svn commit: samba r21872 - in branches/SAMBA_3_0/source/nsswitch: .
Author: vlendec Date: 2007-03-19 12:51:13 + (Mon, 19 Mar 2007) New Revision: 21872 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21872 Log: Fix a debug message Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-18 13:19:40 UTC (rev 21871) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-19 12:51:13 UTC (rev 21872) @@ -1646,7 +1646,7 @@ if (!state-privileged) { char *error_string = NULL; - DEBUG(2, (winbindd_pam_auth_crap: non-privileged access + DEBUG(2, (winbindd_pam_auth_crap: privileged access denied. !\n)); DEBUGADD(2, (winbindd_pam_auth_crap: Ensure permissions on %s are set correctly.\n,
svn commit: samba r21873 - in branches/SAMBA_3_0/source/nsswitch: .
Author: vlendec Date: 2007-03-19 12:54:39 + (Mon, 19 Mar 2007) New Revision: 21873 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21873 Log: This is winbindd_pam.c, not pam_winbind.c :-) Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-19 12:51:13 UTC (rev 21872) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-19 12:54:39 UTC (rev 21873) @@ -1646,7 +1646,7 @@ if (!state-privileged) { char *error_string = NULL; - DEBUG(2, (winbindd_pam_auth_crap: privileged access + DEBUG(2, (winbindd_pam_auth_crap: non-privileged access denied. !\n)); DEBUGADD(2, (winbindd_pam_auth_crap: Ensure permissions on %s are set correctly.\n,
Rev 5291: merge from upstream in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5291 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Mon 2007-03-19 14:36:58 +0100 message: merge from upstream added: source/libsmb/smb_seal.c smb_seal.c-20070317050048-jthijp4m79ic4h3q-1 modified: REVISION REVISION-20060530022625-68239662668b41c3 source/Makefile.in Makefile.in-20060530022626-b16dac2328ebe703 source/auth/auth.c auth.c-20060530022627-0865681abfd2872c source/auth/auth_server.c auth_server.c-20060530022627-5d30fd4f1d21fdc2 source/client/mount.cifs.c mount.cifs.c-20060530022627-eacab1c36c071af7 source/configure.inconfigure.in-20060530022626-07e74bc1e326c82d source/include/auth.h auth.h-20060530022627-05b1faa5ae652d06 source/include/includes.h includes.h-20060530022627-d1a059a99c05e8be source/include/smb.h smb.h-20060530022627-6c2e6fe4eb631e83 source/include/trans2.htrans2.h-20060530022627-ff896a707ae81fc0 source/lib/debug.c debug.c-20060530022627-f23cb2ef8f91a8a6 source/lib/interface.c interface.c-20060530022627-40daf4e4a6016938 source/lib/util.c util.c-20060530022627-d569af0e687a4dd3 source/lib/util_sock.c util_sock.c-20060530022627-30f22f2d8b038b4b source/libaddns/dnsgss.c dnsgss.c-20060829161806-10df27959cdd359d source/libads/kerberos_keytab.c kerberos_keytab.c-20060530031052-997631c6c69b1d48 source/libads/kerberos_verify.c kerberos_verify.c-20060530022627-7ce45c38ec645075 source/libads/krb5_errs.c krb5_errs.c-20060530090218-df0d70fc4b74ac6a source/libads/sasl.c sasl.c-20060530022627-de2e2050d01ecfd2 source/libads/smb_krb5_locator.c smb_krb5_locator.c-20070313170820-u3uzdbex2e2dgak0-1 source/libsmb/clientgen.c clientgen.c-20060530022627-3aad65ce54001b6b source/libsmb/clierror.c clierror.c-20060530022627-da9ad76efe30832f source/libsmb/clikrb5.cclikrb5.c-20060530022627-20af6b3ec85369b2 source/libsmb/clirap.c clirap.c-20060530022627-ec81fdd89a06c9ea source/nsswitch/winbindd.h winbindd.h-20060530022627-003a0030248d7f64 source/nsswitch/winbindd_group.c winbindd_group.c-20060530022627-9288f9a998ed2fbe source/nsswitch/winbindd_pam.c winbindd_pam.c-20060530022627-6b827f2f7ba30f85 source/nsswitch/winbindd_rpc.c winbindd_rpc.c-20060530022627-7b63b2639ff48069 source/nsswitch/winbindd_user.c winbindd_user.c-20060530022627-bd9d3764eb8e1fd7 source/param/loadparm.cloadparm.c-20060530022627-1efa1edb3eb0e897 source/passdb/lookup_sid.c lookup_sid.c-20060530022627-e709356ee81bdcb1 source/printing/nt_printing.c nt_printing.c-20060530022627-6f18c47e6548d98a source/printing/print_cups.c print_cups.c-20060530022627-849502388ad9e4ac source/smbd/conn.c conn.c-20060530022627-b48d038fbdb7ac1a source/smbd/negprot.c negprot.c-20060530022627-a352553cf95f9931 source/smbd/process.c process.c-20060530022627-8fe40017fe0e41ff source/smbd/server.c server.c-20060530022627-212a418ec1144979 source/smbd/sesssetup.csesssetup.c-20060530022627-0a6efae905e1529e merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Sun 2007-03-18 12:01:51 -0500 message: [EMAIL PROTECTED] (r21871) 2007-03-18 08:19:40 -0500 (Sun, 18 Mar 2007) Move deadtime processing into an idle event. While there, simplify conn_idle_all() a bit. Volker merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Sun 2007-03-18 12:01:04 -0500 message: [EMAIL PROTECTED] (r21870) 2007-03-18 06:24:10 -0500 (Sun, 18 Mar 2007) Move sending auth_server keepalives out of the main loop into an idle event. Volker merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Sun 2007-03-18 06:06:18 -0500 message: [EMAIL PROTECTED] (r21869) 2007-03-18 05:57:46 -0500 (Sun, 18 Mar 2007) Move sending keepalives out of the main processing loop into idle event. On the way, make lp_keepalive() a proper parameter. Volker merged: [EMAIL PROTECTED]
Rev 11336: Merge more upstream fixes. in file:///home/jelmer/bzr.samba/4.0-debian/
At file:///home/jelmer/bzr.samba/4.0-debian/ revno: 11336 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 4.0-debian timestamp: Tue 2007-03-13 23:08:06 +0100 message: Merge more upstream fixes. modified: source/lib/registry/tools/regdiff.c svn-v2:[EMAIL PROTECTED] source/lib/registry/tools/regpatch.c svn-v2:[EMAIL PROTECTED] source/lib/registry/tools/regshell.c svn-v2:[EMAIL PROTECTED] source/lib/registry/tools/regtree.c svn-v2:[EMAIL PROTECTED] revno: 11321.1.416 merged: svn-v2:[EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: jelmer timestamp: Tue 2007-03-13 22:03:04 + message: Remove unnecessary includes revno: 11321.1.415.1.1 merged: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: SAMBA_4_0 timestamp: Tue 2007-03-13 23:02:03 +0100 message: Remove unnecessary includes === modified file 'source/lib/registry/tools/regdiff.c' --- a/source/lib/registry/tools/regdiff.c 2006-09-16 16:59:37 + +++ b/source/lib/registry/tools/regdiff.c 