Re: svn commit: samba r21918 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch SAMBA_3_0_RELEASE/source/nsswitch
On 21/03/2007, at 2:08 PM, [EMAIL PROTECTED] wrote: Author: jerry Date: 2007-03-21 21:08:15 + (Wed, 21 Mar 2007) New Revision: 21918 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi? view=rev&root=samba&rev=21918 Log: Reverting this change as it is now causing aborts() in Thanks for finding this Jerry. find_builtin_domain().This all needs more testing before anyone starts changing these lookup routines again. So when the idmap code calls find_domain_from_sid_noinit with a local SID, it is supposed to return NULL so that it falls through to the passdb backend. OTOH it can't ever fail for the BUILTIN domain (even though that is a local SID) because we can't not have a BUILTIN domain. Am I reading this right? -- James Peach | [EMAIL PROTECTED]
svn commit: samba r21927 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2007-03-22 02:25:16 + (Thu, 22 Mar 2007) New Revision: 21927 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21927 Log: Removed unused variable. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-22 02:24:12 UTC (rev 21926) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-22 02:25:16 UTC (rev 21927) @@ -599,7 +599,6 @@ struct winbindd_domain *find_domain_from_sid_noinit(const DOM_SID *sid) { struct winbindd_domain *domain; - uint32 discard; /* Search through list */
svn commit: samba r21926 - in branches/SAMBA_3_0/source: include libsmb smbd
Author: jra Date: 2007-03-22 02:24:12 + (Thu, 22 Mar 2007) New Revision: 21926 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21926 Log: Fix missing enum specifier pointed out by Don McCall @ HP. Thanks Don ! Jeremy. Modified: branches/SAMBA_3_0/source/include/client.h branches/SAMBA_3_0/source/libsmb/clifsinfo.c branches/SAMBA_3_0/source/libsmb/smb_seal.c branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/include/client.h === --- branches/SAMBA_3_0/source/include/client.h 2007-03-22 01:14:55 UTC (rev 21925) +++ branches/SAMBA_3_0/source/include/client.h 2007-03-22 02:24:12 UTC (rev 21926) @@ -89,7 +89,7 @@ #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) gss_ctx_id_t context_handle; #endif - }; + } s; }; struct cli_state { Modified: branches/SAMBA_3_0/source/libsmb/clifsinfo.c === --- branches/SAMBA_3_0/source/libsmb/clifsinfo.c2007-03-22 01:14:55 UTC (rev 21925) +++ branches/SAMBA_3_0/source/libsmb/clifsinfo.c2007-03-22 02:24:12 UTC (rev 21926) @@ -373,26 +373,26 @@ } ZERO_STRUCTP(es); es->smb_enc_type = SMB_TRANS_ENC_NTLM; - status = ntlmssp_client_start(&es->ntlmssp_state); + status = ntlmssp_client_start(&es->s.ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; } - ntlmssp_want_feature(es->ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); - es->ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); + ntlmssp_want_feature(es->s.ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + es->s.ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); - if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->ntlmssp_state, user))) { + if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->s.ntlmssp_state, user))) { goto fail; } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->ntlmssp_state, domain))) { + if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->s.ntlmssp_state, domain))) { goto fail; } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->ntlmssp_state, pass))) { + if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->s.ntlmssp_state, pass))) { goto fail; } do { - status = ntlmssp_update(es->ntlmssp_state, blob_in, &blob_out); + status = ntlmssp_update(es->s.ntlmssp_state, blob_in, &blob_out); data_blob_free(&blob_in); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { status = enc_blob_send_receive(cli, &blob_out, &blob_in); Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-22 01:14:55 UTC (rev 21925) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-22 02:24:12 UTC (rev 21926) @@ -264,10 +264,10 @@ switch (es->smb_enc_type) { case SMB_TRANS_ENC_NTLM: - return common_ntlm_encrypt_buffer(es->ntlmssp_state, buffer, buf_out); + return common_ntlm_encrypt_buffer(es->s.ntlmssp_state, buffer, buf_out); #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) case SMB_TRANS_ENC_GSS: - return common_gss_encrypt_buffer(es->context_handle, buffer, buf_out); + return common_gss_encrypt_buffer(es->s.context_handle, buffer, buf_out); #endif default: return NT_STATUS_NOT_SUPPORTED; @@ -294,10 +294,10 @@ switch (es->smb_enc_type) { case SMB_TRANS_ENC_NTLM: - return common_ntlm_decrypt_buffer(es->ntlmssp_state, buf); + return common_ntlm_decrypt_buffer(es->s.ntlmssp_state, buf); #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) case SMB_TRANS_ENC_GSS: - return common_gss_decrypt_buffer(es->context_handle, buf); + return common_gss_decrypt_buffer(es->s.context_handle, buf); #endif default: return NT_STATUS_NOT_SUPPORTED; @@ -317,8 +317,8 @@ } if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { - if (es->ntlmssp_state) { - ntlmssp_end(&es->ntlmssp_state); + if (es->s.ntlmssp_state) { + ntlmssp_end(&es->s.ntlmssp_state); } } #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) Modified: branches/SAMBA_3_0/source/smbd/seal.c === ---
