Re: [Samba] How do I mount a share on my Debian server ?
This line is getting me forward: smbclient -U my-username -W WORKGROUP -L 10.23.150.100 Enter my-username's password: Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Sharename Type Comment - --- print$ Disk Printer Drivers C$ Disk Default share ... a-lot-of-shares ... F$ Disk Default share ADMIN$ Disk Remote Admin ... a-lot-of-printers ... session request to 10.23.150.100 failed (Called name not present) session request to 10 failed (Called name not present) Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Tanks for a lot of use full hints so fare. I'm new to samba, so I am now sure what to use as search terms. But the answers here has helped me much. Now I have to mount the share permanent on my server. And here I need some help and hints... Regards Gungne On Wed, Feb 17, 2010 at 4:02 PM, Helmut Hullen hul...@t-online.de wrote: Hallo, Gungne, Du meintest am 17.02.10: I just want to access the shares on the windows server. My server (where I want to mount shares) My gateway (FW) 10.23.152.1 10.23.1.2 10.23.150.100 (win2003 with shares) What tells smbclient -N -L 10.23.150.100 myserver:~# smbclient -N -L 10.23.150.100 Anonymous login successful Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Sharename Type Comment - --- cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine 10.23.150.100. Error was NT_STATUS_ACCE SS_DENIED Error returning browse list: NT_STATUS_ACCESS_DENIED That's not good. But I don't know how to repair this behaviour. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I mount a share on my Debian server ?
2010/2/19 Gungne Gungneson gung...@gmail.com: This line is getting me forward: smbclient -U my-username -W WORKGROUP -L 10.23.150.100 Enter my-username's password: Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Sharename Type Comment - --- print$ Disk Printer Drivers C$ Disk Default share ... a-lot-of-shares ... F$ Disk Default share ADMIN$ Disk Remote Admin ... a-lot-of-printers ... session request to 10.23.150.100 failed (Called name not present) session request to 10 failed (Called name not present) Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Tanks for a lot of use full hints so fare. I'm new to samba, so I am now sure what to use as search terms. But the answers here has helped me much. Now I have to mount the share permanent on my server. And here I need some help and hints... Like this in /etc/fstab //ip.or.hostname/WORK /mnt/work cifs noperm,uid=eero,rw,user=eero,iocharset=utf8,credentials=/home/eero/credentials 0 0 crendentials file contains line password=user-password -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.4.5 won't compile (Slackware)
Hallo, I try to compile samba 3.4.5 in my slackware installation (slackware- current). Kernel compiling and compiling other packets works as desired. I use the samba.SlackBuild script from slackware.org (changing the version number of samba only). ftp://ftp5.gwdg.de/pub/linux/slackware/slackware_source/n/samba/samba.SlackBuild Compiling 3.4.5 shows Start -- samba-3.4.5/ samba-3.4.5/README samba-3.4.5/lib/ samba-3.4.5/lib/replace/ samba-3.4.5/lib/replace/autogen.sh Compiling registry/reg_eventlog.c Compiling registry/reg_perfcount.c Compiling registry/reg_util_legacy.c Compiling lib/popt_common.c Generating smbd/build_options.c Building include/build_env.h Compiling smbd/build_options.c Compiling smbd/server.c Linking bin/smbd lib/gencache.o: In function `gencache_iterate_fn': gencache.c:(.text+0xb1): undefined reference to `ap_fnmatch' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 -- End - Where is the problem? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] using winbind causes high load on the pdc
Hi people: I have a winbind 3.2.5 running on a box to authenticate users in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have aprox 500 users and when they all use the squid my winbind generates a lot of traffic to my pdc box causing high load on the smb process that talks to the winbind... killing the performance of the squid. Is there anyway to reduce this traffic? Why everytime a user navigates the winbind revalidates the credentials? Cache for username/passwords? TTL? something? Can I avoid the rpc traffic to the PDC and setup the winbind to talk to the pdc via ldap? This is my winbind smb.conf: [global] workgroup = DOMAIN netbios name = PROXY wins support = No wins server = 10.1.0.44 password server = * dns proxy = No log file = /var/log/samba/log.%m max log size = 1000 syslog only = No syslog = 0 security = domain domain master = No encrypt passwords = Yes passdb backend = tdbsam printing = none load printers = No restrict anonymous = 1 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind separator = \\ winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 900 winbind offline logon = Yes Just for curious.. this is my squid.conf regarding ntlm: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN auth_param ntlm children 280 auth_param ntlm keep_alive on I try both keep_alive, on and off... no changes. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I mount a share on my Debian server ?
This worked :-) First i made a new folder inside /mnt /mnt/Share_name then: myserver:~# mount -t cifs //10.23.150.100/Share /mnt/Share_name -v -o user=my-username,pass=my-password,domain=CORPNET mount.cifs kernel mount options: unc=//10.23.150.100 \Share,ip=10.23.150.100,ver=1,rw,user=my-username,domain=CORPNET,pass= myserver:~# On the server I now can view the files. But how do I mount this share permanently, and how do I make the folder accessible for users on the local server? Gungne On Fri, Feb 19, 2010 at 11:01 AM, Eero Volotinen eero.voloti...@iki.fiwrote: 2010/2/19 Gungne Gungneson gung...@gmail.com: This line is getting me forward: smbclient -U my-username -W WORKGROUP -L 10.23.150.100 Enter my-username's password: Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Sharename Type Comment - --- print$ Disk Printer Drivers C$ Disk Default share ... a-lot-of-shares ... F$ Disk Default share ADMIN$ Disk Remote Admin ... a-lot-of-printers ... session request to 10.23.150.100 failed (Called name not present) session request to 10 failed (Called name not present) Domain=[CORPNET] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Tanks for a lot of use full hints so fare. I'm new to samba, so I am now sure what to use as search terms. But the answers here has helped me much. Now I have to mount the share permanent on my server. And here I need some help and hints... Like this in /etc/fstab //ip.or.hostname/WORK /mnt/work cifs noperm,uid=eero,rw,user=eero,iocharset=utf8,credentials=/home/eero/credentials 0 0 crendentials file contains line password=user-password -- Eero -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.2.5 / Debian Lenny var full
Thanks I think i'm going to follow your advice i seen that the lenny backport give the 3.4.3 version of samba On 02/18/2010 05:14 AM, Didier Roques wrote: Hi i've got a server with lenny installed on it with samba 3.2.5. My problem is that the var partition is sometimes full. In fact, if i use df command I watch the partition full, but if I use du command the partition is not full. If i use lsof command i see plenty of log samba files into /var/log/samba wich are very big, i have - to kill the process given by lsof associated to log samba file (smbd process) - to restart samba to see the partition not full. Is there a bug with this official version of samba with lenny ? or have you got a solution for me. I have seen this problem with samba-3.2.3 at a large site. It would strike once every two months or so, when it happened an 80GB /var/log/samba partition would fill up in 1 or 2 minutes. We never got to the bottom of this, the problem has not reappeared since the site moved to samba-3.3.4. My advice is to update to 3.4.5 or later. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SOLVED netlogon_creds_server_check failed
I finally solved this Windows 7 problem by changing workstation/server names in passwd and group to uppercase -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using winbind causes high load on the pdc
Unless they're needed for your configuration, try winbind enum users = No winbind enum groups = No In a large site, those create a lot of traffic. Dale On 02/19/2010 5:42 AM, gu...@lorenzutti.com.ar wrote: Hi people: I have a winbind 3.2.5 running on a box to authenticate users in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have aprox 500 users and when they all use the squid my winbind generates a lot of traffic to my pdc box causing high load on the smb process that talks to the winbind... killing the performance of the squid. Is there anyway to reduce this traffic? Why everytime a user navigates the winbind revalidates the credentials? Cache for username/passwords? TTL? something? Can I avoid the rpc traffic to the PDC and setup the winbind to talk to the pdc via ldap? This is my winbind smb.conf: [global] workgroup = DOMAIN netbios name = PROXY wins support = No wins server = 10.1.0.44 password server = * dns proxy = No log file = /var/log/samba/log.%m max log size = 1000 syslog only = No syslog = 0 security = domain domain master = No encrypt passwords = Yes passdb backend = tdbsam printing = none load printers = No restrict anonymous = 1 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind separator = \\ winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 900 winbind offline logon = Yes Just for curious.. this is my squid.conf regarding ntlm: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN auth_param ntlm children 280 auth_param ntlm keep_alive on I try both keep_alive, on and off... no changes. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.5.0rc3 Available for Download
Release Announcements = This is the third release candidate of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution o The Using Samba HTML book has been removed. o 'net', 'smbclient' and libsmbclient can use credentials cached by Winbind. o The default value of wide links has been changed to no. Protocol changes: o Experimental implementation of SMB2 Printing Changes: o Add encryption support for connections to a CUPS server Winbind changes: o Major refactoring o Asynchronous VFS modules: o New vfs_scannedonly module has been added. General changes: Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher). The Using Samba HTML book has been removed from the Samba tarball. It is still available at http://www.samba.org/samba/docs/using_samba/toc.html. Samba client tools like 'net', 'smbclient' and libsmbclient can use the user credentials cached by Winbind at logon time. This is very useful e.g. when connecting to a Samba server using Nautilus without re-entering username and password. This feature is enabled by default and can be disabled per application by setting the LIBSMBCLIENT_NO_CCACHE environment variable. The default value of wide links has been changed to no to avoid an insecure default configuration (wide links = yes and unix extensions = yes). For more details, please see http://www.samba.org/samba/news/symlink_attack.html. Protocol changes An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting max protocol = smb2. SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher. Printing Changes A new parameter cups encrypt has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections. Winbind changes === The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'getent group' or 'getent passwd'. VFS modules === A new VFS module scannedonly has been added. This is a filter that talks to an antivirus-engine and stores whether a file is clean or not. Users do only see clean files on their filesystem. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- create krb5 confNew yes ctdb timeoutNew 0 cups encryptNew no debug hires timestamp Changed Default yes ldap deref New auto ldap follow referralNew auto nmbd bind explicit broadcastNew no wide links Changed Default no New configure options - --enable-external-libtdbEnable external tdb --enable-netapi Turn on netapi support --enable-pthreadpoolEnable pthreads pool helper support --with-cifsumount Include umount.cifs (Linux only) support --with-codepagedir=DIR Where to put codepages Commit Highlights = o Björn Jacke b...@sernet.de * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. o Volker Lendecke v...@samba.org * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. * Make 'net', 'smbclient' and libsmbclient use the logon credentials cached by Winbind. o Stefan Metzmacher me...@samba.org * Implement the new SMB2 protocol (experimental). Changes since 3.5.0rc2 -- o Jeremy Allison j...@samba.org * BUG 6557: Fix vfs_full_audit. * BUG 6876: Fix duplicate initializer in the rmdir module. * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit. * BUG 7067: Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio). * BUG 7069: Fix 'smbget' error status. * BUG 7072: Fix unlocking of accounts from ldap. * BUG 7079 Cliconnect gets realm wrong with trusted domains. * BUG 7081: Fix vfs_expand_msdfs. * BUG 7084: Fix storing of create time on directories in an EA in new create time code. * BUG 7104: wide links and unix extensions are incompatible. * BUG 7118: Fix nmbd problems with socket
[Samba] [FIXED on Debian] Re: ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type [SEC=UNCLASSIFIED]
On Wed, Feb 17, 2010 at 6:39 AM, Wilkinson, Alex alex.wilkin...@dsto.defence.gov.au wrote: 0n Wed, Feb 17, 2010 at 07:49:25AM -0600, Dale Schroeder wrote: Reply to list/user gets me again! Anyway, we are at 2008 functional level, so I don't think our domain is even accepting DES. It looks like Debian has a fix in libkrb5 that has another two days in sid, then will be migrated to Squeeze. That's the best news I've had in days. I noticed that the original reporter of the bug had success with 1.8 alpha1-6, and the version soon to be in squeeze is already beyond that at alpha 1-7. Here is the patch: http://packages.debian.org/changelogs/pool/main/k/krb5/krb5_1.8+dfsg~alpha1-7/changeloghttp://packages.debian.org/changelogs/pool/main/k/krb5/krb5_1.8+dfsg%7Ealpha1-7/changelog krb5 (1.8+dfsg~alpha1-6) unstable; urgency=medium * Import upstream fixes including: - A non-conformance with RFC 4120 that causes enc_padata to be included when the client may not support it - Weak crypto acts as a filter and does not reject if DES is included in krb5.conf, fixes Samba net ads join, Closes: #566977 * Medium urgency because of the samba bug fix. If the samba maintainers request the release team to bump to high I'd support that. * Update libkdb5 symbols for new upstream internal interface I have just tested the new package from Debian and it indeed does solve the problem and you don't need the weak_crypto option in krb5.conf. Thanks to all who got us through this bump in the road. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I mount a share on my Debian server ?