2007-03-13 22:03:04 + @@ -22,7 +22,6 @@ #include includes.h #include lib/registry/registry.h #include lib/events/events.h -#include lib/registry/reg_backend_rpc.h #include lib/cmdline/popt_common.h int main(int argc, char **argv) === modified file 'source/lib/registry/tools/regpatch.c' --- a/source/lib/registry/tools/regpatch.c 2006-09-16 16:59:37 + +++ b/source/lib/registry/tools/regpatch.c 2007-03-13 22:03:04 + @@ -23,7 +23,6 @@ #include lib/events/events.h #include lib/registry/registry.h #include lib/cmdline/popt_common.h -#include lib/registry/reg_backend_rpc.h int main(int argc, char **argv) { === modified file 'source/lib/registry/tools/regshell.c' --- a/source/lib/registry/tools/regshell.c 2006-09-16 16:59:37 + +++ b/source/lib/registry/tools/regshell.c 2007-03-13 22:03:04 + @@ -23,7 +23,6 @@ #include lib/registry/registry.h #include lib/cmdline/popt_common.h #include lib/events/events.h -#include lib/registry/reg_backend_rpc.h #include system/time.h #include lib/smbreadline/smbreadline.h #include librpc/gen_ndr/ndr_security.h === modified file 'source/lib/registry/tools/regtree.c' --- a/source/lib/registry/tools/regtree.c 2006-09-16 16:59:37 + +++ b/source/lib/registry/tools/regtree.c 2007-03-13 22:03:04 + @@ -22,7 +22,6 @@ #include includes.h #include lib/registry/registry.h #include lib/events/events.h -#include lib/registry/reg_backend_rpc.h #include lib/cmdline/popt_common.h static void print_tree(int l, struct registry_key *p, int fullpath, int novals)
svn commit: samba r21874 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_25/source/modules
Author: jra Date: 2007-03-19 17:02:15 + (Mon, 19 Mar 2007) New Revision: 21874 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21874 Log: Fix missing notify function. Thanks to Thomas Bork [EMAIL PROTECTED] for pointing this out ! Jeremy. Modified: branches/SAMBA_3_0/source/modules/vfs_full_audit.c branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_full_audit.c === --- branches/SAMBA_3_0/source/modules/vfs_full_audit.c 2007-03-19 12:54:39 UTC (rev 21873) +++ branches/SAMBA_3_0/source/modules/vfs_full_audit.c 2007-03-19 17:02:15 UTC (rev 21874) @@ -174,6 +174,13 @@ const char *pathname, mode_t mode, SMB_DEV_T dev); static char *smb_full_audit_realpath(vfs_handle_struct *handle, const char *path, char *resolved_path); +static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle, + struct sys_notify_context *ctx, + struct notify_entry *e, + void (*callback)(struct sys_notify_context *ctx, + void *private_data, + struct notify_event *ev), + void *private_data, void *handle_p); static int smb_full_audit_chflags(vfs_handle_struct *handle, const char *path, uint flags); static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -399,6 +406,8 @@ SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH, +SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_chflags),SMB_VFS_OP_CHFLAGS, SMB_VFS_LAYER_LOGGER}, @@ -1410,6 +1419,23 @@ return result; } +static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle, + struct sys_notify_context *ctx, + struct notify_entry *e, + void (*callback)(struct sys_notify_context *ctx, + void *private_data, + struct notify_event *ev), + void *private_data, void *handle_p) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p); + + do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, ); + + return result; +} + static int smb_full_audit_chflags(vfs_handle_struct *handle, const char *path, uint flags) { Modified: branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c === --- branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c 2007-03-19 12:54:39 UTC (rev 21873) +++ branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c 2007-03-19 17:02:15 UTC (rev 21874) @@ -174,6 +174,13 @@ const char *pathname, mode_t mode, SMB_DEV_T dev); static char *smb_full_audit_realpath(vfs_handle_struct *handle, const char *path, char *resolved_path); +static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle, + struct sys_notify_context *ctx, + struct notify_entry *e, + void (*callback)(struct sys_notify_context *ctx, + void *private_data, + struct notify_event *ev), + void *private_data, void *handle_p); static int smb_full_audit_chflags(vfs_handle_struct *handle, const char *path, uint flags); static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -399,6 +406,8 @@ SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH, +SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_chflags),SMB_VFS_OP_CHFLAGS, SMB_VFS_LAYER_LOGGER}, @@ -1410,6 +1419,23 @@ return result; } +static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle, + struct sys_notify_context *ctx, + struct notify_entry *e, + void (*callback)(struct sys_notify_context *ctx, + void *private_data, + struct notify_event *ev), + void *private_data, void *handle_p) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data,
svn commit: samba r21875 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/printing SAMBA_3_0_25/source/include SAMBA_3_0_25/source/printing
Author: jerry Date: 2007-03-19 17:45:13 + (Mon, 19 Mar 2007) New Revision: 21875 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21875 Log: BUG 3275: Patch from Andy Polyakov [EMAIL PROTECTED] Relax check for i386 header checks in the PE header of printer driver files. Thus allowing uploading of x64 print drivers from 64bit Windows clients. Modified: branches/SAMBA_3_0/source/include/nt_printing.h branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0_25/source/include/nt_printing.h branches/SAMBA_3_0_25/source/printing/nt_printing.c Changeset: Modified: branches/SAMBA_3_0/source/include/nt_printing.h === --- branches/SAMBA_3_0/source/include/nt_printing.h 2007-03-19 17:02:15 UTC (rev 21874) +++ branches/SAMBA_3_0/source/include/nt_printing.h 2007-03-19 17:45:13 UTC (rev 21875) @@ -386,18 +386,13 @@ #define NE_HEADER_MAJOR_VER_OFFSET 63 /* Portable Executable format */ -#define PE_HEADER_SIZE 248 +#define PE_HEADER_SIZE 24 #define PE_HEADER_SIGNATURE_OFFSET 0 #define PE_HEADER_SIGNATURE 0x4550 #define PE_HEADER_MACHINE_OFFSET4 #define PE_HEADER_MACHINE_I386 0x14c #define