMBD_LISTEN_BACKLOG) == -1) { - DEBUG(0,("open_sockets_smbd: listen: " + DEBUG(0,("smbd_open_one_socket: listen: " "%s\n", strerror(errno))); close(s->fd); TALLOC_FREE(s); @@ -736,7 +736,7 @@ static bool smbd_open_one_socket(struct smbd_parent_context *parent, smbd_accept_connection, s); if (!s->fde) { - DEBUG(0,("open_sockets_smbd: " + DEBUG(0,("smbd_open_one_socket: " "tevent_add_fd: %s\n", strerror(errno))); close(s->fd); -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 5f63bda Change the link to the VFS documentation and massage the text slightly. from 86cee6d Link to the results of the Samba survey. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 5f63bda8ebf6972f61de3072c57a93ce60bf1a33 Author: Richard Sharpe rsha...@samba.org Date: Fri May 22 19:17:29 2015 -0700 Change the link to the VFS documentation and massage the text slightly. Signed-off-by: Richard Sharpe rsha...@samba.org --- Summary of changes: devel/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/devel/index.html b/devel/index.html index e7ac1bf..25325ee 100755 --- a/devel/index.html +++ b/devel/index.html @@ -119,7 +119,7 @@ Channel logs are available a href=http://irclog.samba.org/;here/a./p Developer's Guide/a is available in a href=/samba/docs/Samba-Developers-Guide.pdfPDF/a or a href=/samba/docs/man/Samba-Developers-Guide/HTML/a format/li - liRichard Sharpe's a href=http://www.samba.org/~sharpe/The-Samba-VFS.pdf;Writing a Samba VFS/a/li + liRichard Sharpe's documentation on a href=https://wiki.samba.org/index.php/Developer_documentation#VFS;Writing a Samba VFS/a/li lia href=http://www.snia.org/tech_activities/CIFS/;SNIA CIFS Technical Reference/a/li lia href=http://www.cb1.com/~lkcl/ntdom/;http://www.cb1.com/~lkcl/ntdom//a/li lia href=/samba/ftp/specs/Archive of SMB/CIFS Protocol Drafts/a/li -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6a56bdf Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. from 3b2d8bd vfs_glusterfs: Add comments to the pipe(2) code. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6a56bdf9869162e57c816c067598552bd33c2910 Author: Richard Sharpe rsha...@samba.org Date: Fri Jan 23 21:56:19 2015 -0800 Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. Signed-off-by: Richard Sharpe rsha...@samba.org Reviewed-by: Ralph Boehme r...@sernet.de Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Sat Jan 24 09:33:03 CET 2015 on sn-devel-104 --- Summary of changes: lib/tevent/doc/tevent_data.dox | 30 +- 1 file changed, 17 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/doc/tevent_data.dox b/lib/tevent/doc/tevent_data.dox index 4ee4ac2..dbe7a04 100644 --- a/lib/tevent/doc/tevent_data.dox +++ b/lib/tevent/doc/tevent_data.dox @@ -46,18 +46,19 @@ struct testA { static void foo_done(struct tevent_req *req) { -// a-x contains 9 -struct foo_state *a = tevent_req_data(req, struct foo_state); +// a-x contains 10 since it came from foo_send +struct foo_state *a = tevent_req_data(req, struct foo_state); -// b-y contains 10 -struct testA *b = tevent_req_callback_data(req, struct testA); +// b-y contains 9 since it came from run +struct testA *b = tevent_req_callback_data(req, struct testA); -// c-y contains 10 -struct testA *c = (struct testA *)tevent_req_callback_data_void(req); +// c-y contains 9 since it came from run we just used a different way +// of getting it. +struct testA *c = (struct testA *)tevent_req_callback_data_void(req); -printf(a-x: %d\n, a-x); -printf(b-y: %d\n, b-y); -printf(c-y: %d\n, c-y); +printf(a-x: %d\n, a-x); +printf(b-y: %d\n, b-y); +printf(c-y: %d\n, c-y); } @@ -77,6 +78,9 @@ static void run(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct tevent_req *req; struct testA *tmp = talloc(ev, struct testA); + +// Note that we did not use the private data passed in + tmp-y = 9; req = foo_send(ev, ev); @@ -101,7 +105,7 @@ int main (int argc, char **argv) { return EXIT_FAILURE; data = talloc(mem_ctx, struct testA); -data-y = 10; +data-y = 11; time_event = tevent_add_timer(event_ctx, mem_ctx, @@ -125,9 +129,9 @@ int main (int argc, char **argv) { Output of this example is: @code -a-x: 9 -b-y: 10 -c-y: 10 +a-x: 10 +b-y: 9 +c-y: 9 @endcode */ -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated
On Wed, Feb 19, 2014 at 5:13 PM, Jeremy Allison j...@samba.org wrote: On Wed, Feb 19, 2014 at 08:20:04PM +0100, Andreas Schneider wrote: The branch, master has been updated Andreas and David, via b8844fc clitar.c: check all allocations return value I *HATE* *HATE* *HATE* the idiom used here. Calling smb_panic on an allocation fail in the new tar code is manifestly the *WRONG* thing to do. +/* helper macro to die in case of NULL pointer */ +#define PANIC_IF_NULL(x) \ +_panic_if_null(x, __FILE__ : STR2(__LINE__) ( #x ) == NULL\n) + +/* prototype to silent gcc warning */ +static inline void* _panic_if_null(void *p, const char *expr); +static inline void* _panic_if_null(void *p, const char *expr) +{ +if (!p) { +smb_panic(expr); +} +return p; +} + Then later.. +TALLOC_CTX *ctx = PANIC_IF_NULL(talloc_new(NULL)); and: +fname = PANIC_IF_NULL(talloc_asprintf(ctx, + %s%s, + client_get_cur_dir(), + buf)); if (!fname) { err = 1; goto out; The above even left the (correct) handling of the NULL return alone ! Remember on common setups this will call a panic action script which will leave the client hanging on a sleep 999 call and leave the caller with a hung command and no indication of what failed. Can you fix this please to do proper error checking of a NULL return and to bail out of the tar command with a correct error indication that the command failed ? This really needs fixing properly before this code can go anywhere near a production branch. Personally, I would like to lobby for an extra parameter to smb_panic, called dump_core or something. Here is a situation where we don't need to dump core: source3/smbd/server.c#6 (text) @@ -640,6 +640,18 @@ because too many files are open\n)); goto exit; } + + /* +* If we get NT_STATUS_OPEN_FAILED, there was a problem with +* re-initing the TDBs, so complain, but do not dump core +* as this can exacerbate the problems. +*/ + if (NT_STATUS_EQUAL(status, NT_STATUS_OPEN_FAILED)) { + DEBUG(0, (FATAL: child process cannot initialize + because one or more TDBs could not be reopened\n)); + goto exit; + } + if (lp_clustering() NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_ERROR)) { This happens after reinit_after_fork ... When it happens because tdb_reopen_all failed, we should probably not dump core, especially as that only exacerbates existing problems and the core file tells us absolutely nothing new (the error in tdb_reopen_all is long gone.) -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 852c9ac There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false. from 859182d dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 852c9ac34dbef66d0b2619554c611157c2fab771 Author: Richard Sharpe realrichardsha...@gmail.com Date: Mon Jul 22 16:04:43 2013 -0700 There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false. Even if the write to the socket/fd fails, we never return false and will keep reading stuff off of the input buffer until it is exhausted and then we will exit. Signed-off-by: Richard Sharpe rsha...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Sat Aug 3 17:41:22 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/process.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 5ef0fd3..3fbfc37 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -194,7 +194,7 @@ out: SMB_PERFCOUNT_END(pcd); smbd_unlock_socket(sconn); - return true; + return (ret 0); } /*** -- Samba Shared Repository
Re: [Samba] Samba 4 Slow Performance
On Sat, Jul 27, 2013 at 8:20 AM, Kinglok, Fong busywa...@gmail.com wrote: Dear all, After using samba 3 for two years, I have just spent totally one week finishing setting up a samba 4 file system in my working school. There are about 200 computers, 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory profile and one GPO policy (which is printer download trust) is effective for all users. Logon script is for mapping four shares and 10 printers from the file server. Also, I have setup two additional DCs (with AD replication and DHCP server) for two other subnets in the hope to speed up the logon process. Hmmm, some further info might be useful. Is the Samba server an AD DC or a simple member server? Do you know (perhaps from a capture) whether the excess logon time is mostly caused by the initial authentication or by trying to retrieve the GPO and/or roaming profiles? Do you know whether or not Kerberos is being used or if the client is falling back to NTLM? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 30a2243 build: Update md5.h detection in waf and autoconf to use sys/md5.h and -lmd via 27df444 Make sure that if an smbd is exiting because of an error we let the user know. from f80d56a s4-torture: No need to disable rpc.spoolss.win test when compiled with MIT kerberos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 30a224367595f9e2506e41053fc9c7cb96a90928 Author: Andrew Bartlett abart...@samba.org Date: Wed May 22 00:14:19 2013 +1000 build: Update md5.h detection in waf and autoconf to use sys/md5.h and -lmd This brings the two build systems in sync, without using md5.h (which is a problem name) Tested on FreeBSD Andrew Bartlett Reviewed-by: Richard Sharpe rsha...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Wed May 22 10:06:40 CEST 2013 on sn-devel-104 commit 27df444d0b92a8acb4d830b3b62f04835b57f0e8 Author: Richard Sharpe realrichardsha...@gmail.com Date: Sat May 11 09:47:23 2013 -0700 Make sure that if an smbd is exiting because of an error we let the user know. Signed-off-by: Richard Sharpe realrichardsha...@gmail.com --- Summary of changes: lib/crypto/md5.h | 16 +--- lib/crypto/wscript_build |4 lib/crypto/wscript_configure |8 ++-- source3/configure.in |4 ++-- source3/smbd/smb2_server.c |2 +- 5 files changed, 22 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/crypto/md5.h b/lib/crypto/md5.h index 388cdf8..edae27f 100644 --- a/lib/crypto/md5.h +++ b/lib/crypto/md5.h @@ -6,12 +6,16 @@ #define HEADER_MD5_H #endif -#ifdef HAVE_BSD_MD5_H -/* Try to avoid clashes with BSD MD5 implementation */ +#if defined(HAVE_BSD_MD5_H) +/* Try to avoid clashes with BSD MD5 implementation (on linux) */ #include bsd/md5.h -#else + +#elif defined(HAVE_SYS_MD5_H) +/* Try to avoid clashes with BSD MD5 implementation (on BSD) */ +#include sys/md5.h + /* Try to use CommonCrypto on Mac as otherwise we can get MD5Final twice */ -#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H +#elif defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H) #include CommonCrypto/CommonDigest.h #define MD5Init(c) CC_MD5_Init(c) @@ -32,8 +36,6 @@ void MD5Init(MD5_CTX *context); void MD5Update(MD5_CTX *context, const uint8_t *buf, size_t len); void MD5Final(uint8_t digest[MD5_DIGEST_LENGTH], MD5_CTX *context); -#endif /* HAVE_COMMONCRYPTO_COMMONDIGEST_H */ - -#endif /* HAVE_BSD_MD5_H */ +#endif /* HAVE_*MD5_H */ #endif /* !MD5_H */ diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build index cd7a466..e056f65 100644 --- a/lib/crypto/wscript_build +++ b/lib/crypto/wscript_build @@ -4,6 +4,10 @@ extra_source = '' extra_deps = '' if bld.CONFIG_SET('HAVE_BSD_MD5_H'): extra_deps += ' bsd' +elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD5'): + extra_deps += ' md5' +elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD'): + extra_deps += ' md' elif not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'): extra_source += ' md5.c' diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure index 5fc00fb..21ec566 100644 --- a/lib/crypto/wscript_configure +++ b/lib/crypto/wscript_configure @@ -1,4 +1,8 @@ -conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h', -checklibc=True) +if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h', +checklibc=True): +conf.CHECK_FUNCS_IN('MD5Init', 'md5', headers='sys/md5.h', +checklibc=True) +conf.CHECK_FUNCS_IN('MD5Init', 'md', headers='sys/md5.h', +checklibc=True) conf.CHECK_FUNCS_IN('CC_MD5_Init', '', headers='CommonCrypto/CommonDigest.h', checklibc=True) diff --git a/source3/configure.in b/source3/configure.in index 822c5f4..0e2f126 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -620,11 +620,11 @@ if test x$samba_cv_md5lib = xnone ; then fi if test x$samba_cv_md5lib != xnone ; then - AC_CHECK_HEADERS(md5.h) + AC_CHECK_HEADERS(sys/md5.h) fi CRYPTO_MD5_OBJ=../lib/crypto/md5.o -if test x$ac_cv_header_md5_h = xyes -a \ +if test x$ac_cv_header_sys_md5_h = xyes -a \ x$samba_cv_md5lib != xnone ; then if test x$samba_cv_md5lib != x ; then LIBS=${LIBS} -l${samba_cv_md5lib} diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index b031c6d..73df368 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -997,7 +997,7 @@ void smbd_server_connection_terminate_ex(struct smbd_server_connection *sconn, const char *reason
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bea2af9 Revert my accidental commit. from 9ddfd7d lib/replace: Set BROKEN_STRNLEN and BROKEN_STRNDUP on all AIX http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bea2af9369d596d513ae3909f9c6a1f356f7c827 Author: Richard Sharpe realrichardsha...@gmail.com Date: Wed May 22 20:05:17 2013 -0700 Revert my accidental commit. Signed-off-by: Richard Sharpe rsha...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Thu May 23 06:53:17 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/smb2_server.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 73df368..b031c6d 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -997,7 +997,7 @@ void smbd_server_connection_terminate_ex(struct smbd_server_connection *sconn, const char *reason, const char *location) { - DEBUG(0,(smbd_server_connection_terminate_ex: reason[%s] at %s\n, + DEBUG(10,(smbd_server_connection_terminate_ex: reason[%s] at %s\n, reason, location)); exit_server_cleanly(reason); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 76bffc2 Tests processing an oplock break within a compound SMB2 request. via cbff488 Remove the compound_related_in_progress state from the smb2 global state. via 10cbcfd The core of the fix to allow opens to go async inside a compound request. via 1102e73 Move a variable into the area of code where it's used. via a026fc6 Ensure we don't try and cancel anything that is in a compound-related request. via 4111fcf Only do the 1 second delay for sharing violations for SMB1, not SMB2. from 637887c Makefile: Fix bug 9868 - Don't know how to make LIBNDR_PREG_OBJ. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 76bffc27a3f9ad6ac6b8ff8e21f801012835b73d Author: Richard Sharpe realrichardsha...@gmail.com Date: Thu May 2 14:36:05 2013 -0700 Tests processing an oplock break within a compound SMB2 request. Signed-off-by: Richard Sharpe realrichardsha...@gmail.com Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Tue May 7 19:45:36 CEST 2013 on sn-devel-104 commit cbff4885508e050bcb91c0faccb26941de5c1e1d Author: Jeremy Allison j...@samba.org Date: Thu May 2 14:16:22 2013 -0700 Remove the compound_related_in_progress state from the smb2 global state. And also remove the restriction that we can't read a new request whilst we're in this state. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@samba.org commit 10cbcfd167a4d7b1a22f9b42b684a66e424cbede Author: Jeremy Allison j...@samba.org Date: Thu May 2 13:55:53 2013 -0700 The core of the fix to allow opens to go async inside a compound request. This is only allowed for opens that cause an oplock break, otherwise it is not allowed. See [MS-SMB2].pdf note 194 on Section 3.3.5.2.7. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com commit 1102e73832f78ca5decc928d6c3649d4fe68eab7 Author: Jeremy Allison j...@samba.org Date: Thu May 2 13:08:16 2013 -0700 Move a variable into the area of code where it's used. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com commit a026fc6b699719309a27d4646d06fe1a45b0d158 Author: Jeremy Allison j...@samba.org Date: Thu May 2 12:34:54 2013 -0700 Ensure we don't try and cancel anything that is in a compound-related request. Too hard to deal with splitting off the replies. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com commit 4111fcfd4f570d39d46a0d414546ca62c7b609be Author: Jeremy Allison j...@samba.org Date: Thu May 2 11:12:47 2013 -0700 Only do the 1 second delay for sharing violations for SMB1, not SMB2. Match Windows behavior. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com --- Summary of changes: selftest/knownfail |1 + source3/smbd/globals.h |1 - source3/smbd/open.c |3 +- source3/smbd/smb2_server.c | 115 +++- source4/torture/smb2/compound.c | 163 +++ 5 files changed, 227 insertions(+), 56 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 0c96eee..cb7630f 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -107,6 +107,7 @@ ^samba4.smb2.rename.no_share_delete_no_delete_access\(.*\)$ ^samba4.smb2.rename.msword ^samba4.smb2.compound.related3 +^samba4.smb2.compound.compound-break ^samba4.winbind.struct.*.show_sequence # Not yet working in winbind ^samba4.*base.delaywrite.*update of write time and SMBwrite truncate\(.*\)$ ^samba4.*base.delaywrite.*update of write time and SMBwrite truncate expand\(.*\)$ diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 46baeed..d618aea 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -794,7 +794,6 @@ struct smbd_server_connection { uint32_t max_trans; uint32_t max_read; uint32_t max_write; - bool compound_related_in_progress; } smb2; struct smbXsrv_connection *conn; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 7d02e52..53f8b8e 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2526,10 +2526,11 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, /* * If we're returning a share violation, ensure we -* cope with the braindead 1 second delay. +* cope