On Fri, Feb 19, 2010 at 01:26:28PM +0100, Gungne Gungneson wrote: This worked :-) First i made a new folder inside /mnt /mnt/Share_name then: myserver:~# mount -t cifs //10.23.150.100/Share /mnt/Share_name -v -o user=my-username,pass=my-password,domain=CORPNET mount.cifs kernel mount options: unc=//10.23.150.100 \Share,ip=10.23.150.100,ver=1,rw,user=my-username,domain=CORPNET,pass= myserver:~# On the server I now can view the files. But how do I mount this share permanently, and how do I make the folder accessible for users on the local server? Remember CIFS is a per user mount. It isn't like NFS where multiple users can use a single mount. Every user will have access as 'my-username' and do everything as that user. CIFS was after all designed by Microsoft who doesn't believe multiple users can (or should be allowed to) use one machine at the same time. You can allow that if that is really what you want by changing the file_mode and dir_mode options. -- Len Sorensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using winbind causes high load on the pdc
I try... no help I still have a lot of traffic between the winbind and the pdc and high load on the pdc. Why this traffic has to be rpc to the pdc? Can the winbind use ldap to check username and password? Unless they're needed for your configuration, try winbind enum users = No winbind enum groups = No In a large site, those create a lot of traffic. Dale On 02/19/2010 5:42 AM, gu...@lorenzutti.com.ar wrote: Hi people: I have a winbind 3.2.5 running on a box to authenticate users in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have aprox 500 users and when they all use the squid my winbind generates a lot of traffic to my pdc box causing high load on the smb process that talks to the winbind... killing the performance of the squid. Is there anyway to reduce this traffic? Why everytime a user navigates the winbind revalidates the credentials? Cache for username/passwords? TTL? something? Can I avoid the rpc traffic to the PDC and setup the winbind to talk to the pdc via ldap? This is my winbind smb.conf: [global] workgroup = DOMAIN netbios name = PROXY wins support = No wins server = 10.1.0.44 password server = * dns proxy = No log file = /var/log/samba/log.%m max log size = 1000 syslog only = No syslog = 0 security = domain domain master = No encrypt passwords = Yes passdb backend = tdbsam printing = none load printers = No restrict anonymous = 1 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind separator = \\ winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 900 winbind offline logon = Yes Just for curious.. this is my squid.conf regarding ntlm: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN auth_param ntlm children 280 auth_param ntlm keep_alive on I try both keep_alive, on and off... no changes. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.5 won't compile (Slackware)
Hallo, I wrote am 19.02.10: Compiling 3.4.5 shows Start -- [...] Linking bin/smbd lib/gencache.o: In function `gencache_iterate_fn': gencache.c:(.text+0xb1): undefined reference to `ap_fnmatch' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 -- End - Where is the problem? The problem is (has been) my machine. Newer kernel, newer glibc, newer gcc - and all works fine (ok - I have to wait some time, but till now: no errors). Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba file locking
On Fri, Feb 19, 2010 at 07:33:48AM +0100, Janez Kosmrlj wrote: We have a strange file locking problem and i hope someone can help. We use some CentOS 5 servers, which use samba 3.0.33, to share files of a java application to clients. Clients are mostly CentOS 5 (same version as the server), but there are a few legacy windows clients (the reason why we use samba and not nfs). And now the problem. When our developer uploads a new jar file to the server via scp (or via local cp command) we encountered a problem. As soon as the server has the new file the Linux client (windows not yet tested) is seeing a corrupt file. And this state continues until the share gets remounted on the client. This was working before where we had a fedora core 4 servers and only windows clients, but now we are in the process of upgrading the servers and introducing Linux on the client side. You can also simulate the problem if you open a text file on a Linux client with tail -f and then change the file on the server locally. The file the client sees is corrupted until the share gets remounted. First thing. As these are remote locations and there is a lot of them, it is not possible to upload files via smb (we would like to make rpm packages for the application and the app will be distributed via yum). We tried various permutations of the parameters kernel oplocks, posix locks, oplocks, level2 oplocks, ... but nothing seems to work. We also tried to use a newer samba version (3.4.5). Can you try to mount with -o directio? Not sure this will help, but it might be worth a try. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WINS corruption alleged
I searched but was unable to locate a close match for this case. I doubt that Samba was the culprit here, but unus vir nullus vir. Your feedback would be appreciated. Situation: Windows clients, mostly WinXP desktops, got no logon servers are available when trying to access shared directories on fileservers. The Windows domain controllers run Win2k3. Member servers range from NT4 to Win2k8, plus three Alpha-VMS platforms running Samba 2.2.8. WINS Manager Active Registrations showed the expected IP address for Domain Master Browser and Domain Controller. But there was another record matching that domain name. It was Type [1Eh]Normal Group Name and had the IP address of a Samba server's secondary network interface. Immediate Response: The lead Windows sysadmin concluded that the Samba server caused corruption of the WINS database by improperly assuming the role of domain controller or master browser. The SMBD service was then disabled on the Samba server, and after that the WINS database was rebuilt and all the Windows servers were rebooted. Users were back to normal the next day. Corrective Action Proposed: The Samba server in question has primary and secondary NICs in the same subnet. The interfaces configuration option is blank. Other global settings include: security = DOMAIN domain logons = No os level = 20 preferred master = No local master = No domain master = No wins server = 192.168.1.20 wins support = No After reviewing the configuration, the Windows lead recommended setting os level to 1 before re-enabling Samba in order to prevent future WINS corruption problems. Samba V2.2.8 had been running on several VMS hosts for more than 8 months using the settings shown. All participated as members of the Windows domain and shared directories on the network without incident. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WINS corruption alleged
On Fri, Feb 19, 2010 at 09:50:49AM -0800, Edward Quinn wrote: I searched but was unable to locate a close match for this case. I doubt that Samba was the culprit here, but unus vir nullus vir. Your feedback would be appreciated. Situation: Windows clients, mostly WinXP desktops, got no logon servers are available when trying to access shared directories on fileservers. The Windows domain controllers run Win2k3. Member servers range from NT4 to Win2k8, plus three Alpha-VMS platforms running Samba 2.2.8. WINS Manager Active Registrations showed the expected IP address for Domain Master Browser and Domain Controller. But there was another record matching that domain name. It was Type [1Eh]Normal Group Name and had the IP address of a Samba server's secondary network interface. Immediate Response: The lead Windows sysadmin concluded that the Samba server caused corruption of the WINS database by improperly assuming the role of domain controller or master browser. The SMBD service was then disabled on the Samba server, and after that the WINS database was rebuilt and all the Windows servers were rebooted. Users were back to normal the next day. Corrective Action Proposed: The Samba server in question has primary and secondary NICs in the same subnet. The interfaces configuration option is blank. Other global settings include: security = DOMAIN domain logons = No os level = 20 preferred master = No local master = No domain master = No wins server = 192.168.1.20 wins support = No After reviewing the configuration, the Windows lead recommended setting os level to 1 before re-enabling Samba in order to prevent future WINS corruption problems. Samba V2.2.8 had been running on several VMS hosts for more than 8 months using the settings shown. All participated as members of the Windows domain and shared directories on the network without incident. Given those settings nmbd shouldn't be announcing itself as a DC. But Samba 2.2.x is *very* old, and it's hard to say if that could have been a bug from that time. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba file locking
Can you try to mount with -o directio? Not sure this will help, but it might be worth a try. Volker Hi, there is also another parameter similar to directio, I don't know the difference but seems more radical, it's forcedirectio. I have been using it on linux clients which mounts a samba share or a w2k share. Best regards, Ernesto. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change samba username with tdbsam backend
How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
smbpasswd ? How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
Nope. man smbpasswd and you will see. 2010/2/20 gu...@lorenzutti.com.ar: smbpasswd ? How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Eden Caldas Consultor de TI e...@linuxfacil.org (81) 9653 7220 LINUX FÁCIL – Consultoria e Serviços em TI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
oh.. sorry, didn't finish reading. I guess you could dump the tdb to plain text, edit it and restore it. And you should rename the user in /etc/passwd /etc/shadow also. You should also check the home page and the profile of the user. How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
a) The users' name in the passdb.tdb file That's what I want to know. How do I do it? 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Eden Caldas Consultor de TI e...@linuxfacil.org (81) 9653 7220 LINUX FÁCIL – Consultoria e Serviços em TI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
On 02/19/2010 08:39 PM, Eden Caldas wrote: a) The users' name in the passdb.tdb file That's what I want to know. How do I do it? OK - you will lose information, but here is a quick solution: a) pdbedit -i tdbsam -e smbpasswd b) pdbedit -x user_name c) Edit the smbpasswd file (it is a text file) d) pdbedit -i smbpasswd -e tdbsam I am not sure it will work, but try it - what do you have to lose? - John T. 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
A very small contribution... you should also rename the user in passwd and shadow. On 02/19/2010 08:39 PM, Eden Caldas wrote: a) The users' name in the passdb.tdb file That's what I want to know. How do I do it? OK - you will lose information, but here is a quick solution: a) pdbedit -i tdbsam -e smbpasswd b) pdbedit -x user_name c) Edit the smbpasswd file (it is a text file) d) pdbedit -i smbpasswd -e tdbsam I am not sure it will work, but try it - what do you have to lose? - John T. 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