PE_HEADER_NUMBER_OF_SECTIONS6 -#define PE_HEADER_MAJOR_OS_VER_OFFSET 64 -#define PE_HEADER_MINOR_OS_VER_OFFSET 66 -#define PE_HEADER_MAJOR_IMG_VER_OFFSET 68 -#define PE_HEADER_MINOR_IMG_VER_OFFSET 70 -#define PE_HEADER_MAJOR_SS_VER_OFFSET 72 -#define PE_HEADER_MINOR_SS_VER_OFFSET 74 +#define PE_HEADER_OPTIONAL_HEADER_SIZE 20 #define PE_HEADER_SECT_HEADER_SIZE 40 #define PE_HEADER_SECT_NAME_OFFSET 0 #define PE_HEADER_SECT_SIZE_DATA_OFFSET 16 Modified: branches/SAMBA_3_0/source/printing/nt_printing.c === --- branches/SAMBA_3_0/source/printing/nt_printing.c2007-03-19 17:02:15 UTC (rev 21874) +++ branches/SAMBA_3_0/source/printing/nt_printing.c2007-03-19 17:45:13 UTC (rev 21875) @@ -1036,13 +1036,12 @@ char*buf = NULL; ssize_t byte_count; - if ((buf=(char *)SMB_MALLOC(PE_HEADER_SIZE)) == NULL) { - DEBUG(0,(get_file_version: PE file [%s] PE Header malloc failed bytes = %d\n, - fname, PE_HEADER_SIZE)); + if ((buf=(char *)SMB_MALLOC(DOS_HEADER_SIZE)) == NULL) { + DEBUG(0,(get_file_version: PE file [%s] DOS Header malloc failed bytes = %d\n, + fname, DOS_HEADER_SIZE)); goto error_exit; } - /* Note: DOS_HEADER_SIZE malloc'ed PE_HEADER_SIZE */ if ((byte_count = vfs_read_data(fsp, buf, DOS_HEADER_SIZE)) DOS_HEADER_SIZE) { DEBUG(3,(get_file_version: File [%s] DOS header too short, bytes read = %lu\n, fname, (unsigned long)byte_count)); @@ -1064,7 +1063,8 @@ goto no_version_info; } - if ((byte_count = vfs_read_data(fsp, buf, PE_HEADER_SIZE)) PE_HEADER_SIZE) { + /* Note: DOS_HEADER_SIZE and NE_HEADER_SIZE are incidentally same */ + if ((byte_count = vfs_read_data(fsp, buf, NE_HEADER_SIZE)) NE_HEADER_SIZE) { DEBUG(3,(get_file_version: File [%s] Windows header too short, bytes read = %lu\n, fname, (unsigned long)byte_count)); /* Assume this isn't an error... the file just looks sort of like a PE/NE file */ @@ -1075,13 +1075,13 @@ if (IVAL(buf,PE_HEADER_SIGNATURE_OFFSET) == PE_HEADER_SIGNATURE) { unsigned int num_sections; unsigned int section_table_bytes; - - if (SVAL(buf,PE_HEADER_MACHINE_OFFSET) != PE_HEADER_MACHINE_I386) { - DEBUG(3,(get_file_version: PE file [%s] wrong machine = 0x%x\n, - fname, SVAL(buf,PE_HEADER_MACHINE_OFFSET))); - /* At this point, we assume the file is in error. It still could be somthing -* else besides a PE file, but it unlikely at this point. -*/ + + /* Just skip over optional header to get to section table */ + if (SMB_VFS_LSEEK(fsp, fsp-fh-fd, + SVAL(buf,PE_HEADER_OPTIONAL_HEADER_SIZE)-(NE_HEADER_SIZE-PE_HEADER_SIZE), + SEEK_CUR) == (SMB_OFF_T)-1) { + DEBUG(3,(get_file_version: File [%s] Windows optional header too short, errno = %d\n, + fname, errno)); goto error_exit; } Modified: branches/SAMBA_3_0_25/source/include/nt_printing.h === --- branches/SAMBA_3_0_25/source/include/nt_printing.h 2007-03-19 17:02:15 UTC (rev 21874) +++
svn commit: samba-docs r1063 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-19 18:29:04 + (Mon, 19 Mar 2007) New Revision: 1063 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1063 Log: Add manpage for gpfs module. Thanks to Chetan Shringarpure [EMAIL PROTECTED] Added: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Added: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-18 18:21:43 UTC (rev 1062) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 18:29:04 UTC (rev 1063) @@ -0,0 +1,139 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=vfs_gpfs.8 + +refmeta + refentrytitlevfs_gpfs/refentrytitle + manvolnum8/manvolnum +/refmeta + + +refnamediv + refnamevfs_gpfs/refname + refpurposegpfs specific samba extensions like acls and prealloc/refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandvfs objects = gpfs/command + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + + paraThis VFS module is part of the + citerefentryrefentrytitlesamba/refentrytitle + manvolnum7/manvolnum/citerefentry suite./para + + paraThe commandgpfs/command VFS module is the home + for all gpfs extensions that Samba requires for proper integration + with GPFS. For this it utilizes the gpl-ed library interfaces provided by + GPFS team. + /para + + paraCurrently the gpfs vfs module provides extensions in following areas : + itemizedlist + listitemparaNFSv4 ACL Interfaces with configurable options for gpfs/para/listitem + listitemparaKernel oplock support on GPFS/para/listitem + /itemizedlist + /para + + paracommandNOTE:/commandThis module follows the posix-acl behaviour + and hence allows permission stealing via chown. Samba might allow at a later + point in time, to restrict the chown via this module as such restrictions + are the responsibility of the underlying filesystem than of Samba. + /para + + paraThis module is stackable./para + +/refsect1 + + +refsect1 + titleOPTIONS/title + + variablelist + + varlistentry + + termnfs4:mode = [ simple | special ]/term + listitem + para + Enable/Disable substitution of special ids on GPFS. This parameter + should not affect the windows users in anyway. It only ensures that Samba + sets the special ids - OWNER@ and GROUP@ ( mappings to simple uids ) + that are relevant to GPFS. + /para + + paraThe following MODE are understood by the module:/para + itemizedlist + listitemparacommandsimple(default)/command - do not use special IDs in GPFS ACEs/para/listitem + listitemparacommandspecial/command - use special IDs in GPFS ACEs. /para /listitem + /itemizedlist + /listitem + + /varlistentry + + varlistentry + termnfs4:acedup = [dontcare|reject|ignore|merge]/term + para + This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. + GPFS allows/creates duplicate ACE for different bits for same ID. + /para + + paraFollowing is the behaviour of Samba for different values :/para + itemizedlist + listitemparacommanddontcare (default)/command - copy the ACEs as they come/para/listitem + listitemparacommandreject/command - stop operation and exit with error on ACL set op/para/listitem + listitemparacommandignore/command - don't include the second matching ACE/para/listitem + listitemparacommandmerge/command - OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE/para/listitem + /itemizedlist + /varlistentry + + /variablelist +/refsect1 + +refsect1 + titleEXAMPLES/title + + paraA GPFS mount can be exported via Samba as follows :/para + +programlisting +smbconfsection name=[samba_gpfs_share]/ + smbconfoption name=path/test/gpfs_mount/smbconfoption + smbconfoption name=nfs4: modespecial/smbconfoption + smbconfoption name=nfs4: acedupmerge/smbconfoption +/programlisting +/refsect1 + +refsect1 + titleCAVEATS/title + paraThe gpfs gpl libraries are required by commandgpfs/command VFS + module during both compilation and runtime. + Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4 + /para +/refsect1 + +refsect1 + titleVERSION/title + paraThis man page is correct for
