svn commit: samba r21885 - in branches/SAMBA_3_0/source/modules: .
Author: ab Date: 2007-03-20 08:17:27 + (Tue, 20 Mar 2007) New Revision: 21885 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21885 Log: Chown logic should be activated only if nfs4:chown=yes Modified: branches/SAMBA_3_0/source/modules/nfs4_acls.c Changeset: Modified: branches/SAMBA_3_0/source/modules/nfs4_acls.c === --- branches/SAMBA_3_0/source/modules/nfs4_acls.c 2007-03-20 02:43:20 UTC (rev 21884) +++ branches/SAMBA_3_0/source/modules/nfs4_acls.c 2007-03-20 08:17:27 UTC (rev 21885) @@ -604,31 +604,33 @@ if (smbacl4_GetFileOwner(fsp, sbuf)) return False; - /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ - if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID, security_info_sent, psd)) - { - DEBUG(8, (unpack_nt_owners failed)); - return False; - } - if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) || - ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) { - need_chown = True; - } - if (need_chown) { - if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { - if(try_chown(fsp-conn, fsp-fsp_name, newUID, newGID)) { - DEBUG(3,(chown %s, %u, %u failed. Error = %s.\n, - fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); - return False; + if (params.do_chown) { + /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ + if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID, security_info_sent, psd)) + { + DEBUG(8, (unpack_nt_owners failed)); + return False; + } + if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) || + ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) { + need_chown = True; + } + if (need_chown) { + if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { + if(try_chown(fsp-conn, fsp-fsp_name, newUID, newGID)) { + DEBUG(3,(chown %s, %u, %u failed. Error = %s.\n, + fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); + return False; + } + DEBUG(10,(chown %s, %u, %u succeeded.\n, + fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID)); + if (smbacl4_GetFileOwner(fsp, sbuf)) + return False; + need_chown = False; + } else { /* chown is needed, but _after_ changing acl */ + sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ + sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ } - DEBUG(10,(chown %s, %u, %u succeeded.\n, - fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - if (smbacl4_GetFileOwner(fsp, sbuf)) - return False; - need_chown = False; - } else { /* chown is needed, but _after_ changing acl */ - sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ - sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ } }
svn commit: samba r21886 - in branches/SAMBA_3_0_25/source/modules: .
Author: ab Date: 2007-03-20 08:17:50 + (Tue, 20 Mar 2007) New Revision: 21886 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21886 Log: Chown logic should be activated only if nfs4:chown=yes Modified: branches/SAMBA_3_0_25/source/modules/nfs4_acls.c Changeset: Modified: branches/SAMBA_3_0_25/source/modules/nfs4_acls.c === --- branches/SAMBA_3_0_25/source/modules/nfs4_acls.c2007-03-20 08:17:27 UTC (rev 21885) +++ branches/SAMBA_3_0_25/source/modules/nfs4_acls.c2007-03-20 08:17:50 UTC (rev 21886) @@ -604,31 +604,33 @@ if (smbacl4_GetFileOwner(fsp, sbuf)) return False; - /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ - if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID, security_info_sent, psd)) - { - DEBUG(8, (unpack_nt_owners failed)); - return False; - } - if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) || - ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) { - need_chown = True; - } - if (need_chown) { - if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { - if(try_chown(fsp-conn, fsp-fsp_name, newUID, newGID)) { - DEBUG(3,(chown %s, %u, %u failed. Error = %s.\n, - fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); - return False; + if (params.do_chown) { + /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ + if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID, security_info_sent, psd)) + { + DEBUG(8, (unpack_nt_owners failed)); + return False; + } + if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) || + ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) { + need_chown = True; + } + if (need_chown) { + if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { + if(try_chown(fsp-conn, fsp-fsp_name, newUID, newGID)) { + DEBUG(3,(chown %s, %u, %u failed. Error = %s.\n, + fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); + return False; + } + DEBUG(10,(chown %s, %u, %u succeeded.\n, + fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID)); + if (smbacl4_GetFileOwner(fsp, sbuf)) + return False; + need_chown = False; + } else { /* chown is needed, but _after_ changing acl */ + sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ + sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ } - DEBUG(10,(chown %s, %u, %u succeeded.\n, - fsp-fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - if (smbacl4_GetFileOwner(fsp, sbuf)) - return False; - need_chown = False; - } else { /* chown is needed, but _after_ changing acl */ - sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ - sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ } }
svn commit: samba r21887 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: gd Date: 2007-03-20 12:44:40 + (Tue, 20 Mar 2007) New Revision: 21887 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21887 Log: Fix annoying bug where in a pam_close_session (or a pam_setcred with the PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches. Make sure that only root can do this. Jerry, Jeremy, please check. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-20 08:17:50 UTC (rev 21886) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-20 12:44:40 UTC (rev 21887) @@ -2092,7 +2092,9 @@ { struct winbindd_domain *domain; fstring name_domain, user; - + uid_t caller_uid = (uid_t)-1; + uid_t request_uid = state-request.data.logoff.uid; + DEBUG(3, ([%5lu]: pam logoff %s\n, (unsigned long)state-pid, state-request.data.logoff.user)); @@ -2103,6 +2105,10 @@ state-request.data.logoff.krb5ccname [sizeof(state-request.data.logoff.krb5ccname)-1]='\0'; + if (request_uid == (gid_t)-1) { + goto failed; + } + if (!canonicalize_username(state-request.data.logoff.user, name_domain, user)) { goto failed; } @@ -2111,6 +2117,28 @@ goto failed; } + if ((sys_getpeereid(state-sock, caller_uid)) != 0) { + DEBUG(1,(winbindd_pam_logoff: failed to check peerid: %s\n, + strerror(errno))); + goto failed; + } + + switch (caller_uid) { + case -1: + goto failed; + case 0: + /* root must be able to logoff any user - gd */ + state-request.data.logoff.uid = request_uid; + break; + default: + if (caller_uid != request_uid) { + DEBUG(1,(winbindd_pam_logoff: caller requested invalid uid\n)); + goto failed; + } + state-request.data.logoff.uid = caller_uid; + break; + } + sendto_domain(state, domain); return; Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c2007-03-20 08:17:50 UTC (rev 21886) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c2007-03-20 12:44:40 UTC (rev 21887) @@ -2092,7 +2092,9 @@ { struct winbindd_domain *domain; fstring name_domain, user; - + uid_t caller_uid = (uid_t)-1; + uid_t request_uid = state-request.data.logoff.uid; + DEBUG(3, ([%5lu]: pam logoff %s\n, (unsigned long)state-pid, state-request.data.logoff.user)); @@ -2103,6 +2105,10 @@ state-request.data.logoff.krb5ccname [sizeof(state-request.data.logoff.krb5ccname)-1]='\0'; + if (request_uid == (gid_t)-1) { + goto failed; + } + if (!canonicalize_username(state-request.data.logoff.user, name_domain, user)) { goto failed; } @@ -2111,6 +2117,28 @@ goto failed; } + if ((sys_getpeereid(state-sock, caller_uid)) != 0) { + DEBUG(1,(winbindd_pam_logoff: failed to check peerid: %s\n, + strerror(errno))); + goto failed; + } + + switch (caller_uid) { + case -1: + goto failed; + case 0: + /* root must be able to logoff any user - gd */ + state-request.data.logoff.uid = request_uid; + break; + default: + if (caller_uid != request_uid) { + DEBUG(1,(winbindd_pam_logoff: caller requested invalid uid\n)); + goto failed; + } + state-request.data.logoff.uid = caller_uid; + break; + } + sendto_domain(state, domain); return;