You are not sure if it will work? So there's no way of doing this withou losing information? 2010/2/20 gu...@lorenzutti.com.ar: A very small contribution... you should also rename the user in passwd and shadow. On 02/19/2010 08:39 PM, Eden Caldas wrote: a) The users' name in the passdb.tdb file That's what I want to know. How do I do it? OK - you will lose information, but here is a quick solution: a) pdbedit -i tdbsam -e smbpasswd b) pdbedit -x user_name c) Edit the smbpasswd file (it is a text file) d) pdbedit -i smbpasswd -e tdbsam I am not sure it will work, but try it - what do you have to lose? - John T. 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
On 02/19/2010 08:51 PM, Eden Caldas wrote: You are not sure if it will work? Right. It should work. Try it. But there will be a loss of information. So there's no way of doing this without losing information? Correct. The tdbsam (passdb.tdb) file stores more information than the smbpasswd file does. You should execute: pdbedit -Lv user_name and make careful record of the user's SID and other Windows per-user settings. You may have to restore that separately using pdbedit. Password aging information will be lost. Any per-user setting for Windows home folder, profile information, per-user logon script, etc. will be lost unless you reset it. - John T. 2010/2/20 gu...@lorenzutti.com.ar: A very small contribution... you should also rename the user in passwd and shadow. On 02/19/2010 08:39 PM, Eden Caldas wrote: a) The users' name in the passdb.tdb file That's what I want to know. How do I do it? OK - you will lose information, but here is a quick solution: a) pdbedit -i tdbsam -e smbpasswd b) pdbedit -x user_name c) Edit the smbpasswd file (it is a text file) d) pdbedit -i smbpasswd -e tdbsam I am not sure it will work, but try it - what do you have to lose? - John T. 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems accessing a file share using kerberos
Hi, I'm trying to access a file share on what I believe is a netapp server using kerberos authentication. I've done a kinit and gotten credentials and then ran: $ smbclient -U pedrocr //gsb-filer2/pedrocr -k -d10 This actually increased the number of credentials klist shows so looks good in that regard. Howeever, I got the error: SPNEGO login failed: NT_STATUS_MORE_PROCESSING_REQUIRED lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED did you forget to run kinit? Searching around I found this relating to this error on NetApp: http://lists.samba.org/archive/smb-clients/2008-September/000785.html Seems like it doesn't like the workgroup name, even though here I'm not using one. I've tried 20 different combinations of how to do it, with and without the workgroup name (which should be win) and it still wouldn't work. I also tried using this without kerberos like so: $ smbclient -U win/pedrocr%mypassword //gsb-filer2/pedrocr this actually returns NT_STATUS_WRONG_PASSWORD although the password is indeed correct. I'm running Ubuntu 9.10 with smbclient version 3.4.0-3ubuntu5.4. Do I need to actually install samba itself and connect it to the domain for this to work? I'm doing all this on the Stanford campus network in case anyone knows anything about that install in particular. Cheers, Pedro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
Thanks i'll try it. 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 08:51 PM, Eden Caldas wrote: You are not sure if it will work? Right. It should work. Try it. But there will be a loss of information. So there's no way of doing this without losing information? Correct. The tdbsam (passdb.tdb) file stores more information than the smbpasswd file does. You should execute: pdbedit -Lv user_name and make careful record of the user's SID and other Windows per-user settings. You may have to restore that separately using pdbedit. Password aging information will be lost. Any per-user setting for Windows home folder, profile information, per-user logon script, etc. will be lost unless you reset it. - John T. 2010/2/20 gu...@lorenzutti.com.ar: A very small contribution... you should also rename the user in passwd and shadow. On 02/19/2010 08:39 PM, Eden Caldas wrote: a) The users' name in the passdb.tdb file That's what I want to know. How do I do it? OK - you will lose information, but here is a quick solution: a) pdbedit -i tdbsam -e smbpasswd b) pdbedit -x user_name c) Edit the smbpasswd file (it is a text file) d) pdbedit -i smbpasswd -e tdbsam I am not sure it will work, but try it - what do you have to lose? - John T. 2010/2/20 John H Terpstra j...@samba.org: On 02/19/2010 06:52 PM, Eden Caldas wrote: How do you do this? This thing is a binary file. And I see no command lines for it. ex; I have an username named Miranda and I want to change to Liara. OK, this is a question that has been asked many times on this list. A complete solution depends on the Samba password backend being used, and on how far you want to go in terms of consistency of change. For example: 1) If the passdb backend = smbpasswd, it is necessary to change: a) The user login name in the smbpasswd file b) The user login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 2) If the passdb backend = tdbsam, it is necessary to change: a) The users' name in the passdb.tdb file b) The users' login name and GECOS information in /etc/passwd and in /etc/shadow, and all group membership information in /etc/groups c) The name of the user's home directory d) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. 3) If the passdb backend = ldapsam, it is necessary to change: a) The users' identity information in a consistent manner in his/her account record and in all group memberships b) The name of the user's home directory c) The name of the user's desktop profile directory on all MS Windows machine the user makes use of. The problem is that if the account information is deleted (can be done) it must be restored with the same UID and GID, and with full preservation of the users' fully qualified SID. If this does not happen, his/her profile will not longer work correctly and user applications will be broken in the MS Windows environment. There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
On Fri, Feb 19, 2010 at 08:33:36PM -0600, John H Terpstra wrote: There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. The correct way to do this is for winbindd to be able to fully specify UNIX accounts internally (ie. inside it's own equivalent of /etc/passwd, /etc/shadow, and tdbsam). We used to have this capability in winbindd but it got removed a long time ago (around the early Samba 3.0.x timeframe I recall) as no one made use of it. I've been thinking of resurecting this again at some point. If winbindd is the full controller of local account info then normal RPC tools can change an account name by simply changing the stored name property in the database. I'll start thinking about adding this back into winbindd as a winbindd local accounts option. Probably would do it differently from the earlier implementation now though :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems accessing a file share using kerberos
On Fri, Feb 19, 2010 at 07:08:48PM -0800, Pedro Côrte-Real wrote: Hi, I'm trying to access a file share on what I believe is a netapp server using kerberos authentication. I've done a kinit and gotten credentials and then ran: $ smbclient -U pedrocr //gsb-filer2/pedrocr -k -d10 This actually increased the number of credentials klist shows so looks good in that regard. Howeever, I got the error: SPNEGO login failed: NT_STATUS_MORE_PROCESSING_REQUIRED lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED did you forget to run kinit? Searching around I found this relating to this error on NetApp: http://lists.samba.org/archive/smb-clients/2008-September/000785.html Seems like it doesn't like the workgroup name, even though here I'm not using one. I've tried 20 different combinations of how to do it, with and without the workgroup name (which should be win) and it still wouldn't work. I also tried using this without kerberos like so: $ smbclient -U win/pedrocr%mypassword //gsb-filer2/pedrocr this actually returns NT_STATUS_WRONG_PASSWORD although the password is indeed correct. I'm running Ubuntu 9.10 with smbclient version 3.4.0-3ubuntu5.4. Do I need to actually install samba itself and connect it to the domain for this to work? I'm doing all this on the Stanford campus network in case anyone knows anything about that install in particular. Should work. What version of the NetApp OS release is this ? Can you get a debug level 10 trace from smbclient so we might be able to track this down ? I'm local to you, but will be at Connectathon all next week (might get to test with some NetApp folks), but after that could come take a look on campus. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change samba username with tdbsam backend
On 02/19/2010 11:41 PM, Jeremy Allison wrote: On Fri, Feb 19, 2010 at 08:33:36PM -0600, John H Terpstra wrote: There exists no simple, portable tool that can affect the type of change you are seeking. At the best of times, this is a a complex administrative task that requires knowledge of the consequences of each step taken. A failure to apprehend such consequences will lead ot interesting observations and results. The correct way to do this is for winbindd to be able to fully specify UNIX accounts internally (ie. inside it's own equivalent of /etc/passwd, /etc/shadow, and tdbsam). We used to have this capability in winbindd but it got removed a long time ago (around the early Samba 3.0.x timeframe I recall) as no one made use of it. Samba has from the outset implicitly viewed all Windows security objects from the perspective of a UNIX user or group account. This is one of Sambas' Achilles heals. It would have been much easier had we implemented a selectable way of mapping Windows security objects (users, groups, trust accounts, etc.) to UNIX accounts. For example; it would have been possible to map Windows groups such as Domain Users account to a particular UNIX user _OR_ group, without requiring explicit mapping of MS Windows users to a discrete UNIX user account and Windows groups to a discrete UNIX group. Had we kept a barrier between the Windows world and the UNIX world that allows flexible mapping to a UNIX user _OR_ group account we would have had a really nifty and flexible environment. We now have kind-of a prison that forces a lot of complex constraints on the UNIX admin. I've been thinking of resurrecting this again at some point. Is this really a good idea? I'm not sure. If winbindd is the full controller of local account info then normal RPC tools can change an account name by simply changing the stored name property in the database. Agreed. Think of the flexibility this would provide in respect of ACLs handling too! A disconnection of the tie between the Windows and UNIX worlds has considerable merit. I'll start thinking about adding this back into winbindd as a winbindd local accounts option. Probably would do it differently from the earlier implementation now though :-). Before we do this, please let us fundamentally rethink the best way to architect the relationship between the Windows and UNIX worlds. For example, how would this impact the Global v's Local Windows account infrastructure? A fully flexible mapping system could replace the need for much of the current IDMAP infrastrucure also. Maybe it is time to awake from the dream, hopefully not to the realization that it was actually a nightmare. ;-) - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via fd906e7... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash from b3c5b9d... s3-docs: Remove trailing whitespaces and fix a typo. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit fd906e77a0959189db767392981a89b5130939e2 Author: Jeremy Allison j...@samba.org Date: Thu Feb 18 12:21:10 2010 -0800 Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930) --- Summary of changes: source3/smbd/mangle_hash.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index 8369af4..b54dd5c 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -331,6 +331,7 @@ static void init_chartest( void ) chartest = SMB_MALLOC_ARRAY(unsigned char, 256); SMB_ASSERT(chartest != NULL); + memset(chartest, '\0', 256); for( s = (const unsigned char *)basechars; *s; s++ ) { chartest[*s] |= BASECHAR_MASK; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via fcca63d... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash from 2eb3385... Fix bug #6557 - Do not work VFS full_audit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit fcca63d5fd0b900bc4bdcfbfb21b14f655abbbf7 Author: Jeremy Allison j...@samba.org Date: Thu Feb 18 12:21:10 2010 -0800 Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930) --- Summary of changes: source3/smbd/mangle_hash.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index 6679b31..679487d 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -331,6 +331,7 @@ static void init_chartest( void ) chartest = SMB_MALLOC_ARRAY(unsigned char, 256); SMB_ASSERT(chartest != NULL); + memset(chartest, '\0', 256); for( s = (const unsigned char *)basechars; *s; s++ ) { chartest[*s] |= BASECHAR_MASK; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via 80d9663... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash from 20b6d04... Fix bug #6557 - Do not work VFS full_audit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 80d9663b3635ed7b2e9b3308d27aed08cd1f38fb Author: Jeremy Allison j...@samba.org Date: Thu Feb 18 12:21:10 2010 -0800 Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930) --- Summary of changes: source/smbd/mangle_hash.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/mangle_hash.c b/source/smbd/mangle_hash.c index 7073c3c..e081a57 100644 --- a/source/smbd/mangle_hash.c +++ b/source/smbd/mangle_hash.c @@ -335,6 +335,7 @@ static void init_chartest( void ) chartest = SMB_MALLOC_ARRAY(unsigned char, 256); SMB_ASSERT(chartest != NULL); + memset(chartest, '\0', 256); for( s = (const unsigned char *)basechars; *s; s++ ) { chartest[*s] |= BASECHAR_MASK; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 7122d0e... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' from fd906e7... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 7122d0e97ca9edeea28c9e898e77f576a886471e Author: Jeremy Allison j...@samba.org Date: Thu Feb 18 11:22:44 2010 -0800 Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15) --- Summary of changes: source3/smbd/mangle_hash.c |8 +--- 1 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index b54dd5c..d1af099 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -409,8 +409,8 @@ static void cache_mangled_name( const char mangled_name[13], { TDB_DATA data_val; char mangled_name_key[13]; - char *s1; - char *s2; + char *s1 = NULL; + char *s2 = NULL; /* If the cache isn't initialized, give up. */ if( !tdb_mangled_cache ) @@ -449,7 +449,9 @@ static void cache_mangled_name( const char mangled_name[13], DEBUG(5,(cache_mangled_name: Stored entry %s - %s\n, mangled_name_key, raw_name)); } /* Restore the change we made to the const string. */ - *s2 = '.'; + if (s2) { + *s2 = '.'; + } } /* ** ** -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 7eaeb89... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' from fcca63d... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 7eaeb891c8aee880fb06733f998b2feb95ef9c36 Author: Jeremy Allison j...@samba.org Date: Thu Feb 18 11:22:44 2010 -0800 Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15) --- Summary of changes: source3/smbd/mangle_hash.c |8 +--- 1 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index 679487d..11ccbee 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -409,8 +409,8 @@ static void cache_mangled_name( const char mangled_name[13], { TDB_DATA data_val; char mangled_name_key[13]; - char *s1; - char *s2; + char *s1 = NULL; + char *s2 = NULL; /* If the cache isn't initialized, give up. */ if( !tdb_mangled_cache ) @@ -449,7 +449,9 @@ static void cache_mangled_name( const char mangled_name[13], DEBUG(5,(cache_mangled_name: Stored entry %s - %s\n, mangled_name_key, raw_name)); } /* Restore the change we made to the const string. */ - *s2 = '.'; + if (s2) { + *s2 = '.'; + } } /* ** ** -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated
The branch, v3-3-test has been updated via e904ccd... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' from 80d9663... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e904ccd25a3b7050a8d1895c9535e42abd0b4d07 Author: Jeremy Allison j...@samba.org Date: Thu Feb 18 11:22:44 2010 -0800 Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15) --- Summary of changes: source/smbd/mangle_hash.c |8 +--- 1 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/mangle_hash.c b/source/smbd/mangle_hash.c index e081a57..31e734d 100644 --- a/source/smbd/mangle_hash.c +++ b/source/smbd/mangle_hash.c @@ -412,8 +412,8 @@ static void cache_mangled_name( const char mangled_name[13], { TDB_DATA data_val; char mangled_name_key[13]; - char *s1; - char *s2; + char *s1 = NULL; + char *s2 = NULL; /* If the cache isn't initialized, give up. */ if( !tdb_mangled_cache ) @@ -452,7 +452,9 @@ static void cache_mangled_name( const char mangled_name[13], DEBUG(5,(cache_mangled_name: Stored entry %s - %s\n, mangled_name_key, raw_name)); } /* Restore the change we made to the const string. */ - *s2 = '.'; + if (s2) { + *s2 = '.'; + } } /* ** ** -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e40310a... testprogs: ignore GetJob level 3 and 4 against samba for now. from 76aa37f... librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e40310a64bb8fccefeca720948130b9d23490ec6 Author: Günther Deschner g...@samba.org Date: Fri Feb 19 10:11:19 2010 +0100 testprogs: ignore GetJob level 3 and 4 against samba for now. Guenther --- Summary of changes: testprogs/win32/spoolss/error.c |2 ++ testprogs/win32/spoolss/spoolss.c |2 +- 2 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/testprogs/win32/spoolss/error.c b/testprogs/win32/spoolss/error.c index 8ccc542..2665856 100644 --- a/testprogs/win32/spoolss/error.c +++ b/testprogs/win32/spoolss/error.c @@ -113,6 +113,8 @@ const char *errstr(DWORD error) #endif case ERROR_CANCELLED: return ERROR_CANCELLED; + case ERROR_NOACCESS: + return ERROR_NOACCESS; case RPC_S_PROCNUM_OUT_OF_RANGE: return RPC_S_PROCNUM_OUT_OF_RANGE; case RPC_S_SERVER_UNAVAILABLE: diff --git a/testprogs/win32/spoolss/spoolss.c b/testprogs/win32/spoolss/spoolss.c index 1a8516b..c9a7bc0 100644 --- a/testprogs/win32/spoolss/spoolss.c +++ b/testprogs/win32/spoolss/spoolss.c @@ -877,7 +877,7 @@ static BOOL test_GetJob(struct torture_context *tctx, torture_comment(tctx, Testing GetJob(%d) level %d, job_id, levels[i]); - if (tctx-samba3 levels[i] == 4) { + if (tctx-samba3 (levels[i] == 4) || (levels[i] == 3)) { torture_comment(tctx, skipping level %d getjob against samba\n, levels[i]); continue; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via b094f49... librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() via a2c0350... spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). via 412ff72... spoolss: add spoolss_security_descriptor. via faf7ab1... s3: re-run make samba3-idl. via 1623a11... security: make two bitmaps public. via 63eae72... spoolss: make two bitmaps public. via ef3bd91... spoolss: make all security descriptors and devicemodes 4 byte aligned and add missing subcontexts. via 7c7917b... spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative pointers. via 8343c3c... ndr_spoolss_buf: use LIBNDR_FLAG_NO_NDR_SIZE in NDR_SPOOLSS_SIZE_* via db00f01... spoolss: use subcontext in NDR_SPOOLSS_PUSH_ENUM_OUT macro. via 2d157ea... libndr: fix ndr_size_* calculation with relative reverse buffers via d8251b5... libndr: for now align reverse relative pointers to 2 bytes by default. via 148460b... libndr: implement LIBNDR_RELATIVE_REVERSE handling via b8f0d94... libndr: store a subcontext buffer size in ndr_push_subcontext_start. via 983ac75... libndr: give an error when ndr_push_relative_ptr2_start()/_end() is used with the RELATIVE_REVERSE flag via cc10379... libndr: add LIBNDR_FLAG_NO_RELATIVE_REVERSE so that relative reverse processing can be disabled for single structure elements. via f7634ed... libndr: add LIBNDR_FLAG_RELATIVE_REVERSE flag. via 07a5157... libndr: change subcontext buffer allocation to allocate on subcontext_start. via 66fe881... librpc/ndr: make ndr_push_relative_ptr2() static via bdf8ae4... librpc/ndr_krb5pac: use ndr_push_relative_ptr2_start()/_end() via e57719e... librpc/ndr_drsblobs: use ndr_push_relative_ptr2_start()/_end() via 08fd161... spoolss: fix relative pointers in ndr_push_spoolss_DriverInfo101. via 5edccc5... s3: re-run make full_idl. via b9db7b7... pidl: use ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. via 478bf41... libndr: add ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. from 7122d0e... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b094f4954d0bef08794c5edcf102444908f1971c Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 19 08:11:24 2010 +0100 librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() metze (cherry picked from commit 76aa37f653fec2d511921768381db7da661750cb) The last 24 patches address bug #6888 (REGRESSION: printing support for 64 bit windows clients broken). commit a2c03502df39c0ee8859895f4a80a3e48f798508 Author: Günther Deschner g...@samba.org Date: Sat Feb 13 03:45:25 2010 +0100 spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). Guenther (cherry picked from commit 0a8011aa98ccaa81dc6ba2d30672ef4856fc31d8) commit 412ff72854040d5f619e978ce65c60f50f980f2b Author: Günther Deschner g...@samba.org Date: Tue Feb 16 02:48:01 2010 +0100 spoolss: add spoolss_security_descriptor. Guenther (cherry picked from commit 28817424935e5b6eaf465fe993dedc2b0a0cf177) commit faf7ab156092a1deffec25db300f11cdedb558a1 Author: Günther Deschner g...@samba.org Date: Tue Feb 9 16:47:32 2010 +0100 s3: re-run make samba3-idl. Guenther commit 1623a11fbde6f00fa3d05c8d088f48e206ad63ee Author: Günther Deschner g...@samba.org Date: Tue Feb 16 10:46:07 2010 +0100 security: make two bitmaps public. Guenther (cherry picked from commit f10a2d773d141f67319e19b45c40101bb9cb6cf4) commit 63eae72f981b619dd2baf1973bc5744ccd2fca28 Author: Günther Deschner g...@samba.org Date: Sat Feb 13 04:27:05 2010 +0100 spoolss: make two bitmaps public. Guenther (cherry picked from commit 8c4ff98ea11ff06e20bea73596e9643d8194a890) commit ef3bd911cae625b524fa79dc28e67db1234f1eeb Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 18 15:36:08 2010 +0100 spoolss: make all security descriptors and devicemodes 4 byte aligned and add missing subcontexts. Guenther (cherry picked from commit 8f52957369bf8ce7591d5d9a1436ccb7e384c612) commit 7c7917ba9cdc17c6b5d1e1e51cde714c0be6e036 Author: Günther Deschner g...@samba.org Date: Mon Dec 14 17:22:39 2009 +0100 spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative pointers. Guenther (cherry picked from commit 6d0a39741dacd81e33b25a91fa28cdf983d10d84) commit 8343c3c28a17cf8c464c9167d453855b5a0482c1 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 18