svn commit: samba-docs r1064 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-19 18:38:51 + (Mon, 19 Mar 2007) New Revision: 1064 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1064 Log: A few updates to the gpfs manpage. Clarify some language, list setlease as feature, add vfs objects = gpfs to example. Modified: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Modified: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 18:29:04 UTC (rev 1063) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 18:38:51 UTC (rev 1064) @@ -28,14 +28,14 @@ paraThe commandgpfs/command VFS module is the home for all gpfs extensions that Samba requires for proper integration - with GPFS. For this it utilizes the gpl-ed library interfaces provided by - GPFS team. + with GPFS. It uses the GPL library interfaces provided by GPFS. /para paraCurrently the gpfs vfs module provides extensions in following areas : itemizedlist - listitemparaNFSv4 ACL Interfaces with configurable options for gpfs/para/listitem + listitemparaNFSv4 ACL Interfaces with configurable options for GPFS/para/listitem listitemparaKernel oplock support on GPFS/para/listitem + listitemparaLease support on GPFS/para/listitem /itemizedlist /para @@ -60,13 +60,13 @@ termnfs4:mode = [ simple | special ]/term listitem para - Enable/Disable substitution of special ids on GPFS. This parameter + Enable/Disable substitution of special IDs on GPFS. This parameter should not affect the windows users in anyway. It only ensures that Samba - sets the special ids - OWNER@ and GROUP@ ( mappings to simple uids ) + sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) that are relevant to GPFS. /para - paraThe following MODE are understood by the module:/para + paraThe following MODEs are understood by the module:/para itemizedlist listitemparacommandsimple(default)/command - do not use special IDs in GPFS ACEs/para/listitem listitemparacommandspecial/command - use special IDs in GPFS ACEs. /para /listitem @@ -87,7 +87,7 @@ listitemparacommanddontcare (default)/command - copy the ACEs as they come/para/listitem listitemparacommandreject/command - stop operation and exit with error on ACL set op/para/listitem listitemparacommandignore/command - don't include the second matching ACE/para/listitem - listitemparacommandmerge/command - OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE/para/listitem + listitemparacommandmerge/command - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE/para/listitem /itemizedlist /varlistentry @@ -101,6 +101,7 @@ programlisting smbconfsection name=[samba_gpfs_share]/ + smbconfoption name=vfs objectsgpfs/smbconfoption smbconfoption name=path/test/gpfs_mount/smbconfoption smbconfoption name=nfs4: modespecial/smbconfoption smbconfoption name=nfs4: acedupmerge/smbconfoption
svn commit: samba r21876 - in branches/SAMBA_3_0/source: include lib libsmb
Author: jra Date: 2007-03-19 20:39:58 + (Mon, 19 Mar 2007) New Revision: 21876 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21876 Log: Start adding in the seal implementation - prototype code for the server side enc. (doesn't break anything). I'll keep updating this until I've got NTLM seal working on both client and server, then add in the gss level seal. Jeremy. Modified: branches/SAMBA_3_0/source/include/client.h branches/SAMBA_3_0/source/lib/util_sock.c branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/include/client.h === --- branches/SAMBA_3_0/source/include/client.h 2007-03-19 17:45:13 UTC (rev 21875) +++ branches/SAMBA_3_0/source/include/client.h 2007-03-19 20:39:58 UTC (rev 21876) @@ -34,8 +34,7 @@ * These definitions depend on smb.h */ -struct print_job_info -{ +struct print_job_info { uint16 id; uint16 priority; size_t size; @@ -79,6 +78,19 @@ struct dcinfo *dc; }; +/* Transport encryption state. */ +enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_KRB5 }; + +struct smb_trans_enc_state { + enum smb_trans_enc_type smb_enc_type; + union { + NTLMSSP_STATE *ntlmssp_state; +#if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) + gss_ctx_id_t context_handle; +#endif + }; +}; + struct cli_state { int port; int fd; @@ -137,6 +149,8 @@ smb_sign_info sign_info; + struct smb_trans_enc_state *trans_enc_state; /* Setup if we're encrypting SMB's. */ + /* the session key for this CLI, outside any per-pipe authenticaion */ DATA_BLOB user_session_key; Modified: branches/SAMBA_3_0/source/lib/util_sock.c === --- branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-19 17:45:13 UTC (rev 21875) +++ branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-19 20:39:58 UTC (rev 21876) @@ -770,29 +770,32 @@ size_t len; size_t nwritten=0; ssize_t ret; + char *buf_out; /* Sign the outgoing packet if required. */ srv_calculate_sign_mac(buffer); - status = srv_encrypt_buffer(buffer); + status = srv_encrypt_buffer(buffer, buf_out); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (send_smb: SMB encryption failed on outgoing packet! Error %s\n, nt_errstr(status) )); return False; } - len = smb_len(buffer) + 4; + len = smb_len(buf_out) + 4; while (nwritten len) { - ret = write_data(fd,buffer+nwritten,len - nwritten); + ret = write_data(fd,buf_out+nwritten,len - nwritten); if (ret = 0) { DEBUG(0,(Error writing %d bytes to client. %d. (%s)\n, (int)len,(int)ret, strerror(errno) )); + srv_free_buffer(buf_out); return False; } nwritten += ret; } + srv_free_buffer(buf_out); return True; } Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-19 17:45:13 UTC (rev 