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fa5898b Remove a bunch of unused variable _relative_save_offset warnings. from 76bffc2 Tests processing an oplock break within a compound SMB2 request. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fa5898b6de797431d5ae9d2ce6dcddcb35a60b66 Author: Jeremy Allison j...@samba.org Date: Tue May 7 17:07:10 2013 -0700 Remove a bunch of unused variable _relative_save_offset warnings. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Wed May 8 07:47:45 CEST 2013 on sn-devel-104 --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 5ffb678..ed86571 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1157,8 +1157,10 @@ sub ParseElementPullLevel $self-indent; if ($l-{POINTER_TYPE} eq relative or $l-{POINTER_TYPE} eq relative_short) { - $self-pidl(uint32_t _relative_save_offset;); - $self-pidl(_relative_save_offset = $ndr-offset;); + if ($l-{POINTER_TYPE} eq relative) { + $self-pidl(uint32_t _relative_save_offset;); + $self-pidl(_relative_save_offset = $ndr-offset;); + } $self-pidl(NDR_CHECK(ndr_pull_relative_ptr2($ndr, $var_name));); } } -- Samba Shared Repository
Re: [Samba] determining Samba version
On Thu, Apr 4, 2013 at 10:33 AM, Chris Smith smb...@chrissmith.org wrote: Is there a way to determine (or at least get close) what version of Samba an embedded client may be running (or based on) via packet sniffing (tcpdump, wireshark)? If they have not changed the version string to obscure the version, then the following will work: cc1# smbclient //some-node/some-share -U[some-dom/]some-user%some-password Failed to load upcase.dat, will use lame ASCII-only case sensitivity rules Failed to load lowcase.dat, will use lame ASCII-only case sensitivity rules Domain=[some-dom] OS=[Unix] Server=[Samba 3.6.12] You can also look at the Session Setup X Responses for SMB1 only and will see something like: Samba 3.6.6 in something like the Native Lanmanager Version field. However, if the version of Samba supports SMB2, you will have to force the connection to SMB1. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] determining Samba version
On Thu, Apr 4, 2013 at 11:21 AM, Chris Smith smb...@chrissmith.org wrote: On Thu, Apr 4, 2013 at 2:00 PM, Richard Sharpe realrichardsha...@gmail.com wrote: If they have not changed the version string to obscure the version, then the following will work: cc1# smbclient //some-node/some-share -U[some-dom/]some-user%some-password Failed to load upcase.dat, will use lame ASCII-only case sensitivity rules Failed to load lowcase.dat, will use lame ASCII-only case sensitivity rules Domain=[some-dom] OS=[Unix] Server=[Samba 3.6.12] It's not a server, just a client, so I cannot connect to it as such. You can also look at the Session Setup X Responses for SMB1 only and will see something like: Samba 3.6.6 in something like the Native Lanmanager Version field. That gives something: == Native OS: Linux version 2.6.35 Native LAN Manager: CIFS VFS Client for Linux == Doesn't seem to be any detail about what CIFS version they're using. Check Linux 2.6.35. It will be the CIFS FS in that version, which I believe was SMB1 based. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b7765fe torture: Only test leases if supported via 27e9115 torture: Use ZERO_STRUCTPN instead of explicit deref from 5185460 Check for WRITE_ACCESS on the file before overriding an EACCESS. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b7765fe63fa04e09ac67285d0e17e37b06bcff8b Author: Volker Lendecke v...@samba.org Date: Wed Apr 17 13:41:54 2013 +0200 torture: Only test leases if supported Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Sat Apr 27 18:09:37 CEST 2013 on sn-devel-104 commit 27e9115eb01f02d5d07d2cf35887f99ff8d823b8 Author: Volker Lendecke v...@samba.org Date: Wed Apr 17 12:34:14 2013 +0200 torture: Use ZERO_STRUCTPN instead of explicit deref Signed-off-by: Volker Lendecke v...@samba.org --- Summary of changes: source4/torture/smb2/lease.c | 37 + source4/torture/smb2/util.c |2 +- 2 files changed, 38 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c index 21d4679..992c21b 100644 --- a/source4/torture/smb2/lease.c +++ b/source4/torture/smb2/lease.c @@ -25,6 +25,7 @@ #include libcli/smb2/smb2_calls.h #include torture/torture.h #include torture/smb2/proto.h +#include libcli/smb/smbXcli_base.h #define CHECK_VAL(v, correct) do { \ if ((v) != (correct)) { \ @@ -117,6 +118,12 @@ static bool test_lease_request(struct torture_context *tctx, const char *dname = lease.dir; bool ret = true; int i; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities(tree-session-transport-conn); + if (!(caps SMB2_CAP_LEASING)) { + torture_skip(tctx, leases are not supported); + } smb2_util_unlink(tree, fname); smb2_util_unlink(tree, fname2); @@ -193,6 +200,12 @@ static bool test_lease_upgrade(struct torture_context *tctx, NTSTATUS status; const char *fname = lease.dat; bool ret = true; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities(tree-session-transport-conn); + if (!(caps SMB2_CAP_LEASING)) { + torture_skip(tctx, leases are not supported); + } smb2_util_unlink(tree, fname); @@ -301,6 +314,12 @@ static bool test_lease_upgrade2(struct torture_context *tctx, const char *fname = lease.dat; bool ret = true; int i; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities(tree-session-transport-conn); + if (!(caps SMB2_CAP_LEASING)) { + torture_skip(tctx, leases are not supported); + } for (i = 0; i NUM_UPGRADE_TESTS; i++) { struct lease_upgrade2_test t = lease_upgrade2_tests[i]; @@ -515,6 +534,12 @@ static bool test_lease_break(struct torture_context *tctx, const char *fname = lease.dat; bool ret = true; int i; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities(tree-session-transport-conn); + if (!(caps SMB2_CAP_LEASING)) { + torture_skip(tctx, leases are not supported); + } tree-session-transport-lease.handler = torture_lease_handler; tree-session-transport-lease.private_data = tree; @@ -677,6 +702,12 @@ static bool test_lease_oplock(struct torture_context *tctx, const char *fname = lease.dat; bool ret = true; int i; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities(tree-session-transport-conn); + if (!(caps SMB2_CAP_LEASING)) { + torture_skip(tctx, leases are not supported); + } tree-session-transport-lease.handler = torture_lease_handler; tree-session-transport-lease.private_data = tree; @@ -796,6 +827,12 @@ static bool test_lease_multibreak(struct torture_context *tctx, NTSTATUS status; const char *fname = lease.dat; bool ret = true; + uint32_t caps; + + caps = smb2cli_conn_server_capabilities(tree-session-transport-conn); + if (!(caps SMB2_CAP_LEASING)) { + torture_skip(tctx, leases are not supported); + } tree-session-transport-lease.handler = torture_lease_handler; tree-session-transport-lease.private_data = tree; diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c index 59748b7..cb9a527 100644 --- a/source4/torture/smb2/util.c +++ b/source4/torture/smb2/util.c @@ -692,7 +692,7 @@ void smb2_generic_create_share(struct smb2_create *io, struct smb2_lease *ls, } if (ls) { - ZERO_STRUCT(*ls
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0f9eb25 smbd: Fix an error return in change_dir_owner_to_parent from f67ae78 samba-tool - MX records cannot be deleted (part2) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0f9eb25183e6ed5a2f4ec8e385bc5f985f2087e5 Author: Volker Lendecke v...@samba.org Date: Mon Apr 15 11:15:23 2013 +0200 smbd: Fix an error return in change_dir_owner_to_parent Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Mon Apr 15 18:05:06 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/open.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index be8d31b..1086e80 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -493,7 +493,7 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn, status = create_synthetic_smb_fname(ctx, ., NULL, NULL, smb_fname_cwd); if (!NT_STATUS_IS_OK(status)) { - return status; + goto chdir; } ret = SMB_VFS_STAT(conn, smb_fname_cwd); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f61ee72 pylibsmb: Avoid a segfault if no credentials are passed to libsmb.Conn() from 045c446 BUG 9766: Cache name_to_sid/sid_to_name correctly. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f61ee7238b8430572fb266521dad3ee000d1f252 Author: Volker Lendecke v...@samba.org Date: Tue Apr 9 14:29:11 2013 +0200 pylibsmb: Avoid a segfault if no credentials are passed to libsmb.Conn() Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Tue Apr 9 18:30:06 CEST 2013 on sn-devel-104 --- Summary of changes: source3/libsmb/pylibsmb.c | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c index 4fd5921..2b253f9 100644 --- a/source3/libsmb/pylibsmb.c +++ b/source3/libsmb/pylibsmb.c @@ -406,7 +406,7 @@ static int py_cli_state_init(struct py_cli_state *self, PyObject *args, { NTSTATUS status; char *host, *share; - PyObject *creds; + PyObject *creds = NULL; struct cli_credentials *cli_creds; bool ret; @@ -434,10 +434,10 @@ static int py_cli_state_init(struct py_cli_state *self, PyObject *args, return -1; } - cli_creds = cli_credentials_from_py_object(creds); - if (cli_creds == NULL) { - PyErr_SetString(PyExc_TypeError, Expected credentials); - return -1; + if (creds == NULL) { + cli_creds = cli_credentials_init_anon(NULL); + } else { + cli_creds = PyCredentials_AsCliCredentials(creds); } status = cli_full_connection( -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5530cc4 Fix bad SMB2 opcode reading in server. from 7fd926f Make sure that we only propogate the INHERITED flag when we are allowed to. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5530cc4816534d64d50403c266616633db8202cc Author: Jeremy Allison j...@samba.org Date: Mon Apr 1 20:11:26 2013 -0700 Fix bad SMB2 opcode reading in server. SMB2 opcodes are 16-bit values. We should *never* be reading them with IVAL(inhdr, SMB2_HDR_OPCODE), it should always be SVAL(inhdr, SMB2_HDR_OPCODE). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Tue Apr 2 07:28:48 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/smb2_server.c | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index f486236..eb7059e 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -632,7 +632,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn, const uint8_t *inhdr) { uint64_t message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); - uint16_t opcode = IVAL(inhdr, SMB2_HDR_OPCODE); + uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE); uint16_t credit_charge = 1; uint64_t i; @@ -1416,7 +1416,7 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev, DEBUG(10,(smbd_smb2_request_pending_queue: opcode[%s] mid %llu going async\n, - smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), + smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)), (unsigned long long)async_id )); /* @@ -1621,7 +1621,7 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req) inhdr = SMBD_SMB2_IN_HDR_PTR(cur); DEBUG(10,(smbd_smb2_request_process_cancel: attempting to cancel opcode[%s] mid %llu\n, - smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), + smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)), (unsigned long long)found_id )); tevent_req_cancel(cur-subreq); } @@ -1699,7 +1699,7 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) inhdr = SMBD_SMB2_IN_HDR_PTR(req); in_flags = IVAL(inhdr, SMB2_HDR_FLAGS); - in_opcode = IVAL(inhdr, SMB2_HDR_OPCODE); + in_opcode = SVAL(inhdr, SMB2_HDR_OPCODE); in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID); if (in_flags SMB2_HDR_FLAG_CHAINED) { @@ -1870,7 +1870,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) /* TODO: verify more things */ flags = IVAL(inhdr, SMB2_HDR_FLAGS); - opcode = IVAL(inhdr, SMB2_HDR_OPCODE); + opcode = SVAL(inhdr, SMB2_HDR_OPCODE); mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); DEBUG(10,(smbd_smb2_request_dispatch: opcode[%s] mid = %llu\n, smb2_opcode_name(opcode), -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 41edcf8 vfs_catia: testcase - add missing pieces via 3966473 vfs_catia: testcase - implement vfstest additions via e10c815 vfs_catia: write a testcase - add a translate command to vfstest via b40c4b0 vfstest: fix the -c multiple-command option from 389197e scripting: No longer install samba_upgradeprovision http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41edcf849a592d0d358621fdffbab82befa76e02 Author: Guenter Kukkukk ku...@samba.org Date: Tue Mar 12 01:44:59 2013 +0100 vfs_catia: testcase - add missing pieces Signed-off-by: Guenter Kukkukk ku...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Tue Mar 12 07:36:13 CET 2013 on sn-devel-104 commit 396647340f233e30277d6d6081465b7b6d855181 Author: Guenter Kukkukk ku...@samba.org Date: Mon Mar 11 05:34:27 2013 +0100 vfs_catia: testcase - implement vfstest additions Signed-off-by: Guenter Kukkukk ku...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com commit e10c81553b1691ae1b7c260719d724beed61bb48 Author: Guenter Kukkukk ku...@samba.org Date: Sun Mar 10 05:43:24 2013 +0100 vfs_catia: write a testcase - add a translate command to vfstest first approach Signed-off-by: Guenter Kukkukk ku...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com commit b40c4b069a600af86c1f20ee09cbf5052c1552bf Author: Guenter Kukkukk ku...@samba.org Date: Tue Mar 12 04:51:03 2013 +0100 vfstest: fix the -c multiple-command option Signed-off-by: Guenter Kukkukk ku...