svn commit: samba r21885 - in branches/SAMBA_3_0/source/modules: .
Author: ab
Date: 2007-03-20 08:17:27 + (Tue, 20 Mar 2007)
New Revision: 21885
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21885
Log:
Chown logic should be activated only if nfs4:chown=yes
Modified:
branches/SAMBA_3_0/source/modules/nfs4_acls.c
Changeset:
Modified: branches/SAMBA_3_0/source/modules/nfs4_acls.c
===
--- branches/SAMBA_3_0/source/modules/nfs4_acls.c 2007-03-20 02:43:20 UTC
(rev 21884)
+++ branches/SAMBA_3_0/source/modules/nfs4_acls.c 2007-03-20 08:17:27 UTC
(rev 21885)
@@ -604,31 +604,33 @@
if (smbacl4_GetFileOwner(fsp, sbuf))
return False;
- /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
- if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID,
security_info_sent, psd))
- {
- DEBUG(8, (unpack_nt_owners failed));
- return False;
- }
- if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) ||
- ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) {
- need_chown = True;
- }
- if (need_chown) {
- if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) {
- if(try_chown(fsp-conn, fsp-fsp_name, newUID, newGID))
{
- DEBUG(3,(chown %s, %u, %u failed. Error =
%s.\n,
- fsp-fsp_name, (unsigned int)newUID,
(unsigned int)newGID, strerror(errno) ));
- return False;
+ if (params.do_chown) {
+ /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
+ if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID,
security_info_sent, psd))
+ {
+ DEBUG(8, (unpack_nt_owners failed));
+ return False;
+ }
+ if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) ||
+ ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) {
+ need_chown = True;
+ }
+ if (need_chown) {
+ if ((newUID == (uid_t)-1 || newUID ==
current_user.ut.uid)) {
+ if(try_chown(fsp-conn, fsp-fsp_name, newUID,
newGID)) {
+ DEBUG(3,(chown %s, %u, %u failed.
Error = %s.\n,
+ fsp-fsp_name, (unsigned
int)newUID, (unsigned int)newGID, strerror(errno) ));
+ return False;
+ }
+ DEBUG(10,(chown %s, %u, %u succeeded.\n,
+ fsp-fsp_name, (unsigned int)newUID,
(unsigned int)newGID));
+ if (smbacl4_GetFileOwner(fsp, sbuf))
+ return False;
+ need_chown = False;
+ } else { /* chown is needed, but _after_ changing acl */
+ sbuf.st_uid = newUID; /* OWNER@ in case of
e_special */
+ sbuf.st_gid = newGID; /* GROUP@ in case of
e_special */
}
- DEBUG(10,(chown %s, %u, %u succeeded.\n,
- fsp-fsp_name, (unsigned int)newUID, (unsigned
int)newGID));
- if (smbacl4_GetFileOwner(fsp, sbuf))
- return False;
- need_chown = False;
- } else { /* chown is needed, but _after_ changing acl */
- sbuf.st_uid = newUID; /* OWNER@ in case of e_special */
- sbuf.st_gid = newGID; /* GROUP@ in case of e_special */
}
}
svn commit: samba r21886 - in branches/SAMBA_3_0_25/source/modules: .
Author: ab
Date: 2007-03-20 08:17:50 + (Tue, 20 Mar 2007)
New Revision: 21886
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21886
Log:
Chown logic should be activated only if nfs4:chown=yes
Modified:
branches/SAMBA_3_0_25/source/modules/nfs4_acls.c
Changeset:
Modified: branches/SAMBA_3_0_25/source/modules/nfs4_acls.c
===
--- branches/SAMBA_3_0_25/source/modules/nfs4_acls.c2007-03-20 08:17:27 UTC
(rev 21885)
+++ branches/SAMBA_3_0_25/source/modules/nfs4_acls.c2007-03-20 08:17:50 UTC
(rev 21886)
@@ -604,31 +604,33 @@
if (smbacl4_GetFileOwner(fsp, sbuf))
return False;
- /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
- if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID,
security_info_sent, psd))
- {
- DEBUG(8, (unpack_nt_owners failed));
- return False;
- }
- if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) ||
- ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) {
- need_chown = True;
- }
- if (need_chown) {
- if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) {
- if(try_chown(fsp-conn, fsp-fsp_name, newUID, newGID))
{
- DEBUG(3,(chown %s, %u, %u failed. Error =
%s.\n,
- fsp-fsp_name, (unsigned int)newUID,
(unsigned int)newGID, strerror(errno) ));
- return False;
+ if (params.do_chown) {
+ /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
+ if (!unpack_nt_owners(SNUM(fsp-conn), newUID, newGID,
security_info_sent, psd))
+ {
+ DEBUG(8, (unpack_nt_owners failed));
+ return False;
+ }
+ if (((newUID != (uid_t)-1) (sbuf.st_uid != newUID)) ||
+ ((newGID != (gid_t)-1) (sbuf.st_gid != newGID))) {
+ need_chown = True;
+ }
+ if (need_chown) {
+ if ((newUID == (uid_t)-1 || newUID ==
current_user.ut.uid)) {
+ if(try_chown(fsp-conn, fsp-fsp_name, newUID,
newGID)) {
+ DEBUG(3,(chown %s, %u, %u failed.
Error = %s.\n,
+ fsp-fsp_name, (unsigned
int)newUID, (unsigned int)newGID, strerror(errno) ));
+ return False;
+ }
+ DEBUG(10,(chown %s, %u, %u succeeded.\n,
+ fsp-fsp_name, (unsigned int)newUID,
(unsigned int)newGID));
+ if (smbacl4_GetFileOwner(fsp, sbuf))
+ return False;
+ need_chown = False;
+ } else { /* chown is needed, but _after_ changing acl */
+ sbuf.st_uid = newUID; /* OWNER@ in case of
e_special */
+ sbuf.st_gid = newGID; /* GROUP@ in case of
e_special */
}
- DEBUG(10,(chown %s, %u, %u succeeded.\n,
- fsp-fsp_name, (unsigned int)newUID, (unsigned
int)newGID));
- if (smbacl4_GetFileOwner(fsp, sbuf))
- return False;
- need_chown = False;
- } else { /* chown is needed, but _after_ changing acl */
- sbuf.st_uid = newUID; /* OWNER@ in case of e_special */
- sbuf.st_gid = newGID; /* GROUP@ in case of e_special */
}
}
svn commit: samba r21887 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: gd
Date: 2007-03-20 12:44:40 + (Tue, 20 Mar 2007)
New Revision: 21887
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21887
Log:
Fix annoying bug where in a pam_close_session (or a pam_setcred with the
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches.
Make sure that only root can do this.
Jerry, Jeremy, please check.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-20 08:17:50 UTC
(rev 21886)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-03-20 12:44:40 UTC
(rev 21887)
@@ -2092,7 +2092,9 @@
{
struct winbindd_domain *domain;
fstring name_domain, user;
-
+ uid_t caller_uid = (uid_t)-1;
+ uid_t request_uid = state-request.data.logoff.uid;
+
DEBUG(3, ([%5lu]: pam logoff %s\n, (unsigned long)state-pid,
state-request.data.logoff.user));
@@ -2103,6 +2105,10 @@
state-request.data.logoff.krb5ccname
[sizeof(state-request.data.logoff.krb5ccname)-1]='\0';
+ if (request_uid == (gid_t)-1) {
+ goto failed;
+ }
+
if (!canonicalize_username(state-request.data.logoff.user,
name_domain, user)) {
goto failed;
}
@@ -2111,6 +2117,28 @@
goto failed;
}
+ if ((sys_getpeereid(state-sock, caller_uid)) != 0) {
+ DEBUG(1,(winbindd_pam_logoff: failed to check peerid: %s\n,
+ strerror(errno)));
+ goto failed;
+ }
+
+ switch (caller_uid) {
+ case -1:
+ goto failed;
+ case 0:
+ /* root must be able to logoff any user - gd */
+ state-request.data.logoff.uid = request_uid;
+ break;
+ default:
+ if (caller_uid != request_uid) {
+ DEBUG(1,(winbindd_pam_logoff: caller requested
invalid uid\n));
+ goto failed;
+ }
+ state-request.data.logoff.uid = caller_uid;
+ break;
+ }
+
sendto_domain(state, domain);
return;
Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c
===
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c2007-03-20
08:17:50 UTC (rev 21886)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c2007-03-20
12:44:40 UTC (rev 21887)
@@ -2092,7 +2092,9 @@
{
struct winbindd_domain *domain;
fstring name_domain, user;
-
+ uid_t caller_uid = (uid_t)-1;
+ uid_t request_uid = state-request.data.logoff.uid;
+
DEBUG(3, ([%5lu]: pam logoff %s\n, (unsigned long)state-pid,
state-request.data.logoff.user));
@@ -2103,6 +2105,10 @@
state-request.data.logoff.krb5ccname
[sizeof(state-request.data.logoff.krb5ccname)-1]='\0';
+ if (request_uid == (gid_t)-1) {
+ goto failed;
+ }
+
if (!canonicalize_username(state-request.data.logoff.user,
name_domain, user)) {
goto failed;
}
@@ -2111,6 +2117,28 @@
goto failed;
}
+ if ((sys_getpeereid(state-sock, caller_uid)) != 0) {
+ DEBUG(1,(winbindd_pam_logoff: failed to check peerid: %s\n,
+ strerror(errno)));
+ goto failed;
+ }
+
+ switch (caller_uid) {
+ case -1:
+ goto failed;
+ case 0:
+ /* root must be able to logoff any user - gd */
+ state-request.data.logoff.uid = request_uid;
+ break;
+ default:
+ if (caller_uid != request_uid) {
+ DEBUG(1,(winbindd_pam_logoff: caller requested
invalid uid\n));
+ goto failed;
+ }
+ state-request.data.logoff.uid = caller_uid;
+ break;
+ }
+
sendto_domain(state, domain);
return;
svn commit: samba-docs r1066 - in trunk/manpages-3: .