svn commit: samba-docs r1066 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-20 13:05:44 + (Tue, 20 Mar 2007) New Revision: 1066 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1066 Log: Add nfs4:chown option, and a few formatting changes. Modified: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Modified: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 21:32:53 UTC (rev 1065) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-20 13:05:44 UTC (rev 1066) @@ -75,8 +75,10 @@ /varlistentry + varlistentry termnfs4:acedup = [dontcare|reject|ignore|merge]/term + listitem para This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. GPFS allows/creates duplicate ACE for different bits for same ID. @@ -89,8 +91,27 @@ listitemparacommandignore/command - don't include the second matching ACE/para/listitem listitemparacommandmerge/command - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE/para/listitem /itemizedlist + /listitem /varlistentry + + varlistentry + termnfs4:chown = [yes|no]/term + listitem + paraThis parameter allows enabling or disabling the chown supported + by the underlying filesystem. This parameter should be enabled with + care as it might leave your system insecure./para + paraSome filesystems allow chown as a) giving b) stealing. It is the latter + that is considered a risk./para + + paraFollowing is the behaviour of Samba for different values : /para + itemizedlist + listitemparacommandyes/command - Enable chown if as supported by the under filesystem/para/listitem + listitemparacommandno (default)/command - Disable chown/para/listitem + /itemizedlist + /listitem + /varlistentry + /variablelist /refsect1
sys_getpeerid() [was Re: svn commit: samba r21887 -...]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: gd Date: 2007-03-20 12:44:40 + (Tue, 20 Mar 2007) New Revision: 21887 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21887 Log: Fix annoying bug where in a pam_close_session (or a pam_setcred with the PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches. Make sure that only root can do this. Jerry, Jeremy, please check. There are three places we use sys_getpeerid() that I can tell. (a) Jeremy's Domain Users hack for reporting group membership, (b) access to the ntlm_auth cache for applications like Firefox, and now (c) The capability to issue a logoff call. If we don't have getpeerid() I can loose the first two. No big deal. The problem I see with (c) is that if a platform does not support getpeerid() then you get init a user's krb5 ccache but never delete it. Which makes the feature asymetrical based on support for getpeerid(). Am I missing something here ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/+ngIR7qMdg1EfYRAhArAJ9DTSiM/wWflGkVq3kf0jIwC2j4dACgkINs KunBqbQWkDYlMjC5yJ4ZJtY= =hNHM -END PGP SIGNATURE-
Rev 5292: First _unfinished_ version of net conf import. in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5292 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Tue 2007-03-20 16:20:51 +0100 message: First _unfinished_ version of net conf import. This function is to import registry shares from a file in smb.conf format. Currently it loads a file given on the command line via lp_load and dumps the read config out to stdout. Once the loop is finished, the data will be put into the registry instead of dumped. modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-03-13 16:52:01 + +++ b/source/utils/net_conf.c 2007-03-20 15:20:51 + @@ -44,6 +44,24 @@ * usage functions */ +static int net_conf_list_usage(int argc, const char **argv) +{ + d_printf(USAGE: net conf list\n); + return -1; +} + +static int net_conf_import_usage(int argc, const char**argv) +{ + d_printf(USAGE: net conf import filename\n); + return -1; +} + +static int net_conf_listshares_usage(int argc, const char **argv) +{ + d_printf(USAGE: net conf listshares\n); + return -1; +} + static int net_conf_showshare_usage(int argc, const char **argv) { d_printf(USAGE: net conf showshare sharename\n); @@ -89,18 +107,6 @@ return -1; } -static int net_conf_list_usage(int argc, const char **argv) -{ - d_printf(USAGE: net conf list\n); - return -1; -} - -static int net_conf_listshares_usage(int argc, const char **argv) -{ - d_printf(USAGE: net conf listshares\n); - return -1; -} - /* * Helper functions @@ -272,6 +278,89 @@ return ret; } +int net_conf_import(int argc, const char **argv) +{ + int ret = -1; + const char *filename = NULL; + TALLOC_CTX *ctx; + struct share_iterator *shares; + struct share_params *share; + struct parm_struct *parm; + int i = 0; + char *utf8_s1; + + ctx = talloc_init(net_conf_import); + + if (argc != 1) { + net_conf_import_usage(argc, argv); + goto done; + } + + filename = argv[0]; + DEBUG(3,(net_conf_import: reading configuration from file %s.\n, + filename)); + + /* TODO: check for existence and readability */ + + if (!lp_load(filename, +False, /* global_only */ +False, /* save_defaults */ +False, /* add_ipc */ +False))/* initialize_globals */ + { + d_fprintf(stderr, Error parsing configuration file.\n); + goto done; + } + + if (!(shares = share_list_all(ctx))) { + d_fprintf(stderr, Could not list shares...\n); + goto done; + } + while ((share = next_share(shares)) != NULL) { + d_printf(TEST: snum%i : [%s]\n, share-service, +lp_servicename(share-service)); + i = 0; + while ((parm = lp_next_parameter(share-service, i, 0))) + { + if (parm-type != P_SEP) { + d_printf(TEST: param %3d : %s = , i, +parm-label); + } + switch (parm-type) { + case P_CHAR: + d_printf(%c, *(char *)(parm-ptr)); + break; + case P_STRING: + case P_USTRING: + d_printf(%s\n, *(char **)(parm-ptr)); + break; + case P_GSTRING: + case P_UGSTRING: + d_printf(%s\n, (char *)(parm-ptr)); + break; + case P_BOOL: + d_printf(%s\n, BOOLSTR(*(BOOL *)(parm-ptr))); + break; + case P_BOOLREV: + d_printf(%s\n, BOOLSTR(!*(BOOL *)(parm-ptr))); + break; + case P_SEP: + break; + default: + d_printf(type unimplemented\n); + break; + } + } + d_printf(TEST: ---\n); + } + + ret = 0; + +done: + TALLOC_FREE(ctx); + return ret; +} + int net_conf_listshares(int argc, const char **argv) { WERROR werr = WERR_OK; @@ -722,6 +811,8 @@ struct functable2 func[] = { {list, net_conf_list, Dump the complete
svn commit: samba r21888 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_25/source/utils
Author: jerry Date: 2007-03-20 15:29:33 + (Tue, 20 Mar 2007) New Revision: 21888 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21888 Log: Add the osname and osver options to 'net ads join' as discussed on the samba-technical ml. I'll add a 'net ads set attribute=value' utility later rather than the original 'net ads setmachineupn' patch that was also posted to the tech ml. Modified: branches/SAMBA_3_0/source/utils/net_ads.c branches/SAMBA_3_0_25/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2007-03-20 12:44:40 UTC (rev 21887) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2007-03-20 15:29:33 UTC (rev 21888) @@ -1118,6 +1118,72 @@ } /*** + Set a machines dNSHostName and servicePrincipalName attributes + / + +static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, + const char *os_name, const char *os_version ) +{ + ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); + char *new_dn; + ADS_MODLIST mods; + LDAPMessage *res = NULL; + char *dn_string = NULL; + const char *machine_name = global_myname(); + int count; + char *os_sp = NULL; + + if ( !os_name || !os_version ) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* Find our DN */ + + status = ads_find_machine_acct(ads_s, res, machine_name); + if (!ADS_ERR_OK(status)) + return status; + + if ( (count = ads_count_replies(ads_s, res)) != 1 ) { + DEBUG(1,(net_set_machine_spn: %d entries returned!\n, count)); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) { + DEBUG(1, (ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n)); + goto done; + } + + new_dn = talloc_strdup(ctx, dn_string); + ads_memfree(ads_s, dn_string); + if (!new_dn) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + /* now do the mods */ + + if (!(mods = ads_init_mods(ctx))) { + goto done; + } + + os_sp = talloc_asprintf( ctx, Samba %s, SAMBA_VERSION_STRING ); + + /* fields of primary importance */ + + ads_mod_str(ctx, mods, operatingSystem, os_name); + ads_mod_str(ctx, mods, operatingSystemVersion, os_version); + if ( os_sp ) + ads_mod_str(ctx, mods, operatingSystemServicePack, os_sp); + + status = ads_gen_mod(ads_s, new_dn, mods); + +done: + ads_msgfree(ads_s, res); + TALLOC_FREE( os_sp ); + + return status; +} + +/*** join a domain using ADS (LDAP mods) / @@ -1386,6 +1452,8 @@ int i; fstring dc_name; struct in_addr dcip; + const char *os_name = NULL; + const char *os_version = NULL; nt_status = check_ads_config(); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1427,11 +1495,25 @@ } else if ( !StrnCaseCmp(argv[i], createcomputer, strlen(createcomputer)) ) { if ( (create_in_ou = get_string_param(argv[i])) == NULL ) { - d_fprintf(stderr, Please supply a valid OU path\n); + d_fprintf(stderr, Please supply a valid OU path.\n); nt_status = NT_STATUS_INVALID_PARAMETER; goto fail; } } + else if ( !StrnCaseCmp(argv[i], osName, strlen(osName)) ) { + if ( (os_name = get_string_param(argv[i])) == NULL ) { + d_fprintf(stderr, Please supply a operating system name.\n); + nt_status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } + else if ( !StrnCaseCmp(argv[i], osVer, strlen(osVer)) ) { + if ( (os_version = get_string_param(argv[i])) == NULL ) { + d_fprintf(stderr, Please supply a valid operating system version.\n); + nt_status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + } else { d_fprintf(stderr, Bad option: %s\n,
Re: sys_getpeerid() [was Re: svn commit: samba r21887 -...]