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com --- Summary of changes: source3/script/tests/vfstest-catia/run.sh | 102 +++ source3/script/tests/vfstest-catia/vfstest.cmd |2 + source3/script/tests/vfstest-catia/vfstest1.cmd |2 + source3/selftest/tests.py |1 + source3/torture/cmd_vfs.c | 75 + source3/torture/vfstest.c |7 ++- 6 files changed, 188 insertions(+), 1 deletions(-) create mode 100755 source3/script/tests/vfstest-catia/run.sh create mode 100644 source3/script/tests/vfstest-catia/vfstest.cmd create mode 100644 source3/script/tests/vfstest-catia/vfstest1.cmd Changeset truncated at 500 lines: diff --git a/source3/script/tests/vfstest-catia/run.sh b/source3/script/tests/vfstest-catia/run.sh new file mode 100755 index 000..c345f11 --- /dev/null +++ b/source3/script/tests/vfstest-catia/run.sh @@ -0,0 +1,102 @@ +#!/bin/sh +if [ $# -lt 2 ]; then +cat EOF +Usage: run.sh VFSTEST PREFIX +EOF +exit 1; +fi + +TESTBASE=`dirname $0` +VFSTEST=$1 +PREFIX=$2 +shift 2 +ADDARGS=$* + +VFSTEST_PREFIX=vfstest +VFSTEST_TMPDIR=$(mktemp -d ${PREFIX}/${VFSTEST_PREFIX}_XX) + +# We could pass in the --option=... via tests.py as ADDARGS +# Atm i've choosen to specify them here: + +MYARGS1=--option=vfsobjects=catia +MYARGS2=--option=catia:mappings=0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6,0x20:0xb1 + +# vars for the translation test: +# a) here for unix-to-windows test +UNIX_FILE=a\\a:a*a?aaa|a +# translated window file name +WIN_FILE=aÿa÷a¤a¿a«a»a¦a + +# b) here for windows-to-unix test +WIN_DIR=dir_aÿa÷a¤a¿a«a»a¦a +# translated unix directory name +UNIX_DIR=dir_a\a:a*a?aaa|a + +incdir=`dirname $0`/../../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 + +cd $VFSTEST_TMPDIR || exit 1 + +# create unix file in tmpdir +touch $UNIX_FILE || exit 1 + +# test translate unix-to-windows +test_vfstest() +{ +cmd='$VFSTEST -f $TESTBASE/vfstest.cmd $MYARGS1 $MYARGS2 $ADDARGS ' +out=`eval $cmd` +ret=$? + +if [ $ret != 0 ] ; then + echo $out + echo command failed + false + return +fi + +echo $out | grep $WIN_FILE /dev/null 21 + +if [ $? = 0 ] ; then + echo ALL IS WORKING + true +else + false +fi +} + +# test the mkdir call with special windows chars +# and then check the created unix directory name +test_vfstest_dir() +{ +cmd='$VFSTEST -f $TESTBASE/vfstest1.cmd $MYARGS1 $MYARGS2 $ADDARGS ' +out=`eval $cmd` +ret=$? + +if [ $ret != 0 ] ; then + echo $out + echo command failed + false + return +fi + +NUM=`find $UNIX_DIR | wc -l` +if [ $NUM -ne 1 ] ; then + echo Cannot find $UNIX_DIR + false +else + true +fi +} + +testit vfstest_catia test_vfstest || failed=`expr $failed + 1` + +if [ $failed = 0 ] ; then +testit vfstest1_catia test_vfstest_dir || failed=`expr $failed + 1` +fi + +# Cleanup: remove tempdir +rm -R
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 11d1286 Correct the name of the nss_winbind module for FreeBSD by creating a symlink from the FreeBSD required name to the built module. from 5372571 s3:idmap: fix a debug message and lower its level http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 11d128632357c9ae89d67aaf23c429fae83a1b29 Author: Richard Sharpe realrichardsha...@gmail.com Date: Thu Mar 7 17:36:37 2013 -0800 Correct the name of the nss_winbind module for FreeBSD by creating a symlink from the FreeBSD required name to the built module. Signed-off-by: Timur Bakeyev ti...@freebsd.org Reviewed-by: Andrew Bartlett abartl...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104 --- Summary of changes: nsswitch/wscript_build |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index 1efee55..a7d6489 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -42,7 +42,7 @@ elif (host_os.rfind('freebsd') -1): bld.SAMBA_LIBRARY('nss_winbind', source='winbind_nss_linux.c winbind_nss_freebsd.c', deps='winbind-client', - realname='libnss_winbind.so.1', + realname='nss_winbind.so.1', vnum='1') elif (host_os.rfind('netbsd') -1): -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a64a617 Add a herald with version string to smbtorture from fa3924f Fix bug 9519 - Samba returns unexpected error on SMB posix open. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a64a617e103983e2423cca2e8e09009d2e571b2b Author: Richard Sharpe realrichardsha...@gmail.com Date: Wed Feb 6 13:02:13 2013 -0800 Add a herald with version string to smbtorture Signed-off-by: Richard Sharpe realrichardsha...@gmail.com Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Wed Feb 13 08:03:21 CET 2013 on sn-devel-104 --- Summary of changes: source4/torture/smbtorture.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index 95f0719..1a1fa34 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -420,6 +420,8 @@ int main(int argc,char *argv[]) setlinebuf(stdout); + printf(smbtorture %s\n, samba_version_string()); + /* we are never interested in SIGPIPE */ BlockSignals(true, SIGPIPE); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dc929ca tevent: Fix a comment typo from 48d954b Fix the compound tests to correctly pass against Windows when run with --signing=required. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dc929ca57fb1b23d74d898cfb76737601656961f Author: Volker Lendecke v...@samba.org Date: Thu Jan 31 15:46:43 2013 +0100 tevent: Fix a comment typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Ira Cooper i...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Thu Jan 31 17:52:39 CET 2013 on sn-devel-104 --- Summary of changes: lib/tevent/tevent_poll.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/tevent_poll.c b/lib/tevent/tevent_poll.c index da8cc01..44e108f 100644 --- a/lib/tevent/tevent_poll.c +++ b/lib/tevent/tevent_poll.c @@ -56,7 +56,7 @@ struct poll_event_context { }; /* - create a select_event_context structure. + create a poll_event_context structure. */ static int poll_event_context_init(struct tevent_context *ev) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 48d954b Fix the compound tests to correctly pass against Windows when run with --signing=required. via 1624d83 Add new function smbXcli_session_copy(), to be used when creating compound SMB2 requests. from 7b0b1d6 smbd: Fix a typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 48d954b90e6aa14721d236180df959a038416672 Author: Jeremy Allison j...@samba.org Date: Mon Jan 28 16:52:11 2013 -0800 Fix the compound tests to correctly pass against Windows when run with --signing=required. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Thu Jan 31 03:53:55 CET 2013 on sn-devel-104 commit 1624d83fdeb675ee4032f5d3cabcf86d5b05a3cb Author: Jeremy Allison j...@samba.org Date: Mon Jan 28 16:51:25 2013 -0800 Add new function smbXcli_session_copy(), to be used when creating compound SMB2 requests. Copies the signing state needed to make client compound requests work on signed connections. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com --- Summary of changes: libcli/smb/smbXcli_base.c | 27 +++ libcli/smb/smbXcli_base.h |2 ++ source4/torture/smb2/compound.c | 12 ++-- 3 files changed, 35 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index c547515..421e884 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4482,6 +4482,33 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx, return session; } +struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx, + struct smbXcli_session *src) +{ + struct smbXcli_session *session; + + session = talloc_zero(mem_ctx, struct smbXcli_session); + if (session == NULL) { + return NULL; + } + session-smb2 = talloc_zero(session, struct smb2cli_session); + if (session-smb2 == NULL) { + talloc_free(session); + return NULL; + } + + session-conn = src-conn; + *session-smb2 = *src-smb2; + session-smb2_channel = src-smb2_channel; + session-disconnect_expired = src-disconnect_expired; + + DLIST_ADD_END(src-conn-sessions, session, struct smbXcli_session *); + talloc_set_destructor(session, smbXcli_session_destructor); + + return session; +} + + NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key) diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index b720bc6..f7b60d3 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -260,6 +260,8 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn, struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx, struct smbXcli_conn *conn); +struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx, + struct smbXcli_session *src); NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key); diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index e75f682..4a47e14 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -92,8 +92,8 @@ static bool test_compound_related1(struct torture_context *tctx, 0, /* capabilities */ 0 /* maximal_access */); - tree-session-smbXcli = smbXcli_session_create(tree-session, - tree-session-transport-conn); + tree-session-smbXcli = smbXcli_session_copy(tree-session, + tree-session-smbXcli); smb2cli_session_set_id_and_flags(tree-session-smbXcli, UINT64_MAX, 0); req[1] = smb2_close_send(tree, cl); @@ -171,8 +171,8 @@ static bool test_compound_related2(struct torture_context *tctx, 0, /* capabilities */ 0 /* maximal_access */); - tree-session-smbXcli = smbXcli_session_create(tree-session, - tree-session-transport-conn); + tree-session-smbXcli = smbXcli_session_copy(tree-session
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d4bce35 Add two flags to allow for handling of Extended Signatures (Session Key Protection) on a TCON_AND_X request and response. via 610ac2d Make it possible to build under Solaris make as well as FreeBSD and Linux. Also add comments on changes that might be needed from 23df816 VERSION: Move on to beta6! http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d4bce355ad1c0c2e9d61cfaa6f8ef3ffb8d391f0 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue Jul 31 19:36:18 2012 -0700 Add two flags to allow for handling of Extended Signatures (Session Key Protection) on a TCON_AND_X request and response. Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Wed Aug 1 06:36:37 CEST 2012 on sn-devel-104 commit 610ac2d350ee8a2d5e58d08f61ba1af03b3d762b Author: Richard Sharpe realrichardsha...@gmail.com Date: Sat Jun 2 22:27:22 2012 -0700 Make it possible to build under Solaris make as well as FreeBSD and Linux. Also add comments on changes that might be needed --- Summary of changes: examples/VFS/Makefile.in | 21 + source3/include/smb.h|2 ++ 2 files changed, 19 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index db787de..ba41923 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -27,6 +27,13 @@ libdir = @libdir@ VFS_LIBDIR = $(libdir)/vfs +# Note, if make fails, it might be because your version of make does not +# support what we need. Try installing GNU make and rerun make. +# +# Note also, that if your module requires more than one object file to be +# linked in you will have to modify Makefile.in to accommodate your needs and +# then rerun configure before you can build. + # Change these targets to the names of your modules if building out of tree MODULES= skel_opaque.@SHLIBEXT@ shadow_copy_test.@SHLIBEXT@ \ skel_transparent.@SHLIBEXT@ @@ -37,13 +44,19 @@ all: $(MODULES) .SUFFIXES: .@SHLIBEXT@ -.@OBJEXT@.@SHLIBEXT@: - @echo Linking $ - @$(CC) $(LDSHFLAGS) $(LDFLAGS) $*.@OBJEXT@ -o $*.@SHLIBEXT@ +# You might need to create an explicit rule for your shared object if your +# shared object is built from multiple .c files. -.c.@OBJEXT@: +.c.@SHLIBEXT@: @echo Compiling $ @$(CC) $(FLAGS) -c $ -D$*_init=samba_init_module + @echo Linking $@ + @$(CC) $(LDSHFLAGS) $(LDFLAGS) $*.@OBJEXT@ -o $*.@SHLIBEXT@ + +# You might need to uncomment this if you have other .c files to compile +#.c.@OBJEXT@: +# @echo Compiling $ +# @$(CC) $(FLAGS) -c $ -D$*_init=samba_init_module install: default $(INSTALLCMD) -d $(VFS_LIBDIR) diff --git a/source3/include/smb.h b/source3/include/smb.h index c396f0e..310cbbb 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -623,6 +623,8 @@ char *strdup(char *s); /* TCONX Flag (smb_vwv2). */ #define TCONX_FLAG_EXTENDED_RESPONSE 0x8 +#define TCONX_FLAG_EXTENDED_SIGNATURES 0x4 +#define SMB_EXTENDED_SIGNATURES0x20 /* File Status Flags. See: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 632af66 Check the return from create_acl_blob from 6bafb4a s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 632af6645376185500820a5be9dbf5c0c3d1e515 Author: Richard Sharpe realrichardsha...@gmail.com Date: Wed May 16 20:21:34 2012 -0700 Check the return from create_acl_blob Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Thu May 17 07:17:29 CEST 2012 on sn-devel-104 --- Summary of changes: source3/modules/vfs_acl_common.c | 10 ++ 1 files changed, 6 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 221b43f..c7bce57 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -592,10 +592,12 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, NDR_PRINT_DEBUG(security_descriptor, discard_const_p(struct security_descriptor, psd)); } - /* -* Perhaps create_acl_blob should have a status return as well -*/ - create_acl_blob(psd, blob, XATTR_SD_HASH_TYPE_SHA256, hash); + status = create_acl_blob(psd, blob, XATTR_SD_HASH_TYPE_SHA256, hash); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, (fset_nt_acl_xattr: create_acl_blob failed\n)); + return status; + } + status = store_acl_blob_fsp(handle, fsp, blob); return status; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bfe4a2b Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it. from b6e3608 build: Add explicit mention of --abi-check-disable to ABI checker http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bfe4a2baeec6bc4558a617ec67532ea11f865861 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue May 15 07:47:14 2012 -0700 Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Wed May 16 03:43:41 CEST 2012 on sn-devel-104 --- Summary of changes: source3/modules/vfs_acl_common.c |7 +-- source3/modules/vfs_acl_xattr.c |6 +++--- 2 files changed, 8 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 241bc8f..221b43f 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -592,10 +592,13 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, NDR_PRINT_DEBUG(security_descriptor, discard_const_p(struct security_descriptor, psd)); } + /* +* Perhaps create_acl_blob should have a status return as well +*/ create_acl_blob(psd, blob, XATTR_SD_HASH_TYPE_SHA256, hash); - store_acl_blob_fsp(handle, fsp, blob); + status = store_acl_blob_fsp(handle, fsp, blob); - return NT_STATUS_OK; + return status; } static int acl_common_remove_object(vfs_handle_struct *handle, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 5653657..c1b0a60 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -119,12 +119,12 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, } unbecome_root(); if (ret) { - errno = saved_errno; DEBUG(5, (store_acl_blob_fsp: setting attr failed for file %s with error %s\n, fsp_str_dbg(fsp), - strerror(errno) )); - return map_nt_error_from_unix(errno); + strerror(saved_errno) )); + errno = saved_errno; + return map_nt_error_from_unix(saved_errno); } return NT_STATUS_OK; } -- Samba Shared Repository
Re: [Samba] How to build Samba4 using static linked libraries