svn commit: samba r21925 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2007-03-22 01:14:55 + (Thu, 22 Mar 2007) New Revision: 21925 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21925 Log: Start to code up the gss acquire creds calls. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/seal.c === --- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-22 01:13:25 UTC (rev 21924) +++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-22 01:14:55 UTC (rev 21925) @@ -98,8 +98,14 @@ } if (ec->es) { - if (ec->es->smb_enc_type == SMB_TRANS_ENC_NTLM) { - destroy_auth_ntlmssp(ec); + switch (ec->es->smb_enc_type) { + case SMB_TRANS_ENC_NTLM: + destroy_auth_ntlmssp(ec); + break; +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + case SMB_TRANS_ENC_GSS: + break; +#endif } common_free_encryption_state(&ec->es); } @@ -128,12 +134,25 @@ } ZERO_STRUCTP(ec->es); ec->es->smb_enc_type = smb_enc_type; - if (smb_enc_type == SMB_TRANS_ENC_NTLM) { - NTSTATUS status = make_auth_ntlmssp(ec); - if (!NT_STATUS_IS_OK(status)) { + switch (smb_enc_type) { + case SMB_TRANS_ENC_NTLM: + { + NTSTATUS status = make_auth_ntlmssp(ec); + if (!NT_STATUS_IS_OK(status)) { + srv_free_encryption_context(&ec); + return NULL; + } + } + break; + +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + case SMB_TRANS_ENC_GSS: + /* Acquire our credentials by calling gss_acquire_cred here. */ + break; +#endif + default: srv_free_encryption_context(&ec); return NULL; - } } return ec; } @@ -183,6 +202,13 @@ #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob) { + if (!partial_srv_trans_enc_ctx) { + partial_srv_trans_enc_ctx = make_srv_encryption_context(SMB_TRANS_ENC_GSS); + if (!partial_srv_trans_enc_ctx) { + return NT_STATUS_NO_MEMORY; + } + } + return NT_STATUS_NOT_SUPPORTED; } #endif
svn commit: samba r21924 - in branches/SAMBA_3_0_25: .
Author: jmcd Date: 2007-03-22 01:13:25 + (Thu, 22 Mar 2007) New Revision: 21924 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21924 Log: NFSv3->NFSv4 for new ACL functionality Modified: branches/SAMBA_3_0_25/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_25/WHATSNEW.txt === --- branches/SAMBA_3_0_25/WHATSNEW.txt 2007-03-22 00:08:22 UTC (rev 21923) +++ branches/SAMBA_3_0_25/WHATSNEW.txt 2007-03-22 01:13:25 UTC (rev 21924) @@ -66,7 +66,7 @@ Samba's POSIX ACL support has been moved inside of the VFS layer which means it is now possible to support multiple ACL implementations -on the same server including NFSv3 and GPFS ACLs. +on the same server including NFSv4 and GPFS ACLs. ## @@ -284,7 +284,7 @@ Samba's POSIX ACL support has been moved inside of the VFS layer which means it is now possible to support multiple ACL implementations -on the same server including NFSv3 and GPFS ACLs. +on the same server including NFSv4 and GPFS ACLs. ##
svn commit: samba r21923 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-22 00:08:22 + (Thu, 22 Mar 2007) New Revision: 21923 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21923 Log: Add in the gss decrypt. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 23:49:57 UTC (rev 21922) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-22 00:08:22 UTC (rev 21923) @@ -121,13 +121,54 @@ /** Generic code for client and server. - gss-api decrypt an incoming buffer. + gss-api decrypt an incoming buffer. We insist that the size of the + unwrapped buffer must be smaller or identical to the incoming buffer. **/ #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) { - return NT_STATUS_NOT_SUPPORTED; + OM_uint32 ret = 0; + OM_uint32 minor = 0; + int flags_got = 0; + gss_buffer_desc in_buf, out_buf; + size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */ + + if (buf_len < 8) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + in_buf.value = buf + 8; + in_buf.length = buf_len - 8; + + ret = gss_unwrap(&minor, + context_handle, + &in_buf, + &out_buf, + &flags_got, /* did we get sign+seal ? */ + (gss_qop_t *) NULL); + + if (ret != GSS_S_COMPLETE) { + ADS_STATUS adss = ADS_ERROR_GSS(ret, minor); + DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap failed. Error %s\n", + ads_errstr(adss) )); + /* Um - no mapping for gss-errs to NTSTATUS yet. */ + return ads_ntstatus(adss); + } + + if (out_buf.length > in_buf.length) { + DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap size (%u) too large (%u) !