Author: jmcd Date: 2007-03-20 13:05:44 + (Tue, 20 Mar 2007) New Revision: 1066 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1066 Log: Add nfs4:chown option, and a few formatting changes. Modified: trunk/manpages-3/vfs_gpfs.8.xml Changeset: Modified: trunk/manpages-3/vfs_gpfs.8.xml === --- trunk/manpages-3/vfs_gpfs.8.xml 2007-03-19 21:32:53 UTC (rev 1065) +++ trunk/manpages-3/vfs_gpfs.8.xml 2007-03-20 13:05:44 UTC (rev 1066) @@ -75,8 +75,10 @@ /varlistentry + varlistentry termnfs4:acedup = [dontcare|reject|ignore|merge]/term + listitem para This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. GPFS allows/creates duplicate ACE for different bits for same ID. @@ -89,8 +91,27 @@ listitemparacommandignore/command - don't include the second matching ACE/para/listitem listitemparacommandmerge/command - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE/para/listitem /itemizedlist + /listitem /varlistentry + + varlistentry + termnfs4:chown = [yes|no]/term + listitem + paraThis parameter allows enabling or disabling the chown supported + by the underlying filesystem. This parameter should be enabled with + care as it might leave your system insecure./para + paraSome filesystems allow chown as a) giving b) stealing. It is the latter + that is considered a risk./para + + paraFollowing is the behaviour of Samba for different values : /para + itemizedlist + listitemparacommandyes/command - Enable chown if as supported by the under filesystem/para/listitem + listitemparacommandno (default)/command - Disable chown/para/listitem + /itemizedlist + /listitem + /varlistentry + /variablelist /refsect1
sys_getpeerid() [was Re: svn commit: samba r21887 -...]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: gd Date: 2007-03-20 12:44:40 + (Tue, 20 Mar 2007) New Revision: 21887 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21887 Log: Fix annoying bug where in a pam_close_session (or a pam_setcred with the PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches. Make sure that only root can do this. Jerry, Jeremy, please check. There are three places we use sys_getpeerid() that I can tell. (a) Jeremy's Domain Users hack for reporting group membership, (b) access to the ntlm_auth cache for applications like Firefox, and now (c) The capability to issue a logoff call. If we don't have getpeerid() I can loose the first two. No big deal. The problem I see with (c) is that if a platform does not support getpeerid() then you get init a user's krb5 ccache but never delete it. Which makes the feature asymetrical based on support for getpeerid(). Am I missing something here ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/+ngIR7qMdg1EfYRAhArAJ9DTSiM/wWflGkVq3kf0jIwC2j4dACgkINs KunBqbQWkDYlMjC5yJ4ZJtY= =hNHM -END PGP SIGNATURE-
Rev 5292: First _unfinished_ version of net conf import. in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
revno: 5292
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
committer: Michael Adam [EMAIL PROTECTED]
branch nick: SAMBA_3_0-registry.bzr
timestamp: Tue 2007-03-20 16:20:51 +0100
message:
First _unfinished_ version of net conf import.
This function is to import registry shares from a file
in smb.conf format. Currently it loads a file given on
the command line via lp_load and dumps the read config
out to stdout. Once the loop is finished, the data will
be put into the registry instead of dumped.
modified:
source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1
=== modified file 'source/utils/net_conf.c'
--- a/source/utils/net_conf.c 2007-03-13 16:52:01 +
+++ b/source/utils/net_conf.c 2007-03-20 15:20:51 +
@@ -44,6 +44,24 @@
* usage functions
*/
+static int net_conf_list_usage(int argc, const char **argv)
+{
+ d_printf(USAGE: net conf list\n);
+ return -1;
+}
+
+static int net_conf_import_usage(int argc, const char**argv)
+{
+ d_printf(USAGE: net conf import filename\n);
+ return -1;
+}
+
+static int net_conf_listshares_usage(int argc, const char **argv)
+{
+ d_printf(USAGE: net conf listshares\n);
+ return -1;
+}
+
static int net_conf_showshare_usage(int argc, const char **argv)
{
d_printf(USAGE: net conf showshare sharename\n);
@@ -89,18 +107,6 @@
return -1;
}
-static int net_conf_list_usage(int argc, const char **argv)
-{
- d_printf(USAGE: net conf list\n);
- return -1;
-}
-
-static int net_conf_listshares_usage(int argc, const char **argv)
-{
- d_printf(USAGE: net conf listshares\n);
- return -1;
-}
-
/*
* Helper functions
@@ -272,6 +278,89 @@
return ret;
}
+int net_conf_import(int argc, const char **argv)
+{
+ int ret = -1;
+ const char *filename = NULL;
+ TALLOC_CTX *ctx;
+ struct share_iterator *shares;
+ struct share_params *share;
+ struct parm_struct *parm;
+ int i = 0;
+ char *utf8_s1;
+
+ ctx = talloc_init(net_conf_import);
+
+ if (argc != 1) {
+ net_conf_import_usage(argc, argv);
+ goto done;
+ }
+
+ filename = argv[0];
+ DEBUG(3,(net_conf_import: reading configuration from file %s.\n,
+ filename));
+
+ /* TODO: check for existence and readability */
+
+ if (!lp_load(filename,
+False, /* global_only */
+False, /* save_defaults */
+False, /* add_ipc */
+False))/* initialize_globals */
+ {
+ d_fprintf(stderr, Error parsing configuration file.\n);
+ goto done;
+ }
+
+ if (!(shares = share_list_all(ctx))) {
+ d_fprintf(stderr, Could not list shares...\n);
+ goto done;
+ }
+ while ((share = next_share(shares)) != NULL) {
+ d_printf(TEST: snum%i : [%s]\n, share-service,
+lp_servicename(share-service));
+ i = 0;
+ while ((parm = lp_next_parameter(share-service, i, 0)))
+ {
+ if (parm-type != P_SEP) {
+ d_printf(TEST: param %3d : %s = , i,
+parm-label);
+ }
+ switch (parm-type) {
+ case P_CHAR:
+ d_printf(%c, *(char *)(parm-ptr));
+ break;
+ case P_STRING:
+ case P_USTRING:
+ d_printf(%s\n, *(char **)(parm-ptr));
+ break;
+ case P_GSTRING:
+ case P_UGSTRING:
+ d_printf(%s\n, (char *)(parm-ptr));
+ break;
+ case P_BOOL:
+ d_printf(%s\n, BOOLSTR(*(BOOL *)(parm-ptr)));
+ break;
+ case P_BOOLREV:
+ d_printf(%s\n, BOOLSTR(!*(BOOL
*)(parm-ptr)));
+ break;
+ case P_SEP:
+ break;
+ default:
+ d_printf(type unimplemented\n);
+ break;
+ }
+ }
+ d_printf(TEST: ---\n);
+ }
+
+ ret = 0;
+
+done:
+ TALLOC_FREE(ctx);
+ return ret;
+}
+
int net_conf_listshares(int argc, const char **argv)
{
WERROR werr = WERR_OK;
@@ -722,6 +811,8 @@
struct functable2 func[] = {
{list, net_conf_list,
Dump the complete
svn commit: samba r21888 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_25/source/utils
Author: jerry
Date: 2007-03-20 15:29:33 + (Tue, 20 Mar 2007)
New Revision: 21888
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21888
Log:
Add the osname and osver options to 'net ads join' as discussed
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
Modified:
branches/SAMBA_3_0/source/utils/net_ads.c
branches/SAMBA_3_0_25/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===
--- branches/SAMBA_3_0/source/utils/net_ads.c 2007-03-20 12:44:40 UTC (rev
21887)
+++ branches/SAMBA_3_0/source/utils/net_ads.c 2007-03-20 15:29:33 UTC (rev
21888)
@@ -1118,6 +1118,72 @@
}
/***
+ Set a machines dNSHostName and servicePrincipalName attributes
+ /
+
+static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s,