21875) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-19 20:39:58 UTC (rev 21876) @@ -30,12 +30,186 @@ return NT_STATUS_OK; } -NTSTATUS srv_decrypt_buffer(char *buffer) +/* Server state if we're encrypting SMBs. If NULL then enc is off. */ + +static struct smb_trans_enc_state *srv_trans_enc_state; + +/** + Is server encryption on ? +**/ + +BOOL srv_encryption_on(void) { + return srv_trans_enc_state != NULL; +} + +/** + Free an encryption-allocated buffer. +**/ + +void srv_free_buffer(char *buf_out) +{ + if (!srv_trans_enc_state) { + return; + } + + if (srv_trans_enc_state-smb_enc_type == SMB_TRANS_ENC_NTLM) { + SAFE_FREE(buf_out); + return; + } + +#if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) + /* gss-api free buffer */ +#endif +} + +/** + gss-api decrypt an incoming buffer. +**/ + +#if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) +static NTSTATUS srv_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) +{ + return NT_STATUS_NOT_SUPPORTED; +} +#endif +
svn commit: samba r21877 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_25/source/modules
Author: jra Date: 2007-03-19 21:03:30 + (Mon, 19 Mar 2007) New Revision: 21877 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21877 Log: Missed one line. Jeremy. Modified: branches/SAMBA_3_0/source/modules/vfs_full_audit.c branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_full_audit.c === --- branches/SAMBA_3_0/source/modules/vfs_full_audit.c 2007-03-19 20:39:58 UTC (rev 21876) +++ branches/SAMBA_3_0/source/modules/vfs_full_audit.c 2007-03-19 21:03:30 UTC (rev 21877) @@ -573,6 +573,7 @@ { SMB_VFS_OP_LINK, link }, { SMB_VFS_OP_MKNOD, mknod }, { SMB_VFS_OP_REALPATH, realpath }, + { SMB_VFS_OP_NOTIFY_WATCH, notify_watch }, { SMB_VFS_OP_CHFLAGS, chflags }, { SMB_VFS_OP_FGET_NT_ACL, fget_nt_acl }, { SMB_VFS_OP_GET_NT_ACL,get_nt_acl }, Modified: branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c === --- branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c 2007-03-19 20:39:58 UTC (rev 21876) +++ branches/SAMBA_3_0_25/source/modules/vfs_full_audit.c 2007-03-19 21:03:30 UTC (rev 21877) @@ -573,6 +573,7 @@ { SMB_VFS_OP_LINK, link }, { SMB_VFS_OP_MKNOD, mknod }, { SMB_VFS_OP_REALPATH, realpath }, + { SMB_VFS_OP_NOTIFY_WATCH, notify_watch }, { SMB_VFS_OP_CHFLAGS, chflags }, { SMB_VFS_OP_FGET_NT_ACL, fget_nt_acl }, { SMB_VFS_OP_GET_NT_ACL,get_nt_acl },
svn commit: samba r21878 - in branches: SAMBA_3_0/source/auth SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/auth SAMBA_3_0_25/source/nsswitch
Author: vlendec Date: 2007-03-19 21:04:56 + (Mon, 19 Mar 2007) New Revision: 21878 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21878 Log: Fix a bug with smbd serving a windows terminal server: If winbind decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker Modified: branches/SAMBA_3_0/source/auth/auth_winbind.c branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0/source/nsswitch/wb_common.c branches/SAMBA_3_0/source/nsswitch/winbind_client.h branches/SAMBA_3_0/source/nsswitch/winbind_nss_irix.c branches/SAMBA_3_0_25/source/auth/auth_winbind.c branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c branches/SAMBA_3_0_25/source/nsswitch/wb_common.c branches/SAMBA_3_0_25/source/nsswitch/winbind_client.h branches/SAMBA_3_0_25/source/nsswitch/winbind_nss_irix.c Changeset: Modified: branches/SAMBA_3_0/source/auth/auth_winbind.c === --- branches/SAMBA_3_0/source/auth/auth_winbind.c 2007-03-19 21:03:30 UTC (rev 21877) +++ branches/SAMBA_3_0/source/auth/auth_winbind.c 2007-03-19 21:04:56 UTC (rev 21878) @@ -108,7 +108,8 @@ /* we are contacting the privileged pipe */ become_root(); - result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, request, response); + result = winbindd_priv_request_response(WINBINDD_PAM_AUTH_CRAP, + request, response); unbecome_root(); if ( result == NSS_STATUS_UNAVAIL ) { Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-03-19 21:03:30 UTC (rev 21877) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-03-19 21:04:56 UTC (rev 21878) @@ -436,7 +436,7 @@ /* Fill in request and send down pipe */ init_request(request, req_type); - if (write_sock(request, sizeof(*request), 0) == -1) { + if (write_sock(request, sizeof(*request), 0, 1) == -1) { _pam_log(pamh, ctrl, LOG_ERR, pam_winbind_request: write to socket failed!); close_sock(); return PAM_SERVICE_ERR; Modified: branches/SAMBA_3_0/source/nsswitch/wb_common.c === --- branches/SAMBA_3_0/source/nsswitch/wb_common.c 2007-03-19 21:03:30 UTC (rev 21877) +++ branches/SAMBA_3_0/source/nsswitch/wb_common.c 2007-03-19 21:04:56 UTC (rev 21878) @@ -33,6 +33,7 @@ /* Global variables. These are effectively the client state information */ int winbindd_fd = -1; /* fd for winbindd socket */ +static int is_privileged = 0; /* Free a response structure */ @@ -287,7 +288,7 @@ /* Connect to winbindd socket */ -static int winbind_open_pipe_sock(int recursing) +static int winbind_open_pipe_sock(int recursing, int need_priv) { #ifdef HAVE_UNIXSOCKET static pid_t our_pid; @@ -300,6 +301,10 @@ close_sock(); our_pid = getpid(); } + + if ((need_priv != 0) (is_privileged == 0)) { + close_sock(); + } if (winbindd_fd != -1) { return winbindd_fd; @@ -313,6 +318,8 @@ return -1; } + is_privileged = 0; + /* version-check the socket */ request.flags = WBFLAG_RECURSE; @@ -329,9 +336,14 @@ if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { close(winbindd_fd); winbindd_fd = fd; + is_privileged = 1; } } + if ((need_priv != 0) (is_privileged == 0)) { + return -1; + } + SAFE_FREE(response.extra_data.data); return winbindd_fd; @@ -342,7 +354,7 @@ /* Write data to winbindd socket */ -int write_sock(void *buffer, int count, int recursing) +int write_sock(void *buffer, int count, int recursing, int need_priv) { int result, nwritten; @@ -350,7 +362,7 @@ restart: - if (winbind_open_pipe_sock(recursing) == -1) { + if (winbind_open_pipe_sock(recursing, need_priv) == -1) { return -1; } @@ -536,7 +548,8 @@ * send simple types of requests */ -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) +NSS_STATUS winbindd_send_request(int req_type, int need_priv, +
svn commit: samba-docs r1065 - in trunk/manpages-3: .