\n", + (unsigned int)out_buf.length, + (unsigned int)in_buf.length )); + gss_release_buffer(&minor, &out_buf); + return NT_STATUS_INVALID_PARAMETER; + } + + memcpy(buf + 8, out_buf.value, out_buf.length); + smb_setlen(buf, out_buf.length + 4); + + gss_release_buffer(&minor, &out_buf); + return NT_STATUS_OK; } #endif @@ -194,8 +235,9 @@ return NT_STATUS_NO_MEMORY; } - smb_setlen(*ppbuf_out, out_buf.length + 8); memcpy(*ppbuf_out+8, out_buf.value, out_buf.length); + smb_setlen(*ppbuf_out, out_buf.length + 4); + gss_release_buffer(&minor, &out_buf); return NT_STATUS_OK; }
Build status as of Thu Mar 22 00:00:03 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-03-21 00:00:21.0 + +++ /home/build/master/cache/broken_results.txt 2007-03-22 00:01:49.0 + @@ -1,24 +1,24 @@ -Build status as of Wed Mar 21 00:00:02 2007 +Build status as of Thu Mar 22 00:00:03 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 32 7 0 +ccache 31 7 0 ctdb 0 0 0 -distcc 3 0 0 +distcc 2 0 0 ldb 30 6 0 libreplace 28 3 0 -lorikeet-heimdal 27 14 0 -pidl 19 1 0 -ppp 13 0 0 -rsync31 6 0 +lorikeet-heimdal 27 15 0 +pidl 19 2 0 +ppp 12 0 0 +rsync30 7 0 samba0 0 0 samba-docs 0 0 0 samba-gtk4 4 0 samba4 35 9 0 -samba_3_037 16 1 +samba_3_037 19 1 smb-build28 28 0 -talloc 32 1 0 +talloc 31 1 0 tdb 30 3 0
svn commit: samba r21922 - in branches/SAMBA_3_0/source: . lib libads libsmb
Author: jra Date: 2007-03-21 23:49:57 + (Wed, 21 Mar 2007) New Revision: 21922 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21922 Log: Fixed the build by rather horrid means. I really need to restructure libsmb/smb_signing.c so it isn't in the base libs path but lives in libsmb instead (like smb_seal.c does). Jeremy. Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/lib/util_sock.c branches/SAMBA_3_0/source/libads/ads_status.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/smb_seal.c branches/SAMBA_3_0/source/libsmb/smb_signing.c Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/Makefile.in 2007-03-21 23:49:57 UTC (rev 21922) @@ -258,7 +258,7 @@ lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \ lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \ nsswitch/wb_client.o $(WBCOMMON_OBJ) \ - lib/pam_errors.o intl/lang_tdb.o libsmb/smb_seal.o \ + lib/pam_errors.o intl/lang_tdb.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \ @@ -313,7 +313,7 @@ libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/clioplock.o $(ERRORMAP_OBJ) libsmb/clirap2.o \ -$(DOSERR_OBJ) \ +libsmb/smb_seal.o $(DOSERR_OBJ) \ $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ) RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o Modified: branches/SAMBA_3_0/source/lib/util_sock.c === --- branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-21 21:30:25 UTC (rev 21921) +++ branches/SAMBA_3_0/source/lib/util_sock.c 2007-03-21 23:49:57 UTC (rev 21922) @@ -732,32 +732,32 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout) { - NTSTATUS status; - if (!receive_smb_raw(fd, buffer, timeout)) { return False; } - status = srv_decrypt_buffer(buffer); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n", - nt_errstr(status) )); - if (smb_read_error == 0) { - smb_read_error = READ_BAD_DECRYPT; + if (srv_encryption_on()) { + NTSTATUS status = srv_decrypt_buffer(buffer); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n", + nt_errstr(status) )); + if (smb_read_error == 0) { + smb_read_error = READ_BAD_DECRYPT; + } + return False; } - return False; + } else { + /* Check the incoming SMB signature. */ + if (!srv_check_sign_mac(buffer, True)) { + DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); + if (smb_read_error == 0) { + smb_read_error = READ_BAD_SIG; + } + return False; + } } - /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, True)) { - DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); - if (smb_read_error == 0) { - smb_read_error = READ_BAD_SIG; - } - return False; - }; - - return(True); + return True; } / @@ -766,20 +766,21 @@ BOOL send_smb(int fd, char *buffer) { - NTSTATUS status; size_t len; size_t nwritten=0; ssize_t ret; - char *buf_out; + char *buf_out = buffer; /* Sign the outgoing packet if required. */ - srv_calculate_sign_mac(buffer); - - status = srv_encrypt_buffer(buffer, &buf_out); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n", - nt_errstr(status) )); - return False; + if (!srv_encryption_on()) { + srv_calculate_sign_mac(buf_out); + } else { + NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out); + if (!NT_STATUS_IS_
svn commit: samba-web r1095 - in trunk: .