Hi Jerry, Gerald (Jerry) Carter wrote: There are three places we use sys_getpeerid() that I can tell. (a) Jeremy's Domain Users hack for reporting group membership, (b) access to the ntlm_auth cache for applications like Firefox, and now (c) The capability to issue a logoff call. If we don't have getpeerid() I can loose the first two. No big deal. The problem I see with (c) is that if a platform does not support getpeerid() then you get init a user's krb5 ccache but never delete it. Which makes the feature asymetrical based on support for getpeerid(). Am I missing something here ? No, correct, we need broader support of getpeereid(). I'm awaiting response from Kurt from OpenLDAP to import their portable version as a complete file. In the meantime, I will look to make c) consistent. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED]
svn commit: samba r21891 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2007-03-20 18:11:48 + (Tue, 20 Mar 2007) New Revision: 21891 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21891 Log: Finish server-side NTLM-SPNEGO negotiation support. Now for the client part, and testing. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/seal.c === --- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 17:09:56 UTC (rev 21890) +++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 18:11:48 UTC (rev 21891) @@ -118,15 +118,46 @@ **/ #if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) -static NTSTATUS srv_enc_spnego_gss_negotiate(char **ppdata, size_t *p_data_size, DATA_BLOB *psecblob) +static NTSTATUS srv_enc_spnego_gss_negotiate(char **ppdata, size_t *p_data_size, DATA_BLOB secblob) { return NT_STATUS_NOT_SUPPORTED; } #endif /** + Do the NTLM SPNEGO encryption negotiation. Parameters are in/out. + Until success we do everything on the partial enc ctx. +**/ + +static NTSTATUS srv_enc_spnego_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob) +{ + NTSTATUS status; + DATA_BLOB chal = data_blob(NULL, 0); + DATA_BLOB response = data_blob(NULL, 0); + struct smb_srv_trans_enc_ctx *ec = partial_srv_trans_enc_ctx; + + status = auth_ntlmssp_start(ec-auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + return nt_status_squash(status); + } + + status = auth_ntlmssp_update(ec-auth_ntlmssp_state, secblob, chal); + + /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED +* for success ... */ + + response = spnego_gen_auth_response(chal, status, OID_NTLMSSP); + data_blob_free(chal); + + SAFE_FREE(*ppdata); + *ppdata = response.data; + *p_data_size = response.length; + return status; +} + +/** Do the SPNEGO encryption negotiation. Parameters are in/out. - Covers the NTLM case. Based off code in smbd/sesssionsetup.c + Based off code in smbd/sesssionsetup.c Until success we do everything on the partial enc ctx. **/ @@ -135,10 +166,7 @@ NTSTATUS status; DATA_BLOB blob = data_blob(NULL,0); DATA_BLOB secblob = data_blob(NULL, 0); - DATA_BLOB chal = data_blob(NULL, 0); - DATA_BLOB response = data_blob(NULL, 0); BOOL got_kerberos_mechanism = False; - struct smb_srv_trans_enc_ctx *ec = NULL; blob = data_blob_const(*ppdata, *p_data_size); @@ -160,47 +188,59 @@ #if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5) if (got_kerberos_mechanism lp_use_kerberos_keytab()) ) { - status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob); - if (!NT_STATUS_IS_OK(status)) { - data_blob_free(secblob); - srv_free_encryption_context(partial_srv_trans_enc_ctx); - } - return status; + status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob); + } else +#endif + { + status = srv_enc_spnego_ntlm_negotiate(ppdata, p_data_size, secblob); } -#endif - /* Deal with an NTLM enc. setup. */ - ec = partial_srv_trans_enc_ctx; + data_blob_free(secblob); - status = auth_ntlmssp_start(ec-auth_ntlmssp_state); - if (!NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED) !NT_STATUS_IS_OK(status)) { srv_free_encryption_context(partial_srv_trans_enc_ctx); - return nt_status_squash(status); } - status = auth_ntlmssp_update(ec-auth_ntlmssp_state, secblob, chal); - data_blob_free(secblob); - - /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED -* for success ... */ - - response = spnego_gen_auth_response(chal, status, OID_NTLMSSP); - data_blob_free(chal); - - SAFE_FREE(*ppdata); - *ppdata = response.data; - *p_data_size = response.length; - return status; } /** Complete a SPNEGO encryption negotiation. Parameters are in/out. + We only get this for a NTLM auth second stage. **/ -static NTSTATUS srv_enc_spnego_auth(unsigned char **ppdata, size_t *p_data_size) +static NTSTATUS srv_enc_spnego_ntlm_auth(unsigned char **ppdata,
svn commit: samba r21892 - in branches/SAMBA_3_0/source/param: .
Author: vlendec Date: 2007-03-20 20:47:17 + (Tue, 20 Mar 2007) New Revision: 21892 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21892 Log: Mini-Patch from Michael Modified: branches/SAMBA_3_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2007-03-20 18:11:48 UTC (rev 21891) +++ branches/SAMBA_3_0/source/param/loadparm.c 2007-03-20 20:47:17 UTC (rev 21892) @@ -3524,9 +3524,7 @@ parm_ptr = ((char *)ServicePtrs[snum]) + PTR_DIFF(def_ptr, sDefault); - } - if (snum = 0) { if (!ServicePtrs[snum]-copymap) init_copymap(ServicePtrs[snum]);
svn commit: samba r21893 - in branches/SAMBA_3_0/source/libsmb: .