+ const char *os_name, const char
*os_version )
+{
+ ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
+ char *new_dn;
+ ADS_MODLIST mods;
+ LDAPMessage *res = NULL;
+ char *dn_string = NULL;
+ const char *machine_name = global_myname();
+ int count;
+ char *os_sp = NULL;
+
+ if ( !os_name || !os_version ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* Find our DN */
+
+ status = ads_find_machine_acct(ads_s, res, machine_name);
+ if (!ADS_ERR_OK(status))
+ return status;
+
+ if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
+ DEBUG(1,(net_set_machine_spn: %d entries returned!\n, count));
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
+ DEBUG(1, (ads_add_machine_acct: ads_get_dn returned NULL
(malloc failure?)\n));
+ goto done;
+ }
+
+ new_dn = talloc_strdup(ctx, dn_string);
+ ads_memfree(ads_s, dn_string);
+ if (!new_dn) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* now do the mods */
+
+ if (!(mods = ads_init_mods(ctx))) {
+ goto done;
+ }
+
+ os_sp = talloc_asprintf( ctx, Samba %s, SAMBA_VERSION_STRING );
+
+ /* fields of primary importance */
+
+ ads_mod_str(ctx, mods, operatingSystem, os_name);
+ ads_mod_str(ctx, mods, operatingSystemVersion, os_version);
+ if ( os_sp )
+ ads_mod_str(ctx, mods, operatingSystemServicePack, os_sp);
+
+ status = ads_gen_mod(ads_s, new_dn, mods);
+
+done:
+ ads_msgfree(ads_s, res);
+ TALLOC_FREE( os_sp );
+
+ return status;
+}
+
+/***
join a domain using ADS (LDAP mods)
/
@@ -1386,6 +1452,8 @@
int i;
fstring dc_name;
struct in_addr dcip;
+ const char *os_name = NULL;
+ const char *os_version = NULL;
nt_status = check_ads_config();
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1427,11 +1495,25 @@
}
else if ( !StrnCaseCmp(argv[i], createcomputer,
strlen(createcomputer)) ) {
if ( (create_in_ou = get_string_param(argv[i])) == NULL
) {
- d_fprintf(stderr, Please supply a valid OU
path\n);
+ d_fprintf(stderr, Please supply a valid OU
path.\n);
nt_status = NT_STATUS_INVALID_PARAMETER;
goto fail;
}
}
+ else if ( !StrnCaseCmp(argv[i], osName, strlen(osName)) ) {
+ if ( (os_name = get_string_param(argv[i])) == NULL ) {
+ d_fprintf(stderr, Please supply a operating
system name.\n);
+ nt_status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ }
+ else if ( !StrnCaseCmp(argv[i], osVer, strlen(osVer)) ) {
+ if ( (os_version = get_string_param(argv[i])) == NULL )
{
+ d_fprintf(stderr, Please supply a valid
operating system version.\n);
+ nt_status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ }
else {
d_fprintf(stderr, Bad option: %s\n,
Re: sys_getpeerid() [was Re: svn commit: samba r21887 -...]
Hi Jerry, Gerald (Jerry) Carter wrote: There are three places we use sys_getpeerid() that I can tell. (a) Jeremy's Domain Users hack for reporting group membership, (b) access to the ntlm_auth cache for applications like Firefox, and now (c) The capability to issue a logoff call. If we don't have getpeerid() I can loose the first two. No big deal. The problem I see with (c) is that if a platform does not support getpeerid() then you get init a user's krb5 ccache but never delete it. Which makes the feature asymetrical based on support for getpeerid(). Am I missing something here ? No, correct, we need broader support of getpeereid(). I'm awaiting response from Kurt from OpenLDAP to import their portable version as a complete file. In the meantime, I will look to make c) consistent. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED]
svn commit: samba r21891 - in branches/SAMBA_3_0/source/smbd: .
Author: jra
Date: 2007-03-20 18:11:48 + (Tue, 20 Mar 2007)
New Revision: 21891
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21891
Log:
Finish server-side NTLM-SPNEGO negotiation support.
Now for the client part, and testing.
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/seal.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/seal.c
===
--- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 17:09:56 UTC (rev
21890)
+++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 18:11:48 UTC (rev
21891)
@@ -118,15 +118,46 @@
**/
#if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5)
-static NTSTATUS srv_enc_spnego_gss_negotiate(char **ppdata, size_t
*p_data_size, DATA_BLOB *psecblob)
+static NTSTATUS srv_enc_spnego_gss_negotiate(char **ppdata, size_t
*p_data_size, DATA_BLOB secblob)
{
return NT_STATUS_NOT_SUPPORTED;
}
#endif
/**
+ Do the NTLM SPNEGO encryption negotiation. Parameters are in/out.
+ Until success we do everything on the partial enc ctx.
+**/
+
+static NTSTATUS srv_enc_spnego_ntlm_negotiate(unsigned char **ppdata, size_t
*p_data_size, DATA_BLOB secblob)
+{
+ NTSTATUS status;
+ DATA_BLOB chal = data_blob(NULL, 0);
+ DATA_BLOB response = data_blob(NULL, 0);
+ struct smb_srv_trans_enc_ctx *ec = partial_srv_trans_enc_ctx;
+
+ status = auth_ntlmssp_start(ec-auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ return nt_status_squash(status);
+ }
+
+ status = auth_ntlmssp_update(ec-auth_ntlmssp_state, secblob, chal);
+
+ /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED
+* for success ... */
+
+ response = spnego_gen_auth_response(chal, status, OID_NTLMSSP);
+ data_blob_free(chal);
+
+ SAFE_FREE(*ppdata);
+ *ppdata = response.data;
+ *p_data_size = response.length;
+ return status;
+}
+
+/**
Do the SPNEGO encryption negotiation. Parameters are in/out.
- Covers the NTLM case. Based off code in smbd/sesssionsetup.c
+ Based off code in smbd/sesssionsetup.c
Until success we do everything on the partial enc ctx.
**/
@@ -135,10 +166,7 @@
NTSTATUS status;
DATA_BLOB blob = data_blob(NULL,0);
DATA_BLOB secblob = data_blob(NULL, 0);
- DATA_BLOB chal = data_blob(NULL, 0);
- DATA_BLOB response = data_blob(NULL, 0);
BOOL got_kerberos_mechanism = False;
- struct smb_srv_trans_enc_ctx *ec = NULL;
blob = data_blob_const(*ppdata, *p_data_size);
@@ -160,47 +188,59 @@
#if defined(HAVE_GSSAPI_SUPPORT) defined(HAVE_KRB5)
if (got_kerberos_mechanism lp_use_kerberos_keytab()) ) {
- status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size,
secblob);
- if (!NT_STATUS_IS_OK(status)) {
- data_blob_free(secblob);
- srv_free_encryption_context(partial_srv_trans_enc_ctx);
- }
- return status;
+ status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size,
secblob);
+ } else
+#endif
+ {
+ status = srv_enc_spnego_ntlm_negotiate(ppdata, p_data_size,
secblob);
}
-#endif
- /* Deal with an NTLM enc. setup. */
- ec = partial_srv_trans_enc_ctx;
+ data_blob_free(secblob);
- status = auth_ntlmssp_start(ec-auth_ntlmssp_state);
- if (!NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)
!NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(partial_srv_trans_enc_ctx);
- return nt_status_squash(status);
}
- status = auth_ntlmssp_update(ec-auth_ntlmssp_state, secblob, chal);
- data_blob_free(secblob);
-
- /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED
-* for success ... */
-
- response = spnego_gen_auth_response(chal, status, OID_NTLMSSP);
- data_blob_free(chal);
-
- SAFE_FREE(*ppdata);
- *ppdata = response.data;
- *p_data_size = response.length;
-
return status;
}
/**
Complete a SPNEGO encryption negotiation. Parameters are in/out.