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via 58b089f... librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() via 31a0975... spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). via 1856478... spoolss: add spoolss_security_descriptor. via d35eb81... s3: re-run make samba3-idl. via b9748d5... security: make two bitmaps public. via b64cd98... spoolss: make two bitmaps public. via a4cb149... spoolss: make all security descriptors and devicemodes 4 byte aligned and add missing subcontexts. via 93aab77... spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative pointers. via 3174acb... ndr_spoolss_buf: use LIBNDR_FLAG_NO_NDR_SIZE in NDR_SPOOLSS_SIZE_* via 4a8dda5... spoolss: use subcontext in NDR_SPOOLSS_PUSH_ENUM_OUT macro. via 56a6011... libndr: fix ndr_size_* calculation with relative reverse buffers via 00d97b0... libndr: for now align reverse relative pointers to 2 bytes by default. via 33d03a8... libndr: implement LIBNDR_RELATIVE_REVERSE handling via 4efead4... libndr: store a subcontext buffer size in ndr_push_subcontext_start. via 2f8872b... libndr: give an error when ndr_push_relative_ptr2_start()/_end() is used with the RELATIVE_REVERSE flag via a026311... libndr: add LIBNDR_FLAG_NO_RELATIVE_REVERSE so that relative reverse processing can be disabled for single structure elements. via d0eb23b... libndr: add LIBNDR_FLAG_RELATIVE_REVERSE flag. via d2bb2f1... libndr: change subcontext buffer allocation to allocate on subcontext_start. via d4606cd... librpc/ndr: make ndr_push_relative_ptr2() static via 8abc4b5... librpc/ndr_krb5pac: use ndr_push_relative_ptr2_start()/_end() via c495dd1... librpc/ndr_drsblobs: use ndr_push_relative_ptr2_start()/_end() via 8232ada... spoolss: fix relative pointers in ndr_push_spoolss_DriverInfo101. via 9be36f5... s3: re-run make full_idl. via c1c56a0... pidl: use ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. via f52de6e... libndr: add ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. from 7eaeb89... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 58b089f2176e564bf5563fbffa034cd22525ed6e Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 19 08:11:24 2010 +0100 librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() metze (cherry picked from commit 76aa37f653fec2d511921768381db7da661750cb) The last 25 patches address bug #6888 (REGRESSION: printing support for 64 bit windows clients broken). commit 31a097560efddfabf31c4cc54e683603ee24521f Author: Günther Deschner g...@samba.org Date: Sat Feb 13 03:45:25 2010 +0100 spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). Guenther commit 18564787e2f169cac26d361201c1a954b7e263b7 Author: Günther Deschner g...@samba.org Date: Tue Feb 16 02:48:01 2010 +0100 spoolss: add spoolss_security_descriptor. Guenther commit d35eb81c50340ed2ac14cdb9965fd13876ea8e64 Author: Günther Deschner g...@samba.org Date: Tue Feb 9 16:47:32 2010 +0100 s3: re-run make samba3-idl. Guenther commit b9748d59c09ffe9de7cbb953939cf89017dc8087 Author: Günther Deschner g...@samba.org Date: Tue Feb 16 10:46:07 2010 +0100 security: make two bitmaps public. Guenther (cherry picked from commit f10a2d773d141f67319e19b45c40101bb9cb6cf4) commit b64cd9857086f56e1e698ae34e51413b6414eb0b Author: Günther Deschner g...@samba.org Date: Sat Feb 13 04:27:05 2010 +0100 spoolss: make two bitmaps public. Guenther commit a4cb14987143c2c1f28e82e5b6476e079ea051d3 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 18 15:36:08 2010 +0100 spoolss: make all security descriptors and devicemodes 4 byte aligned and add missing subcontexts. Guenther (cherry picked from commit 8f52957369bf8ce7591d5d9a1436ccb7e384c612) commit 93aab77e24ecdd95ced8efe0c0f7bcdfb5ed2a1b Author: Günther Deschner g...@samba.org Date: Mon Dec 14 17:22:39 2009 +0100 spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative pointers. Guenther (cherry picked from commit 6d0a39741dacd81e33b25a91fa28cdf983d10d84) commit 3174acb66089b649ec2b859c1ef673814c44ffa4 Author: Stefan Metzmacher me...@samba.org Date: Thu Feb 18 15:17:42 2010 +0100 ndr_spoolss_buf: use LIBNDR_FLAG_NO_NDR_SIZE in NDR_SPOOLSS_SIZE_* metze (cherry picked from commit 2059a165ee6f4d231aa4075d8ddea70b8df8944f) commit
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 8b05660... WHATSNEW: Update changes since 3.5.0rc2. from b094f49... librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 8b05660b20058bad9fc9fb2336f7d2d3b513579c Author: Karolin Seeger ksee...@samba.org Date: Fri Feb 19 13:45:32 2010 +0100 WHATSNEW: Update changes since 3.5.0rc2. Karolin --- Summary of changes: WHATSNEW.txt | 17 + 1 files changed, 13 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8951071..1d99e4e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ - = - Release Notes for Samba 3.5.0 - February 16, 2010 - = + === + Release Notes for Samba 3.5.0rc3 + February 19, 2010 + === This is the third release candidate of Samba 3.5. This is *not* @@ -134,6 +134,7 @@ Changes since 3.5.0rc2 o Jeremy Allison j...@samba.org +* BUG 6557: Fix vfs_full_audit. * BUG 6876: Fix duplicate initializer in the rmdir module. * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit. * BUG 7067: Fix failing of smbd to respond to a read or a write caused by @@ -147,6 +148,9 @@ o Jeremy Allison j...@samba.org * BUG 7104: wide links and unix extensions are incompatible. * BUG 7118: Fix nmbd problems with socket address. * BUG 7122: Fix reading of large browselist. +* BUG 7154: mangling method = hash can crash storing a name containing a '.'. +* BUG 7155: Valgrind Conditional jump or move depends on uninitialised + value(s) error when mangling method = hash.. o Steven Danneman steven.danne...@isilon.com @@ -154,7 +158,9 @@ o Steven Danneman steven.danne...@isilon.com o Günther Deschner g...@samba.org +* BUG 6888: Fix printing with 64 bit clients. * BUG 7130: Fix listing of printjobs in Windows 7. +* BUG 7148: Fix get_acl_blob in the acl_tdb VFS module. o Björn Jacke b...@sernet.de @@ -170,13 +176,16 @@ o Jeff Layton jlay...@redhat.com o Volker Lendecke v...@samba.org * BUG 7085: Fix an early release of the global lock that can cause data corruption in libtdb. +* BUG 7139: Owner of file not available with Kerberos. o Stefan Metzmacher me...@samba.org +* BUG 6888: Fix printing with 64 bit clients. * BUG 7098: Fix results of 'smbclient -L' with a large browse list. * BUG 7116: Add pdb_ldap performance fixes. * BUG 7118: Add new nmbd bind explicit broadcast parameter. * BUG 7119: Support large browselist. +* BUG 7140: Fix IPv4/IPv6 problems. o Lars Müller l...@samba.org -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 8096297... Fix bug #6557 - Do not work VFS full_audit via f79c8cf... s3: Fix bug 7139 owner of file not available with kerberos. via d4d84f4... WHATSNEW: Update changes. via 7363b08... cifs.upcall: allocate a talloc context for smb_krb5_unparse_name from 01c21d7... s3-docs: Document 'smbclient -C'. (cherry picked from commit f6c39cec27eea2522c62e6f1ff85efdafde351ac) (cherry picked from commit f6a7e9eadf85b19ec0ccca513a261bcad0bcf048) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 8096297973d911f9736646a31773e38f79deadae Author: Jeremy Allison j...@samba.org Date: Wed Feb 17 10:11:57 2010 -0800 Fix bug #6557 - Do not work VFS full_audit Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy. (cherry picked from commit 1d71d4b6b5f5fdf5caf9fed861c2032bb307a32f) commit f79c8cff1494e9c6b5d02773727e735eed528bfb Author: Volker Lendecke v...@samba.org Date: Tue Feb 16 23:29:48 2010 +0100 s3: Fix bug 7139 owner of file not available with kerberos. To provide the user with the same SID when doing Kerberos logins, attempt to do a make_server_info_sam instead of a make_server_info_pw. (cherry picked from commit 45c634eafa2f398827f16345b56603b969964527) commit d4d84f47fc26b564bcab00bbe1d2e68004fbade1 Author: Karolin Seeger ksee...@samba.org Date: Wed Feb 17 14:51:03 2010 +0100 WHATSNEW: Update changes. Karolin (cherry picked from commit 3bb72e7f3e6be64011cabfd37866b29ffb0e18a4) commit 7363b088c5bd41f6d3502c154ab45d87197f6943 Author: Jeff Layton jlay...@redhat.com Date: Tue Feb 16 09:16:42 2010 -0500 cifs.upcall: allocate a talloc context for smb_krb5_unparse_name cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context. Older versions of this function though will conditionally use SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed in. To make it more consistent, just spawn a talloc context that we can pass into this function. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=565446 https://bugzilla.samba.org/show_bug.cgi?id=6868 Reported-by: Ludek Finstrle l...@seznam.cz Signed-off-by: Jeff Layton jlay...@redhat.com Signed-off-by: Günther Deschner g...@samba.org (cherry picked from commit a8cc2fa09ed43a167f62711bef363a5ac335dc78) Fix bug #6868 (make bin/cifs.upcall fails). (cherry picked from commit 01750852c1e9983b9d59a73d412101b4e0eb81a1) --- Summary of changes: WHATSNEW.txt |4 client/cifs.upcall.c |5 - source3/smbd/service.c | 35 --- source3/smbd/sesssetup.c | 34 -- 4 files changed, 56 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4c14ea2..8951071 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -163,6 +163,10 @@ o Björn Jacke b...@sernet.de * Fix some wrong newlines in de translation strings. +o Jeff Layton jlay...@redhat.com +* BUG 6868: Fix crash bug in 'cifs.upcall'. + + o Volker Lendecke v...@samba.org * BUG 7085: Fix an early release of the global lock that can cause data corruption in libtdb. diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c index bfc70d1..42632a0 100644 --- a/client/cifs.upcall.c +++ b/client/cifs.upcall.c @@ -56,6 +56,7 @@ get_tgt_time(const char *ccname) { krb5_principal principal; time_t credtime = 0; char *realm = NULL; + TALLOC_CTX *mem_ctx; if (krb5_init_context(context)) { syslog(LOG_DEBUG, %s: unable to init krb5 context, __func__); @@ -87,9 +88,10 @@ get_tgt_time(const char *ccname) { goto err_ccstart; } + mem_ctx = talloc_init(cifs.upcall); while (!credtime !krb5_cc_next_cred(context, ccache, cur, creds)) { char *name; - if (smb_krb5_unparse_name(NULL, context, creds.server, name)) { + if (smb_krb5_unparse_name(mem_ctx, context, creds.server, name)) { syslog(LOG_DEBUG, %s: unable to unparse name, __func__); goto err_endseq; } @@ -102,6 +104,7 @@ get_tgt_time(const char *ccname) { TALLOC_FREE(name); } err_endseq: + TALLOC_FREE(mem_ctx); krb5_cc_end_seq_get(context, ccache, cur); err_ccstart:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 299e5bc... s4-smbtorture: print more comments while running SD and DM tests in RPC-SPOOLSS-PRINTER. from e40310a... testprogs: ignore GetJob level 3 and 4 against samba for now. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 299e5bc2ba767a4f23553c247a32d17395c53786 Author: Günther Deschner g...@samba.org Date: Fri Feb 19 14:14:18 2010 +0100 s4-smbtorture: print more comments while running SD and DM tests in RPC-SPOOLSS-PRINTER. Guenther --- Summary of changes: source4/torture/rpc/spoolss.c | 29 ++--- 1 files changed, 14 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 08cb4f2..6cc6727 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -1732,16 +1732,15 @@ static bool test_PrinterInfo_SD(struct torture_context *tctx, struct policy_handle *handle) { union spoolss_PrinterInfo info; - struct spoolss_SetPrinterInfo3 info3; - struct spoolss_SetPrinterInfoCtr info_ctr; - struct spoolss_DevmodeContainer devmode_ctr; - struct sec_desc_buf secdesc_ctr; struct security_descriptor *sd; bool ret = true; + torture_comment(tctx, \nTesting Printer Security Descriptors\n); + /* save original sd */ - torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, info), ); + torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, info), + failed to get initial security descriptor); sd = security_descriptor_copy(tctx, info.info2.secdesc); @@ -1751,18 +1750,12 @@ static bool test_PrinterInfo_SD(struct torture_context *tctx, /* restore original sd */ - ZERO_STRUCT(devmode_ctr); - ZERO_STRUCT(secdesc_ctr); - - info3.sec_desc_ptr = 0; - - info_ctr.level = 3; - info_ctr.info.info3 = info3; + torture_assert(tctx, test_sd_set_level(tctx, p, handle, 3, sd), + failed to restore initial security descriptor); - secdesc_ctr.sd = sd; + torture_comment(tctx, Printer Security Descriptors test %s\n, + ret ? succeeded : failed); - torture_assert(tctx, - test_SetPrinter(tctx, p, handle, info_ctr, devmode_ctr, secdesc_ctr, 0), ); return ret; } @@ -2010,6 +2003,8 @@ static bool test_PrinterInfo_DevMode(struct torture_context *tctx, struct spoolss_DeviceMode *devmode; bool ret = true; + torture_comment(tctx, \nTesting Printer Devicemodes\n); + /* save original devmode */ torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 8, info), @@ -2026,6 +2021,10 @@ static bool test_PrinterInfo_DevMode(struct torture_context *tctx, torture_assert(tctx, test_devmode_set_level(tctx, p, handle, 8, devmode), failed to restore initial global device mode); + torture_comment(tctx, Printer Devicemodes test %s\n, + ret ? succeeded : failed); + + return ret; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 69d87ed... WHATSNEW: Update changes since 3.5.0rc2. via 61ca739... librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() via 527ce7e... spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). via a8120a0... spoolss: add spoolss_security_descriptor. via d1d3171... s3: re-run make samba3-idl. via c73bca1... security: make two bitmaps public. via 865a910... spoolss: make two bitmaps public. via 660b04b... spoolss: make all security descriptors and devicemodes 4 byte aligned and add missing subcontexts. via 5e02758... spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative pointers. via 6347c2d... ndr_spoolss_buf: use LIBNDR_FLAG_NO_NDR_SIZE in NDR_SPOOLSS_SIZE_* via 4232f12... spoolss: use subcontext in NDR_SPOOLSS_PUSH_ENUM_OUT macro. via 59aebcc... libndr: fix ndr_size_* calculation with relative reverse buffers via 5bcb63a... libndr: for now align reverse relative pointers to 2 bytes by default. via 8423dc7... libndr: implement LIBNDR_RELATIVE_REVERSE handling via df1d697... libndr: store a subcontext buffer size in ndr_push_subcontext_start. via 82dbb06... libndr: give an error when ndr_push_relative_ptr2_start()/_end() is used with the RELATIVE_REVERSE flag via 365c2f8... libndr: add LIBNDR_FLAG_NO_RELATIVE_REVERSE so that relative reverse processing can be disabled for single structure elements. via a283e35... libndr: add LIBNDR_FLAG_RELATIVE_REVERSE flag. via b677491... libndr: change subcontext buffer allocation to allocate on subcontext_start. via bec6240... librpc/ndr: make ndr_push_relative_ptr2() static via f2e028c... librpc/ndr_krb5pac: use ndr_push_relative_ptr2_start()/_end() via 19cf103... librpc/ndr_drsblobs: use ndr_push_relative_ptr2_start()/_end() via 9dba8fc... spoolss: fix relative pointers in ndr_push_spoolss_DriverInfo101. via 6c253c7... s3: re-run make full_idl. via e410f72... pidl: use ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. via cfc8489... libndr: add ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. via 13b11ec... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' via 3f2d27f... Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash via 1bf5097... s3-docs: Remove trailing whitespaces and fix a typo. via 91e59bd... s3:docs: add some advice for usage of strict allocate (cherry picked from commit 37115f91aebec9c846e54790c6bcf433ae35888a) (cherry picked from commit cbf728ce617323ca866799370491a402800772c1) via 6982b38... tsocket/bsd: fix comment in tdgram_bsd_recvfrom_handler() via 994e0d0... Fix commit d07cd37b993d3c9beded20323174633b806196b5 via 30028e3... tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD via e73afc1... tsocket/bsd: set IPV6_V6ONLY on AF_INET6 sockets via 6bb4023... tsocket/bsd: fix bug #7140 autodetect ipv4 and ipv6 based on the remote address if the local address is any via b7e73e6... tsocket/bsd: fix bug #7140 use calculated sa_socklen for bind() in tstream_bsd_connect_send() via 737b530... tsocket/bsd: fix do_bind logic for AF_INET via d5caa87... socket_wrapper: also ignore AF_INET6 in swrap_setsockopt() via b9cc59e... s3-modules: fix get_acl_blob in the acl_tdb VFS module. from 8096297... Fix bug #6557 - Do not work VFS full_audit http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 69d87ed8c1783975fe8d98b74576a7724eddfd61 Author: Karolin Seeger ksee...@samba.org Date: Fri Feb 19 13:45:32 2010 +0100 WHATSNEW: Update changes since 3.5.0rc2. Karolin (cherry picked from commit 8b05660b20058bad9fc9fb2336f7d2d3b513579c) commit 61ca739e1b51af0ab935cfa56b75f88912a55899 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 19 08:11:24 2010 +0100 librpc/ndr: don't overwrite the content in ndr_push_relative_ptr2_end() metze (cherry picked from commit 76aa37f653fec2d511921768381db7da661750cb) The last 24 patches address bug #6888 (REGRESSION: printing support for 64 bit windows clients broken). (cherry picked from commit b094f4954d0bef08794c5edcf102444908f1971c) commit 527ce7ebaabb5e9f49b590a18e329a18241d6f08 Author: Günther Deschner g...@samba.org Date: Sat Feb 13 03:45:25 2010 +0100 spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). Guenther (cherry picked from commit 0a8011aa98ccaa81dc6ba2d30672ef4856fc31d8)
[SCM] Samba Shared Repository - annotated tag release-3-5-0rc3 created
The annotated tag, release-3-5-0rc3 has been created at aeaad63ac9e3e5068fdf432d310fa42e9ca5e9d2 (tag) tagging 69d87ed8c1783975fe8d98b74576a7724eddfd61 (commit) replaces release-3-5-0rc2 tagged by Karolin Seeger on Fri Feb 19 14:34:31 2010 +0100 - Log - tag release-3-5-0rc3 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (GNU/Linux) iD8DBQBLfpN2bzORW2Vot+oRAr83AKDE3H0m+t4aQJnBxokW8rCe7mxhOQCeLrIo /rM2DqQZBlO1Tcgiru67A14= =R7P+ -END PGP SIGNATURE- Andrew Tridgell (1): util: added binsearch.h for binary array searches Björn Jacke (11): s3: fix build issue on Tru64 s3: fix some wrong newlines in de translation strings s3: change ldap filter to what really was intended (cherry picked from commit 9b75650f1a963e36a6dd697b5ad2725a8c7c9250) s3: fix detection and flags for using pthread s3: get pthread detection also on HP-UX right s3: syntax fix s3: link thread objects in libsmbclient only and adjust linker flags s3: fix build on Tru64 after it broke with deactivating pthread pool support s3:nsswitch: also use pthread CFLAGS for the nsswitch modules that might require it s3: by default don't use pthread pool support s3:docs: add some advice for usage of strict allocate Bo Yang (1): s3: Fix malformed require_membership_of_sid. Günther Deschner (18): s3-spoolss: implement spoolss_EnumJobs level 3. spoolss: disable GetPrinterDriver level 101 (as called by XP). s3-docs: fix eventlogadm manpage typo. s3-modules: fix get_acl_blob in the acl_tdb VFS module. libndr: add ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. pidl: use ndr_push_relative_ptr2_start and ndr_push_relative_ptr2_end. s3: re-run make full_idl. spoolss: fix relative pointers in ndr_push_spoolss_DriverInfo101. libndr: change subcontext buffer allocation to allocate on subcontext_start. libndr: add LIBNDR_FLAG_RELATIVE_REVERSE flag. libndr: add LIBNDR_FLAG_NO_RELATIVE_REVERSE so that relative reverse processing can be disabled for single structure elements. libndr: store a subcontext buffer size in ndr_push_subcontext_start. spoolss: set NDR_RELATIVE_REVERSE flag for various unions that have relative pointers. spoolss: make two bitmaps public. security: make two bitmaps public. s3: re-run make samba3-idl. spoolss: add spoolss_security_descriptor. spoolss: use ndr_push_spoolss_PrinterInfo2 hand-marshalled version (moves devmode relative pointer down to sd). Jeff Layton (1): cifs.upcall: allocate a talloc context for smb_krb5_unparse_name Jeremy Allison (21): Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. Fix bug #7072 - Accounts can't be unlocked from ldap. Fix bug #7069 - smbget does not return an error status after some errors Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified) Fix bug #7084 - Create time on directories not stored properly in an EA in new create time code. Fix bug #7079 - cliconnect gets realm wrong with trusted domains. Fix bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps. Fix bug 7104 - wide links and unix extensions are incompatible. Fix bug #6876 for acl_tdb module. Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps. Missed one check on the memcpy for bug #7063. Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies) Fix off-by-one error in working out the limit of the NetServerEnum comment. Make nmbd bind explicit broadcast on by default. More of the fix for bug #7118 - nmbd problems with socket address. Fixes issue with preexec scripts creating a share directory, and problems is a smb.conf reload turns wide links back on after a connection is establised. Fix error in docs. Should be milliseconds, not microseconds. Fix bug #6557 - Do not work VFS full_audit Fix commit d07cd37b993d3c9beded20323174633b806196b5 Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised value(s) error when mangling method = hash Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.' Karolin Seeger (12): VERSION: Raise version number up to 3.5.0. s3/winbind_ccache: Fix typo in debug message. WHATSNEW: Update changes. WHATSNEW: Add changes since 3.5.0rc2. s3-docs: Add missing para end tag. WHATSNEW: Update changes since 3.5.0rc2. WHATSNEW: Mention new nmbd bind explicit broadcast parameter. WHATSNEW: Update changes since 3.5.0rc2. VERSION: We need another release candidate. WHATSNEW: Update changes. s3-docs: Remove trailing