Author: mimir Date: 2007-03-20 21:21:04 + (Tue, 20 Mar 2007) New Revision: 21893 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21893 Log: Update comments so they actually reflect reality... rafal Modified: branches/SAMBA_3_0/source/libsmb/trustdom_cache.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/trustdom_cache.c === --- branches/SAMBA_3_0/source/libsmb/trustdom_cache.c 2007-03-20 20:47:17 UTC (rev 21892) +++ branches/SAMBA_3_0/source/libsmb/trustdom_cache.c 2007-03-20 21:21:04 UTC (rev 21893) @@ -99,7 +99,7 @@ /** * Store trusted domain in gencache as the domain name (key) - * and ip address of domain controller (value) + * and trusted domain's SID (value) * * @param name trusted domain name * @param alt_name alternative trusted domain name (used in ADS domains) @@ -152,7 +152,7 @@ /** - * Fetch trusted domain's dc from the gencache. + * Fetch trusted domain's SID from the gencache. * This routine can also be used to check whether given * domain is currently trusted one. * @@ -189,7 +189,7 @@ DEBUG(5, (trusted domain %s found (%s)\n, name, value)); } - /* convert ip string representation into in_addr structure */ + /* convert sid string representation into DOM_SID structure */ if(! string_to_sid(sid, value)) { sid = NULL; SAFE_FREE(value);
svn commit: samba r21894 - in branches/SAMBA_3_0/source: libsmb smbd
Author: jra Date: 2007-03-20 22:01:02 + (Tue, 20 Mar 2007) New Revision: 21894 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21894 Log: Some refactoring of server side encryption context. Support raw NTLM auth (no spnego). Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/smb_seal.c branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c === --- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-20 21:21:04 UTC (rev 21893) +++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-20 22:01:02 UTC (rev 21894) @@ -763,7 +763,7 @@ } } - /* we have a reference conter on ntlmssp_state, if we are signing + /* we have a reference counter on ntlmssp_state, if we are signing then the state will be kept by the signing engine */ ntlmssp_end(ntlmssp_state); @@ -973,7 +973,6 @@ } return NT_STATUS_OK; - } / Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-20 21:21:04 UTC (rev 21893) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-20 22:01:02 UTC (rev 21894) @@ -282,3 +282,15 @@ { return common_encrypt_buffer(cli-trans_enc_state, cli-outbuf, buf_out); } + +/** + Start a raw ntlmssp encryption. +**/ + +NTSTATUS cli_ntlm_smb_encryption_on(struct cli_state *cli, + const char *user, + const char *pass, + const char *workgroup) +{ + +} Modified: branches/SAMBA_3_0/source/smbd/seal.c === --- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 21:21:04 UTC (rev 21893) +++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 22:01:02 UTC (rev 21894) @@ -49,9 +49,46 @@ } /** - Shutdown a server encryption state. + Create an auth_ntlmssp_state and ensure pointer copy is correct. **/ +static NTSTATUS make_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec) +{ + NTSTATUS status = auth_ntlmssp_start(ec-auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + return nt_status_squash(status); + } + + /* +* We must remember to update the pointer copy for the common +* functions after any auth_ntlmssp_start/auth_ntlmssp_end. +*/ + ec-es-ntlmssp_state = ec-auth_ntlmssp_state-ntlmssp_state; + return status; +} + +/** + Destroy an auth_ntlmssp_state and ensure pointer copy is correct. +**/ + +static void destroy_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec) +{ + /* +* We must remember to update the pointer copy for the common +* functions after any auth_ntlmssp_start/auth_ntlmssp_end. +*/ + + if (ec-auth_ntlmssp_state) { + auth_ntlmssp_end(ec-auth_ntlmssp_state); + /* The auth_ntlmssp_end killed this already. */ + ec-es-ntlmssp_state = NULL; + } +} + +/** + Shutdown a server encryption context. +**/ + static void srv_free_encryption_context(struct smb_srv_trans_enc_ctx **pp_ec) { struct smb_srv_trans_enc_ctx *ec = *pp_ec; @@ -61,12 +98,8 @@ } if (ec-es) { - struct smb_trans_enc_state *es = ec-es; - if (es-smb_enc_type == SMB_TRANS_ENC_NTLM - ec-auth_ntlmssp_state) { - auth_ntlmssp_end(ec-auth_ntlmssp_state); - /* The auth_ntlmssp_end killed this already. */ - es-ntlmssp_state = NULL; + if (ec-es-smb_enc_type == SMB_TRANS_ENC_NTLM) { + destroy_auth_ntlmssp(ec); } common_free_encryption_state(ec-es); } @@ -76,6 +109,36 @@ } /** + Create a server encryption context. +**/ + +static struct smb_srv_trans_enc_ctx
svn commit: samba r21895 - in branches: SAMBA_3_0_25 SAMBA_3_0_RELEASE
Author: jerry Date: 2007-03-20 22:25:14 + (Tue, 20 Mar 2007) New Revision: 21895 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21895 Log: Updating release notes for 3.0.25pre2. Feel free to fix error in the SAMBA_3_0_25 tree and I'll pull the changes across. Modified: branches/SAMBA_3_0_25/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Sorry, the patch is too large (505 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21895
Rev 11690: Merge upstream in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/ revno: 11690 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 4.0-envs timestamp: Tue 2007-03-20 23:37:18 +0100 message: Merge upstream modified: source/dsdb/repl/replicated_objects.c svn-v2:[EMAIL PROTECTED] webapps/swat/source/class/swat/module/netmgr/Fsm.js svn-v2:[EMAIL PROTECTED] webapps/swat/source/class/swat/module/netmgr/Gui.js svn-v2:[EMAIL PROTECTED] revno: 11684.1.63 merged: svn-v2:[EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: metze timestamp: Fri 2007-03-16 16:35:44 + message: add a comment why we remove the rid_crypt obfuscation metze revno: 11684.1.62 merged: svn-v2:[EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: mimir timestamp: Fri 2007-03-16 00:19:40 + message: Further work on initialising libnet context from netmgr. rafal === modified file 'source/dsdb/repl/replicated_objects.c' --- a/source/dsdb/repl/replicated_objects.c 2007-03-14 19:10:21 + +++ b/source/dsdb/repl/replicated_objects.c 2007-03-16 16:35:44 + @@ -103,6 +103,14 @@ plain_buffer = data_blob_talloc(mem_ctx, checked_buffer.data, checked_buffer.length); W_ERROR_HAVE_NO_MEMORY(plain_buffer.data); + /* +* The following rid_crypt obfuscation isn't session specific +* and not really needed here, because we allways know the rid of the +* user account. +* +* But for the rest of samba it's easier when we remove this static +* obfuscation here +*/ if (rid_crypt) { uint32_t i, num_hashes; === modified file 'webapps/swat/source/class/swat/module/netmgr/Fsm.js' --- a/webapps/swat/source/class/swat/module/netmgr/Fsm.js 2007-03-13 02:54:06 + +++ b/webapps/swat/source/class/swat/module/netmgr/Fsm.js 