On Mon, 2012-05-07 at 12:21 -0400, peixing@emc.com wrote: Hi All: I am building the torture/smbtorture forsamba-4.0.0alpha17. After build, I am running the test in another environment. I not only need to copy the binary smbtorture, I also need to copy the shared libraries. This is HUGE inconvenient for us. Could somebody tell me how to build the binary using static linked libraries? Is there anything else you would like us to do for you? Come clean now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0dc3f42 Add an audit file VFS routine so we can handle auditing with SACLs. from 12ee793 s4:torture: add a check for talloc success in rpc.samba3.randomauth2 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267 Author: Richard Sharpe realrichardsha...@gmail.com Date: Fri Apr 27 21:31:34 2012 -0700 Add an audit file VFS routine so we can handle auditing with SACLs. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Sat Apr 28 08:05:00 CEST 2012 on sn-devel-104 --- Summary of changes: source3/include/vfs.h |6 ++ source3/include/vfs_macros.h |5 + source3/modules/vfs_default.c | 10 ++ source3/smbd/vfs.c| 14 ++ 4 files changed, 35 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/vfs.h b/source3/include/vfs.h index e858235..b5f234a 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -370,6 +370,12 @@ struct vfs_fn_pointers { uint32 security_info_sent, const struct security_descriptor *psd); + NTSTATUS (*audit_file_fn)(struct vfs_handle_struct *handle, + struct smb_filename *file, + struct security_acl *sacl, + uint32_t access_requested, + uint32_t access_denied); + /* POSIX ACL operations. */ int (*chmod_acl_fn)(struct vfs_handle_struct *handle, const char *name, mode_t mode); diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index c324439..3c2256b 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -389,6 +389,11 @@ #define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) \ smb_vfs_call_get_nt_acl((handle)-next, (name), (security_info), (ppdesc)) +#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \ + smb_vfs_call_audit_file((conn)-vfs_handles, (name), (sacl), (access_requested), (access_denied)) +#define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested, access_denied) \ + smb_vfs_call_audit_file((handle)-next, (name), (sacl), (access_requested), (access_denied)) + #define SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd) \ smb_vfs_call_fset_nt_acl((fsp)-conn-vfs_handles, (fsp), (security_info_sent), (psd)) #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index dd54417..887dbcb 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1872,6 +1872,15 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp return result; } +NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle, + struct smb_filename *file, + struct security_acl *sacl, + uint32_t access_requested, + uint32_t access_denied) +{ + return NT_STATUS_OK; /* Nothing to do here ... */ +} + static int vfswrap_chmod_acl(vfs_handle_struct *handle, const char *name, mode_t mode) { #ifdef HAVE_NO_ACL @@ -2249,6 +2258,7 @@ static struct vfs_fn_pointers vfs_default_fns = { .fget_nt_acl_fn = vfswrap_fget_nt_acl, .get_nt_acl_fn = vfswrap_get_nt_acl, .fset_nt_acl_fn = vfswrap_fset_nt_acl, + .audit_file_fn = vfswrap_audit_file, /* POSIX ACL operations. */ diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 6c9692a..2be6c54 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -1958,6 +1958,20 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle, psd); } +NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle, +struct smb_filename *file, +struct security_acl *sacl, +uint32_t access_requested, +uint32_t access_denied) +{ + VFS_FIND(audit_file); + return handle-fns-audit_file_fn(handle, + file, + sacl, + access_requested, + access_denied); +} + int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle, const char *name, mode_t mode) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2730eda Improve the VFS Makefile so that it is easier for use out of tree but still works with FreeBSD. from 1e949f3 provision: Simplify handling of default for --server-role. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2730eda640d77d22db08f090f1cd1a734645a496 Author: Richard Sharpe realrichardsha...@gmail.com Date: Mon Apr 16 05:00:08 2012 -0700 Improve the VFS Makefile so that it is easier for use out of tree but still works with FreeBSD. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Mon Apr 16 19:51:14 CEST 2012 on sn-devel-104 --- Summary of changes: examples/VFS/Makefile.in | 22 +- 1 files changed, 9 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index f9b81eb..fab5611 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -26,28 +26,24 @@ libdir = @libdir@ VFS_LIBDIR = $(libdir)/vfs -all: skel_opaque.@SHLIBEXT@ shadow_copy_test.@SHLIBEXT@ \ - skel_transparent.@SHLIBEXT@ +# Change these targets to the names of your modules if building out of tree +MODULES= skel_opaque.@SHLIBEXT@ shadow_copy_test.@SHLIBEXT@ \ + skel_transparent.@SHLIBEXT@ -skel_opaque.@SHLIBEXT@: skel_opaque.@OBJEXT@ - @echo Linking $@ - @$(CC) $(LDSHFLAGS) $(LDFLAGS) skel_opaque.@OBJEXT@ -o $@ +all: $(MODULES) -shadow_copy_test.@SHLIBEXT@: shadow_copy_test.@OBJEXT@ - @echo Linking $@ - @$(CC) $(LDSHFLAGS) $(LDFLAGS) shadow_copy_test.@OBJEXT@ -o $@ +# Pattern rules -skel_transparent.@SHLIBEXT@: skel_transparent.@OBJEXT@ - @echo Linking $@ - @$(CC) $(LDSHFLAGS) $(LDFLAGS) skel_transparent.@OBJEXT@ -o $@ +.SUFFIXES: .@SHLIBEXT@ -# Pattern rules +.@OBJEXT@.@SHLIBEXT@: + @echo Linking $ + @$(CC) $(LDSHFLAGS) $(LDFLAGS) $*.@OBJEXT@ -o $*.@SHLIBEXT@ .c.@OBJEXT@: @echo Compiling $ @$(CC) $(FLAGS) -c $ -D$*_init=samba_init_module - install: default $(INSTALLCMD) -d $(VFS_LIBDIR) $(INSTALLCMD) -m 755 *.$(SHLIBEXT) $(VFS_LIBDIR) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 36101d3 Add an open and close method to samba.smb.SMB so we can open and close files. Also, fix up some documentation. from 0aacdbf s3-aio-fork: Fix a segfault in vfs_aio_fork http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 36101d3fa45c0b583628862794054f60eb4e6ed3 Author: Richard Sharpe realrichardsha...@gmail.com Date: Fri Mar 30 22:04:28 2012 -0700 Add an open and close method to samba.smb.SMB so we can open and close files. Also, fix up some documentation. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Sun Apr 1 16:29:52 CEST 2012 on sn-devel-104 --- Summary of changes: source4/libcli/pysmb.c | 96 +++- 1 files changed, 86 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c index b4eba14..a0021b9 100644 --- a/source4/libcli/pysmb.c +++ b/source4/libcli/pysmb.c @@ -53,7 +53,6 @@ struct smb_private_data { struct smbcli_tree *tree; }; - static void dos_format(char *s) { string_replace(s, '/', '\\'); @@ -151,7 +150,6 @@ static PyObject * py_smb_savefile(pytalloc_Object *self, PyObject *args) Py_RETURN_NONE; } - /* * Callback function to accumulate directory contents in a python list */ @@ -183,7 +181,6 @@ static void py_smb_list_callback(struct clilist_file_info *f, const char *mask, } } - /* * List the directory contents for specified directory (Ignore '.' and '..' dirs) */ @@ -225,7 +222,6 @@ static PyObject *py_smb_list(pytalloc_Object *self, PyObject *args, PyObject *kw return py_dirlist; } - /* * Create a directory */ @@ -246,7 +242,6 @@ static PyObject *py_smb_mkdir(pytalloc_Object *self, PyObject *args) Py_RETURN_NONE; } - /* * Remove a directory */ @@ -267,7 +262,6 @@ static PyObject *py_smb_rmdir(pytalloc_Object *self, PyObject *args) Py_RETURN_NONE; } - /* * Check existence of a path */ @@ -291,7 +285,6 @@ static PyObject *py_smb_chkpath(pytalloc_Object *self, PyObject *args) Py_RETURN_FALSE; } - /* * Read ACL on a given file/directory as a security descriptor object */ @@ -357,7 +350,6 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObject *args, PyObject * self-talloc_ctx, fio.query_secdesc.out.sd); } - /* * Set ACL on file/directory using given security descriptor object */ @@ -436,6 +428,86 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObject *args, PyObject * Py_RETURN_NONE; } +/* + * Open the file with the parameters passed in and return an object if OK + */ +static PyObject *py_open_file(pytalloc_Object *self, PyObject *args, PyObject *kwargs) +{ + NTSTATUS status; + union smb_open io; + struct smb_private_data *spdata; + const char *filename; + uint32_t access_mask = 0; + uint32_t share_access = 0; +uint32_t open_disposition = 0; +uint32_t create_options = 0; + int fnum; + + if (!PyArg_ParseTuple(args, si|iii:open_file, + filename, + access_mask, + share_access, + open_disposition, + create_options)) { + return NULL; + } + + if (!access_mask) + access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + + if (!share_access) + share_access = NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE; + + if (!open_disposition) + open_disposition = NTCREATEX_DISP_OPEN; + + ZERO_STRUCT(io); + + spdata = self-ptr; + + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.root_fid.fnum = 0; + io.ntcreatex.in.flags = 0; + io.ntcreatex.in.access_mask = access_mask; + io.ntcreatex.in.create_options = create_options; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.share_access = share_access; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.open_disposition = open_disposition; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = filename; + + status = smb_raw_open(spdata-tree, self-talloc_ctx, io); + PyErr_NTSTATUS_IS_ERR_RAISE(status); + + fnum = io.ntcreatex.out.file.fnum; + + return Py_BuildValue(i, fnum); +} + +/* + * Close the file based on the fnum passed in + */ +static PyObject *py_close_file(pytalloc_Object *self, PyObject *args, PyObject *kwargs) +{ + struct smb_private_data
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2c322ca Fix some of the issues that Jelmer identified in my first patch. This might be changed again, especially when I figure out how to return the file as an object. from 36101d3 Add an open and close method to samba.smb.SMB so we can open and close files. Also, fix up some documentation. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2c322ca95a7dc4fb8396b475d115f31837316267 Author: Richard Sharpe realrichardsha...@gmail.com Date: Sun Apr 1 13:14:49 2012 -0700 Fix some of the issues that Jelmer identified in my first patch. This might be changed again, especially when I figure out how to return the file as an object. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Mon Apr 2 01:43:44 CEST 2012 on sn-devel-104 --- Summary of changes: source4/libcli/pysmb.c | 28 1 files changed, 12 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c index a0021b9..3f2efe9 100644 --- a/source4/libcli/pysmb.c +++ b/source4/libcli/pysmb.c @@ -437,13 +437,15 @@ static PyObject *py_open_file(pytalloc_Object *self, PyObject *args, PyObject *k union smb_open io; struct smb_private_data *spdata; const char *filename; - uint32_t access_mask = 0; - uint32_t share_access = 0; -uint32_t open_disposition = 0; + uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + uint32_t share_access = NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE; +uint32_t open_disposition = NTCREATEX_DISP_OPEN; uint32_t create_options = 0; + TALLOC_CTX *mem_ctx; int fnum; - if (!PyArg_ParseTuple(args, si|iii:open_file, + if (!PyArg_ParseTuple(args, s|:open_file, filename, access_mask, share_access, @@ -452,20 +454,12 @@ static PyObject *py_open_file(pytalloc_Object *self, PyObject *args, PyObject *k return NULL; } - if (!access_mask) - access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - - if (!share_access) - share_access = NTCREATEX_SHARE_ACCESS_READ | - NTCREATEX_SHARE_ACCESS_WRITE; - - if (!open_disposition) - open_disposition = NTCREATEX_DISP_OPEN; - ZERO_STRUCT(io); spdata = self-ptr; + mem_ctx = talloc_new(NULL); + io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid.fnum = 0; io.ntcreatex.in.flags = 0; @@ -479,7 +473,9 @@ static PyObject *py_open_file(pytalloc_Object *self, PyObject *args, PyObject *k io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = filename; - status = smb_raw_open(spdata-tree, self-talloc_ctx, io); + status = smb_raw_open(spdata-tree, mem_ctx, io); + talloc_free(mem_ctx); + PyErr_NTSTATUS_IS_ERR_RAISE(status); fnum = io.ntcreatex.out.file.fnum; @@ -541,7 +537,7 @@ static PyMethodDef py_smb_methods[] = { Set security descriptor for file. }, { open_file, (PyCFunction)py_open_file, METH_VARARGS, open_file(path, access_mask[, share_access[, open_disposition[, create_options]]] - fnum\n\n \ - Open a file. Throws exceptions on errors. }, + Open a file. Throws NTSTATUS exceptions on errors. }, { close_file, (PyCFunction)py_close_file, METH_VARARGS, close_file(fnum) - None\n\n \ Close the file based on fnum.}, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7d3c26e Make sure we claim that a DACL or SACL is present if the SD says so from 786cb13 Fix an IPv6 breakage I introduced by adding an strlcpy truncation check. Found by Matthieu Patou m...@samba.org. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d3c26e8cfcffb519990d5d2d70af3307e34c15f Author: Richard Sharpe realrichardsha...@gmail.com Date: Fri Mar 30 22:02:25 2012 -0700 Make sure we claim that a DACL or SACL is present if the SD says so Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Sat Mar 31 09:34:36 CEST 2012 on sn-devel-104 --- Summary of changes: source3/libsmb/clisecdesc.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index aef3432..04f661c 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -92,9 +92,9 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum, SIVAL(param, 0, fnum); - if (sd-dacl) + if (sd-dacl || (sd-type SEC_DESC_DACL_PRESENT)) sec_info |= SECINFO_DACL; - if (sd-sacl) + if (sd-sacl || (sd-type SEC_DESC_SACL_PRESENT)) sec_info |= SECINFO_SACL; if (sd-owner_sid) sec_info |= SECINFO_OWNER; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3be2af1 Add DEBUG statements to show when access has been denied and why. from 26f7a67 s4 dns: Only do recursive queries when allowed/desired http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3be2af1df94443a2dc21d4f5f58ce11b83e4306f Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue Mar 27 20:32:11 2012 -0700 Add DEBUG statements to show when access has been denied and why. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Wed Mar 28 07:07:26 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/nttrans.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index fc52ee5..20379ac 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1868,11 +1868,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, if ((security_info_wanted SECINFO_SACL) !(fsp-access_mask SEC_FLAG_SYSTEM_SECURITY)) { + DEBUG(10, (Access to SACL denied.\n)); return NT_STATUS_ACCESS_DENIED; } if ((security_info_wanted (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) !(fsp-access_mask SEC_STD_READ_CONTROL)) { + DEBUG(10, (Access to DACL, OWNER, or GROUP denied.\n)); return NT_STATUS_ACCESS_DENIED; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cb7220d Fix the PyDoc comments in samba.smb.SMB and add a security_info argument to both get_acl and set_acl to allow the caller to specify what info is wanted. Defaults to 0 which means all info. from d86e701 s4:ldap.py - re-introduce the (dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local) test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cb7220d72124b89f316c181c674982dbe5f6c372 Author: Richard Sharpe realrichardsha...@gmail.com Date: Sun Mar 25 17:27:11 2012 -0700 Fix the PyDoc comments in samba.smb.SMB and add a security_info argument to both get_acl and set_acl to allow the caller to specify what info is wanted. Defaults to 0 which means all info. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Mon Mar 26 04:05:25 CEST 2012 on sn-devel-104 --- Summary of changes: source4/libcli/pysmb.c | 31 +++ 1 files changed, 23 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c index 2f9a579..b4eba14 100644 --- a/source4/libcli/pysmb.c +++ b/source4/libcli/pysmb.c @@ -302,9 +302,10 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObject *args, PyObject * union smb_fileinfo fio; struct smb_private_data *spdata; const char *filename; + int sinfo = 0; int fnum; - if (!PyArg_ParseTuple(args, s:get_acl, filename)) { + if (!PyArg_ParseTuple(args, s|i:get_acl, filename, sinfo)) { return NULL; } @@ -335,7 +336,10 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObject *args, PyObject * fio.query_secdesc.level = RAW_FILEINFO_SEC_DESC; fio.query_secdesc.in.file.fnum = fnum; - fio.query_secdesc.in.secinfo_flags = SECINFO_OWNER | + if (sinfo) + fio.query_secdesc.in.secinfo_flags = sinfo; + else + fio.query_secdesc.in.secinfo_flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL | SECINFO_PROTECTED_DACL | @@ -344,7 +348,6 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObject *args, PyObject * SECINFO_PROTECTED_SACL | SECINFO_UNPROTECTED_SACL; - status = smb_raw_query_secdesc(spdata-tree, self-talloc_ctx, fio); smbcli_close(spdata-tree, fnum); @@ -367,9 +370,10 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObject *args, PyObject * const char *filename; PyObject *py_sd; struct security_descriptor *sd; + uint32_t sinfo = 0; int fnum; - if (!PyArg_ParseTuple(args, sO:set_acl, filename, py_sd)) { + if (!PyArg_ParseTuple(args, sO|i:get_acl, filename, py_sd, sinfo)) { return NULL; } @@ -410,7 +414,18 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObject *args, PyObject * fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC; fio.set_secdesc.in.file.fnum = fnum; - fio.set_secdesc.in.secinfo_flags = 0; + if (sinfo) + fio.set_secdesc.in.secinfo_flags = sinfo; + else + fio.set_secdesc.in.secinfo_flags = SECINFO_OWNER | + SECINFO_GROUP | + SECINFO_DACL | + SECINFO_PROTECTED_DACL | + SECINFO_UNPROTECTED_DACL | + SECINFO_SACL | + SECINFO_PROTECTED_SACL | + SECINFO_UNPROTECTED_SACL; + fio.set_secdesc.in.sd = sd; status = smb_raw_set_secdesc(spdata-tree, fio); @@ -447,10 +462,10 @@ static PyMethodDef py_smb_methods[] = { chkpath(path) - True or False\n\n \ Return true if path exists, false otherwise. }, { get_acl, (PyCFunction)py_smb_getacl, METH_VARARGS, - get_acl(path) - security_descriptor object\n\n \ + get_acl(path[, security_info=0]) - security_descriptor object\n\n \ Get security descriptor for file. }, { set_acl, (PyCFunction)py_smb_setacl, METH_VARARGS, - set_acl(path, security_descriptor) - None\n\n \ + set_acl(path, security_descriptor[, security_info=0]) - None\n\n \ Set security descriptor for file. }, { NULL }, }; @@ -522,7 +537,7 @@ static PyTypeObject PySMB = { .tp_new = py_smb_new