Author: vlendec Date: 2007-03-19 21:32:53 + (Mon, 19 Mar 2007) New Revision: 1065 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1065 Log: Typo found by Tom Bork -- thanks Modified: trunk/manpages-3/vfs_extd_audit.8.xml Changeset: Modified: trunk/manpages-3/vfs_extd_audit.8.xml === --- trunk/manpages-3/vfs_extd_audit.8.xml 2007-03-19 18:38:51 UTC (rev 1064) +++ trunk/manpages-3/vfs_extd_audit.8.xml 2007-03-19 21:32:53 UTC (rev 1065) @@ -37,7 +37,7 @@ paraOther than logging to the citerefentryrefentrytitlesmbd/refentrytitle manvolnum8/manvolnum/citerefentry log, - commandvfs_ext_audit/command is identical to + commandvfs_extd_audit/command is identical to citerefentryrefentrytitlevfs_audit/refentrytitle manvolnum8/manvolnum/citerefentry. /para
svn commit: samba r21879 - in branches/SAMBA_3_0/source/smbd: .
Author: vlendec Date: 2007-03-19 21:52:27 + (Mon, 19 Mar 2007) New Revision: 21879 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21879 Log: Move process_blocking_lock_queue to a timed event. The idea is that we have blocking.c:brl_timeout as a timed event that is present whenever we do have a blocking lock pending. It fires brl_timeout_fn() which calls process_blocking_lock_queue(). Whenever we make changes to blocking_lock_queue, we trigger a recalc_brl_timeout() which sets a new brl_timout event if necessary. This makes the call to blocking_locks_timeout_ms() in setup_select_timeout() unnecessary, this is implicitly done in event_add_to_select_args() from the timed events. Volker Modified: branches/SAMBA_3_0/source/smbd/blocking.c branches/SAMBA_3_0/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/blocking.c === --- branches/SAMBA_3_0/source/smbd/blocking.c 2007-03-19 21:04:56 UTC (rev 21878) +++ branches/SAMBA_3_0/source/smbd/blocking.c 2007-03-19 21:52:27 UTC (rev 21879) @@ -51,6 +51,9 @@ /* dlink list we move cancelled lock records onto. */ static blocking_lock_record *blocking_lock_cancelled_queue; +/* The event that makes us process our blocking lock queue */ +static struct timed_event *brl_timeout; + / Destructor for the above structure. / @@ -73,8 +76,65 @@ static void received_unlock_msg(int msg_type, struct process_id src, void *buf, size_t len, void *private_data); +static void process_blocking_lock_queue(void); +static void brl_timeout_fn(struct event_context *event_ctx, + struct timed_event *te, + const struct timeval *now, + void *private_data) +{ + SMB_ASSERT(brl_timeout == te); + TALLOC_FREE(brl_timeout); + + change_to_root_user(); /* TODO: Possibly run all timed events as +* root */ + + process_blocking_lock_queue(); +} + / + After a change to blocking_lock_queue, recalculate the timed_event for the + next processing. +/ + +static BOOL recalc_brl_timeout(void) +{ + blocking_lock_record *brl; + struct timeval next_timeout; + + TALLOC_FREE(brl_timeout); + + next_timeout = timeval_zero(); + + for (brl = blocking_lock_queue; brl; brl = brl-next) { + if (timeval_is_zero(brl-expire_time)) { + continue; + } + + if (timeval_is_zero(next_timeout)) { + next_timeout = brl-expire_time; + } + else { + next_timeout = timeval_min(next_timeout, + brl-expire_time); + } + } + + if (timeval_is_zero(next_timeout)) { + return True; + } + + if (!(brl_timeout = event_add_timed(smbd_event_context(), NULL, + next_timeout, brl_timeout, + brl_timeout_fn, NULL))) { + return False; + } + + return True; +} + + +/ Function to push a blocking lock request onto the lock queue. / @@ -152,6 +212,7 @@ } DLIST_ADD_END(blocking_lock_queue, blr, blocking_lock_record *); + recalc_brl_timeout(); /* Ensure we'll receive messages when this is unlocked. */ if (!set_lock_msg) { @@ -591,57 +652,14 @@ } / - Return the number of milliseconds to the next blocking locks timeout, or default_timeout -*/ - -unsigned int blocking_locks_timeout_ms(unsigned int default_timeout_ms) -{ - unsigned int timeout_ms = default_timeout_ms; - struct timeval tv_curr; - SMB_BIG_INT min_tv_dif_us = 0x7FFF; /* A large +ve number. */ - blocking_lock_record *blr = blocking_lock_queue; - - /* note that we avoid the GetTimeOfDay() syscall if there are no blocking locks */ - if (!blr) { - return timeout_ms; - } - - tv_curr = timeval_current(); - - for (; blr; blr = blr-next) { - SMB_BIG_INT tv_dif_us; - - if (timeval_is_zero(blr-expire_time)) { - continue; /* Never timeout.