Author: jerry Date: 2007-03-21 23:30:56 + (Wed, 21 Mar 2007) New Revision: 1095 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1095 Log: correct comment about next release stage Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2007-03-21 23:25:05 UTC (rev 1094) +++ trunk/index.html2007-03-21 23:30:56 UTC (rev 1095) @@ -26,9 +26,8 @@ preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and https://bugzilla.samba.org/";>report any bugs that you -find. Our plan is to possibly have -one more preview release and move to the release candidate stage -later this month. Please read the changes in the +find. Our plan is to begin with the Release Candidate stage +in by the end of the March. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.
svn commit: samba-web r1094 - in trunk: .
Author: jerry Date: 2007-03-21 23:25:05 + (Wed, 21 Mar 2007) New Revision: 1094 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1094 Log: announcing 3.0.25pre2 Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2007-03-14 13:31:32 UTC (rev 1093) +++ trunk/index.html2007-03-21 23:25:05 UTC (rev 1094) @@ -19,27 +19,27 @@ Current Release -1 Mar 2007 -Samba 3.0.25pre1 Available for Download +21 Mar 2007 +Samba 3.0.25pre2 Available for Download -Samba 3.0.25pre1 is available for download. This is a +Samba 3.0.25pre2 is available for download. This is the second preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and https://bugzilla.samba.org/";>report any bugs that you find. Our plan is to possibly have one more preview release and move to the release candidate stage later this month. Please read the changes in the -Release Notes +Release Notes for details on new features and difference in behavior from previous releases. -The Samba 3.0.25pre1 +The Samba 3.0.25pre2 source code can be downloaded now. The GnuPG +href="/samba/ftp/pre/samba-3.0.25pre2.tar.asc">GnuPG signature is for the for the uncompressed tarball. If you prefer, the large patch -file against Samba 3.0.24 (GnuPG +href="/samba/ftp/pre/patch-3.0.25pre1-3.0.25pre2.diffs.gz">patch +file against Samba 3.0.25pre1 (GnuPG signature) is also available for download. Please read these instructions on how to verify the gpg signature. Precompiled packages will
svn commit: samba-docs r1085 - in trunk/smbdotconf/ldap: .