+ We only get this for a NTLM auth second stage.
**/
-static NTSTATUS srv_enc_spnego_auth(unsigned char **ppdata, size_t
*p_data_size)
+static NTSTATUS srv_enc_spnego_ntlm_auth(unsigned char **ppdata,
svn commit: samba r21892 - in branches/SAMBA_3_0/source/param: .
Author: vlendec
Date: 2007-03-20 20:47:17 + (Tue, 20 Mar 2007)
New Revision: 21892
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21892
Log:
Mini-Patch from Michael
Modified:
branches/SAMBA_3_0/source/param/loadparm.c
Changeset:
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c 2007-03-20 18:11:48 UTC (rev
21891)
+++ branches/SAMBA_3_0/source/param/loadparm.c 2007-03-20 20:47:17 UTC (rev
21892)
@@ -3524,9 +3524,7 @@
parm_ptr =
((char *)ServicePtrs[snum]) + PTR_DIFF(def_ptr,
sDefault);
- }
- if (snum = 0) {
if (!ServicePtrs[snum]-copymap)
init_copymap(ServicePtrs[snum]);
svn commit: samba r21893 - in branches/SAMBA_3_0/source/libsmb: .
Author: mimir
Date: 2007-03-20 21:21:04 + (Tue, 20 Mar 2007)
New Revision: 21893
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21893
Log:
Update comments so they actually reflect reality...
rafal
Modified:
branches/SAMBA_3_0/source/libsmb/trustdom_cache.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/trustdom_cache.c
===
--- branches/SAMBA_3_0/source/libsmb/trustdom_cache.c 2007-03-20 20:47:17 UTC
(rev 21892)
+++ branches/SAMBA_3_0/source/libsmb/trustdom_cache.c 2007-03-20 21:21:04 UTC
(rev 21893)
@@ -99,7 +99,7 @@
/**
* Store trusted domain in gencache as the domain name (key)
- * and ip address of domain controller (value)
+ * and trusted domain's SID (value)
*
* @param name trusted domain name
* @param alt_name alternative trusted domain name (used in ADS domains)
@@ -152,7 +152,7 @@
/**
- * Fetch trusted domain's dc from the gencache.
+ * Fetch trusted domain's SID from the gencache.
* This routine can also be used to check whether given
* domain is currently trusted one.
*
@@ -189,7 +189,7 @@
DEBUG(5, (trusted domain %s found (%s)\n, name, value));
}
- /* convert ip string representation into in_addr structure */
+ /* convert sid string representation into DOM_SID structure */
if(! string_to_sid(sid, value)) {
sid = NULL;
SAFE_FREE(value);
svn commit: samba r21894 - in branches/SAMBA_3_0/source: libsmb smbd
Author: jra
Date: 2007-03-20 22:01:02 + (Tue, 20 Mar 2007)
New Revision: 21894
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21894
Log:
Some refactoring of server side encryption context. Support
raw NTLM auth (no spnego).
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/cliconnect.c
branches/SAMBA_3_0/source/libsmb/smb_seal.c
branches/SAMBA_3_0/source/smbd/seal.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c
===
--- branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-20 21:21:04 UTC
(rev 21893)
+++ branches/SAMBA_3_0/source/libsmb/cliconnect.c 2007-03-20 22:01:02 UTC
(rev 21894)
@@ -763,7 +763,7 @@
}
}
- /* we have a reference conter on ntlmssp_state, if we are signing
+ /* we have a reference counter on ntlmssp_state, if we are signing
then the state will be kept by the signing engine */
ntlmssp_end(ntlmssp_state);
@@ -973,7 +973,6 @@
}
return NT_STATUS_OK;
-
}
/
Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c
===
--- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-20 21:21:04 UTC (rev
21893)
+++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-20 22:01:02 UTC (rev
21894)
@@ -282,3 +282,15 @@
{
return common_encrypt_buffer(cli-trans_enc_state, cli-outbuf,
buf_out);
}
+
+/**
+ Start a raw ntlmssp encryption.
+**/
+
+NTSTATUS cli_ntlm_smb_encryption_on(struct cli_state *cli,
+ const char *user,
+ const char *pass,
+ const char *workgroup)
+{
+
+}
Modified: branches/SAMBA_3_0/source/smbd/seal.c
===
--- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 21:21:04 UTC (rev
21893)
+++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-20 22:01:02 UTC (rev
21894)
@@ -49,9 +49,46 @@
}
/**
- Shutdown a server encryption state.
+ Create an auth_ntlmssp_state and ensure pointer copy is correct.
**/
+static NTSTATUS make_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec)
+{
+ NTSTATUS status = auth_ntlmssp_start(ec-auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ return nt_status_squash(status);
+ }
+
+ /*
+* We must remember to update the pointer copy for the common
+* functions after any auth_ntlmssp_start/auth_ntlmssp_end.
+*/
+ ec-es-ntlmssp_state = ec-auth_ntlmssp_state-ntlmssp_state;
+ return status;
+}
+
+/**
+ Destroy an auth_ntlmssp_state and ensure pointer copy is correct.
+**/
+
+static void destroy_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec)
+{
+ /*
+* We must remember to update the pointer copy for the common
+* functions after any auth_ntlmssp_start/auth_ntlmssp_end.
+*/
+
+ if (ec-auth_ntlmssp_state) {
+ auth_ntlmssp_end(ec-auth_ntlmssp_state);
+ /* The auth_ntlmssp_end killed this already. */
+ ec-es-ntlmssp_state = NULL;
+ }
+}
+
+/**
+ Shutdown a server encryption context.
+**/
+
static void srv_free_encryption_context(struct smb_srv_trans_enc_ctx **pp_ec)
{
struct smb_srv_trans_enc_ctx *ec = *pp_ec;
@@ -61,12 +98,8 @@
}
if (ec-es) {
- struct smb_trans_enc_state *es = ec-es;
- if (es-smb_enc_type == SMB_TRANS_ENC_NTLM
- ec-auth_ntlmssp_state) {
- auth_ntlmssp_end(ec-auth_ntlmssp_state);
- /* The auth_ntlmssp_end killed this already. */
- es-ntlmssp_state = NULL;
+ if (ec-es-smb_enc_type == SMB_TRANS_ENC_NTLM) {
+ destroy_auth_ntlmssp(ec);
}
common_free_encryption_state(ec-es);
}
@@ -76,6 +109,36 @@
}
/**
+ Create a server encryption context.
+**/
+
+static struct smb_srv_trans_enc_ctx
svn commit: samba r21895 - in branches: SAMBA_3_0_25 SAMBA_3_0_RELEASE
Author: jerry Date: 2007-03-20 22:25:14 + (Tue, 20 Mar 2007) New Revision: 21895 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21895 Log: Updating release notes for 3.0.25pre2. Feel free to fix error in the SAMBA_3_0_25 tree and I'll pull the changes across. Modified: branches/SAMBA_3_0_25/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Sorry, the patch is too large (505 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21895
Rev 11690: Merge upstream in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/
revno: 11690
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
parent: svn-v2:[EMAIL PROTECTED]
committer: Jelmer Vernooij [EMAIL PROTECTED]
branch nick: 4.0-envs
timestamp: Tue 2007-03-20 23:37:18 +0100
message:
Merge upstream
modified:
source/dsdb/repl/replicated_objects.c svn-v2:[EMAIL PROTECTED]
webapps/swat/source/class/swat/module/netmgr/Fsm.js svn-v2:[EMAIL PROTECTED]
webapps/swat/source/class/swat/module/netmgr/Gui.js svn-v2:[EMAIL PROTECTED]
revno: 11684.1.63
merged: svn-v2:[EMAIL PROTECTED]
parent: svn-v2:[EMAIL PROTECTED]
committer: metze
timestamp: Fri 2007-03-16 16:35:44 +
message:
add a comment why we remove the rid_crypt obfuscation
metze
revno: 11684.1.62
merged: svn-v2:[EMAIL PROTECTED]
parent: svn-v2:[EMAIL PROTECTED]
committer: mimir
timestamp: Fri 2007-03-16 00:19:40 +
message:
Further work on initialising libnet context from netmgr.
rafal
=== modified file 'source/dsdb/repl/replicated_objects.c'
--- a/source/dsdb/repl/replicated_objects.c 2007-03-14 19:10:21 +
+++ b/source/dsdb/repl/replicated_objects.c 2007-03-16 16:35:44 +
@@ -103,6 +103,14 @@
plain_buffer = data_blob_talloc(mem_ctx, checked_buffer.data,
checked_buffer.length);
W_ERROR_HAVE_NO_MEMORY(plain_buffer.data);
+ /*
+* The following rid_crypt obfuscation isn't session specific
+* and not really needed here, because we allways know the rid of the
+* user account.