svn commit: samba r21880 - in branches/SAMBA_3_0/source: include lib libsmb
Author: jra Date: 2007-03-19 22:45:35 + (Mon, 19 Mar 2007) New Revision: 21880 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21880 Log: Make client and server calls into encryption code symetrical, depending on encryption context pointer. Jeremy. Modified: branches/SAMBA_3_0/source/include/client.h branches/SAMBA_3_0/source/lib/util_sock.c branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/include/client.h === --- branches/SAMBA_3_0/source/include/client.h 2007-03-19 21:52:27 UTC (rev 21879) +++ branches/SAMBA_3_0/source/include/client.h 2007-03-19 22:45:35 UTC (rev 21880) @@ -83,6 +83,7 @@ struct smb_trans_enc_state { enum smb_trans_enc_type smb_enc_type; + BOOL enc_on; union { NTLMSSP_STATE *ntlmssp_state; #if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) Modified: branches/SAMBA_3_0/source/lib/util_sock.c === --- branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-19 21:52:27 UTC (rev 21879) +++ branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-19 22:45:35 UTC (rev 21880) @@ -789,13 +789,13 @@ if (ret = 0) { DEBUG(0,(Error writing %d bytes to client. %d. (%s)\n, (int)len,(int)ret, strerror(errno) )); - srv_free_buffer(buf_out); + srv_free_enc_buffer(buf_out); return False; } nwritten += ret; } - srv_free_buffer(buf_out); + srv_free_enc_buffer(buf_out); return True; } Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c === --- branches/SAMBA_3_0/source/libsmb/clientgen.c2007-03-19 21:52:27 UTC (rev 21879) +++ branches/SAMBA_3_0/source/libsmb/clientgen.c2007-03-19 22:45:35 UTC (rev 21880) @@ -164,6 +164,7 @@ size_t len; size_t nwritten=0; ssize_t ret; + char *buf_out; /* fd == -1 causes segfaults -- Tom ([EMAIL PROTECTED]) */ if (cli-fd == -1) { @@ -172,7 +173,7 @@ cli_calculate_sign_mac(cli); - status = cli_encrypt_message(cli); + status = cli_encrypt_message(cli, buf_out); if (!NT_STATUS_IS_OK(status)) { close(cli-fd); cli-fd = -1; @@ -182,11 +183,12 @@ return False; } - len = smb_len(cli-outbuf) + 4; + len = smb_len(buf_out) + 4; while (nwritten len) { - ret = write_socket(cli-fd,cli-outbuf+nwritten,len - nwritten); + ret = write_socket(cli-fd,buf_out+nwritten,len - nwritten); if (ret = 0) { + cli_free_enc_buffer(cli, buf_out); close(cli-fd); cli-fd = -1; cli-smb_rw_error = WRITE_ERROR; @@ -196,6 +198,9 @@ } nwritten += ret; } + + cli_free_enc_buffer(cli, buf_out); + /* Increment the mid so we can tell between responses. */ cli-mid++; if (!cli-mid) { @@ -447,6 +452,8 @@ SAFE_FREE(cli-inbuf); cli_free_signing_context(cli); + cli_free_encryption_context(cli); + data_blob_free(cli-secblob); data_blob_free(cli-user_session_key); Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-19 21:52:27 UTC (rev 21879) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-19 22:45:35 UTC (rev 21880) @@ -20,65 +20,22 @@ #include includes.h -NTSTATUS cli_decrypt_message(struct cli_state *cli) -{ - return NT_STATUS_OK; -} - -NTSTATUS cli_encrypt_message(struct cli_state *cli) -{ - return NT_STATUS_OK; -} - -/* Server state if we're encrypting SMBs. If NULL then enc is off. */ - -static struct smb_trans_enc_state *srv_trans_enc_state; - /** - Is server encryption on ? + Generic code for client and server. + Is encryption turned on ? **/ -BOOL srv_encryption_on(void) +static BOOL internal_encryption_on(struct smb_trans_enc_state *es) { - return srv_trans_enc_state != NULL; + return ((es != NULL) es-enc_on); } /** - Free an encryption-allocated buffer. -**/ - -void srv_free_buffer(char *buf_out) -{ - if (!srv_trans_enc_state) { - return; -
Build status as of Tue Mar 20 00:00:01 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-03-19 00:00:58.0 + +++ /home/build/master/cache/broken_results.txt 2007-03-20 00:00:48.0 + @@ -1,4 +1,4 @@ -Build status as of Mon Mar 19 00:00:01 2007 +Build status as of Tue Mar 20 00:00:01 2007 Build counts: Tree Total Broken Panic @@ -12,13 +12,13 @@ lorikeet-heimdal 27 14 0 pidl 19 1 0 ppp 13 0 0 -rsync31 5 0 +rsync30 5 0 samba0 0 0 samba-docs 0 0 0 samba-gtk4 4 0 samba4 35 9 0 -samba_3_036 14 1 +samba_3_037 14 1 smb-build28 28 0 -talloc 31 1 0 +talloc 32 1 0 tdb 30 3 0
svn commit: samba r21881 - in branches/SAMBA_3_0/source: nsswitch passdb
Author: jpeach Date: 2007-03-20 00:13:42 + (Tue, 20 Mar 2007) New Revision: 21881 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21881 Log: Make sure we are very specific when testing whether a backand can handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review? Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0/source/passdb/pdb_interface.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-19 22:45:35 UTC (rev 21880) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-20 00:13:42 UTC (rev 21881) @@ -599,12 +599,18 @@ struct winbindd_domain *find_domain_from_sid_noinit(const DOM_SID *sid) { struct winbindd_domain *domain; + uint32 discard; /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain-next) { - if (sid_compare_domain(sid, domain-sid) == 0) + /* We need to use sid_peek_check_rid, because we want +* to make sure that the SIDs we send to the backends are +* as specific as possible. +*/ + if (sid_peek_check_rid(domain-sid, sid, discard) == 0) { return domain; + } } /* Not found */ Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c === --- branches/SAMBA_3_0/source/passdb/pdb_interface.c2007-03-19 22:45:35 UTC (rev 21880) +++ branches/SAMBA_3_0/source/passdb/pdb_interface.c2007-03-20 00:13:42 UTC (rev 21881) @@ -1305,7 +1305,8 @@ goto done; } - if (sid_peek_check_rid(global_sid_Builtin, sid, rid)) { + if (sid_check_is_in_builtin(sid) || + sid_check_is_in_wellknown_domain(sid)) { /* Here we only have aliases */ GROUP_MAP map; if (!NT_STATUS_IS_OK(methods-getgrsid(methods, map, *sid))) {
svn commit: samba r21882 - in branches/SAMBA_3_0/source: . lib libsmb smbd