Author: idra Date: 2007-03-21 22:37:54 + (Wed, 21 Mar 2007) New Revision: 1085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1085 Log: Document the ldapsam:editposix parametrical option Added: trunk/smbdotconf/ldap/ldapsameditposix.xml Changeset: Added: trunk/smbdotconf/ldap/ldapsameditposix.xml === --- trunk/smbdotconf/ldap/ldapsameditposix.xml 2007-03-21 21:45:10 UTC (rev 1084) +++ trunk/smbdotconf/ldap/ldapsameditposix.xml 2007-03-21 22:37:54 UTC (rev 1085) @@ -0,0 +1,93 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + + + Editposix is an option that leverages ldapsam:trusted to make it simpler to manage a domain controller + eliminating the need to set up custom scripts to add and manage the posix users and groups. This option + will instead directly manipulate the ldap tree to create, remove and modify user and group entries. + This option also requires a running winbindd as it is used to allocate new uids/gids on user/group + creation. The allocation range must be therefore configured. + + + + To use this option, a basic ldap tree must be provided and the ldap suffix parameters must be properly + configured. On virgin servers the default users and groups (Administrator, Guest, Domain Users, + Domain Admins, Domain Guests) can be precreated with the command net sam + provision. To run this command the ldap server must be running, Winindd must be running and + the smb.conf ldap options must be properly configured. + + The tipical ldap setup used with the yes option + is usually sufficient to use yes as well. + + + + An example configuration can be the following: + + + encrypt passwords = true + passdb backend = ldapsam + + ldapsam:trusted=yes + ldapsam:editposix=yes + + ldap admin dn = cn=admin,dc=samba,dc=org + ldap delete dn = yes + ldap group suffix = ou=groups + ldap idmap suffix = ou=idmap + ldap machine suffix = ou=computers + ldap user suffix = ou=users + ldap suffix = dc=samba,dc=org + + idmap backend = ldap:"ldap://localhost"; + + idmap uid = 5000-5 + idmap gid = 5000-5 + + + This configuration assume the ldap server have been loaded with a base tree like described + in the following ldif: + + + dn: dc=samba,dc=org + objectClass: top + objectClass: dcObject + objectClass: organization + o: samba.org + dc: samba + + dn: cn=admin,dc=samba,dc=org + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: admin + description: LDAP administrator + userPassword: secret + + dn: ou=users,dc=samba,dc=org + objectClass: top + objectClass: organizationalUnit + ou: users + + dn: ou=groups,dc=samba,dc=org + objectClass: top + objectClass: organizationalUnit + ou: groups + + dn: ou=idmap,dc=samba,dc=org + objectClass: top + objectClass: organizationalUnit + ou: idmap + + dn: ou=computers,dc=samba,dc=org + objectClass: top + objectClass: organizationalUnit + ou: computers + + + + +no +
svn commit: samba-docs r1084 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 21:45:10 + (Wed, 21 Mar 2007) New Revision: 1084 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1084 Log: Fix idmap_ad sgml Fill in idmap_rid template Modified: trunk/manpages-3/idmap_ad.8.xml trunk/manpages-3/idmap_rid.8.xml Changeset: Modified: trunk/manpages-3/idmap_ad.8.xml === --- trunk/manpages-3/idmap_ad.8.xml 2007-03-21 21:31:35 UTC (rev 1083) +++ trunk/manpages-3/idmap_ad.8.xml 2007-03-21 21:45:10 UTC (rev 1084) @@ -38,6 +38,8 @@ It is intended as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs. + + Modified: trunk/manpages-3/idmap_rid.8.xml === --- trunk/manpages-3/idmap_rid.8.xml2007-03-21 21:31:35 UTC (rev 1083) +++ trunk/manpages-3/idmap_rid.8.xml2007-03-21 21:45:10 UTC (rev 1084) @@ -15,18 +15,56 @@ DESCRIPTION - - TODO + The idmap_rid backend provides a way to use an algorithmic + mapping scheme to map UIDs/GIDs and SIDs. No database is required + in this case as the mapping is deterministic. IDMAP OPTIONS - TODO + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If algorithmically determined UID or GID fall outside the + range, they are ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + + + + + base_rid = INTEGER + + Defines the base integer used to build SIDs out of an UID or a GID, + and to rebase the UID or GID to be obtained froma SID. User RIDs + by default starts at 1000 (512 hexadecimal), this means a good value + for base_rid can be 1000 as the resulting ID is calculated this way: + ID = RID - BASE_RID + LOW RANGE ID. + + + EXAMPLES - TODO + This example shows how to configure 2 domains with idmap_rid + + + [global] + idmap domain = MAIN TRUSTED1 + + idmap config MAIN:backend = rid + idmap config MAIN:base_rid = 1000 + idmap config MAIN:range= 1 - 4 + + idmap config TRUSTED1:backend = rid + idmap config TRUSTED1:base_rid = 1000 + idmap config TRUSTED1:range= 5 - 9 +
svn commit: samba-docs r1083 - in tags: .
Author: jerry Date: 2007-03-21 21:31:35 + (Wed, 21 Mar 2007) New Revision: 1083 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1083 Log: tagging 3.0.25pre2 Added: tags/release-3-0-25pre2/ Changeset: Copied: tags/release-3-0-25pre2 (from rev 1082, trunk)
svn commit: samba r21921 - in tags: .