+*
+* But for the rest of samba it's easier when we remove this static
+* obfuscation here
+*/
if (rid_crypt) {
uint32_t i, num_hashes;
=== modified file 'webapps/swat/source/class/swat/module/netmgr/Fsm.js'
--- a/webapps/swat/source/class/swat/module/netmgr/Fsm.js 2007-03-13
02:54:06 +
+++ b/webapps/swat/source/class/swat/module/netmgr/Fsm.js 2007-03-16
00:19:40 +
@@ -43,7 +43,7 @@
result.data.origin == origins.Server
result.data.code == serverErrors.ResourceError)
{
- this.debug(error + result);
+ alert(Error when receiving rpc: ' + result.id + ' +
exception: + result.data);
}
else
{
@@ -63,7 +63,13 @@
{
swat.main.canvas :
Transition_Idle_to_AwaitRpcResult_via_canvas_appear
- }
+ },
+
+ changeSelection :
+ {
+ tree :
+ Transition_Idle_to_AwaitRpcResult_via_tree_selection_changed
+ }
}
});
@@ -87,6 +93,37 @@
// Add the new transition
state.addTransition(trans);
+ var trans = new qx.util.fsm.Transition(
+Transition_Idle_to_AwaitRpcResult_via_tree_selection_changed,
+{
+ nextState : State_AwaitRpcResult,
+
+ ontransition :
+ function(fsm, event)
+ {
+ var nodes = event.getData();
+ var selectedNode = nodes[0];
+
+ var gui = swat.module.netmgr.Gui.getInstance();
+ var parentNode = gui.getParentNode(module, selectedNode);
+
+ if (typeof(parentNode.credentials) == object)
+ {
+ var creds = parentNode.credentials;
+ var request = _this.callRpc(samba.ejsnet, NetContext, [ creds ]);
+ request.setUserData(requestType, NetContext);
+ }
+ else
+ {
+ // TODO: display a login dialog
+ }
+ }
+
+});
+
+ // Add the new transition
+ state.addTransition(trans);
+
blockedEvents =
{
appear:
=== modified file 'webapps/swat/source/class/swat/module/netmgr/Gui.js'
--- a/webapps/swat/source/class/swat/module/netmgr/Gui.js 2007-03-13
02:58:05 +
+++ b/webapps/swat/source/class/swat/module/netmgr/Gui.js 2007-03-16
00:19:40 +
@@ -85,6 +85,26 @@
};
+qx.Proto.getParentNode = function(module, node)
+{
+ var tree = this._tree;
+ var nodes = tree.getTableModel().getData();
+ if (nodes == undefined)
+ {
+return undefined;
+ }
+
+ if (node.parentNodeId == 0)
+ {
+// there is no parent node
+return node;
+ }
+
+ var parentNode = nodes[node.parentNodeId];
+ return parentNode;
+};
+
+
qx.Proto._addHostNode = function(module, rpcRequest)
{
var fsm = module.fsm;
@@ -93,22 +113,20 @@
// Get the tree widget
var tree = this._tree;
var dataModel = tree.getDataModel();
-
- // Add new host and its service branches
+
+ // Add new host and its service leaves
var hostNodeId = dataModel.addBranch(null, hostname, false);
- var domainNodeId = dataModel.addBranch(hostNodeId, Domain, false);
- var usersNodeId = dataModel.addBranch(hostNodeId, Users, false);
- var
svn commit: samba r21896 - in branches/SAMBA_4_0/services/samba: .
Author: mimir
Date: 2007-03-20 22:44:22 + (Tue, 20 Mar 2007)
New Revision: 21896
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21896
Log:
- Enable creating default NetContext when no explicit credentials are
passed. In such case use what's been provided on swat session logon.
- Create a proper NetContext object only once and add it to the resources
for later use.
rafal
Modified:
branches/SAMBA_4_0/services/samba/ejsnet.esp
Changeset:
Modified: branches/SAMBA_4_0/services/samba/ejsnet.esp
===
--- branches/SAMBA_4_0/services/samba/ejsnet.esp2007-03-20 22:25:14 UTC
(rev 21895)
+++ branches/SAMBA_4_0/services/samba/ejsnet.esp2007-03-20 22:44:22 UTC
(rev 21896)
@@ -11,53 +11,67 @@
function _NetContext(params, error)
{
+ var credParams, credentials;
+ var resName;
+
if (params.length 1)
{
-error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
- too few parameters(usage: [ credentials ]));
-return error;
+/* create default NetContext based on already provided credentials */
+credentials = session.authinfo.credentials;
+resName = netCtx;
}
-
- var creds = params[0];
- if (creds == undefined)
+ else
{
-error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
- credentials parameter is undefined);
-return error;
- }
+/* create user specified credentials object */
+credParams = params[0];
+if (typeof(credParams) != object)
+{
+ error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
+credentials parameter is expected to be an object);
+ return error;
+}
- if (creds.domain == undefined ||
- typeof(creds.domain) != string)
- {
-error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
- a valid string is expected in credentials.domain);
-return error;
- }
+if (typeof(credParams.domain) != string)
+{
+ error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
+a valid string is expected in credentials.domain);
+ return error;
+}
- if (creds.username == undefined ||
- typeof(creds.username) != string)
- {
-error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
- a valid string is expected in credentials.username);
-return error;
+if (typeof(credParams.username) != string)
+{
+ error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
+a valid string is expected in credentials.username);
+ return error;
+}
+
+if (typeof(credParams.username) != string)
+{
+ error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
+a valid string is expected in credentials.password);
+ return error;
+}
+
+credentials = credentials_init();
+credentials.set_domain(credParams.domain);
+credentials.set_username(credParams.username);
+credentials.set_password(credParams.password);
+
+resName = netCtx[ + credParams.domain + / + credParams.username + ];
}
-
- if (creds.password == undefined ||
- typeof(creds.username) != string)
+
+ /* was this NetContext created yet ? */
+ var resId = session.resources.find(key, error);
+ if (resId != undefined)
{
-error.setError(jsonrpc.Constant.ServerError.ParameterMismatch,
- a valid string is expected in credentials.password);
-return error;
+/* yes, return its resource id */
+return resId;
}
-
- var credentials = credentials_init();
- credentials.set_domain(creds.domain);
- credentials.set_username(creds.username);
- credentials.set_password(creds.password);
-
+
+ /* no, create the new context and assign it a resource id */
var netCtx = NetContext(credentials);
-
- return session.resources.set(netCtx, netCtx, error);
+ resId = session.resources.set(netCtx, resName, error);
+ return resId;
}
jsonrpc.method.NetContext = _NetContext;
Build status as of Wed Mar 21 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-03-20 00:00:48.0 + +++ /home/build/master/cache/broken_results.txt 2007-03-21 00:00:21.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Mar 20 00:00:01 2007 +Build status as of Wed Mar 21 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -8,16 +8,16 @@ ctdb 0 0 0 distcc 3 0 0 ldb 30 6 0 -libreplace 28 2 0 +libreplace 28 3 0 lorikeet-heimdal 27 14 0 pidl 19 1 0 ppp 13 0 0 -rsync30 5 0 +rsync31 6 0 samba0 0 0 samba-docs 0 0 0 samba-gtk4 4 0 samba4 35 9 0 -samba_3_037 14 1 +samba_3_037 16 1 smb-build28 28 0 talloc 32 1 0 tdb 30 3 0
Rev 11691: Move more target-specific code into a separate Samba4 module. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/
revno: 11691
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
committer: Jelmer Vernooij [EMAIL PROTECTED]
branch nick: 4.0-envs
timestamp: Wed 2007-03-21 01:14:56 +0100
message:
Move more target-specific code into a separate Samba4 module.