Author: jra Date: 2007-03-20 01:17:47 + (Tue, 20 Mar 2007) New Revision: 21882 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21882 Log: The server part of the code has to use an AUTH_NTLMSSP struct, not just an NTLMSSP - grr. This complicates the re-use of common client and server code but I think I've got it right. Not turned on of valgrinded yet, but you can see it start to take shape ! Jeremy. Added: branches/SAMBA_3_0/source/smbd/seal.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/lib/dummysmbd.c branches/SAMBA_3_0/source/libsmb/smb_seal.c branches/SAMBA_3_0/source/smbd/server.c branches/SAMBA_3_0/source/smbd/sesssetup.c branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Sorry, the patch is too large (594 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21882
svn commit: samba r21883 - in branches/SAMBA_3_0/source: include libsmb
Author: jra Date: 2007-03-20 02:20:16 + (Tue, 20 Mar 2007) New Revision: 21883 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21883 Log: Try and fix the build by removing the prototypes for functions that take a gss context handle in includes.h Jeremy. Modified: branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/include/includes.h === --- branches/SAMBA_3_0/source/include/includes.h2007-03-20 01:17:47 UTC (rev 21882) +++ branches/SAMBA_3_0/source/include/includes.h2007-03-20 02:20:16 UTC (rev 21883) @@ -1186,6 +1186,14 @@ const krb5_principal server, krb5_data *reply); +/* Call for SMB transport encryption. */ +#if defined(HAVE_GSSAPI_SUPPORT) +NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf); +#endif +#if defined(HAVE_GSSAPI_SUPPORT) +NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out); +#endif + #endif /* HAVE_KRB5 */ Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-20 01:17:47 UTC (rev 21882) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-20 02:20:16 UTC (rev 21883) @@ -123,7 +123,7 @@ **/ #if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) -NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) + NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) { return NT_STATUS_NOT_SUPPORTED; } @@ -135,7 +135,7 @@ **/ #if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) -NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) + NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) { return NT_STATUS_NOT_SUPPORTED; }
svn commit: samba r21884 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0/source/param SAMBA_3_0_25/source/nsswitch SAMBA_3_0_25/source/param
Author: jerry Date: 2007-03-20 02:43:20 + (Tue, 20 Mar 2007) New Revision: 21884 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21884 Log: * Blacklist BUILTIN and MACHINE domains from the idmap domains as these should only be handled by the winbindd_passdb.c backend * Allow the alloc init to fail for backwards compatible configurations like idmap backend = ad idmap uid = 1000-10 * Remove the deprecated flags from idmap backend, et. al. These are mutually exclusive with the new configuration options (idmap domains). Logging annoying messages about deprecated parameters is confusing. So we'll try this apprpach for now. Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-03-20 02:20:16 UTC (rev 21883) +++ branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-03-20 02:43:20 UTC (rev 21884) @@ -297,7 +297,6 @@ char *p = NULL; const char *q = NULL; - DEBUG(0, (WARNING: idmap backend is deprecated!\n)); compat = 1; if ( (compat_backend = talloc_strdup( idmap_ctx, *compat_list )) == NULL ) { @@ -337,6 +336,15 @@ const char *parm_backend; char *config_option; + /* ignore BUILTIN and local MACHINE domains */ + if ( strequal(dom_list[i], BUILTIN) +|| strequal(dom_list[i], get_global_sam_name() ) ) + { + DEBUG(0,(idmap_init: Ignoring invalid domain %s\n, +dom_list[i])); + continue; + } + if (strequal(dom_list[i], lp_workgroup())) { pri_dom_is_in_list = True; } @@ -577,25 +585,30 @@ alloc_methods = get_alloc_methods(alloc_backends, alloc_backend); } } - if ( ! alloc_methods) { - DEBUG(0, (ERROR: Could not get methods for alloc backend %s\n, alloc_backend)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; + if ( alloc_methods) { + ret = alloc_methods-init(compat_params); + if ( ! NT_STATUS_IS_OK(ret)) { + DEBUG(0, (idmap_init: Initialization failed for alloc + backend %s\n, alloc_backend)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + DEBUG(2, (idmap_init: Unable to get methods for alloc backend %s\n, + alloc_backend)); + /* certain compat backends are just readonly */ + if ( compat ) + ret = NT_STATUS_OK; + else + ret = NT_STATUS_UNSUCCESSFUL; } - ret = alloc_methods-init(compat_params); - if ( ! NT_STATUS_IS_OK(ret)) { - DEBUG(0, (ERROR: Initialization failed for alloc backend %s\n, alloc_backend)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - /* cleanpu temporary strings */ TALLOC_FREE( compat_backend ); backend_init_status = NT_STATUS_OK; - return NT_STATUS_OK; + return ret; done: DEBUG(0, (Aborting IDMAP Initialization ...\n)); Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2007-03-20 02:20:16 UTC (rev 21883) +++ branches/SAMBA_3_0/source/param/loadparm.c 2007-03-20 02:43:20 UTC (rev 21884) @@ -1268,14 +1268,14 @@ {passdb expand explicit, P_BOOL, P_GLOBAL, Globals.bPassdbExpandExplicit, NULL, NULL, FLAG_ADVANCED}, {idmap domains, P_LIST, P_GLOBAL, Globals.szIdmapDomains, NULL, NULL, FLAG_ADVANCED}, - {idmap backend, P_LIST, P_GLOBAL, Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, + {idmap backend, P_LIST, P_GLOBAL, Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED }, {idmap alloc backend, P_STRING, P_GLOBAL, Globals.szIdmapAllocBackend, NULL, NULL, FLAG_ADVANCED}, {idmap expire time, P_INTEGER, P_GLOBAL, Globals.iIdmapExpireTime, NULL, NULL, FLAG_ADVANCED}, {idmap negative time, P_INTEGER, P_GLOBAL, Globals.iIdmapNegativeTime, NULL, NULL, FLAG_ADVANCED}, - {idmap uid, P_STRING, P_GLOBAL, Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEPRECATED }, - {winbind uid, P_STRING, P_GLOBAL, Globals.szIdmapUID,