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1080483 Improve the Makefile. Use a standard make macro, not a shell command. from ae9b5ad selftest.py: Add cleanup_pid. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1080483319d4eb7a8cdee767fc41f7258e0e2537 Author: Richard Sharpe realrichardsha...@gmail.com Date: Fri Mar 23 21:27:41 2012 -0700 Improve the Makefile. Use a standard make macro, not a shell command. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Sat Mar 24 07:09:44 CET 2012 on sn-devel-104 --- Summary of changes: examples/VFS/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index 55e2c04..f9b81eb 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -45,7 +45,7 @@ skel_transparent.@SHLIBEXT@: skel_transparent.@OBJEXT@ .c.@OBJEXT@: @echo Compiling $ - @$(CC) $(FLAGS) -c $ -D$(basename $@)_init=samba_init_module + @$(CC) $(FLAGS) -c $ -D$*_init=samba_init_module install: default -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a15aefe Make it possible for developers of out-of-tree modules to use the same names as in-tree modules. from 9e17e7d lib/async_req: Retry read_packet with read(2) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a15aefea27fffcbf622f7032e5d50628189a49bd Author: Richard Sharpe realrichardsha...@gmail.com Date: Fri Mar 23 07:39:45 2012 -0700 Make it possible for developers of out-of-tree modules to use the same names as in-tree modules. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Sat Mar 24 03:18:38 CET 2012 on sn-devel-104 --- Summary of changes: examples/VFS/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/Makefile.in b/examples/VFS/Makefile.in index bbb66be..55e2c04 100644 --- a/examples/VFS/Makefile.in +++ b/examples/VFS/Makefile.in @@ -45,7 +45,7 @@ skel_transparent.@SHLIBEXT@: skel_transparent.@OBJEXT@ .c.@OBJEXT@: @echo Compiling $ - @$(CC) $(FLAGS) -c $ + @$(CC) $(FLAGS) -c $ -D$(basename $@)_init=samba_init_module install: default -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8b01b88 Trivial Comment fix: Supply a missing word in a comment from 8ea2b5d s3: Fix make bin/smbtorture4 in the autoconf build http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8b01b88fe85ef69a054456540ff3c92927bfc08a Author: Richard Sharpe realrichardsha...@gmail.com Date: Wed Feb 29 19:45:29 2012 -0800 Trivial Comment fix: Supply a missing word in a comment Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Thu Mar 1 06:55:44 CET 2012 on sn-devel-104 --- Summary of changes: source3/include/smb.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index a54d206..d93f30d 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -461,7 +461,7 @@ struct smb_request { /* * Async handling in the main smb processing loop is directed by * outbuf: reply_xxx routines indicate sync behaviour by putting their -* reply into outbuf. If they leave it as NULL, they take of it +* reply into outbuf. If they leave it as NULL, they take care of it * themselves, possibly later. * * If async handling is wanted, the reply_xxx routine must make sure -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1082532 Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege from ee2e3d5 s3-vfstest: Fake smb_requests http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 108253250048673493a636fd9fb2bf99b64ccf3c Author: Richard Sharpe realrichardsha...@gmail.com Date: Wed Feb 22 06:25:54 2012 -0800 Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104 --- Summary of changes: libcli/security/access_check.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 1b02a86..a9b618f 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -205,6 +205,11 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining = ~(SEC_RIGHTS_PRIV_BACKUP); } + if ((bits_remaining SEC_STD_WRITE_OWNER) +security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) { + bits_remaining = ~(SEC_STD_WRITE_OWNER); + } + /* a NULL dacl allows access */ if ((sd-type SEC_DESC_DACL_PRESENT) sd-dacl == NULL) { *access_granted = access_desired; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 422494a vfs: Make function pointer names consistent. They all end in _fn from f452add s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 422494a8e630e2ca89386344eaa5346388698a32 Author: Richard Sharpe realrichardsha...@gmail.com Date: Sat Dec 3 20:45:04 2011 -0800 vfs: Make function pointer names consistent. They all end in _fn Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Mon Dec 12 04:58:40 CET 2011 on sn-devel-104 --- Summary of changes: examples/VFS/shadow_copy_test.c|2 +- examples/VFS/skel_opaque.c | 228 examples/VFS/skel_transparent.c| 228 source3/include/vfs.h | 429 ++-- source3/include/vfs_macros.h | 20 +- source3/locking/brlock.c |9 +- source3/locking/posix.c|5 +- source3/modules/vfs_acl_tdb.c | 24 +- source3/modules/vfs_acl_xattr.c| 22 +- source3/modules/vfs_afsacl.c |6 +- source3/modules/vfs_aio_fork.c |8 +- source3/modules/vfs_aixacl.c | 10 +- source3/modules/vfs_aixacl2.c | 16 +- source3/modules/vfs_audit.c| 20 +- source3/modules/vfs_cacheprime.c |8 +- source3/modules/vfs_cap.c | 68 +++--- source3/modules/vfs_catia.c| 58 ++-- source3/modules/vfs_crossrename.c |2 +- source3/modules/vfs_default.c | 226 source3/modules/vfs_default_quota.c|4 +- source3/modules/vfs_dfs_samba4.c |4 +- source3/modules/vfs_dirsort.c | 12 +- source3/modules/vfs_expand_msdfs.c |2 +- source3/modules/vfs_extd_audit.c | 20 +- source3/modules/vfs_fake_perms.c |4 +- source3/modules/vfs_fileid.c |4 +- source3/modules/vfs_full_audit.c | 220 +++--- source3/modules/vfs_gpfs_hsm_notify.c |4 +- source3/modules/vfs_hpuxacl.c | 10 +- source3/modules/vfs_irixacl.c | 10 +- source3/modules/vfs_linux_xfs_sgid.c |4 +- source3/modules/vfs_netatalk.c | 16 +- source3/modules/vfs_notify_fam.c |2 +- source3/modules/vfs_onefs.c| 64 ++-- source3/modules/vfs_onefs_shadow_copy.c| 80 +++--- source3/modules/vfs_posixacl.c | 10 +- source3/modules/vfs_prealloc.c |2 +- source3/modules/vfs_readahead.c|4 +- source3/modules/vfs_recycle.c |2 +- source3/modules/vfs_scannedonly.c | 24 +- source3/modules/vfs_shadow_copy.c | 16 +- source3/modules/vfs_shadow_copy2.c | 60 ++-- source3/modules/vfs_smb_traffic_analyzer.c | 22 +- source3/modules/vfs_solarisacl.c | 10 +- source3/modules/vfs_streams_depot.c| 12 +- source3/modules/vfs_streams_xattr.c| 22 +- source3/modules/vfs_syncops.c | 16 +- source3/modules/vfs_time_audit.c | 216 +++--- source3/modules/vfs_tru64acl.c | 10 +- source3/modules/vfs_tsmsm.c| 14 +- source3/modules/vfs_xattr_tdb.c| 20 +- source3/modules/vfs_zfsacl.c | 16 +- source3/smbd/vfs.c | 277 +- 53 files changed, 1305 insertions(+), 1297 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/shadow_copy_test.c b/examples/VFS/shadow_copy_test.c index a47d2ee..0efceb4 100644 --- a/examples/VFS/shadow_copy_test.c +++ b/examples/VFS/shadow_copy_test.c @@ -81,7 +81,7 @@ static int test_get_shadow_copy_data(vfs_handle_struct *handle, /* VFS operations structure */ static struct vfs_fn_pointers vfs_test_shadow_copy_fns = { - .get_shadow_copy_data = test_get_shadow_copy_data + .get_shadow_copy_data_fn = test_get_shadow_copy_data }; NTSTATUS vfs_shadow_copy_test_init(void) diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index 7c63dd2..ae42d1c 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -799,142 +799,142 @@ struct vfs_fn_pointers skel_opaque_fns = { /* Disk operations */ .connect_fn = skel_connect, - .disconnect = skel_disconnect, - .disk_free = skel_disk_free, - .get_quota = skel_get_quota, - .set_quota = skel_set_quota, - .get_shadow_copy_data = skel_get_shadow_copy_data, - .statvfs = skel_statvfs, - .fs_capabilities = skel_fs_capabilities
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f50aa98 Improve configure.in so it can be used outside the Samba source tree. from 3a0f7b8 ldb: Add handy macros for reporting error inside ldb module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f50aa988c201c2fe78e467f1a419bedc741e1d31 Author: Richard Sharpe realrichardsha...@gmail.com Date: Mon Nov 14 07:47:38 2011 -0800 Improve configure.in so it can be used outside the Samba source tree. Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Thu Nov 17 07:00:38 CET 2011 on sn-devel-104 --- Summary of changes: examples/VFS/configure.in |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/configure.in b/examples/VFS/configure.in index 4e9d465..9e30197 100644 --- a/examples/VFS/configure.in +++ b/examples/VFS/configure.in @@ -337,11 +337,11 @@ AC_CACHE_CHECK([whether building shared libraries actually works], ac_cv_shlib_works=no # try building a trivial shared library if test $PICSUFFIX = po; then - $CC $CPPFLAGS $CFLAGS $PICFLAGS -c -o shlib.po ${srcdir-.}/../../tests/shlib.c + $CC $CPPFLAGS $CFLAGS $PICFLAGS -c -o shlib.po ${SAMBA_SOURCE}/../tests/shlib.c $CC $CPPFLAGS $CFLAGS `eval echo $LDSHFLAGS` -o shlib.$SHLIBEXT shlib.po ac_cv_shlib_works=yes else - $CC $CPPFLAGS $CFLAGS $PICFLAGS -c -o shlib.$PICSUFFIX ${srcdir-.}/../../tests/shlib.c + $CC $CPPFLAGS $CFLAGS $PICFLAGS -c -o shlib.$PICSUFFIX ${SAMBA_SOURCE}/../tests/shlib.c mv shlib.$PICSUFFIX shlib.po $CC $CPPFLAGS $CFLAGS `eval echo $LDSHFLAGS` -o shlib.$SHLIBEXT shlib.po ac_cv_shlib_works=yes @@ -350,6 +350,7 @@ AC_CACHE_CHECK([whether building shared libraries actually works], ]) if test $ac_cv_shlib_works = no; then BLDSHARED=false + AC_MSG_WARN([[Did you forget to specify --with-samba-source=/path/to/samba?]]) fi fi -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 595cc42 Add the new test_nttrans_fsctl.c to waf via c875ab8 Move FSCTL handling into the VFS. Initial code changes. Passes smbtorture NTTRANS-FSCTL. Test added to selftests. via e8f143a Add a torture test to test existing FSCTL responses from c704d92 Fix bug #8493 - DFS breaks zip file extracting unless follow symlinks = no set http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 595cc42a46f5dfbac5c17a403fb1f82769f26ff2 Author: Richard Sharpe realrichardsha...@gmail.com Date: Sat Oct 1 09:03:13 2011 -0700 Add the new test_nttrans_fsctl.c to waf Autobuild-User: Richard Sharpe sha...@samba.org Autobuild-Date: Sat Oct 1 19:36:53 CEST 2011 on sn-devel-104 commit c875ab8747d65cc6556228616f076b0928013c87 Author: Richard Sharpe realrichardsha...@gmail.com Date: Fri Sep 16 11:52:22 2011 -0700 Move FSCTL handling into the VFS. Initial code changes. Passes smbtorture NTTRANS-FSCTL. Test added to selftests. commit e8f143a45cceb8d2c01d45167a0c90d5c7f38289 Author: Richard Sharpe realrichardsha...@gmail.com Date: Thu Sep 15 16:13:54 2011 -0700 Add a torture test to test existing FSCTL responses --- Summary of changes: source3/Makefile.in |1 + source3/include/vfs.h| 22 ++ source3/include/vfs_macros.h |6 + source3/modules/vfs_default.c| 335 +++ source3/selftest/tests.py|2 +- source3/smbd/nttrans.c | 367 +++--- source3/smbd/vfs.c | 17 ++ source3/torture/proto.h |1 + source3/torture/test_nttrans_fsctl.c | 287 ++ source3/torture/torture.c|1 + source3/wscript_build|1 + 11 files changed, 704 insertions(+), 336 deletions(-) create mode 100644 source3/torture/test_nttrans_fsctl.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index bddde78..c736ae8 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1251,6 +1251,7 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta torture/test_async_echo.o \ torture/test_smbsock_any_connect.o \ torture/test_nttrans_create.o \ + torture/test_nttrans_fsctl.o \ torture/test_notify_online.o \ torture/test_addrchange.o \ torture/test_case_insensitive.o \ diff --git a/source3/include/vfs.h b/source3/include/vfs.h index b47e80f..3b5e0e7 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -136,6 +136,7 @@ /* Leave at 28 - not yet released. Rename open function to open_fn. - gd */ /* Leave at 28 - not yet released. Make getwd function always return malloced memory. JRA. */ /* Bump to version 29 - Samba 3.6.0 will ship with interface version 28. */ +/* Leave at 29 - not yet releases. Add fsctl. Richard Sharpe */ #define SMB_VFS_INTERFACE_VERSION 29 /* @@ -329,6 +330,17 @@ struct vfs_fn_pointers { TALLOC_CTX *mem_ctx, char **mapped_name); + NTSTATUS (*fsctl)(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *ctx, + uint32_t function, + uint16_t req_flags, + const uint8_t *_in_data, + uint32_t in_len, + uint8_t **_out_data, + uint32_t max_out_len, + uint32_t *out_len); + /* NT ACL operations. */ NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle, @@ -692,6 +704,16 @@ NTSTATUS smb_vfs_call_translate_name(struct vfs_handle_struct *handle, enum vfs_translate_direction direction, TALLOC_CTX *mem_ctx, char **mapped_name); +NTSTATUS smb_vfs_call_fsctl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *ctx, + uint32_t function, + uint16_t req_flags, + const uint8_t *_in_data, + uint32_t in_len, + uint8_t **_out_data, + uint32_t max_out_len, + uint32_t *out_len); NTSTATUS smb_vfs_call_fget_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, uint32 security_info, diff --git a/source3/include
Re: [Samba] Samba Cross-Compilation Problem
On Fri, Feb 18, 2011 at 8:44 AM, Hitesh Bajaj hitesh_baja...@yahoo.com wrote: Hi, I want to cross-compile samba for arm-linux. I have host machine: Red Had Enterprise Edition 5.0 and I am not able to cross compile it. I tried 3-4 Versions of samba but in vain. Can you guide me through compiling process.Which stable version of samba should i use?Step by step cross compilation process.OR If you have binaries or package for samba which i can directly use at my arm machine. Well, this worked for me with Samba 3.4.4 or thereabouts around March 2010 and later. You would be better off to tell us: 1. What tool chain you are using? 2. What version of Samba you are trying to cross compile? 3. What specific problem you are seeing? It really was a matter of simply making sure that the bin directory for the tool chain was in my path, running configure with the correct arg to select the tool chain and then running make. -- Regards, Richard Sharpe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: svn commit: samba r8856 - in branches/SOC/SAMBA_4_0/source/torture/rpc: .