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ec0aa8a... s4-smbtorture: more work on devicemode tests. via 0e95a6a... s4-smbtorture: explain failure conditions in printer device mode tests a little more. via f2ecec3... s4-smbtorture: add --option=torture:spoolss_check_size=yes. from 299e5bc... s4-smbtorture: print more comments while running SD and DM tests in RPC-SPOOLSS-PRINTER. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ec0aa8a5c92c634ca3264b65c987b2072875df5c Author: Günther Deschner g...@samba.org Date: Fri Feb 19 15:25:42 2010 +0100 s4-smbtorture: more work on devicemode tests. Guenther commit 0e95a6a09cda6579be7d01c9e4c78f9f7f7cc54e Author: Günther Deschner g...@samba.org Date: Fri Feb 19 14:27:31 2010 +0100 s4-smbtorture: explain failure conditions in printer device mode tests a little more. Guenther commit f2ecec3dcdafd63cd72d13019a998bf99539a9ba Author: Günther Deschner g...@samba.org Date: Fri Feb 19 14:25:19 2010 +0100 s4-smbtorture: add --option=torture:spoolss_check_size=yes. This disables the size calculation comparison by default. Guenther --- Summary of changes: source4/torture/rpc/spoolss.c | 127 +++-- 1 files changed, 85 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 6cc6727..0a915a7 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -120,30 +120,36 @@ struct test_spoolss_context { #define DO_ROUND(size, n) (((size)+((n)-1)) ~((n)-1)) #define CHECK_NEEDED_SIZE_ENUM_LEVEL(fn, info, level, count, ic, needed, align) do { \ + if (torture_setting_bool(tctx, spoolss_check_size, false)) {\ uint32_t size = ndr_size_##fn##_info(tctx, ic, level, count, info);\ uint32_t round_size = DO_ROUND(size, align);\ if (round_size != needed) {\ torture_warning(tctx, __location__: #fn level %d (count: %d) got unexpected needed size: %d, we calculated: %d, level, count, needed, round_size);\ CHECK_ALIGN(size, align);\ }\ + }\ } while(0) #define CHECK_NEEDED_SIZE_ENUM(fn, info, count, ic, needed, align) do { \ + if (torture_setting_bool(tctx, spoolss_check_size, false)) {\ uint32_t size = ndr_size_##fn##_info(tctx, ic, count, info);\ uint32_t round_size = DO_ROUND(size, align);\ if (round_size != needed) {\ torture_warning(tctx, __location__: #fn (count: %d) got unexpected needed size: %d, we calculated: %d, count, needed, round_size);\ CHECK_ALIGN(size, align);\ }\ + }\ } while(0) #define CHECK_NEEDED_SIZE_LEVEL(fn, info, level, ic, needed, align) do { \ + if (torture_setting_bool(tctx, spoolss_check_size, false)) {\ uint32_t size = ndr_size_##fn(info, level, ic, 0);\ uint32_t round_size = DO_ROUND(size, align);\ if (round_size != needed) {\ torture_warning(tctx, __location__: #fn level %d got unexpected needed size: %d, we calculated: %d, level, needed, round_size);\ CHECK_ALIGN(size, align);\ }\ + }\ } while(0) static bool test_OpenPrinter_server(struct torture_context *tctx, @@ -1658,7 +1664,8 @@ static bool test_PrinterInfo_SDs(struct torture_context *tctx, sd2 = info.info3.secdesc; - torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), ); + torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), + SD level 2 != SD level 3); /* query level 2, set level 2, query level 2 */ @@ -1677,7 +1684,8 @@ static bool test_PrinterInfo_SDs(struct torture_context *tctx, sd1-type = ~SEC_DESC_DACL_DEFAULTED; } - torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), ); + torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), + SD level 2 != SD level 2 after SD has been set via level 2); /* query level 2, set level 3, query level 2 */ @@ -1692,8 +1700,8 @@ static bool test_PrinterInfo_SDs(struct torture_context *tctx, sd2 = info.info2.secdesc; - torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), ); - + torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), + SD level 2 != SD level 2 after SD has been set via level 3); /* set modified sd level 3, query level 2 */ @@ -1718,7 +1726,9 @@ static bool test_PrinterInfo_SDs(struct torture_context *tctx, sd1-type = ~SEC_DESC_DACL_DEFAULTED; } - torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), ); +
svn commit: samba-web r1368 - in trunk: .
Author: kseeger Date: 2010-02-19 08:03:54 -0700 (Fri, 19 Feb 2010) New Revision: 1368 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1368 Log: Announce Samba 3.5.0rc3 Karolin Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2010-02-16 09:53:28 UTC (rev 1367) +++ trunk/index.html2010-02-19 15:03:54 UTC (rev 1368) @@ -24,6 +24,24 @@ h2Latest News/h2 !--#include virtual=/samba/news/headlines.html -- +h419 February 2010/h4 +p class=headlineSamba 3.5.0rc3 Available for Download/p + +pSamba 3.5.0rc3 is now available for download. This the third +release candidate of the next upgrade production release version of Samba. +It is intended for testing purposes only. Please test and +a href=https://bugzilla.samba.org/;report any bugs that you +find/a. Please read the changes in the +a href=/samba/ftp/rc/WHATSNEW-3-5-0rc3.txtRelease Notes/a +for details on new features and difference in behavior from +previous releases./p + +pPlans are to ship the final 3.5.0 release on March 1 if there +are no major issues with 3.5.0rc3. Please see +a href=http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.5; +Samba 3.5 Release Planning/a for more information on the current release +schedule./p + h45 February 2010/h4 p class=headlineSamba response to reported security hole/p
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f74ce57... s4:rpc_server Add a 'if_version' parameter to the bind operation. via 9f22284... librpc When sending endpoint mapper requests, include the minor if_version from ec0aa8a... s4-smbtorture: more work on devicemode tests. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f74ce57cb584d9e9d99b26e0467cc0c4b541f84d Author: Andrew Bartlett abart...@samba.org Date: Fri Feb 19 18:02:46 2010 +1100 s4:rpc_server Add a 'if_version' parameter to the bind operation. This allows the interface version to be forwarded to the remote server in the RPC proxy, both in the endpoint lookup and the subsequent bind. Andrew Bartlett commit 9f222841fedd3796c238146081c20591ae72747b Author: Andrew Bartlett abart...@samba.org Date: Fri Feb 19 16:33:45 2010 +1100 librpc When sending endpoint mapper requests, include the minor if_version The minor version (in the upper 16 bits of syntax-if_version) needs to be pushed as the right hand side of the endpoint mapper floor (the same floor as the interface UUID and major if_version). Andrew Bartlett --- Summary of changes: librpc/rpc/binding.c | 17 - pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm|2 +- pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm |2 +- source4/rpc_server/dcerpc_server.c|4 ++-- source4/rpc_server/dcerpc_server.h|2 +- source4/rpc_server/remote/dcesrv_remote.c |4 +++- 6 files changed, 24 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c index 20c3a38..3f15eef 100644 --- a/librpc/rpc/binding.c +++ b/librpc/rpc/binding.c @@ -417,6 +417,21 @@ static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX *mem_ctx, const struct nd return blob; } +static DATA_BLOB dcerpc_floor_pack_rhs_if_version_data(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax) +{ + DATA_BLOB blob; + struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx, NULL); + + ndr-flags |= LIBNDR_FLAG_NOALIGN; + + ndr_push_uint16(ndr, NDR_SCALARS, syntax-if_version 16); + + blob = ndr_push_blob(ndr); + talloc_steal(mem_ctx, blob.data); + talloc_free(ndr); + return blob; +} + const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor) { switch (epm_floor-lhs.protocol) { @@ -697,7 +712,7 @@ _PUBLIC_ NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx, tower-floors[0].lhs.lhs_data = dcerpc_floor_pack_lhs_data(tower-floors, binding-object); - tower-floors[0].rhs.uuid.unknown = data_blob_talloc_zero(tower-floors, 2); + tower-floors[0].rhs.uuid.unknown = dcerpc_floor_pack_rhs_if_version_data(tower-floors, binding-object); /* Floor 1 */ tower-floors[1].lhs.protocol = EPM_PROTOCOL_UUID; diff --git a/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm b/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm index 150acbf..239f5ba 100644 --- a/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm +++ b/pidl/lib/Parse/Pidl/Samba4/COM/Stub.pm @@ -89,7 +89,7 @@ sub Boilerplate_Iface($) my $if_version = $interface-{PROPERTIES}-{version}; pidl -static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface) +static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface, uint32_t if_version) { #ifdef DCESRV_INTERFACE_$uname\_BIND return DCESRV_INTERFACE_$uname\_BIND(dce_call,iface); diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm index bb0c18e..20c94c8 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm @@ -81,7 +81,7 @@ sub Boilerplate_Iface($) my $if_version = $interface-{PROPERTIES}-{version}; pidl -static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface) +static NTSTATUS $name\__op_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface, uint32_t if_version) { #ifdef DCESRV_INTERFACE_$uname\_BIND return DCESRV_INTERFACE_$uname\_BIND(dce_call,iface); diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 918646f..bc06c06 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -648,7 +648,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) call-context = context; talloc_set_destructor(context, dcesrv_connection_context_destructor); - status = iface-bind(call, iface); + status = iface-bind(call, iface, if_version); if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fff7750... readability reformatting from f74ce57... s4:rpc_server Add a 'if_version' parameter to the bind operation. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fff7750618ca7e92b7eaea541cd917d778b51a35 Author: Simo Sorce i...@samba.org Date: Fri Feb 19 16:56:45 2010 -0500 readability reformatting stop this function from maiking my eyes bleed --- Summary of changes: source4/rpc_server/netlogon/dcerpc_netlogon.c | 64 ++--- 1 files changed, 36 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index f47f608..314a359 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1389,11 +1389,12 @@ static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_c } -/* +/* netr_DsRGetDCNameEx2 */ -static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct netr_DsRGetDCNameEx2 *r) +static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct netr_DsRGetDCNameEx2 *r) { const char * const attrs[] = { objectGUID, NULL }; struct ldb_context *sam_ctx; @@ -1401,10 +1402,12 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA struct ldb_dn *domain_dn; int ret; struct netr_DsRGetDCNameInfo *info; + struct loadparm_context *lp_ctx = dce_call-conn-dce_ctx-lp_ctx; ZERO_STRUCTP(r-out.info); - sam_ctx = samdb_connect(mem_ctx, dce_call-event_ctx, dce_call-conn-dce_ctx-lp_ctx, dce_call-conn-auth_state.session_info); + sam_ctx = samdb_connect(mem_ctx, dce_call-event_ctx, lp_ctx, + dce_call-conn-auth_state.session_info); if (sam_ctx == NULL) { return WERR_DS_UNAVAILABLE; } @@ -1412,8 +1415,7 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA /* Windows 7 sends the domain name in the form the user typed, so we * have to cope with both the short and long form here */ if (r-in.domain_name != NULL - !lp_is_my_domain_or_realm(dce_call-conn-dce_ctx-lp_ctx, - r-in.domain_name)) { + !lp_is_my_domain_or_realm(lp_ctx, r-in.domain_name)) { return WERR_NO_SUCH_DOMAIN; } @@ -1432,33 +1434,39 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TA W_ERROR_HAVE_NO_MEMORY(info); /* TODO: - return real IP address -* - check all r-in.