2007-03-16 00:19:40 + @@ -43,7 +43,7 @@ result.data.origin == origins.Server result.data.code == serverErrors.ResourceError) { - this.debug(error + result); + alert(Error when receiving rpc: ' + result.id + ' + exception: + result.data); } else { @@ -63,7 +63,13 @@ { swat.main.canvas : Transition_Idle_to_AwaitRpcResult_via_canvas_appear - } + }, + + changeSelection : + { + tree : + Transition_Idle_to_AwaitRpcResult_via_tree_selection_changed + } } }); @@ -87,6 +93,37 @@ // Add the new transition state.addTransition(trans); + var trans = new qx.util.fsm.Transition( +Transition_Idle_to_AwaitRpcResult_via_tree_selection_changed, +{ + nextState : State_AwaitRpcResult, + + ontransition : + function(fsm, event) + { + var nodes = event.getData(); + var selectedNode = nodes[0]; + + var gui = swat.module.netmgr.Gui.getInstance(); + var parentNode = gui.getParentNode(module, selectedNode); + + if (typeof(parentNode.credentials) == object) + { + var creds = parentNode.credentials; + var request = _this.callRpc(samba.ejsnet, NetContext, [ creds ]); + request.setUserData(requestType, NetContext); + } + else + { + // TODO: display a login dialog + } + } + +}); + + // Add the new transition + state.addTransition(trans); + blockedEvents = { appear: === modified file 'webapps/swat/source/class/swat/module/netmgr/Gui.js' --- a/webapps/swat/source/class/swat/module/netmgr/Gui.js 2007-03-13 02:58:05 + +++ b/webapps/swat/source/class/swat/module/netmgr/Gui.js 2007-03-16 00:19:40 + @@ -85,6 +85,26 @@ }; +qx.Proto.getParentNode = function(module, node) +{ + var tree = this._tree; + var nodes = tree.getTableModel().getData(); + if (nodes == undefined) + { +return undefined; + } + + if (node.parentNodeId == 0) + { +// there is no parent node +return node; + } + + var parentNode = nodes[node.parentNodeId]; + return parentNode; +}; + + qx.Proto._addHostNode = function(module, rpcRequest) { var fsm = module.fsm; @@ -93,22 +113,20 @@ // Get the tree widget var tree = this._tree; var dataModel = tree.getDataModel(); - - // Add new host and its service branches + + // Add new host and its service leaves var hostNodeId = dataModel.addBranch(null, hostname, false); - var domainNodeId = dataModel.addBranch(hostNodeId, Domain, false); - var usersNodeId = dataModel.addBranch(hostNodeId, Users, false); - var
svn commit: samba r21896 - in branches/SAMBA_4_0/services/samba: .
Author: mimir Date: 2007-03-20 22:44:22 + (Tue, 20 Mar 2007) New Revision: 21896 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21896 Log: - Enable creating default NetContext when no explicit credentials are passed. In such case use what's been provided on swat session logon. - Create a proper NetContext object only once and add it to the resources for later use. rafal Modified: branches/SAMBA_4_0/services/samba/ejsnet.esp Changeset: Modified: branches/SAMBA_4_0/services/samba/ejsnet.esp === --- branches/SAMBA_4_0/services/samba/ejsnet.esp2007-03-20 22:25:14 UTC (rev 21895) +++ branches/SAMBA_4_0/services/samba/ejsnet.esp2007-03-20 22:44:22 UTC (rev 21896) @@ -11,53 +11,67 @@ function _NetContext(params, error) { + var credParams, credentials; + var resName; + if (params.length 1) { -error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, - too few parameters(usage: [ credentials ])); -return error; +/* create default NetContext based on already provided credentials */ +credentials = session.authinfo.credentials; +resName = netCtx; } - - var creds = params[0]; - if (creds == undefined) + else { -error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, - credentials parameter is undefined); -return error; - } +/* create user specified credentials object */ +credParams = params[0]; +if (typeof(credParams) != object) +{ + error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, +credentials parameter is expected to be an object); + return error; +} - if (creds.domain == undefined || - typeof(creds.domain) != string) - { -error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, - a valid string is expected in credentials.domain); -return error; - } +if (typeof(credParams.domain) != string) +{ + error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, +a valid string is expected in credentials.domain); + return error; +} - if (creds.username == undefined || - typeof(creds.username) != string) - { -error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, - a valid string is expected in credentials.username); -return error; +if (typeof(credParams.username) != string) +{ + error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, +a valid string is expected in credentials.username); + return error; +} + +if (typeof(credParams.username) != string) +{ + error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, +a valid string is expected in credentials.password); + return error; +} + +credentials = credentials_init(); +credentials.set_domain(credParams.domain); +credentials.set_username(credParams.username); +credentials.set_password(credParams.password); + +resName = netCtx[ + credParams.domain + / + credParams.username + ]; } - - if (creds.password == undefined || - typeof(creds.username) != string) + + /* was this NetContext created yet ? */ + var resId = session.resources.find(key, error); + if (resId != undefined) { -error.setError(jsonrpc.Constant.ServerError.ParameterMismatch, - a valid string is expected in credentials.password); -return error; +/* yes, return its resource id */ +return resId; } - - var credentials = credentials_init(); - credentials.set_domain(creds.domain); - credentials.set_username(creds.username); - credentials.set_password(creds.password); - + + /* no, create the new context and assign it a resource id */ var netCtx = NetContext(credentials); - - return session.resources.set(netCtx, netCtx, error); + resId = session.resources.set(netCtx, resName, error); + return resId; } jsonrpc.method.NetContext = _NetContext;
Build status as of Wed Mar 21 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-03-20 00:00:48.0 + +++ /home/build/master/cache/broken_results.txt 2007-03-21 00:00:21.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Mar 20 00:00:01 2007 +Build status as of Wed Mar 21 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -8,16 +8,16 @@ ctdb 0 0 0 distcc 3 0 0 ldb 30 6 0 -libreplace 28 2 0 +libreplace 28 3 0 lorikeet-heimdal 27 14 0 pidl 19 1 0 ppp 13 0 0 -rsync30 5 0 +rsync31 6 0 samba0 0 0 samba-docs 0 0 0 samba-gtk4 4 0 samba4 35 9 0 -samba_3_037 14 1 +samba_3_037 16 1 smb-build28 28 0 talloc 32 1 0 tdb 30 3 0