Author: jerry Date: 2007-03-21 21:30:25 + (Wed, 21 Mar 2007) New Revision: 21921 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21921 Log: tagging 3.0.25pre2 Added: tags/release-3-0-25pre2/ Changeset: Copied: tags/release-3-0-25pre2 (from rev 21920, branches/SAMBA_3_0_RELEASE)
svn commit: samba-docs r1082 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 21:26:02 + (Wed, 21 Mar 2007) New Revision: 1082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1082 Log: Copy&Paste leftover for the example description, fix it. Modified: trunk/manpages-3/idmap_nss.8.xml Changeset: Modified: trunk/manpages-3/idmap_nss.8.xml === --- trunk/manpages-3/idmap_nss.8.xml2007-03-21 21:23:17 UTC (rev 1081) +++ trunk/manpages-3/idmap_nss.8.xml2007-03-21 21:26:02 UTC (rev 1082) @@ -29,9 +29,8 @@ EXAMPLES - The follow sets of a LDAP configuration which uses a slave server - running on localhost for fetching SID/gid/uid mappings while - sending update requests to the directory master server. + This example shows how to use idmap_nss to check the local accounts for its + own domain while using allocation to create new mappings for trusted domains
svn commit: samba-docs r1081 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 21:23:17 + (Wed, 21 Mar 2007) New Revision: 1081 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1081 Log: man page for IDMAP_AD Modified: trunk/manpages-3/idmap_ad.8.xml Changeset: Modified: trunk/manpages-3/idmap_ad.8.xml === --- trunk/manpages-3/idmap_ad.8.xml 2007-03-21 20:56:27 UTC (rev 1080) +++ trunk/manpages-3/idmap_ad.8.xml 2007-03-21 21:23:17 UTC (rev 1081) @@ -15,17 +15,53 @@ DESCRIPTION - TODO + The idmap_ad plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307/SFU schema + extensions. This module implements only the "idmap" + API, and is READONLY. Mappings must be provided in advance + by the administrator by adding the posixAccount/posixGroup + classess and relative attribute/value pairs to the users and + groups objects in AD IDMAP OPTIONS - TODO + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If specified any UID or GID stored in AD that fall outside the + range is ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + EXAMPLES - TODO + + The following example shows how to retrieve idmappings from our principal and + and trusted AD domains. All is needed is to set default to yes. If trusted + domains are present id conflicts must be resolved beforehand, there is no + guarantee on the order confliting mappings would be resolved at this point. + + This example also shows how to leave a small non conflicting range for local + id allocation that may be used in internal backends like BULTIN. + + + + [global] + idmap domain = ALLDOMAINS + idmap config ALLDOMAINS:backend = ad + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:range= 1 - 3 + + idmap alloc backend = tdb + idmap alloc config:range= 5000 - +
svn commit: samba r21920 - in branches: SAMBA_3_0_25/packaging/RHEL SAMBA_3_0_RELEASE/packaging/RHEL
Author: jerry Date: 2007-03-21 21:17:02 + (Wed, 21 Mar 2007) New Revision: 21920 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21920 Log: add idmap man pages to RHEL packaging Modified: branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl Changeset: Modified: branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl2007-03-21 21:10:59 UTC (rev 21919) +++ branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl2007-03-21 21:17:02 UTC (rev 21920) @@ -390,6 +390,7 @@ %{_mandir}/man1/ntlm_auth.1* %{_mandir}/man1/wbinfo.1* %{_mandir}/man8/vfs_*.8* +%{_mandir}/man8/idmap_*.8* ## Modified: branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl 2007-03-21 21:10:59 UTC (rev 21919) +++ branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl 2007-03-21 21:17:02 UTC (rev 21920) @@ -390,6 +390,7 @@ %{_mandir}/man1/ntlm_auth.1* %{_mandir}/man1/wbinfo.1* %{_mandir}/man8/vfs_*.8* +%{_mandir}/man8/idmap_*.8* ##
svn commit: samba r21919 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-03-21 21:10:59 + (Wed, 21 Mar 2007) New Revision: 21919 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21919 Log: now that the local passdb abd BUILTIN have been blacklisted and they always point to the passdb module, remove this comment and move the explanation in the dimap_ad man page. Simo. Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-03-21 21:08:15 UTC (rev 21918) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-03-21 21:10:59 UTC (rev 21919) @@ -194,21 +194,6 @@ } } - /* idmap AD can work well only if it is the default module (trusts) -* with additional BUILTIN and alloc using TDB */ - if ( ! dom->default_domain) { - DEBUG(1, ("WARNING: idmap_ad is not configured as the default domain.