modified:
source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED]
source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED]
=== modified file 'source/script/tests/Samba4.pm'
--- a/source/script/tests/Samba4.pm 2007-03-15 15:11:04 +
+++ b/source/script/tests/Samba4.pm 2007-03-21 00:14:56 +
@@ -13,17 +13,17 @@
use FindBin qw($RealBin);
use POSIX;
-sub new($$) {
- my ($classname, $bindir) = @_;
- my $self = { bindir = $bindir };
+sub new() {
+ my ($classname, $bindir, $ldap, $setupdir) = @_;
+ my $self = { ldap = $ldap, bindir = $bindir, setupdir = $setupdir };
bless $self;
return $self;
}
sub slapd_start($$$)
{
-my $count = 0;
- my ($bindir, $conf, $uri) = @_;
+my $count = 0;
+ my ($self, $conf, $uri) = @_;
# running slapd in the background means it stays in the same process
group, so it can be
# killed by timelimit
if (defined($ENV{FEDORA_DS_PREFIX})) {
@@ -34,10 +34,10 @@
system(slapd -d$ENV{OPENLDAP_LOGLEVEL} -f $conf -h $uri
$ENV{LDAPDIR}/logs 21 );
$ENV{PATH} = $oldpath;
}
- while (system($bindir/ldbsearch -H $uri -s base -b \\
supportedLDAPVersion /dev/null) != 0) {
+ while (system($self-{bindir}/ldbsearch -H $uri -s base -b \\
supportedLDAPVersion /dev/null) != 0) {
$count++;
if ($count 10) {
- slapd_stop();
+ $self-slapd_stop();
return 0;
}
sleep(1);
@@ -45,8 +45,9 @@
return 1;
}
-sub slapd_stop()
+sub slapd_stop($)
{
+ my ($self) = @_;
if (defined($ENV{FEDORA_DS_PREFIX})) {
system($ENV{LDAPDIR}/slapd-samba4/stop-slapd);
} else {
@@ -57,17 +58,26 @@
}
}
-sub smbd_check_or_start($$)
+sub smbd_check_or_start()
{
- my ($self, $test_fifo, $test_log, $socket_wrapper_dir, $max_time,
$conffile) = @_;
- return 0 if ( -p $test_fifo );
+ my ($self, $env_vars, $socket_wrapper_dir, $max_time) = @_;
+ return 0 if ( -p $env_vars-{SMBD_TEST_FIFO});
+
+ # Start slapd before smbd
+ if ($self-{ldap}) {
+ $self-slapd_start($ENV{SLAPD_CONF}, $ENV{LDAP_URI}) or
+ die(couldn't start slapd);
+
+ print LDAP PROVISIONING...;
+ $self-provision_ldap();
+ }
warn(Not using socket wrapper, but also not running as root. Will not
be able to listen on proper ports) unless
defined($socket_wrapper_dir) or $ == 0;
- unlink($test_fifo);
- POSIX::mkfifo($test_fifo, 0700);
- unlink($test_log);
+ unlink($env_vars-{SMBD_TEST_FIFO});
+ POSIX::mkfifo($env_vars-{SMBD_TEST_FIFO}, 0700);
+ unlink($env_vars-{SMBD_TEST_LOG});
my $valgrind = ;
if (defined($ENV{SMBD_VALGRIND})) {
@@ -77,19 +87,19 @@
print STARTING SMBD... $self-{bindir};
my $pid = fork();
if ($pid == 0) {
- open STDIN, $test_fifo;
- open STDOUT, $test_log;
+ open STDIN, $env_vars-{SMBD_TEST_FIFO};
+ open STDOUT, $env_vars-{SMBD_TEST_LOG};
open STDERR, 'STDOUT';
my $optarg = ;
if (defined($max_time)) {
$optarg = --maximum-runtime=$max_time ;
}
- my $ret = system($valgrind $self-{bindir}/smbd $optarg -s
$conffile -M single -i --leak-report-full);
+ my $ret = system($valgrind $self-{bindir}/smbd $optarg -s
$env_vars-{CONFFILE} -M single -i --leak-report-full);
if ($? == -1) {
print Unable to start smbd: $ret: $!\n;
exit 1;
}
- unlink($test_fifo);
+ unlink($env_vars-{SMBD_TEST_FIFO});
unlink($socket_wrapper_dir/*) if
(defined($socket_wrapper_dir) and -d $socket_wrapper_dir);
my $exit = $? 8;
if ( $ret == 0 ) {
@@ -104,6 +114,8 @@
}
print DONE\n;
+ open(DATA, $env_vars-{SMBD_TEST_FIFO});
+
return $pid;
}
@@ -135,19 +147,43 @@
$ret{$1} = $2;
}
close(IN);
+
+ $ret{SMBD_TEST_FIFO} = $prefix/smbd_test.fifo;
+ $ret{SMBD_TEST_LOG} = $prefix/smbd_test.log;
return \%ret;
}
-sub provision_ldap($$)
+sub provision_ldap($)
{
- my ($self, $setupdir) = @_;
-system($self-{bindir}/smbscript $setupdir/provision
$ENV{PROVISION_OPTIONS}
Rev 11692: Fix test after rename of script. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/ revno: 11692 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 4.0-envs timestamp: Wed 2007-03-21 01:50:26 +0100 message: Fix test after rename of script. modified: source/torture/local/torture.c svn-v2:[EMAIL PROTECTED] === modified file 'source/torture/local/torture.c' --- a/source/torture/local/torture.c2006-10-16 13:06:41 + +++ b/source/torture/local/torture.c2007-03-21 00:50:26 + @@ -47,7 +47,7 @@ torture_assert_ntstatus_ok(tctx, torture_setup_server(mem_ctx, setupserver-success, - ./script/tests/mktestsetup.sh, + ./script/tests/mktestdc.sh, ./bin/smbd, pid), starting smbd failed);
svn commit: samba r21899 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra
Date: 2007-03-21 00:56:40 + (Wed, 21 Mar 2007)
New Revision: 21899
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21899
Log:
At least we're getting to stage 2 of the blob
exchange. Still not working but closer.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/clitrans.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clitrans.c
===
--- branches/SAMBA_3_0/source/libsmb/clitrans.c 2007-03-21 00:44:15 UTC (rev
21898)
+++ branches/SAMBA_3_0/source/libsmb/clitrans.c 2007-03-21 00:56:40 UTC (rev
21899)
@@ -194,11 +194,15 @@
* to a trans call. This is not an error and should not
* be treated as such. Note that STATUS_NO_MORE_FILES is
* returned when a trans2 findfirst/next finishes.
+* When setting up an encrypted transport we can also
+* see NT_STATUS_MORE_PROCESSING_REQUIRED here.
*/
status = cli_nt_error(cli);
- if (NT_STATUS_IS_ERR(status) ||
NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) {
- goto out;
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (NT_STATUS_IS_ERR(status) ||
NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) {
+ goto out;
+ }
}
/* parse out the lengths */
@@ -303,8 +307,10 @@
CVAL(cli-inbuf,smb_com)));
goto out;
}
- if (NT_STATUS_IS_ERR(cli_nt_error(cli))) {
- goto out;
+ if (!NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (NT_STATUS_IS_ERR(cli_nt_error(cli))) {
+ goto out;
+ }
}
/* parse out the total lengths again - they can shrink! */
svn commit: samba r21900 - in branches/SAMBA_3_0/source/smbd: .
Author: jra
Date: 2007-03-21 01:04:56 + (Wed, 21 Mar 2007)
New Revision: 21900
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21900
Log:
Token exchange now seems to work, now why does the
client encrypt fail ?
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/seal.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/seal.c
===
--- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-21 00:56:40 UTC (rev
21899)
+++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-21 01:04:56 UTC (rev
21900)
@@ -318,7 +318,7 @@
if (!partial_srv_trans_enc_ctx) {
/* This is the initial step. */
status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob,
False);
- if (!NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)
!NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(partial_srv_trans_enc_ctx);
return nt_status_squash(status);
}
svn commit: samba r21901 - in branches/SAMBA_3_0/source/client: .
Author: jra
Date: 2007-03-21 01:21:16 + (Wed, 21 Mar 2007)
New Revision: 21901
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21901
Log:
Don't use fstrcat when you mean fstrcpy. Doh !
Jeremy.