On Sat, 30 Jul 2005 [EMAIL PROTECTED] wrote: Author: brad Date: 2005-07-30 01:20:33 + (Sat, 30 Jul 2005) New Revision: 8856 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=8856 Log: I think I have the ldb code down in test_CompleteJoin (not complete yet though) Modified: @@ -346,33 +342,23 @@ // userAccountControl: %u\n, // ctx-new_dc.dc_info2.computer_dn, Hmmm, I thought we preferred to avoid C++ style comments in our C code? Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: svn commit: samba r6426 - in branches/SAMBA_4_0/source/torture/libnet: .
On Fri, 22 Apr 2005 [EMAIL PROTECTED] wrote: Author: mimir Date: 2005-04-22 00:32:37 + (Fri, 22 Apr 2005) New Revision: 6426 [deletia] Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/userinfo.c === --- branches/SAMBA_4_0/source/torture/libnet/userinfo.c 2005-04-22 00:22:11 UTC (rev 6425) +++ branches/SAMBA_4_0/source/torture/libnet/userinfo.c 2005-04-22 00:32:37 UTC (rev 6426) @@ -225,17 +225,8 @@ DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION); - if (!NT_STATUS_IS_OK(status)) { - return False; - } + if (!NT_STATUS_IS_OK(status)) return False; I don't think this is a big item, but I actually prefer the first one above that was deleted, because it makes things much easier when you are inserting debugging statements and so forth, at the cost of a few more characters. Of course, I am not going to create a big fuss, though. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: svn commit: samba r6182 - in branches/SAMBA_4_0/source/librpc/ndr: .
On Mon, 4 Apr 2005, Stefan (metze) Metzmacher wrote: [EMAIL PROTECTED] schrieb: | Author: sharpe | Date: 2005-04-03 03:58:45 + (Sun, 03 Apr 2005) | New Revision: 6182 | | WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6182 | | Log: | | Jelmer, I think we need to initialize the switch_list, else we are | crash city. [Deletia ...] | ndr-depth = 1; | ndr-flags = 0; | + ndr-switch_list = talloc(ndr, struct ndr_token_list); | + if (!ndr-switch_list) | + goto fail; I can't see how this can fix the problem, when we initialize a pointer with another uninitialized struct... Sigh, yeah, I didn't look at what DLIST_ADD was doing ... Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: [Samba] Re: [proposal] Samba Software Foundation
On Wed, 15 Dec 2004, [ISO-8859-1] Gémes Géza wrote: Charles N Wyble írta: i like it. i like it a lot. sounds wonderful. lets get this going. the time is NOW to kill exchange. -charles http://www.thewybles.com/~charles www.oserproject.org Yes it realy sounds wonderful, and the basic idea probably is, but I dislike the reiteration of personal tastes, and dislikes. Imposing if xy would say something negative about me I'll take my ball with me and won't play again with you until you would force him to leave IMHO sounds too childish in an OSS software organizations ruleset :-( Not only that, it is not clear that we need a change in structure given that: 1. Things seem to be working pretty well the current way, in any case, and 2. We have technical agreement among the people who are actually working on the code. The direction that samba4 has taken promises to bring us a big improvement in the correctness and flexibility of the code. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: svn commit: samba r3872 - in trunk/source/passdb: .
On Fri, 19 Nov 2004 [EMAIL PROTECTED] wrote: Author: vlendec Date: 2004-11-19 12:00:23 + (Fri, 19 Nov 2004) New Revision: 3872 Log: Fix memleak Modified: trunk/source/passdb/pdb_ldap.c Changeset: Modified: trunk/source/passdb/pdb_ldap.c === --- trunk/source/passdb/pdb_ldap.c2004-11-19 11:59:56 UTC (rev 3871) +++ trunk/source/passdb/pdb_ldap.c2004-11-19 12:00:23 UTC (rev 3872) @@ -2263,7 +2263,7 @@ struct smbldap_state *conn = ldap_state-smbldap_state; pstring filter; char *attrs[] = { gidNumber, sambaSID, NULL }; - char *escape_name = escape_ldap_string_alloc(username); + char *escape_name; int rc; LDAPMessage *msg = NULL; LDAPMessage *entry; @@ -2279,6 +2279,8 @@ *sids = NULL; num_sids = 0; + escape_name = escape_ldap_string_alloc(username); + if (escape_name == NULL) return NT_STATUS_UNSUCCESSFUL; Hmmm, how does that fix a mem leak? You have just moved the code around a bit. Secondly, shouldn't that return status be NT_STATUS_NOMEM or whatever the Windows out of mem code is? Actually, NT_STATUS_NO_MEMORY? Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Samba improvements needed
On Thu, 23 Sep 2004, John E. Malmberg wrote: In article [EMAIL PROTECTED], BG - Ben Armstrong [EMAIL PROTECTED] writes: On Tue, 2004-09-21 at 08:32 -0500, John E. Malmberg wrote: And it is not preallocation that SAMBA is doing as noted below. Oh? It sure looked like it ... If you look at it from stepping through the file create sequence in the SMBD program it does. The client does tell the SAMBA server how big to make the file, but not when VMS can do it efficiently. First it has the server open the file for write access, and then it uses ftruncate() or other means to extend it. Most of these move the highwater mark of the file, unlike just allocating space. And that means that the now empty file must be totally written to disk. What's the distinction between this and preallocation? Is it that the client does the file extending writes in small increments, whereas preallocation would do it all at once? The issue is that the way that VMS is doing it now, is slightly more overhead than should be needed. First, the open/write creates an empty file. Second, the SAMBA requests that the empty file be extended to the size the client says the end file will have. This is done one of three ways, and I am not sure which method that SAMBA 2.2.8 is using. Method A, moves the high water mark and allocates the space. Method B, writes an empty file of that size. Method C ignores the request. Third, the data is written to the file. By delaying the open until there is actual data to write or the client has specified the resulting size, then Method A can be used. [Deleted all the rest of the context because I only wanted to reply to this point.] I do not think you can defer opening the file until there is data to write because of the race that implies. If the file did not exist when the NTCreateX was processed, that may seem fine, but if a subsequent NTCreateX comes in with a conflicting share mode, that one may succeed when it shouldn't, especially if it manages to write before you do. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Samba improvements needed
On Thu, 23 Sep 2004, John E. Malmberg wrote: Richard Sharpe wrote: On Thu, 23 Sep 2004, John E. Malmberg wrote: By delaying the open until there is actual data to write or the client has specified the resulting size, then Method A can be used. [Deleted all the rest of the context because I only wanted to reply to this point.] I do not think you can defer opening the file until there is data to write because of the race that implies. If the file did not exist when the NTCreateX was processed, that may seem fine, but if a subsequent NTCreateX comes in with a conflicting share mode, that one may succeed when it shouldn't, especially if it manages to write before you do. As I understand things now, the share mode conflicts are handled by a tdb, so there should not be a conflict. Yes, that is true ... However, at the time of the open request, the vfs module can take out a VMS lock on the filespec, and that will provide a cluster wide protection. ... as long as you only run Samba on one node in the cluster ... The VFS layer in SAMBA allows much improvement in the VMS port. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: WinXP - OpenVMS tests reproduced using C++ test program
On Wed, 22 Sep 2004, BG - Ben Armstrong wrote: I have reproduced the same test results as for the ruby test program, only this time using a C++ port of it. I saw the same samba protocol pattern of a 1024-byte write followed by one 1-byte write after the first 64K observed in the packet capture log, and similar performance numbers. Please ignore the earlier version I posted, as it was buggy, and use the one below instead. This should work on OpenVMS, Linux and Windows. This should settle the question over what's this ruby thing now. :) As before, I have a packet capture log if anyone wants to see it. These small writes might be because the MAX XMIT size is set very low ... Do you have the raw packet capture? That would be interesting to look at, but I would need to see it from the time the connection to the server was established. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
[Samba] Re: Request patch for samba 2.2.2
On Tue, 8 Jun 2004, Udomchai Srisuk (LAD:1Logic) wrote: I'm request patch for samba 2.2.2 on Sun Server (Solaris) There is no such patch. Since you ask for a patch, you most likely are happy to work with source. You should upgrade to 3.0.4, but if you must continue with the 2.2.x stream, then you should move to 2.2.9. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: svn commit: samba r428 - in branches/SAMBA_3_0/source: include lib smbd
On Fri, 30 Apr 2004, Stefan (metze) Metzmacher wrote: [EMAIL PROTECTED] schrieb: Author: herb Date: 2004-04-30 14:28:38 + (Fri, 30 Apr 2004) New Revision: 428 Modified: branches/SAMBA_3_0/source/include/debug.h branches/SAMBA_3_0/source/lib/debug.c branches/SAMBA_3_0/source/smbd/posix_acls.c Log: Hi Herb, please merge this to trunk also Are there simple steps we can take to merge things to the trunk, or do we have to apply the change to the trunk as well? Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
[Samba] Re: client connections to shares
On Tue, 24 Feb 2004, Ephi Dror wrote: Hi All, I am wondering: Is it possible for a windows client to use separate tcp/ip connection per share. Yes. This will happen if you use different NetBIOS names for the same server, or if you connect via the NetBIOS name first, and then use an IP address for the next use ... Meaning that if we have SAMBA server that shares let's say three shares, then each client that connect to those shares (tcon) will end up having three tcp/ip connections with the server and of course there will be three separate smbd to handle each share. Essentially configuring SMBA that each smbd only communicate with one client (as it does today) and only allow one share access. Can it be configured on the client side or the server side to allow this architecture (one smbd/tcp per client per share) It can't be configured to do that, you have to play games with the NetBIOS name as far as I know. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: CVS update: samba4/source/librpc/idl
On Wed, 19 Nov 2003, Simo Sorce wrote: To me the two syntaxes seem equivalent, where's the difference? /simo's mind obfuscated at the end of the day OK, as it turns out, both are wrong! NetShareEnum in MSDN shows something like: NET_API_STATUS NetShareEnum( LPWSTR serbername, DWORD level, LPBYTE *bufptr, /* The Info struct */ DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, LPDWORD resume_handle ); This means that level should be a top-level entity in the IDL, and it is not in either. I will correct that in both. However, in Ethereal, the SHARE_ENUM_STRUCT is shown as: /* * IDL typedef struct { * IDL long Level; * IDL SHARE_ENUM_UNION shares; * IDL } SHARE_ENUM_STRUCT; */ Which is still not correct, but more correct than what is in the current samba4 IDL: typedef struct { uint32 level; uint32 level2; [switch_is(level)] srvsvc_NetShareSubCtr subctr; } srvsvc_NetShareCtr; This is just ugly :-) Also, I think we should use the same names as MSDN wherever possible! On Wed, 2003-11-19 at 19:29, Richard Sharpe wrote: Hmmm, the IDL for NetrShareEnum seems wrong. For example, Ethereal, which dissects this correctly, and follows MSDN in its naming conventions, has it as: /* * IDL long NetrShareEnum( * IDL [in] [string] [unique] wchar_t *ServerName, * IDL [in] [out] [ref] SHARE_ENUM_STRUCT *share, * IDL [in] long MaxLen, * IDL [out] long Entries, * IDL [in] [out] [unique] long *ResumeHandle * IDL ); */ while the above change has it as: /**/ /* Function: 0x24 */ WERROR srvsvc_NetShareEnum( [in] unistr *server_unc, [in,out] srvsvc_NetShareCtr ctr, [in] uint32 preferred_len, [out] uint32 total, [in,out] uint32 *resume_handle ); Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: CVS update: samba/source/nsswitch
On Tue, 14 Oct 2003, Simo wrote: I did it on purpose I found the 2 offending DEBUG lines, and found also they were not compiling (may totally b e a problem of mine). As there aren't any other DEBUG lines in that file, I tought you committed that DEBUG statement by mistake. I should have asked, but it was late, sorry. Do it compile now? Actually, it was my problem :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: CVS update: samba/source/nsswitch
On Mon, 13 Oct 2003 [EMAIL PROTECTED] wrote: Modified Files: wb_common.c Log Message: Revisions: wb_common.c 1.26 = 1.27 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/wb_common.c.diff?r1=1.26r2=1.27 Hmmm, you might have needed a cvs update before that commit, since all you did was delete a two line addition of debugging info I added. I have since re-applied it and fixed a spelling mistake ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
[Samba] Re: What's happend when the UID/SID mapping changes for acomputer account ?