\n" - "For best results we suggest you to configure this module as\n" - "default and configure BULTIN to use idmap_tdb\n" - "ex: idmap domains = BUILTIN %s\n" - "idmap alloc config: range = 5000 - \n" - "idmap config %s: default = yes\n" - "idmap config %s: backend = ad\n" - "idmap config %s: range = 1 - 1000 #this is optional\n" - "NOTE: make sure the ranges do not overlap\n", - dom->name, dom->name, dom->name, dom->name)); - } - if ( !dom->readonly ) { DEBUG(1, ("WARNING: forcing to readonly, as idmap_ad can't write on AD.\n")); dom->readonly = true; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-03-21 21:08:15 UTC (rev 21918) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_ad.c2007-03-21 21:10:59 UTC (rev 21919) @@ -194,21 +194,6 @@ } } - /* idmap AD can work well only if it is the default module (trusts) -* with additional BUILTIN and alloc using TDB */ - if ( ! dom->default_domain) { - DEBUG(1, ("WARNING: idmap_ad is not configured as the default domain.\n" - "For best results we suggest you to configure this module as\n" - "default and configure BULTIN to use idmap_tdb\n" - "ex: idmap domains = BUILTIN %s\n" - "idmap alloc config: range = 5000 - \n" - "idmap config %s: default = yes\n" - "idmap config %s: backend = ad\n" - "idmap config %s: range = 1 - 1000 #this is optional\n" - "NOTE: make sure the ranges do not overlap\n", - dom->name, dom->name, dom->name, dom->name)); - } - if ( !dom->readonly ) { DEBUG(1, ("WARNING: forcing to readonly, as idmap_ad can't write on AD.\n")); dom->readonly = true;
svn commit: samba r21918 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch SAMBA_3_0_RELEASE/source/nsswitch
Author: jerry Date: 2007-03-21 21:08:15 + (Wed, 21 Mar 2007) New Revision: 21918 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21918 Log: Reverting this change as it is now causing aborts() in find_builtin_domain().This all needs more testing before anyone starts changing these lookup routines again. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-21 19:15:14 UTC (rev 21917) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-21 21:08:15 UTC (rev 21918) @@ -604,13 +604,8 @@ /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - /* We need to use sid_peek_check_rid, because we want -* to make sure that the SIDs we send to the backends are -* as specific as possible. -*/ - if (sid_peek_check_rid(&domain->sid, sid, &discard)) { + if (sid_compare_domain(sid, &domain->sid) == 0) return domain; - } } /* Not found */ Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c 2007-03-21 19:15:14 UTC (rev 21917) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c 2007-03-21 21:08:15 UTC (rev 21918) @@ -603,13 +603,8 @@ /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - /* We need to use sid_peek_check_rid, because we want -* to make sure that the SIDs we send to the backends are -* as specific as possible. -*/ - if (sid_peek_check_rid(&domain->sid, sid, &discard)) { + if (sid_compare_domain(sid, &domain->sid) == 0) return domain; - } } /* Not found */ Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c 2007-03-21 19:15:14 UTC (rev 21917) +++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c 2007-03-21 21:08:15 UTC (rev 21918) @@ -603,13 +603,8 @@ /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - /* We need to use sid_peek_check_rid, because we want -* to make sure that the SIDs we send to the backends are -* as specific as possible. -*/ - if (sid_peek_check_rid(&domain->sid, sid, &discard)) { + if (sid_compare_domain(sid, &domain->sid) == 0) return domain; - } } /* Not found */
svn commit: samba-docs r1080 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 20:56:27 + (Wed, 21 Mar 2007) New Revision: 1080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1080 Log: mention idmap domains Modified: trunk/manpages-3/winbindd.8.xml Changeset: Modified: trunk/manpages-3/winbindd.8.xml === --- trunk/manpages-3/winbindd.8.xml 2007-03-21 20:51:40 UTC (rev 1079) +++ trunk/manpages-3/winbindd.8.xml 2007-03-21 20:56:27 UTC (rev 1080) @@ -202,17 +202,17 @@ is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command. The allocated unix ids are stored - in a database file under the Samba lock directory and will be - remembered. + in a database and will be remembered. WARNING: The SID to unix id database is the only location where the user and group mappings are stored by winbindd. If this - file is deleted or corrupted, there is no way for winbindd to + store is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids. See the idmap -backend parameter in +domains or the old idmap + backend parameters in smb.conf for options for sharing this database, such as via LDAP.