Modified:
branches/SAMBA_3_0/source/client/client.c
Changeset:
Modified: branches/SAMBA_3_0/source/client/client.c
===
--- branches/SAMBA_3_0/source/client/client.c 2007-03-21 01:04:56 UTC (rev
21900)
+++ branches/SAMBA_3_0/source/client/client.c 2007-03-21 01:21:16 UTC (rev
21901)
@@ -1799,18 +1799,19 @@
d_printf(posix_encrypt domain user password\n);
return 1;
}
- fstrcat(domain,buf);
+ fstrcpy(domain,buf);
+
if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) {
d_printf(posix_encrypt domain user password\n);
return 1;
}
- fstrcat(user,buf);
+ fstrcpy(user,buf);
if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) {
d_printf(posix_encrypt domain user password\n);
return 1;
}
- fstrcat(password,buf);
+ fstrcpy(password,buf);
status = cli_raw_ntlm_smb_encryption_start(cli,
user,
svn commit: samba r21902 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-21 01:32:01 + (Wed, 21 Mar 2007) New Revision: 21902 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21902 Log: Don't free the thing you're trying to set in the cli state. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clifsinfo.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clifsinfo.c === --- branches/SAMBA_3_0/source/libsmb/clifsinfo.c2007-03-21 01:21:16 UTC (rev 21901) +++ branches/SAMBA_3_0/source/libsmb/clifsinfo.c2007-03-21 01:32:01 UTC (rev 21902) @@ -409,6 +409,7 @@ } cli-trans_enc_state = es; cli-trans_enc_state-enc_on = True; + es = NULL; } fail:
Rev 11694: Initial work on support for a Samba3 target. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/
revno: 11694
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
committer: Jelmer Vernooij [EMAIL PROTECTED]
branch nick: 4.0-envs
timestamp: Wed 2007-03-21 02:36:59 +0100
message:
Initial work on support for a Samba3 target.
added:
source/script/tests/Samba3.pm samba3.pm-20070321010054-iuaa65j1qcdh0i66-1
modified:
source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED]
source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED]
=== added file 'source/script/tests/Samba3.pm'
--- a/source/script/tests/Samba3.pm 1970-01-01 00:00:00 +
+++ b/source/script/tests/Samba3.pm 2007-03-21 01:36:59 +
@@ -0,0 +1,129 @@
+#!/usr/bin/perl
+# Bootstrap Samba and run a number of tests against it.
+# Copyright (C) 2005-2007 Jelmer Vernooij [EMAIL PROTECTED]
+# Published under the GNU GPL, v3 or later.
+
+package Samba3;
+
+use strict;
+use FindBin qw($RealBin);
+use POSIX;
+
+sub new($$$) {
+ my ($classname, $bindir, $setupdir) = @_;
+ my $self = { bindir = $bindir, setupdir = $setupdir };
+ bless $self;
+ return $self;
+}
+
+sub check_or_start()
+{
+ my ($self, $env_vars, $socket_wrapper_dir, $max_time) = @_;
+ return 0 if ( -p $env_vars-{SMBD_TEST_FIFO});
+
+ warn(Not using socket wrapper, but also not running as root. Will not
be able to listen on proper ports) unless
+ defined($socket_wrapper_dir) or $ == 0;
+
+ unlink($env_vars-{SMBD_TEST_FIFO});
+ POSIX::mkfifo($env_vars-{SMBD_TEST_FIFO}, 0700);
+ unlink($env_vars-{SMBD_TEST_LOG});
+
+ my $valgrind = ;
+ if (defined($ENV{SMBD_VALGRIND})) {
+ $valgrind = $ENV{SMBD_VALGRIND};
+ }
+
+ print STARTING SMBD... ;
+ my $pid = fork();
+ if ($pid == 0) {
+ open STDIN, $env_vars-{SMBD_TEST_FIFO};
+ open STDOUT, $env_vars-{SMBD_TEST_LOG};
+ open STDERR, 'STDOUT';
+ my $optarg = ;
+ if (defined($max_time)) {
+ $optarg = --maximum-runtime=$max_time ;
+ }
+ my $ret = system($valgrind $self-{bindir}/smbd $optarg -s
$env_vars-{CONFFILE} -M single -i --leak-report-full);
+ if ($? == -1) {
+ print Unable to start smbd: $ret: $!\n;
+ exit 1;
+ }
+ unlink($env_vars-{SMBD_TEST_FIFO});
+ unlink($socket_wrapper_dir/*) if
(defined($socket_wrapper_dir) and -d $socket_wrapper_dir);
+ my $exit = $? 8;
+ if ( $ret == 0 ) {
+ print smbd exits with status $exit\n;
+ } elsif ( $ret 127 ) {
+ print smbd got signal .($ret 127). and exits with
$exit!\n;
+ } else {
+ $ret = $? 8;
+ print smbd failed with status $exit!\n;
+ }
+ exit $exit;
+ }
+ print DONE\n;
+
+ open(DATA, $env_vars-{SMBD_TEST_FIFO});
+
+ return $pid;
+}
+
+sub wait_for_start($)
+{
+ # give time for nbt server to register its names
+ print delaying for nbt name registration\n;
+
+ # This will return quickly when things are up, but be slow if we
+ # need to wait for (eg) SSL init
+ system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER});
+ system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER}
$ENV{SERVER});
+ system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER});
+ system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER}
$ENV{NETBIOSNAME});
+ system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME});
+ system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER}
$ENV{NETBIOSNAME});
+ system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME});
+ system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER}
$ENV{NETBIOSNAME});
+}
+
+sub provision($$$)
+{
+ my ($self, $environment, $prefix) = @_;
+ my %ret = ();
+ print PROVISIONING...;
+ open(IN, $RealBin/mktestdc.sh $prefix|) or die(Unable to setup);
+ while (IN) {
+ die (Error parsing `$_') unless (/^([A-Z0-9a-z_]+)=(.*)$/);
+ $ret{$1} = $2;
+ }
+ close(IN);
+
+ $ret{SMBD_TEST_FIFO} = $prefix/smbd_test.fifo;
+ $ret{SMBD_TEST_LOG} = $prefix/smbd_test.log;
+ return \%ret;
+}
+
+sub stop($)
+{
+ my ($self) = @_;
+
+ close(DATA);
+
+ sleep(2);
+
+ my $failed = $? 8;
+
+ if (-f $ENV{PIDDIR}/smbd.pid ) {
+ open(IN, $ENV{PIDDIR}/smbd.pid) or die(unable to open smbd
pid file);
+ kill 9, IN;
+ close(IN);
+ }
+
+ return $failed;
+}
+
+sub setup_env($$)
+{
+ my ($self, $name) = @_;
+}
+
+1;
=== modified file 'source/script/tests/Samba4.pm'
---
svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra
Date: 2007-03-21 02:02:09 + (Wed, 21 Mar 2007)
New Revision: 21903
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21903
Log:
Get the length calculations right (I always forget
the 4 byte length isn't included in the length :-).
We now have working NTLMSSP transport encryption
with sign+seal. W00t!
Jeremy.
Modified:
branches/SAMBA_3_0/source/libsmb/smb_seal.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c
===
--- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 01:32:01 UTC (rev
21902)
+++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 02:02:09 UTC (rev
21903)
@@ -38,30 +38,33 @@
NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
{
NTSTATUS status;
- size_t orig_len = smb_len(buf);
- size_t new_len = orig_len - NTLMSSP_SIG_SIZE;
+ size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes.
*/
DATA_BLOB sig;
- if (orig_len 8 + NTLMSSP_SIG_SIZE) {
+ if (buf_len 8 + NTLMSSP_SIG_SIZE) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
+ /* Adjust for the signature. */
+ buf_len -= NTLMSSP_SIG_SIZE;
+
/* Save off the signature. */
- sig = data_blob(buf+orig_len-NTLMSSP_SIG_SIZE, NTLMSSP_SIG_SIZE);
+ sig = data_blob(buf+buf_len, NTLMSSP_SIG_SIZE);
status = ntlmssp_unseal_packet(ntlmssp_state,
(unsigned char *)buf + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */
- new_len - 8,
+ buf_len - 8,
(unsigned char *)buf,
- new_len,
+ buf_len,
sig);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(sig);
return status;
}
+
/* Reset the length. */
- smb_setlen(buf, new_len);
+ smb_setlen(buf, smb_len(buf) - NTLMSSP_SIG_SIZE);
return NT_STATUS_OK;
}
@@ -74,13 +77,12 @@
{
NTSTATUS status;
char *buf_out;
- size_t orig_len = smb_len(buf);
- size_t new_len = orig_len + NTLMSSP_SIG_SIZE;
+ size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes.