On Fri, 27 Jun 2003, Andrew Bartlett wrote: The 'net' command should allow you to suck in the SID from the NT PDC, if for some reason it has been lost. And it should also contain a command to allow you to display your current SID as well ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: removing -A
On Sun, 22 Jun 2003, Andrew Bartlett wrote: Hmmm, but do we really want to do that? I like having short forms like that, and surely we could test that information presented works before writing it to the secrets file? Short-forms of things are good, when you do something often - but this is a once-off command. Anyway, the information probably would work, so that test isn't that useful... I am sorry, that is just not true. What about the case where the admin gets the authentication information incorrect? We should be checking the info they provide to prevent the admin from having to hunt around for the reason for subsequent failure. Sorry, I wasn't clear - yes, we should test the info before we start it. Be warned that it's not quite as trivial as it should be (unless you want to turn wbinfo into something the size of 'net' just to do it). What I meant was that we can't just keep -A and -a on the basis that we we can tell if the user stuffed up - given that they both take the same input parameter format. But the point is that a test in the -A case that the details provided actually work cathes both problems: 1. The case where someone did wbinfo -A blah blah when they meant wbinfo -a, and 2. The case where someone did wbinfo -A blah blah and supplied the wrong blah blah. Of course, the test is going to have to ensure that the blah blah that was supplied allows winbindd to do what it needs to do. The only remaining case, it seems to me, that is not handled is where someone does wbinfo -A when they meant to do wbinfo -a and they also supply account details that are powerful enough to do what is needed but are not the ones they intended to supply. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: CVS update: samba/source/nsswitch
On Sun, 22 Jun 2003, Andrew Bartlett wrote: On Sat, 2003-06-21 at 09:57, Richard Sharpe wrote: On Thu, 19 Jun 2003, Tim Potter wrote: On Wed, Jun 18, 2003 at 02:20:23PM +, [EMAIL PROTECTED] wrote: Modified Files: Tag: SAMBA_3_0 wbinfo.c Log Message: Remove the -A option of wbinfo, leaving only the long version, --set-auth-user. There was enough confusion, as in bug #158, when a user accidentally typed -A instead of -a, and would get themselves stuck with a non-working winbind. Nice one. I've done this myself a couple of times. That should have been a hint. (-: Hmmm, but do we really want to do that? I like having short forms like that, and surely we could test that information presented works before writing it to the secrets file? Short-forms of things are good, when you do something often - but this is a once-off command. Anyway, the information probably would work, so that test isn't that useful... I am sorry, that is just not true. What about the case where the admin gets the authentication information incorrect? We should be checking the info they provide to prevent the admin from having to hunt around for the reason for subsequent failure. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: CVS update: samba/source/nsswitch
On Sat, 21 Jun 2003, Tim Potter wrote: On Fri, Jun 20, 2003 at 04:57:11PM -0700, Richard Sharpe wrote: Remove the -A option of wbinfo, leaving only the long version, --set-auth-user. There was enough confusion, as in bug #158, when a user accidentally typed -A instead of -a, and would get themselves stuck with a non-working winbind. Nice one. I've done this myself a couple of times. That should have been a hint. (-: Hmmm, but do we really want to do that? I like having short forms like that, and surely we could test that information presented works before writing it to the secrets file? I think we should stick with the new format. It's too easy to get it wrong and break your system badly just because you didn't press the shift key once. But what about those cases where the admin mis-spells the account or password? You would condemn them to a broken system? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: CVS update: samba/source/nsswitch
On Thu, 19 Jun 2003, Tim Potter wrote: On Wed, Jun 18, 2003 at 02:20:23PM +, [EMAIL PROTECTED] wrote: Modified Files: Tag: SAMBA_3_0 wbinfo.c Log Message: Remove the -A option of wbinfo, leaving only the long version, --set-auth-user. There was enough confusion, as in bug #158, when a user accidentally typed -A instead of -a, and would get themselves stuck with a non-working winbind. Nice one. I've done this myself a couple of times. That should have been a hint. (-: Hmmm, but do we really want to do that? I like having short forms like that, and surely we could test that information presented works before writing it to the secrets file? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Users able to execute windows .exe though execute bit not set
On Tue, 1 Apr 2003, Ronan Waide wrote: On April 1, [EMAIL PROTECTED] said: I'm looking for some assistance regarding file permissions and the inability to stop the execution of a file even though the execute permission has not been set. Execute bits are a Unix concept. Windows will execute any file it can read that it understands the extension of and has a handler for. Hmmm, I did some testing a week or so ago, and found that removing the execute permission from ACLs on the file (esp inherited ones) prevents Win2K from executing the file, although it does open the file for read first. Since we have just added proper eXecute permission support to our (almost) NT ACLs in the file system, let me check this today to see what the deal is. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Users able to execute windows .exe though execute bit not set
On Tue, 1 Apr 2003, Jim McDonough wrote: Hmmm, I did some testing a week or so ago, and found that removing the execute permission from ACLs on the file (esp inherited ones) prevents Win2K from executing the file, although it does open the file for read first. Doesn't happen for me. It lets me execute a file for which I only have read access... Right, but I was testing Win2K against NT. I know that we will fail this test, as discussed on IRC because the POSIX open call does not allow you to specify O_EXEC ... so I will need to do other checks here. However, since our NFS code needs to check for X access, I can probably piggy back on this with an IOCTL. UGLY. We should probably have a torture test for this. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: use sendfile problems with Windows 95
On Thu, 27 Mar 2003, Pierre Belanger wrote: Hi, I turned on use sendfile, not too long after (on the next logon) someone called me. His Windows 95 was having trouble opening files on the server. He can explore the shared volume but when trying to open a file, his computer hangs and needs to reboot. I've been using sendfile myself with Samba under Solaris 8 with NT 2000 XP since a long time with no trouble at all. I tested with another Windows 95 box -- same problem. Even after ~ 5 min. the box is still hanged. I'm wondering if Windows 98/ME are also affected by this? I don't have access to Windows ME boxes but I might find a Windows 98 box... I'll post when I am able to test. I generated a level 10 log file, it's 155KB (gzip -9). Someone wants to look at it? (I did not want to post this hughe file here). Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: generating core dumps in winbindd and smbd
On Fri, 28 Mar 2003, Tim Potter wrote: I was poking around in the segv signal handling code today as I'm in a situation where an actual core dump would be handy to have. The intent of the current code looks like core dumps are to be made in $LOGDIR/corefiles but the dump_core() function is never executed as the argument to fault_setup() is never used. Do we want to keep the existing behaviour or shall I fix it to do what was intended? I would say do what was intended. I often need core files :-( Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Error joining Samba domain with Windows 2000 Pro
On Wed, 26 Mar 2003, John Brown wrote: I am getting the following message when I try to add my Windows 2000 Pro SP3 machine to the Samba domain. The following error occurred validating the name x This condition may be caused by a DNS lookup problem... The specified domain either does not exist or could not be contacted. I can see and access the server from the workgroup. I have seen this when nmbd is not running. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Thu, 20 Mar 2003, Ken Cross wrote: Samba-folk: Samba apparently does not support Alternate Data Streams/Multiple Data Streams. ADS/MDS are the hidden files associated with the Summary tab on a 2K/XP/.Net version of Windows. A file on a SAMBA_3_0 server does not even display the Summary tab on the Properties page. Hmmm, are you sure of this? Alternate Data Streams are named $DATA attributes of a file in NTFS, and if I create one such thing via: echo Some Data somefile.txt:ADS That works and I can look at the data with type, but the Summary tab of the properties dialog box for the file does not show me that attribute? It should be noted that normal file data is associated with the unnamed $DATA attribute. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Thu, 20 Mar 2003, Ken Cross wrote: Samba-folk: Samba apparently does not support Alternate Data Streams/Multiple Data Streams. ADS/MDS are the hidden files associated with the Summary tab on a 2K/XP/.Net version of Windows. A file on a SAMBA_3_0 server does not even display the Summary tab on the Properties page. So, why are you seeing a need to support these? :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Thu, 20 Mar 2003, Christopher R. Hertel wrote: Ken, How would you store that information on a Unix filesystem? How do you prevent users or other services from messing things up? There are solutions, but it's a much bigger problem than it seems on the surface. There are some interesting issues here. Alternate Data Streams can be accessed via CIFS, but there is no special support built into the protocol. They are simply accessed syntactically. An ADS has a name like file-name:ADS-name, and NTFS maps that to the named $DATA attribute called ADS-name. Other implementations are free to do it any way they want. Since UNIX allows : in names, the files will appear with funny names, but searches will be screwed up. The bigger issue is how to back up the file and all its attributes, and as far as I can see, Windows NT4/5/... requires that you use BackupRead and BackupWrite where you can get access to all the attributes of a file as byte streams. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Some more info on permissions and opening files ...
Hi, I have done some further analysis of what permissions are needed to access files under Windows. Yesterday I was under the mistaken impression that to open a file for writing you need FILE_WRITE_DATA, FILE_WRITE_ATTRIBUTES, and FILE_WRITE_EA. However, this is only if you are using the POSIX open call. If you use the Win32 CreateFile and WriteFile calls, you can open a file for writing and write to it with just FILE_WRITE_DATA, even over CIFS. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Fri, 21 Mar 2003, Tim Potter wrote: On Thu, Mar 20, 2003 at 03:46:59PM -0500, Ken Cross wrote: Yes, to support it properly, the underlying filesystem should include all streams when you cp/mv/rm/... And a portable backup/restore could be interesting! However, I'm having trouble getting Samba to return goofy names like filename:ADS. It keeps mangling them (even with mangling disabled). What's wrong with extended attributes? They satisfy the portability requirements (modulo some autoconf stuff that is probably required to create a uniform system call interface) and are backed up and restored by dump. Right, XATTRs would be one way to do it on Linux. Of course, Samba needs some mods, and Tridge was looking at putting that into his NTVFS layer (where it belongs). Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: very interesting!
On Fri, 21 Mar 2003, Martin Pool wrote: I just noticed this in the libc manual. http://www.gnu.org/manual/glibc-2.2.5/html_node/Backtraces.html It could be pretty cool to have this built in to smb_panic(). But is it portable? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: libsmbclient again :|
On Fri, 21 Mar 2003, dzvine wrote: Hello samba-technical, i wrote a simple app using this lib and noticed huge memory leaks. My code is just simple sequence like: smbc_init() while() { smbc_opendir() ; smbc_getdents() ; smbc_closedir(); } but library leaks a lot of memory, i noticed the hugest leaks are because of ?? uninitialized ?? client/server connections? also 12-20 bytes leaks in pstrings ? after scanning a network of about 200 computers it eats up to 30-40MB of ram( depending on file/share amount) closedir should be freeing the resources, but looks like it is not. I can try to look at it over the weekend. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Wed, 19 Mar 2003, Nir Soffer wrote: I can't reproduce this at all on a recent (CVS) build of SAMBA_3_0. Can you give me more details on *exactly* how you reproduce it please ? What I did was simply do, on the unix side: mkdir b1996 cd b1996 touch nirtest123456 touch nirtest12345 and on the W2K side use a command line prompt, map the drive using net use, and try to rd /s b1996 OK, that explains the insistence on using short names. Did you use command or cmd? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Wed, 19 Mar 2003, Nir Soffer wrote: On Wed, 19 Mar 2003, Nir Soffer wrote: I can't reproduce this at all on a recent (CVS) build of SAMBA_3_0. Can you give me more details on *exactly* how you reproduce it please ? What I did was simply do, on the unix side: mkdir b1996 cd b1996 touch nirtest123456 touch nirtest12345 and on the W2K side use a command line prompt, map the drive using net use, and try to rd /s b1996 OK, that explains the insistence on using short names. Did you use command or cmd? I used cmd. I specified I was using the command line on the beginning, and that everything worked perfectly alright from the explorer and the GUIs. Right, but there is command and cmd, and cmd uses 8.3 names, and it looks like the good trace was taken with a client that only understands short names. I also thought that the rd /s in the subject was a big hint ;) Is it reproducable on your end too, or is something in my configuration screwy? I have not tried it yet, and I am predominantly using a 2.2.x base, but will try soonish ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Wed, 19 Mar 2003, Nir Soffer wrote: On Wed, 19 Mar 2003, Nir Soffer wrote: I can't reproduce this at all on a recent (CVS) build of SAMBA_3_0. Can you give me more details on *exactly* how you reproduce it please ? What I did was simply do, on the unix side: mkdir b1996 cd b1996 touch nirtest123456 touch nirtest12345 and on the W2K side use a command line prompt, map the drive using net use, and try to rd /s b1996 OK, that explains the insistence on using short names. Did you use command or cmd? Okay. I was being stupid. Very very stupid, and I apologize. Turns out mangled filenames was disabled. But is this the expected error when manged filenames are disabled? I would hope not. I think that if mangled file names are disabled, we should perhaps return nothing in the short name field in a FindFirst/FindNext ... However, I don't know what clients will do. I have been planning to try it, but have not had a chance. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: samba: group sid user sid
On Wed, 19 Mar 2003, David Gaston wrote: Mr. Sharpe, That's Richard to most folks ... Our university computer science department systems groups has recently used samba-3.0alpha22 to aid in merging our unix windows NT environments. Older accounts created before the merge grab the old sid when being logged into. We've downloaded your profiles program, and I had a question about it's usage. On the first page of http://www.richardsharpe.com/samba-stuff.html, you mention: You might be able to do the following to fix the SIDs: profiles -c S-1-5-21-x-y-z-oldrid -n S-1-5-21-a-b-c-newrid /path/to/profile You will have to do that twice, once for the owner SID and once for the group SID. Why is it necessary to change both of these? Because if you don't, the group SID on the entries in the profile will all have the wrong DOMAIN portion of their SID. However, this just might not be an issue. With a user having an owner SID of 1-5-32-544, the correct syntax to change this would be: profiles -c S-1-5-32-544-x-y-z-oldrid -n S-1-5-32-544-a-b-c-newrid \ /path/to/profile Hmmm, I am not familiar with that S-1-5-32-544. That seems like a well-known SID. Ahhh, I see, S-1-5-32 is for the Built-in domain, and 544 looks like the Domain Admins built-in group RID (0x220). So, in that case, you don't need to change that SID, I believe, and the syntax above is wrong, also. It would be: profiles -c S-1-5-32-544 -n S-1-5-21-x-y-z-somerid If you wanted to change the Domain Admins group to some specific person, but I don't think you really want to do that. If you list the ACLs on the entries in the profiles, you should seem more SIDs that the one above. You should see SIDs like S-1-5-21-x-y-z-RID, and those are the ones you want to change. To find the RID of an existing user, try wbinfo, as it has flags that allow you to translate a name into a SID. I guess I will have to update my page to help people further. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: What to do when Windows client asks you to set permissions thatyou can't?
On Wed, 19 Mar 2003, Christopher R. Hertel wrote: On Wed, Mar 19, 2003 at 01:59:52PM -0800, Richard Sharpe wrote: Hi, A question I have relating to ACLs is the following: What should you do (In Samba etc) if you get an ACE in an ACL where the ACE contains permission bits that you do not implement? You could: 1. Deny the request, leaving the user not knowing which bits were good and which not. 2. Ignore the bits you don't process, leaving the user in a state of confusion about which bits you support and which you don't. That is, leaving them not trusting the file system. Are there any other choices (assuming that implementing all the NT bits is out of the question). We have the same problem with DOS Attributes vs. Unix Attributes. They don't map very well. The best you can do is try to find a way to approximate (your best guess) of the user's intention. Right, which means that you have to document these things properly. Now, let's say that you do do some level of NT ACL, should you try to do all the permission bits. Here, you no longer have the excuse that the underlying ACLs are POSIX ACLs and that is the best you can do. Now, you implement lots more of the NT ACLs semantics, say ALLOW and DENY, along with a number of the bits (READ_DATA, WRITE_DATA, WRITE_OWNER, WRITE_ACL, APPEND_DATA), won't the user get even more confused, because you have given them something that is close to NT ACLs, but not quite? Of couse, the question is, is the distinction between WRITE_DATA, WRITE_ATTRIBUTES, and WRITE_EXTENDED_ATTRIBUTES useful? All my testing under Win2K seems to indicate that you need all three of them just to write to a file, at least in some circumstances. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
What permissions do you need to read a fike on Win2K?
Hi, After doing some testing of Win2K permission bits, I find that you need READ_DATA and READ_EXTENDED_ATTRIBUTES to be able to read a file under Win2K. Can anyone confirm that? Similarly, you need WRITE_DATA, WRITE_ATTRIBUTES and WRITE_EXTENDED_ATTRIBUTES to be able to write a file. Bizaro, unless you know that Windows implements file data as the unnamed $DATA attribute (except where you have created alternate data streams, in which case they are named). Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Mon, 17 Mar 2003, Nir Soffer wrote: Enjoy. OK, now that I have looked at both traces in more detail, here is what is happening: The bad trace, perhaps the one from UNIX, is returning exactly the same short name for each of those files, 0123456789AB. The client tries to use the short name, and the server obviouly gets confused. In the second case, the short names are all correct looking names, or the form 012345~1, 012345~2 etc. Have you modified Samba's name mangling code to do silly things? From a very very fast look, it looks like something with file mangling, but IANA Samba Expert. baddosdel.cap is against Samba-CVS (From yesterday) gooddosdel.cap is against my personal W2K workstation. -- Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org Father, why are all the children weeping? / They are merely crying son O, are they merely crying, father? / Yes, true weeping is yet to come -- Nick Cave and the Bad Seeds, The Weeping Song -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2003 9:23 AM To: Nir Soffer Cc: [EMAIL PROTECTED] Subject: RE: rd /s, can't find the file specified (internal reference b1996) On Sun, 16 Mar 2003, Nir Soffer wrote: Following up to myself, reproducing this is apparently even simpler than I thought - simply do a: touch nir test test and try to delete it from a DOS command line. It will fail. nirtest123456 fails as well, but nirtest12345 so it seems to filename size related. 13 characters won't work and 12 will. Perhaps it's because something is geared towards 8 characters, a dot, and 3 characters somewhere along the line? Needless to say, it works fine on w2k shares... Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com baddosdel.cap Description: baddosdel.cap gooddosdel.cap Description: gooddosdel.cap
Re: Showstopper! Samba 2.2.8 can't read TDB files from previousversions.