Rev 11691: Move more target-specific code into a separate Samba4 module. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/ revno: 11691 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 4.0-envs timestamp: Wed 2007-03-21 01:14:56 +0100 message: Move more target-specific code into a separate Samba4 module. modified: source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED] source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] === modified file 'source/script/tests/Samba4.pm' --- a/source/script/tests/Samba4.pm 2007-03-15 15:11:04 + +++ b/source/script/tests/Samba4.pm 2007-03-21 00:14:56 + @@ -13,17 +13,17 @@ use FindBin qw($RealBin); use POSIX; -sub new($$) { - my ($classname, $bindir) = @_; - my $self = { bindir = $bindir }; +sub new() { + my ($classname, $bindir, $ldap, $setupdir) = @_; + my $self = { ldap = $ldap, bindir = $bindir, setupdir = $setupdir }; bless $self; return $self; } sub slapd_start($$$) { -my $count = 0; - my ($bindir, $conf, $uri) = @_; +my $count = 0; + my ($self, $conf, $uri) = @_; # running slapd in the background means it stays in the same process group, so it can be # killed by timelimit if (defined($ENV{FEDORA_DS_PREFIX})) { @@ -34,10 +34,10 @@ system(slapd -d$ENV{OPENLDAP_LOGLEVEL} -f $conf -h $uri $ENV{LDAPDIR}/logs 21 ); $ENV{PATH} = $oldpath; } - while (system($bindir/ldbsearch -H $uri -s base -b \\ supportedLDAPVersion /dev/null) != 0) { + while (system($self-{bindir}/ldbsearch -H $uri -s base -b \\ supportedLDAPVersion /dev/null) != 0) { $count++; if ($count 10) { - slapd_stop(); + $self-slapd_stop(); return 0; } sleep(1); @@ -45,8 +45,9 @@ return 1; } -sub slapd_stop() +sub slapd_stop($) { + my ($self) = @_; if (defined($ENV{FEDORA_DS_PREFIX})) { system($ENV{LDAPDIR}/slapd-samba4/stop-slapd); } else { @@ -57,17 +58,26 @@ } } -sub smbd_check_or_start($$) +sub smbd_check_or_start() { - my ($self, $test_fifo, $test_log, $socket_wrapper_dir, $max_time, $conffile) = @_; - return 0 if ( -p $test_fifo ); + my ($self, $env_vars, $socket_wrapper_dir, $max_time) = @_; + return 0 if ( -p $env_vars-{SMBD_TEST_FIFO}); + + # Start slapd before smbd + if ($self-{ldap}) { + $self-slapd_start($ENV{SLAPD_CONF}, $ENV{LDAP_URI}) or + die(couldn't start slapd); + + print LDAP PROVISIONING...; + $self-provision_ldap(); + } warn(Not using socket wrapper, but also not running as root. Will not be able to listen on proper ports) unless defined($socket_wrapper_dir) or $ == 0; - unlink($test_fifo); - POSIX::mkfifo($test_fifo, 0700); - unlink($test_log); + unlink($env_vars-{SMBD_TEST_FIFO}); + POSIX::mkfifo($env_vars-{SMBD_TEST_FIFO}, 0700); + unlink($env_vars-{SMBD_TEST_LOG}); my $valgrind = ; if (defined($ENV{SMBD_VALGRIND})) { @@ -77,19 +87,19 @@ print STARTING SMBD... $self-{bindir}; my $pid = fork(); if ($pid == 0) { - open STDIN, $test_fifo; - open STDOUT, $test_log; + open STDIN, $env_vars-{SMBD_TEST_FIFO}; + open STDOUT, $env_vars-{SMBD_TEST_LOG}; open STDERR, 'STDOUT'; my $optarg = ; if (defined($max_time)) { $optarg = --maximum-runtime=$max_time ; } - my $ret = system($valgrind $self-{bindir}/smbd $optarg -s $conffile -M single -i --leak-report-full); + my $ret = system($valgrind $self-{bindir}/smbd $optarg -s $env_vars-{CONFFILE} -M single -i --leak-report-full); if ($? == -1) { print Unable to start smbd: $ret: $!\n; exit 1; } - unlink($test_fifo); + unlink($env_vars-{SMBD_TEST_FIFO}); unlink($socket_wrapper_dir/*) if (defined($socket_wrapper_dir) and -d $socket_wrapper_dir); my $exit = $? 8; if ( $ret == 0 ) { @@ -104,6 +114,8 @@ } print DONE\n; + open(DATA, $env_vars-{SMBD_TEST_FIFO}); + return $pid; } @@ -135,19 +147,43 @@ $ret{$1} = $2; } close(IN); + + $ret{SMBD_TEST_FIFO} = $prefix/smbd_test.fifo; + $ret{SMBD_TEST_LOG} = $prefix/smbd_test.log; return \%ret; } -sub provision_ldap($$) +sub provision_ldap($) { - my ($self, $setupdir) = @_; -system($self-{bindir}/smbscript $setupdir/provision $ENV{PROVISION_OPTIONS}
Rev 11692: Fix test after rename of script. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/ revno: 11692 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 4.0-envs timestamp: Wed 2007-03-21 01:50:26 +0100 message: Fix test after rename of script. modified: source/torture/local/torture.c svn-v2:[EMAIL PROTECTED] === modified file 'source/torture/local/torture.c' --- a/source/torture/local/torture.c2006-10-16 13:06:41 + +++ b/source/torture/local/torture.c2007-03-21 00:50:26 + @@ -47,7 +47,7 @@ torture_assert_ntstatus_ok(tctx, torture_setup_server(mem_ctx, setupserver-success, - ./script/tests/mktestsetup.sh, + ./script/tests/mktestdc.sh, ./bin/smbd, pid), starting smbd failed);
svn commit: samba r21899 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-21 00:56:40 + (Wed, 21 Mar 2007) New Revision: 21899 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21899 Log: At least we're getting to stage 2 of the blob exchange. Still not working but closer. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clitrans.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clitrans.c === --- branches/SAMBA_3_0/source/libsmb/clitrans.c 2007-03-21 00:44:15 UTC (rev 21898) +++ branches/SAMBA_3_0/source/libsmb/clitrans.c 2007-03-21 00:56:40 UTC (rev 21899) @@ -194,11 +194,15 @@ * to a trans call. This is not an error and should not * be treated as such. Note that STATUS_NO_MORE_FILES is * returned when a trans2 findfirst/next finishes. +* When setting up an encrypted transport we can also +* see NT_STATUS_MORE_PROCESSING_REQUIRED here. */ status = cli_nt_error(cli); - if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { - goto out; + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { + goto out; + } } /* parse out the lengths */ @@ -303,8 +307,10 @@ CVAL(cli-inbuf,smb_com))); goto out; } - if (NT_STATUS_IS_ERR(cli_nt_error(cli))) { - goto out; + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + if (NT_STATUS_IS_ERR(cli_nt_error(cli))) { + goto out; + } } /* parse out the total lengths again - they can shrink! */
svn commit: samba r21900 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2007-03-21 01:04:56 + (Wed, 21 Mar 2007) New Revision: 21900 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21900 Log: Token exchange now seems to work, now why does the client encrypt fail ? Jeremy. Modified: branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/seal.c === --- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-21 00:56:40 UTC (rev 21899) +++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-21 01:04:56 UTC (rev 21900) @@ -318,7 +318,7 @@ if (!partial_srv_trans_enc_ctx) { /* This is the initial step. */ status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob, False); - if (!NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED) !NT_STATUS_IS_OK(status)) { srv_free_encryption_context(partial_srv_trans_enc_ctx); return nt_status_squash(status); }
svn commit: samba r21901 - in branches/SAMBA_3_0/source/client: .