* parameters (server_unc is ignored by w2k3!) +* - check all r-in.* parameters +* (server_unc is ignored by w2k3!) */ - info-dc_unc= talloc_asprintf(mem_ctx, %s.%s, - lp_netbios_name(dce_call-conn-dce_ctx-lp_ctx), - lp_dnsdomain(dce_call-conn-dce_ctx-lp_ctx)); + info-dc_unc = talloc_asprintf(mem_ctx, %s.%s, + lp_netbios_name(lp_ctx), + lp_dnsdomain(lp_ctx)); W_ERROR_HAVE_NO_MEMORY(info-dc_unc); - info-dc_address= talloc_strdup(mem_ctx, 0.0.0.0); + + info-dc_address = talloc_strdup(mem_ctx, 0.0.0.0); W_ERROR_HAVE_NO_MEMORY(info-dc_address); - info-dc_address_type = DS_ADDRESS_TYPE_INET; - info-domain_guid = samdb_result_guid(res[0], objectGUID); - info-domain_name = lp_dnsdomain(dce_call-conn-dce_ctx-lp_ctx); - info-forest_name = lp_dnsdomain(dce_call-conn-dce_ctx-lp_ctx); - info-dc_flags = DS_DNS_FOREST_ROOT | - DS_DNS_DOMAIN | - DS_DNS_CONTROLLER | - DS_SERVER_WRITABLE | - DS_SERVER_CLOSEST | - DS_SERVER_TIMESERV | - DS_SERVER_KDC | - DS_SERVER_DS | - DS_SERVER_LDAP | - DS_SERVER_GC | - DS_SERVER_PDC; - info-dc_site_name =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0055e33... Second part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. via ad77ae1... First part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. from fff7750... readability reformatting http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0055e33dbed0e81548464d01bcf864255bab3159 Author: Jeremy Allison j...@samba.org Date: Fri Feb 19 14:24:17 2010 -0800 Second part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. If server returns zero on a NP read. Report pipe broken. Prevents client from looping if it thinks there should be more data. Jeremy. commit ad77ae1d5870e06f8587ecf634e0b6bdcbb950d7 Author: Jeremy Allison j...@samba.org Date: Fri Feb 19 14:18:51 2010 -0800 First part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. Ensure that subreq is *always* talloc_free'd in the _done function, as it has an event timeout attached. If the read requests look longer than the cli-timeout, then the timeout fn is called with already freed data. Jeremy. --- Summary of changes: source3/rpc_client/rpc_transport_np.c | 10 ++ source3/rpc_client/rpc_transport_sock.c | 12 2 files changed, 22 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index 9f8872c..623a8b3 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -157,6 +157,9 @@ static void rpc_np_read_done(struct tevent_req *subreq) NTSTATUS status; uint8_t *rcvbuf; + /* We must free subreq in this function as there is + a timer event attached to it. */ + status = cli_read_andx_recv(subreq, state-received, rcvbuf); /* * We can't TALLOC_FREE(subreq) as usual here, as rcvbuf still is a @@ -177,7 +180,14 @@ static void rpc_np_read_done(struct tevent_req *subreq) return; } + if (state-received == 0) { + TALLOC_FREE(subreq); + tevent_req_nterror(req, NT_STATUS_PIPE_BROKEN); + return; + } + memcpy(state-data, rcvbuf, state-received); + TALLOC_FREE(subreq); tevent_req_done(req); } diff --git a/source3/rpc_client/rpc_transport_sock.c b/source3/rpc_client/rpc_transport_sock.c index df060e6..4ab17db 100644 --- a/source3/rpc_client/rpc_transport_sock.c +++ b/source3/rpc_client/rpc_transport_sock.c @@ -88,15 +88,21 @@ static void rpc_sock_read_done(struct tevent_req *subreq) req, struct rpc_sock_read_state); int err; + /* We must free subreq in this function as there is + a timer event attached to it. */ + state-received = async_recv_recv(subreq, err); + if (state-received == -1) { if (state-transp-fd != -1) { close(state-transp-fd); state-transp-fd = -1; } + TALLOC_FREE(subreq); tevent_req_nterror(req, map_nt_error_from_unix(err)); return; } + TALLOC_FREE(subreq); tevent_req_done(req); } @@ -165,15 +171,21 @@ static void rpc_sock_write_done(struct tevent_req *subreq) req, struct rpc_sock_write_state); int err; + /* We must free subreq in this function as there is + a timer event attached to it. */ + state-sent = async_send_recv(subreq, err); + if (state-sent == -1) { if (state-transp-fd != -1) { close(state-transp-fd); state-transp-fd = -1; } + TALLOC_FREE(subreq); tevent_req_nterror(req, map_nt_error_from_unix(err)); return; } + TALLOC_FREE(subreq); tevent_req_done(req); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via da1970c... s4:lsa open trusted domain also with dns name via c8a3c01... remove trailing tabs and spaces from 0055e33... Second part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit da1970c0ff4cd3556102e9357b2e0cf65728c8d6 Author: Simo Sorce i...@samba.org Date: Fri Feb 19 18:09:48 2010 -0500 s4:lsa open trusted domain also with dns name When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available. commit c8a3c015850b91c991da10d388ec33ea02c5e155 Author: Simo Sorce i...@samba.org Date: Fri Feb 19 17:46:42 2010 -0500 remove trailing tabs and spaces --- Summary of changes: source4/rpc_server/lsa/dcesrv_lsa.c | 26 +++--- 1 files changed, 15 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 53526ce..45fe08e 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1253,7 +1253,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce struct lsa_OpenTrustedDomainByName *r) { struct dcesrv_handle *policy_handle; - + struct lsa_policy_state *policy_state; struct lsa_trusted_domain_state *trusted_domain_state; struct dcesrv_handle *handle; @@ -1261,7 +1261,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce const char *attrs[] = { NULL }; - + char *td_name; int ret; DCESRV_PULL_HANDLE(policy_handle, r-in.handle, LSA_HANDLE_POLICY); @@ -1271,7 +1271,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce if (!r-in.name.string) { return NT_STATUS_INVALID_PARAMETER; } - + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; @@ -1279,34 +1279,38 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce trusted_domain_state-policy = policy_state; /* search for the trusted_domain record */ + td_name = ldb_binary_encode_string(mem_ctx, r-in.name.string); ret = gendb_search(trusted_domain_state-policy-sam_ldb, mem_ctx, policy_state-system_dn, msgs, attrs, - ((flatname=%s)(objectclass=trustedDomain)), - ldb_binary_encode_string(mem_ctx, r-in.name.string)); + ((|(flatname=%s)(cn=%s)(trustPartner=%s)) +(objectclass=trustedDomain)), + td_name, td_name, td_name); if (ret == 0) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - + if (ret != 1) { DEBUG(0,(Found %d records matching DN %s\n, ret, ldb_dn_get_linearized(policy_state-system_dn))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } +/* TODO: perform access checks */ + trusted_domain_state-trusted_domain_dn = talloc_reference(trusted_domain_state, msgs[0]-dn); - + handle = dcesrv_handle_new(dce_call-context, LSA_HANDLE_TRUSTED_DOMAIN); if (!handle) { return NT_STATUS_NO_MEMORY; } - + handle-data = talloc_steal(handle, trusted_domain_state); - + trusted_domain_state-access_mask = r-in.access_mask; trusted_domain_state-policy = talloc_reference(trusted_domain_state, policy_state); - + *r-out.trustdom_handle = handle-wire_handle; - + return NT_STATUS_OK; } -- Samba Shared Repository
Build status as of Sat Feb 20 07:00:04 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-02-19 00:00:24.0 -0700 +++ /home/build/master/cache/broken_results.txt 2010-02-20 00:00:06.0 -0700 @@ -1,4 +1,4 @@ -Build status as of Fri Feb 19 07:00:06 2010 +Build status as of Sat Feb 20 07:00:04 2010 Build counts: Tree Total Broken Panic @@ -14,8 +14,8 @@ samba-web0 0 0 samba_3_current 33 32 2 samba_3_master 33 32 3 -samba_3_next 29 29 4 -samba_4_0_test 35 34 0 +samba_3_next 29 28 4 +samba_4_0_test 35 33 0 talloc 35 11 0 tdb 33 21 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a7036a9... librpc/ndr Remove unused macros via a9d9447... s4:credentials Add hooks to extract a named Kerberos credentials cache from da1970c... s4:lsa open trusted domain also with dns name http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a7036a9e47382e738f6ebedf13719222950611d6 Author: Andrew Bartlett abart...@samba.org Date: Sat Feb 20 11:51:47 2010 +1100 librpc/ndr Remove unused macros Since the change to the way we pull these OIDs from the wire, these macros are unused. Andrew Bartlett commit a9d9447d5a448e13d4373c3c4b48f0edd49dc38a Author: Andrew Bartlett abart...@samba.org Date: Sat Feb 20 11:44:41 2010 +1100 s4:credentials Add hooks to extract a named Kerberos credentials cache This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett --- Summary of changes: librpc/ndr/ndr_drsuapi.c | 16 source4/auth/credentials/credentials.h |8 ++- source4/auth/credentials/credentials_files.c | 92 --- source4/auth/credentials/credentials_krb5.c| 56 ++- source4/auth/credentials/pycredentials.c | 63 source4/auth/credentials/pycredentials.h |6 ++ source4/dsdb/samdb/ldb_modules/update_keytab.c |3 +- source4/dsdb/samdb/samdb.c |4 +- source4/scripting/bin/machineaccountccache | 30 testprogs/blackbox/test_kinit.sh |7 ++- 10 files changed, 203 insertions(+), 82 deletions(-) create mode 100755 source4/scripting/bin/machineaccountccache Changeset truncated at 500 lines: diff --git a/librpc/ndr/ndr_drsuapi.c b/librpc/ndr/ndr_drsuapi.c index 17f2b7e..b91d5f7 100644 --- a/librpc/ndr/ndr_drsuapi.c +++ b/librpc/ndr/ndr_drsuapi.c @@ -66,22 +66,6 @@ void ndr_print_drsuapi_DsReplicaObjectListItemEx(struct ndr_print *ndr, const ch } } -#define _OID_PUSH_CHECK(call) do { \ - bool _status; \ - _status = call; \ - if (_status != true) { \ - return ndr_push_error(ndr, NDR_ERR_SUBCONTEXT, OID Conversion Error: %s\n, __location__); \ - } \ -} while (0) - -#define _OID_PULL_CHECK(call) do { \ - bool _status; \ - _status = call; \ - if (_status != true) { \ - return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, OID Conversion Error: %s\n, __location__); \ - } \ -} while (0) - _PUBLIC_ void ndr_print_drsuapi_DsReplicaOID(struct ndr_print *ndr, const char *name, const struct drsuapi_DsReplicaOID *r) { ndr_print_struct(ndr, name, drsuapi_DsReplicaOID); diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 311cdc2..21a9c61 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -162,6 +162,11 @@ int cli_credentials_get_ccache(struct cli_credentials *cred, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, struct ccache_container **ccc); +int cli_credentials_get_named_ccache(struct cli_credentials *cred, +struct tevent_context *event_ctx, +struct loadparm_context *lp_ctx, +char *ccache_name, +struct ccache_container **ccc); int cli_credentials_get_keytab(struct cli_credentials *cred, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, @@ -266,7 +271,8 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, -const char *filter); +const char *filter, +char **error_string); int cli_credentials_get_kvno(struct cli_credentials *cred); #endif /* __CREDENTIALS_H__ */ diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 8036e48..6ddee9e 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -175,15 +175,16 @@ _PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const