On Sun, 16 Mar 2003, Fredrik Ohrn wrote: To salvage the domain SID I copied smbpasswd.c from 2.2.8 into a 2.2.7a source tree and compiled it, then I could use the new -X and -W options to extract the SID from the old secrets.tdb and write it into a fresh TDB from 2.2.8. I am glad to be of help :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Question - Latest security alery of samba
On Sun, 16 Mar 2003, Nir Livni wrote: I've read the announcement carefully. The announcement does not point a specific threat in the samba code. It mentions that This version of Samba adds explicit overrun and overflow checks on fragment re-assembly of SMB/CIFS packets to ensure that only valid re-assembly is performed by smbd. It also mentions that samba is highly vulnerable to attacks from an external network, And that 1. host based protection 2. interface protection 3. Using a firewall 4. Using a IPC$ share deny May reduce vulnerability to such attacks. There is no access to my samba servers from the internet, but I would like to know more about this security issue - specially, which source codes are involved. (SMB client code is currently no issue for me) Any list of affected source files would be appreciated. How can we be sure that you are not a script-kiddie? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Sun, 16 Mar 2003, Nir Soffer wrote: Following up to myself, reproducing this is apparently even simpler than I thought - simply do a: touch nir test test and try to delete it from a DOS command line. It will fail. nirtest123456 fails as well, but nirtest12345 so it seems to filename size related. 13 characters won't work and 12 will. Perhaps it's because something is geared towards 8 characters, a dot, and 3 characters somewhere along the line? Needless to say, it works fine on w2k shares... Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: FW: encrypt passwords = no, security=user, samba 3.0a22
On Tue, 11 Mar 2003, Nir Soffer wrote: FWIW turning off unicode with unicode=no helps somewhat, and both ethereal and Samba parse the session request correctly: Hmmm, I fixed a problem in Ethereal around Unicode handling last week at Connectathon. I would be very interested in a trace that shows the problem. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Error messages generated by passdb/pdb_smbpasswd.c are (almost)useless
Hi, Someone asked me what some messages like getsmbfilepwent: malformed password entry (uid not number) meant when using the smbpasswd command. Not knowing, I went searching the source code to find: if (!isdigit(*p)) { DEBUG(0, (getsmbfilepwent: malformed password entry (uid not number)\n)); continue; This is very little help in pinpointing the problems, as it does not tell us what the routine was looking at that caused the problem. Perhaps including the string it was processing would have been more useful! Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
tcon torture test
Hi, Herb and I looked at the TCON torture test a bit today. In our testing we found that Windows NT4, Win2K and most Samba versions fail it, so we both wonder which server ever passed this test. We tested NT4 SP3 and NT4 SP6, as well as Win2K server and Win2K workstation. I have also tested NT4 SP1. To refresh your memory, the TCON tests connects to a share and opens a file. It then writes to the file, and then connects to the same share again, and writes to the file that was originally opened and expects the second write to fail. Herb found an interesting case, though. It seems that Pillar Data's CIFS implementation, which is based on Samba 2.2.x, passes this test. This is surprising, because it suggests that Pillar has changed their version to pass this test, when so few other servers pass the test. Does anyone know of any servers pass the test, and why it is there? It is interesting to note that it is in the torture code in Samba 2.2.x as well, so it might be left over from a very early version of NT4. I wonder if it was only Win9X where this test succeeds? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Restrict Anonymous
On Thu, 6 Mar 2003, Marc Kaplan wrote: Hello list, Has anybody coded some sort of workaround for joining domains with RestrictAnonymous set? The typical behavior I see is for NT4 domains we're able to look up sequence, but never enumerate users and groups. For ADS domains, it seems that even looking up sequence from the domain fails. Are you referring to domain joining or having winbindd function. If the latter, winbindd in head and Samba 3.0.0 allows you to specify a username and password that winbindd can use to perform functions that it used to be able to do. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Detecting Windows OS Version through Samba
On Wed, 5 Mar 2003, Agis Andreou wrote: Thanks, could you please mail it to me, their server http://www.apostols.org/projectz/queso/ seems to be down at the moment. Will it distinguish windows flavours? Hmmm, doesn't nmap do a better job? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
tcontest in Samba-head's torture code
Hi, Herb came across an oddity at Connectathon. He was running the head torture tests against a WinNT 4 sp3 box and a WinNT4 sp6 box. The tcontest fails against that platform. In looking at the code and a trace, it connects to a share, opens a file, and writes to that file. It then connects with a tconX to the same share and then writes to the already opened file, expecting the write to fail. However, it succeeds! Does anyone know what this test is supposed to be testing? The comments are very poor, but the intent seems clear. Just don't know why? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
smbtorture does not seem to want to fallback to *SMBSERVER
Hi, In running some tests at connectathon, I see two issues: 1. smbtorture does not fall back to using *SMBSERVER when setting up a NetBIOS session. I think this would be worth adding. 2. smbtorture does not allow you to specify the port to connect on. I have added code to support this. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
[Samba] Re: number of groups of NT account causes authenticationproblems
On Tue, 4 Mar 2003, Gopal Bhat wrote: Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). Thanks, Gopal I can't have a look until tomorrow, but I wonder, is it possible that Solaris 9 has a restriction that the user cannot be in more that 14 groups? I would think not, but will find it difficult to test tonight. Besides, I can probably only test on Solaris 8. If that is not the problem, then I would have to look at the code that does setgroups and test on our platform. Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Connecting to Win2K via port 445 and etc
Hi, based on a change that Jeremy made today relating to Win2K via 445, I wonder if the following code in cli_send_tconX (head) is perhaps still a bit wrong if (cli-port == 445) { slprintf(fullshare, sizeof(fullshare)-1, %s, share); } else { slprintf(fullshare, sizeof(fullshare)-1, %s\\%s, cli-desthost, share); } What this is doing is for port 139 consructing \\server\share, while for port 445, simply using the share name. All the code that calls cli_send_tconX should pass just the share name. There is also the additional issue that if the server was specified by a name other than its NetBIOS name, and we are talking to a Win9x system, it will want the actual NetBIOS name there perhaps. However, I wonder also if the code should do exactly the same for port 445 and 139? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: number of groups of NT account causes authentication problems
On Tue, 4 Mar 2003, Gopal Bhat wrote: Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). Thanks, Gopal I can't have a look until tomorrow, but I wonder, is it possible that Solaris 9 has a restriction that the user cannot be in more that 14 groups? I would think not, but will find it difficult to test tonight. Besides, I can probably only test on Solaris 8. If that is not the problem, then I would have to look at the code that does setgroups and test on our platform. Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: file descriptors consumed by printing
On Mon, 3 Mar 2003, Tim Potter wrote: On Sun, Mar 02, 2003 at 06:54:37AM -0800, Richard Sharpe wrote: On Sat, 1 Mar 2003, Vance Lankhaar wrote: What about adding a value to the printing param? - printing = disabled This seems like a good way to do it. Does anyone have any objections if I do so? Why do we need it? Just call lp_default_server_announce() and check if the SV_TYPE_PRINTQ_SERVER bit is set. If no print shares are exported then don't call nt_printing_backend_init(). That seems like a good idea. Seems like you printer-type guys know your way around that code :-) I don't think we need yet another parameter when the information is already available. I agree. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Samba-2.2.8pre2 compiler warnings
On Sun, 2 Mar 2003, Brian Poole wrote: Quoting Nicholas Brealey ([EMAIL PROTECTED]) from 1 March 2003: CLITAR == client/clitar.c, line 688: warning: argument #4 is incompatible with prototype: prototype: pointer to uint : include/proto.h, line 303 argument : pointer to ullong A 64 bit integer being used where a 32 bit integer is expected? smbtar make not work on bigendian machines? smbtar may not work for files over 2GB on little endian machines? Hmm.. I don't know what to say here. cli_getattrE does expect an int.. but if its being provided with the filesize an int isn't going to suffice.. Thanks for bringing this up again ... so much work to do ... smbtar still has at least two issues that could cause problems with large files to my knowledge. I'll repost the list to keep it alive and in developers' minds. This has been given to rsharpe herb previously. I wouldn't be terribly suprised if there are more large file problems hiding in the tar code as it doesn't seem like it gets much use and/or attention from the developers. 1) clitar.c::get_file() static int get_file(file_info2 finfo) { int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; .. rsize = finfo.size; /* This is how much to write */ rsize would overflow here. 2) clitar.c::get_longfilename() static char * get_longfilename(file_info2 finfo) int namesize = finfo.size + strlen(cur_dir) + 2; char *longname = malloc(namesize); This must not be frequently used code. This would [attempt] to malloc a 1GB chunk of memory (if that was the size of the current file.) This should be using strlen(finfo.name) or something. At least a couple debugs still bogus in clitar.c 2_2 code as well.. I believe one of these got fixed in HEAD but not 2_2. DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) I've attached a patch for the issues I know of (but not the cli_getattrE issue that you brought up.) I'm not really sure what to say about that. The patch is against the 2_2 tree but should mostly apply to HEAD as well. This patch was tested only for compilation and should be treated as such. -b Index: clitar.c === RCS file: /cvsroot/samba/source/client/clitar.c,v retrieving revision 1.74.4.10 diff -u -r1.74.4.10 clitar.c --- clitar.c 6 Jan 2003 19:53:11 - 1.74.4.10 +++ clitar.c 2 Mar 2003 23:41:47 - @@ -1000,9 +1000,10 @@ static int get_file(file_info2 finfo) { - int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; + int fnum = -1, pos = 0, dsize = 0, bpos = 0; + SMB_BIG_INT rsize = 0; - DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); + DEBUG(5, (get_file: file: %s, size %.0f\n, finfo.name, (double)finfo.size)); if (ensurepath(finfo.name) (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) { @@ -1093,7 +1094,7 @@ ntarf++; - DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); + DEBUG(0, (restore tar file %s of size %.0f bytes\n, finfo.name, (double)finfo.size)); return(True); } @@ -1123,18 +1124,17 @@ */ static char * get_longfilename(file_info2 finfo) { - int namesize = finfo.size + strlen(cur_dir) + 2; + int namesize = strlen(finfo.name) + strlen(cur_dir) + 2; char *longname = malloc(namesize); - int offset = 0, left = finfo.size; + SMB_BIG_INT offset = 0, left = finfo.size; BOOL first = True; DEBUG(5, (Restoring a long file name: %s\n, finfo.name)); - DEBUG(5, (Len = %d\n, (int)finfo.size)); + DEBUG(5, (Len = %.0f\n, (double)finfo.size)); if (longname == NULL) { - DEBUG(0, (could not allocate buffer of size %d for longname\n, - (int)(finfo.size + strlen(cur_dir) + 2))); + namesize)); return(NULL); } -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Samba-2.2.8pre2 compiler warnings
On Sun, 2 Mar 2003, Brian Poole wrote: Quoting Nicholas Brealey ([EMAIL PROTECTED]) from 1 March 2003: CLITAR == client/clitar.c, line 688: warning: argument #4 is incompatible with prototype: prototype: pointer to uint : include/proto.h, line 303 argument : pointer to ullong A 64 bit integer being used where a 32 bit integer is expected? smbtar make not work on bigendian machines? smbtar may not work for files over 2GB on little endian machines? Groan. I need to look at the CIFS def for the size of that field and how it is handled if large offsets are in use :-( Hmm.. I don't know what to say here. cli_getattrE does expect an int.. but if its being provided with the filesize an int isn't going to suffice.. smbtar still has at least two issues that could cause problems with large files to my knowledge. I'll repost the list to keep it alive and in developers' minds. This has been given to rsharpe herb previously. I wouldn't be terribly suprised if there are more large file problems hiding in the tar code as it doesn't seem like it gets much use and/or attention from the developers. 1) clitar.c::get_file() static int get_file(file_info2 finfo) { int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; .. rsize = finfo.size; /* This is how much to write */ rsize would overflow here. 2) clitar.c::get_longfilename() static char * get_longfilename(file_info2 finfo) int namesize = finfo.size + strlen(cur_dir) + 2; char *longname = malloc(namesize); This must not be frequently used code. This would [attempt] to malloc a 1GB chunk of memory (if that was the size of the current file.) This should be using strlen(finfo.name) or something. At least a couple debugs still bogus in clitar.c 2_2 code as well.. I believe one of these got fixed in HEAD but not 2_2. DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) I've attached a patch for the issues I know of (but not the cli_getattrE issue that you brought up.) I'm not really sure what to say about that. The patch is against the 2_2 tree but should mostly apply to HEAD as well. This patch was tested only for compilation and should be treated as such. -b Index: clitar.c === RCS file: /cvsroot/samba/source/client/clitar.c,v retrieving revision 1.74.4.10 diff -u -r1.74.4.10 clitar.c --- clitar.c 6 Jan 2003 19:53:11 - 1.74.4.10 +++ clitar.c 2 Mar 2003 23:41:47 - @@ -1000,9 +1000,10 @@ static int get_file(file_info2 finfo) { - int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; + int fnum = -1, pos = 0, dsize = 0, bpos = 0; + SMB_BIG_INT rsize = 0; Got that one ... - DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); + DEBUG(5, (get_file: file: %s, size %.0f\n, finfo.name, (double)finfo.size)); Hmmm, this should be llu if sizeof(off_t) is 8, and lu if sizeof(off_t) is 4, but maybe casting to a float is OK. if (ensurepath(finfo.name) (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) { @@ -1093,7 +1094,7 @@ ntarf++; - DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); + DEBUG(0, (restore tar file %s of size %.0f bytes\n, finfo.name, (double)finfo.size)); return(True); } @@ -1123,18 +1124,17 @@ */ static char * get_longfilename(file_info2 finfo) { - int namesize = finfo.size + strlen(cur_dir) + 2; + int namesize = strlen(finfo.name) + strlen(cur_dir) + 2; char *longname = malloc(namesize); - int offset = 0, left = finfo.size; + SMB_BIG_INT offset = 0, left = finfo.size; BOOL first = True; DEBUG(5, (Restoring a long file name: %s\n, finfo.name)); - DEBUG(5, (Len = %d\n, (int)finfo.size)); + DEBUG(5, (Len = %.0f\n, (double)finfo.size)); if (longname == NULL) { - DEBUG(0, (could not allocate buffer of size %d for longname\n, - (int)(finfo.size + strlen(cur_dir) + 2))); + namesize)); return(NULL); } OK, I got all those, thanks ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: file descriptors consumed by printing
On Mon, 3 Mar 2003, Tim Potter wrote: On Sun, Mar 02, 2003 at 06:54:37AM -0800, Richard Sharpe wrote: On Sat, 1 Mar 2003, Vance Lankhaar wrote: What about adding a value to the printing param? - printing = disabled This seems like a good way to do it. Does anyone have any objections if I do so? Why do we need it? Just call lp_default_server_announce() and check if the SV_TYPE_PRINTQ_SERVER bit is set. If no print shares are exported then don't call nt_printing_backend_init(). Hmmm, Samba 2.2.x sets SV_TYPE_PRINTQ_SERVER unconditionaly. I don't think we need yet another parameter when the information is already available. Tim. -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com