Author: jra Date: 2007-03-21 01:21:16 + (Wed, 21 Mar 2007) New Revision: 21901 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21901 Log: Don't use fstrcat when you mean fstrcpy. Doh ! Jeremy. Modified: branches/SAMBA_3_0/source/client/client.c Changeset: Modified: branches/SAMBA_3_0/source/client/client.c === --- branches/SAMBA_3_0/source/client/client.c 2007-03-21 01:04:56 UTC (rev 21900) +++ branches/SAMBA_3_0/source/client/client.c 2007-03-21 01:21:16 UTC (rev 21901) @@ -1799,18 +1799,19 @@ d_printf(posix_encrypt domain user password\n); return 1; } - fstrcat(domain,buf); + fstrcpy(domain,buf); + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { d_printf(posix_encrypt domain user password\n); return 1; } - fstrcat(user,buf); + fstrcpy(user,buf); if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { d_printf(posix_encrypt domain user password\n); return 1; } - fstrcat(password,buf); + fstrcpy(password,buf); status = cli_raw_ntlm_smb_encryption_start(cli, user,
svn commit: samba r21902 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-21 01:32:01 + (Wed, 21 Mar 2007) New Revision: 21902 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21902 Log: Don't free the thing you're trying to set in the cli state. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clifsinfo.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clifsinfo.c === --- branches/SAMBA_3_0/source/libsmb/clifsinfo.c2007-03-21 01:21:16 UTC (rev 21901) +++ branches/SAMBA_3_0/source/libsmb/clifsinfo.c2007-03-21 01:32:01 UTC (rev 21902) @@ -409,6 +409,7 @@ } cli-trans_enc_state = es; cli-trans_enc_state-enc_on = True; + es = NULL; } fail:
Rev 11694: Initial work on support for a Samba3 target. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/ revno: 11694 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 4.0-envs timestamp: Wed 2007-03-21 02:36:59 +0100 message: Initial work on support for a Samba3 target. added: source/script/tests/Samba3.pm samba3.pm-20070321010054-iuaa65j1qcdh0i66-1 modified: source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED] source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] === added file 'source/script/tests/Samba3.pm' --- a/source/script/tests/Samba3.pm 1970-01-01 00:00:00 + +++ b/source/script/tests/Samba3.pm 2007-03-21 01:36:59 + @@ -0,0 +1,129 @@ +#!/usr/bin/perl +# Bootstrap Samba and run a number of tests against it. +# Copyright (C) 2005-2007 Jelmer Vernooij [EMAIL PROTECTED] +# Published under the GNU GPL, v3 or later. + +package Samba3; + +use strict; +use FindBin qw($RealBin); +use POSIX; + +sub new($$$) { + my ($classname, $bindir, $setupdir) = @_; + my $self = { bindir = $bindir, setupdir = $setupdir }; + bless $self; + return $self; +} + +sub check_or_start() +{ + my ($self, $env_vars, $socket_wrapper_dir, $max_time) = @_; + return 0 if ( -p $env_vars-{SMBD_TEST_FIFO}); + + warn(Not using socket wrapper, but also not running as root. Will not be able to listen on proper ports) unless + defined($socket_wrapper_dir) or $ == 0; + + unlink($env_vars-{SMBD_TEST_FIFO}); + POSIX::mkfifo($env_vars-{SMBD_TEST_FIFO}, 0700); + unlink($env_vars-{SMBD_TEST_LOG}); + + my $valgrind = ; + if (defined($ENV{SMBD_VALGRIND})) { + $valgrind = $ENV{SMBD_VALGRIND}; + } + + print STARTING SMBD... ; + my $pid = fork(); + if ($pid == 0) { + open STDIN, $env_vars-{SMBD_TEST_FIFO}; + open STDOUT, $env_vars-{SMBD_TEST_LOG}; + open STDERR, 'STDOUT'; + my $optarg = ; + if (defined($max_time)) { + $optarg = --maximum-runtime=$max_time ; + } + my $ret = system($valgrind $self-{bindir}/smbd $optarg -s $env_vars-{CONFFILE} -M single -i --leak-report-full); + if ($? == -1) { + print Unable to start smbd: $ret: $!\n; + exit 1; + } + unlink($env_vars-{SMBD_TEST_FIFO}); + unlink($socket_wrapper_dir/*) if (defined($socket_wrapper_dir) and -d $socket_wrapper_dir); + my $exit = $? 8; + if ( $ret == 0 ) { + print smbd exits with status $exit\n; + } elsif ( $ret 127 ) { + print smbd got signal .($ret 127). and exits with $exit!\n; + } else { + $ret = $? 8; + print smbd failed with status $exit!\n; + } + exit $exit; + } + print DONE\n; + + open(DATA, $env_vars-{SMBD_TEST_FIFO}); + + return $pid; +} + +sub wait_for_start($) +{ + # give time for nbt server to register its names + print delaying for nbt name registration\n; + + # This will return quickly when things are up, but be slow if we + # need to wait for (eg) SSL init + system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER}); + system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{SERVER}); + system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER}); + system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); + system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME}); + system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); + system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME}); + system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); +} + +sub provision($$$) +{ + my ($self, $environment, $prefix) = @_; + my %ret = (); + print PROVISIONING...; + open(IN, $RealBin/mktestdc.sh $prefix|) or die(Unable to setup); + while (IN) { + die (Error parsing `$_') unless (/^([A-Z0-9a-z_]+)=(.*)$/); + $ret{$1} = $2; + } + close(IN); + + $ret{SMBD_TEST_FIFO} = $prefix/smbd_test.fifo; + $ret{SMBD_TEST_LOG} = $prefix/smbd_test.log; + return \%ret; +} + +sub stop($) +{ + my ($self) = @_; + + close(DATA); + + sleep(2); + + my $failed = $? 8; + + if (-f $ENV{PIDDIR}/smbd.pid ) { + open(IN, $ENV{PIDDIR}/smbd.pid) or die(unable to open smbd pid file); + kill 9, IN; + close(IN); + } + + return $failed; +} + +sub setup_env($$) +{ + my ($self, $name) = @_; +} + +1; === modified file 'source/script/tests/Samba4.pm' ---
svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-21 02:02:09 + (Wed, 21 Mar 2007) New Revision: 21903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21903 Log: Get the length calculations right (I always forget the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 01:32:01 UTC (rev 21902) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 02:02:09 UTC (rev 21903) @@ -38,30 +38,33 @@ NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) { NTSTATUS status; - size_t orig_len = smb_len(buf); - size_t new_len = orig_len - NTLMSSP_SIG_SIZE; + size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */ DATA_BLOB sig; - if (orig_len 8 + NTLMSSP_SIG_SIZE) { + if (buf_len 8 + NTLMSSP_SIG_SIZE) { return NT_STATUS_BUFFER_TOO_SMALL; } + /* Adjust for the signature. */ + buf_len -= NTLMSSP_SIG_SIZE; + /* Save off the signature. */ - sig = data_blob(buf+orig_len-NTLMSSP_SIG_SIZE, NTLMSSP_SIG_SIZE); + sig = data_blob(buf+buf_len, NTLMSSP_SIG_SIZE); status = ntlmssp_unseal_packet(ntlmssp_state, (unsigned char *)buf + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */ - new_len - 8, + buf_len - 8, (unsigned char *)buf, - new_len, + buf_len, sig); if (!NT_STATUS_IS_OK(status)) { data_blob_free(sig); return status; } + /* Reset the length. */ - smb_setlen(buf, new_len); + smb_setlen(buf, smb_len(buf) - NTLMSSP_SIG_SIZE); return NT_STATUS_OK; } @@ -74,13 +77,12 @@ { NTSTATUS status; char *buf_out; - size_t orig_len = smb_len(buf); - size_t new_len = orig_len + NTLMSSP_SIG_SIZE; + size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */ DATA_BLOB sig; *ppbuf_out = NULL; - if (orig_len 8) { + if (buf_len 8) { return NT_STATUS_BUFFER_TOO_SMALL; } @@ -91,19 +93,19 @@ /* Copy the original buffer. */ - buf_out = SMB_XMALLOC_ARRAY(char, new_len); - memcpy(buf_out, buf, orig_len); + buf_out = SMB_XMALLOC_ARRAY(char, buf_len + NTLMSSP_SIG_SIZE); + memcpy(buf_out, buf, buf_len); /* Last 16 bytes undefined here... */ - smb_setlen(buf_out, new_len); + smb_setlen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE); sig = data_blob(NULL, NTLMSSP_SIG_SIZE); status = ntlmssp_seal_packet(ntlmssp_state, (unsigned char *)buf_out + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */ - orig_len - 8, + buf_len - 8, (unsigned char *)buf_out, - orig_len, + buf_len, sig); if (!NT_STATUS_IS_OK(status)) { @@ -112,7 +114,7 @@ return status; } - memcpy(buf_out+orig_len, sig.data, NTLMSSP_SIG_SIZE); + memcpy(buf_out+buf_len, sig.data, NTLMSSP_SIG_SIZE); *ppbuf_out = buf_out; return NT_STATUS_OK; }
Re: svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .
On Wed, 2007-03-21 at 02:02 +, [EMAIL PROTECTED] wrote: Author: jra Date: 2007-03-21 02:02:09 + (Wed, 21 Mar 2007) New Revision: 21903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21903 Log: Get the length calculations right (I always forget the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! WoW, awesome! Great job Jeremy. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org
Rev 5429: Move test environment create code to a separate script. in file:///home/jelmer/bzr.samba/3.0-perltest/
At file:///home/jelmer/bzr.samba/3.0-perltest/ revno: 5429 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 3.0-perltest timestamp: Wed 2007-03-21 03:26:07 +0100 message: Move test environment create code to a separate script. added: source/script/tests/mktestsetup.sh mktestsetup.sh-20070321012023-5402h6n35mf9lpz0-1 modified: source/script/tests/selftest.sh svn-v2:[EMAIL PROTECTED] === added file 'source/script/tests/mktestsetup.sh' --- a/source/script/tests/mktestsetup.sh1970-01-01 00:00:00 + +++ b/source/script/tests/mktestsetup.sh2007-03-21 02:26:07 + @@ -0,0 +1,136 @@ +#!/bin/sh +# Setup a Samba 3 DC for testing +# Copyright (C) 2006 Stefan (metze) Metzmacher +# Copyright (C) 2007 Jelmer Vernooij +# Published under the GNU GPL, v2 or later. + +if [ $# -lt 1 ] +then + echo $0 PREFIX + exit 1 +fi + +PREFIX=$1 + +## +## setup the various environment variables we need +## + +SERVER=localhost2 +SERVER_IP=127.0.0.2 +USERNAME=`PATH=/usr/ucb:$PATH whoami` +PASSWORD=test + +SRCDIR=`dirname $0`/../.. +BINDIR=`pwd`/bin +SCRIPTDIR=$SRCDIR/script/tests +SHRDIR=$PREFIX_ABS/tmp +LIBDIR=$PREFIX_ABS/lib +PIDDIR=$PREFIX_ABS/pid +CONFFILE=$LIBDIR/client.conf +SERVERCONFFILE=$LIBDIR/server.conf +COMMONCONFFILE=$LIBDIR/common.conf +PRIVATEDIR=$PREFIX_ABS/private +LOCKDIR=$PREFIX_ABS/lockdir +LOGDIR=$PREFIX_ABS/logs +CONFIGURATION=-s $CONFFILE + +export PREFIX PREFIX_ABS +export CONFIGURATION CONFFILE +export PATH SOCKET_WRAPPER_DIR DOMAIN +export PRIVATEDIR LIBDIR PIDDIR LOCKDIR LOGDIR SERVERCONFFILE +export SRCDIR SCRIPTDIR BINDIR +export USERNAME PASSWORD +export SERVER SERVER_IP + +## +## create the test directory layout +## +echo -n CREATE TEST ENVIRONMENT IN '$PREFIX'... +/bin/rm -rf $PREFIX/* +mkdir -p $PRIVATEDIR $LIBDIR $PIDDIR $LOCKDIR $LOGDIR $SOCKET_WRAPPER_DIR +mkdir -p $PREFIX_ABS/tmp +chmod 777 $PREFIX_ABS/tmp + +## +## Create the common config include file with the basic settings +## + +cat $COMMONCONFFILEEOF + workgroup = SAMBA-TEST + + private dir = $PRIVATEDIR + pid directory = $PIDDIR + lock directory = $LOCKDIR + log file = $LOGDIR/log.%m + log level = 0 + + name resolve order = bcast +EOF + +cat $CONFFILEEOF +[global] + netbios name = TORTURE_6 + interfaces = $TORTURE_INTERFACES + panic action = $SCRIPTDIR/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + include = $COMMONCONFFILE + + passdb backend = tdbsam +EOF + +cat $SERVERCONFFILEEOF +[global] + netbios name = $SERVER + interfaces = $SERVER_IP/8 + bind interfaces only = yes + panic action = $SCRIPTDIR/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + include = $COMMONCONFFILE + + passdb backend = tdbsam + + ; Necessary to add the build farm hacks + add user script = /bin/false + add machine script = /bin/false + + kernel oplocks = no + kernel change notify = no + + syslog = no + printing = bsd + printcap name = /dev/null + +[tmp] + path = $PREFIX_ABS/tmp + read only = no + smbd:sharedelay = 10 + map hidden = yes + map system = yes + create mask = 755 +[hideunread] + copy = tmp + hide unreadable = yes +[hideunwrite] + copy = tmp + hide unwriteable files = yes +[print1] + copy = tmp + printable = yes + printing = test +[print2] + copy = print1 +[print3] + copy = print1 +[print4] + copy = print1 +EOF + +## +## create a test account +## + +(echo $PASSWORD; echo $PASSWORD) | \ + smbpasswd -c $CONFFILE -L -s -a $USERNAME /dev/null || exit 1 + +echo DONE; + + === modified file 'source/script/tests/selftest.sh' --- a/source/script/tests/selftest.sh 2007-03-08 21:30:15 + +++ b/source/script/tests/selftest.sh 2007-03-21 02:26:07 + @@ -24,92 +24,30 @@ export TORTURE_MAXTIME ## -## setup the various environment variables we need +## verify that we were built with --enable-socket-wrapper ## -SERVER=localhost2 -SERVER_IP=127.0.0.2 -USERNAME=`PATH=/usr/ucb:$PATH whoami` -PASSWORD=test - -SRCDIR=`dirname $0`/../.. -BINDIR=`pwd`/bin -SCRIPTDIR=$SRCDIR/script/tests -SHRDIR=$PREFIX_ABS/tmp -LIBDIR=$PREFIX_ABS/lib -PIDDIR=$PREFIX_ABS/pid -CONFFILE=$LIBDIR/client.conf +if test x`smbd -b | grep SOCKET_WRAPPER` = x; then + echo *** + echo *** You must include --enable-socket-wrapper when compiling Samba + echo *** in order to execute 'make test'. Exiting + echo *** + exit 1 +fi + +. ./script/tests/mktestsetup.sh $PREFIX + +SOCKET_WRAPPER_DIR=$PREFIX/sw SAMBA4CONFFILE=$LIBDIR/samba4client.conf -SERVERCONFFILE=$LIBDIR/server.conf -COMMONCONFFILE=$LIBDIR/common.conf -PRIVATEDIR=$PREFIX_ABS/private -LOCKDIR=$PREFIX_ABS/lockdir -LOGDIR=$PREFIX_ABS/logs -SOCKET_WRAPPER_DIR=$PREFIX/sw -CONFIGURATION=-s
Re: svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .
On Wed, Mar 21, 2007 at 02:24:46AM +, simo wrote: On Wed, 2007-03-21 at 02:02 +, [EMAIL PROTECTED] wrote: Author: jra Date: 2007-03-21 02:02:09 + (Wed, 21 Mar 2007) New Revision: 21903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21903 Log: Get the length calculations right (I always forget the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! WoW, awesome! Great job Jeremy. The gss-api level comes next so we have krb5 sign+seal - identical to encrypted NFSv3/4. But I'll finish that tomorrow :-). Thanks ! Jeremy.