*/
DATA_BLOB sig;
*ppbuf_out = NULL;
- if (orig_len 8) {
+ if (buf_len 8) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
@@ -91,19 +93,19 @@
/* Copy the original buffer. */
- buf_out = SMB_XMALLOC_ARRAY(char, new_len);
- memcpy(buf_out, buf, orig_len);
+ buf_out = SMB_XMALLOC_ARRAY(char, buf_len + NTLMSSP_SIG_SIZE);
+ memcpy(buf_out, buf, buf_len);
/* Last 16 bytes undefined here... */
- smb_setlen(buf_out, new_len);
+ smb_setlen(buf_out, smb_len(buf) + NTLMSSP_SIG_SIZE);
sig = data_blob(NULL, NTLMSSP_SIG_SIZE);
status = ntlmssp_seal_packet(ntlmssp_state,
(unsigned char *)buf_out + 8, /* 4 byte len + 0xFF 'S' 'M' 'B'
*/
- orig_len - 8,
+ buf_len - 8,
(unsigned char *)buf_out,
- orig_len,
+ buf_len,
sig);
if (!NT_STATUS_IS_OK(status)) {
@@ -112,7 +114,7 @@
return status;
}
- memcpy(buf_out+orig_len, sig.data, NTLMSSP_SIG_SIZE);
+ memcpy(buf_out+buf_len, sig.data, NTLMSSP_SIG_SIZE);
*ppbuf_out = buf_out;
return NT_STATUS_OK;
}
Re: svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .
On Wed, 2007-03-21 at 02:02 +, [EMAIL PROTECTED] wrote: Author: jra Date: 2007-03-21 02:02:09 + (Wed, 21 Mar 2007) New Revision: 21903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21903 Log: Get the length calculations right (I always forget the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! WoW, awesome! Great job Jeremy. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org
Rev 5429: Move test environment create code to a separate script. in file:///home/jelmer/bzr.samba/3.0-perltest/
At file:///home/jelmer/bzr.samba/3.0-perltest/ revno: 5429 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: 3.0-perltest timestamp: Wed 2007-03-21 03:26:07 +0100 message: Move test environment create code to a separate script. added: source/script/tests/mktestsetup.sh mktestsetup.sh-20070321012023-5402h6n35mf9lpz0-1 modified: source/script/tests/selftest.sh svn-v2:[EMAIL PROTECTED] === added file 'source/script/tests/mktestsetup.sh' --- a/source/script/tests/mktestsetup.sh1970-01-01 00:00:00 + +++ b/source/script/tests/mktestsetup.sh2007-03-21 02:26:07 + @@ -0,0 +1,136 @@ +#!/bin/sh +# Setup a Samba 3 DC for testing +# Copyright (C) 2006 Stefan (metze) Metzmacher +# Copyright (C) 2007 Jelmer Vernooij +# Published under the GNU GPL, v2 or later. + +if [ $# -lt 1 ] +then + echo $0 PREFIX + exit 1 +fi + +PREFIX=$1 + +## +## setup the various environment variables we need +## + +SERVER=localhost2 +SERVER_IP=127.0.0.2 +USERNAME=`PATH=/usr/ucb:$PATH whoami` +PASSWORD=test + +SRCDIR=`dirname $0`/../.. +BINDIR=`pwd`/bin +SCRIPTDIR=$SRCDIR/script/tests +SHRDIR=$PREFIX_ABS/tmp +LIBDIR=$PREFIX_ABS/lib +PIDDIR=$PREFIX_ABS/pid +CONFFILE=$LIBDIR/client.conf +SERVERCONFFILE=$LIBDIR/server.conf +COMMONCONFFILE=$LIBDIR/common.conf +PRIVATEDIR=$PREFIX_ABS/private +LOCKDIR=$PREFIX_ABS/lockdir +LOGDIR=$PREFIX_ABS/logs +CONFIGURATION=-s $CONFFILE + +export PREFIX PREFIX_ABS +export CONFIGURATION CONFFILE +export PATH SOCKET_WRAPPER_DIR DOMAIN +export PRIVATEDIR LIBDIR PIDDIR LOCKDIR LOGDIR SERVERCONFFILE +export SRCDIR SCRIPTDIR BINDIR +export USERNAME PASSWORD +export SERVER SERVER_IP + +## +## create the test directory layout +## +echo -n CREATE TEST ENVIRONMENT IN '$PREFIX'... +/bin/rm -rf $PREFIX/* +mkdir -p $PRIVATEDIR $LIBDIR $PIDDIR $LOCKDIR $LOGDIR $SOCKET_WRAPPER_DIR +mkdir -p $PREFIX_ABS/tmp +chmod 777 $PREFIX_ABS/tmp + +## +## Create the common config include file with the basic settings +## + +cat $COMMONCONFFILEEOF + workgroup = SAMBA-TEST + + private dir = $PRIVATEDIR + pid directory = $PIDDIR + lock directory = $LOCKDIR + log file = $LOGDIR/log.%m + log level = 0 + + name resolve order = bcast +EOF + +cat $CONFFILEEOF +[global] + netbios name = TORTURE_6 + interfaces = $TORTURE_INTERFACES + panic action = $SCRIPTDIR/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + include = $COMMONCONFFILE + + passdb backend = tdbsam +EOF + +cat $SERVERCONFFILEEOF +[global] + netbios name = $SERVER + interfaces = $SERVER_IP/8 + bind interfaces only = yes + panic action = $SCRIPTDIR/gdb_backtrace %d %\$(MAKE_TEST_BINARY) + include = $COMMONCONFFILE + + passdb backend = tdbsam + + ; Necessary to add the build farm hacks + add user script = /bin/false + add machine script = /bin/false + + kernel oplocks = no + kernel change notify = no + + syslog = no + printing = bsd + printcap name = /dev/null + +[tmp] + path = $PREFIX_ABS/tmp + read only = no + smbd:sharedelay = 10 + map hidden = yes + map system = yes + create mask = 755 +[hideunread] + copy = tmp + hide unreadable = yes +[hideunwrite] + copy = tmp + hide unwriteable files = yes +[print1] + copy = tmp + printable = yes + printing = test +[print2] + copy = print1 +[print3] + copy = print1 +[print4] + copy = print1 +EOF + +## +## create a test account +## + +(echo $PASSWORD; echo $PASSWORD) | \ + smbpasswd -c $CONFFILE -L -s -a $USERNAME /dev/null || exit 1 + +echo DONE; + + === modified file 'source/script/tests/selftest.sh' --- a/source/script/tests/selftest.sh 2007-03-08 21:30:15 + +++ b/source/script/tests/selftest.sh 2007-03-21 02:26:07 + @@ -24,92 +24,30 @@ export TORTURE_MAXTIME ## -## setup the various environment variables we need +## verify that we were built with --enable-socket-wrapper ## -SERVER=localhost2 -SERVER_IP=127.0.0.2 -USERNAME=`PATH=/usr/ucb:$PATH whoami` -PASSWORD=test - -SRCDIR=`dirname $0`/../.. -BINDIR=`pwd`/bin -SCRIPTDIR=$SRCDIR/script/tests -SHRDIR=$PREFIX_ABS/tmp -LIBDIR=$PREFIX_ABS/lib -PIDDIR=$PREFIX_ABS/pid -CONFFILE=$LIBDIR/client.conf +if test x`smbd -b | grep SOCKET_WRAPPER` = x; then + echo *** + echo *** You must include --enable-socket-wrapper when compiling Samba + echo *** in order to execute 'make test'. Exiting + echo *** + exit 1 +fi + +. ./script/tests/mktestsetup.sh $PREFIX + +SOCKET_WRAPPER_DIR=$PREFIX/sw SAMBA4CONFFILE=$LIBDIR/samba4client.conf -SERVERCONFFILE=$LIBDIR/server.conf -COMMONCONFFILE=$LIBDIR/common.conf -PRIVATEDIR=$PREFIX_ABS/private -LOCKDIR=$PREFIX_ABS/lockdir -LOGDIR=$PREFIX_ABS/logs -SOCKET_WRAPPER_DIR=$PREFIX/sw -CONFIGURATION=-s
Re: svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .
On Wed, Mar 21, 2007 at 02:24:46AM +, simo wrote: On Wed, 2007-03-21 at 02:02 +, [EMAIL PROTECTED] wrote: Author: jra Date: 2007-03-21 02:02:09 + (Wed, 21 Mar 2007) New Revision: 21903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21903 Log: Get the length calculations right (I always forget the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! WoW, awesome! Great job Jeremy. The gss-api level comes next so we have krb5 sign+seal - identical to encrypted NFSv3/4. But I'll finish that tomorrow :-). Thanks ! Jeremy.