svn commit: samba-docs r1079 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 20:51:40 + (Wed, 21 Mar 2007) New Revision: 1079 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1079 Log: formatting Modified: trunk/manpages-3/winbindd.8.xml Changeset: Modified: trunk/manpages-3/winbindd.8.xml === --- trunk/manpages-3/winbindd.8.xml 2007-03-21 20:49:41 UTC (rev 1078) +++ trunk/manpages-3/winbindd.8.xml 2007-03-21 20:51:40 UTC (rev 1079) @@ -38,13 +38,13 @@ in most modern C libraries, to arbitary applications via PAM and ntlm_auth and to Samba itself. -Even if winbind is not used for nsswitch, it still provides a -service to smbd, ntlm_auth -and the pam_winbind.so PAM module, by managing connections to -domain controllers. In this configuraiton the - and - -parameters are not required. (This is known as `netlogon proxy only mode'.) + Even if winbind is not used for nsswitch, it still provides a + service to smbd, ntlm_auth + and the pam_winbind.so PAM module, by managing connections to + domain controllers. In this configuraiton the +and + + parameters are not required. (This is known as `netlogon proxy only mode'.) The Name Service Switch allows user and system information to be obtained from different databases
svn commit: samba-docs r1078 - in trunk/manpages-3: .
Author: idra Date: 2007-03-21 20:49:41 + (Wed, 21 Mar 2007) New Revision: 1078 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1078 Log: Explain it in another way, that will not set up false expectations Modified: trunk/manpages-3/idmap_ldap.8.xml Changeset: Modified: trunk/manpages-3/idmap_ldap.8.xml === --- trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 20:48:00 UTC (rev 1077) +++ trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 20:49:41 UTC (rev 1078) @@ -98,8 +98,11 @@ The follow sets of a LDAP configuration which uses a slave server - running on localhost for fetching SID/gid/uid mappings while - sending update requests to the directory master server. + running on localhost for fast fetching SID/gid/uid mappings, it + implies correct configuration of referrals. + The idmap alloc backend is pointed directly to the master to skip + the referral (and consequent reconnection to the master) that the + slave would return as allocation requires writing on the master.
svn commit: samba-docs r1077 - in trunk/manpages-3: .
Author: jerry Date: 2007-03-21 20:48:00 + (Wed, 21 Mar 2007) New Revision: 1077 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1077 Log: add stubs for idmap_{ad,rid}.8 Added: trunk/manpages-3/idmap_ad.8.xml trunk/manpages-3/idmap_rid.8.xml Changeset: Added: trunk/manpages-3/idmap_ad.8.xml === --- trunk/manpages-3/idmap_ad.8.xml 2007-03-21 20:29:35 UTC (rev 1076) +++ trunk/manpages-3/idmap_ad.8.xml 2007-03-21 20:48:00 UTC (rev 1077) @@ -0,0 +1,42 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + idmap_ad + 8 + + + + + idmap_ad + Samba's idmap_ad Backend for Winbind + + + + DESCRIPTION + TODO + + + + IDMAP OPTIONS + TODO + + + + EXAMPLES + TODO + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + Added: trunk/manpages-3/idmap_rid.8.xml === --- trunk/manpages-3/idmap_rid.8.xml2007-03-21 20:29:35 UTC (rev 1076) +++ trunk/manpages-3/idmap_rid.8.xml2007-03-21 20:48:00 UTC (rev 1077) @@ -0,0 +1,43 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + idmap_rid + 8 + + + + + idmap_rid + Samba's idmap_rid Backend for Winbind + + + + DESCRIPTION + + TODO + + + + IDMAP OPTIONS + TODO + + + + EXAMPLES + TODO + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + +
svn commit: samba-docs r1076 - in trunk/manpages-3: .
Author: jerry Date: 2007-03-21 20:29:35 + (Wed, 21 Mar 2007) New Revision: 1076 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1076 Log: add idmap_nss man page Added: trunk/manpages-3/idmap_nss.8.xml Changeset: Added: trunk/manpages-3/idmap_nss.8.xml === --- trunk/manpages-3/idmap_nss.8.xml2007-03-21 20:29:23 UTC (rev 1075) +++ trunk/manpages-3/idmap_nss.8.xml2007-03-21 20:29:35 UTC (rev 1076) @@ -0,0 +1,64 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + idmap_nss + 8 + + + + + idmap_nss + Samba's idmap_nss Backend for Winbind + + + + DESCRIPTION + + The idmap_nss plugin provides a means to map Unix users and groups + to Windows accounts and obseletes the "winbind trusted domains only" + smb.conf option. This provides a simple means of ensuring that the SID + for a Unix user named jsmith is reported as the one assigned to + DOMAIN\jsmith which is necessary for reporting ACLs on files and printers + stored on a Samba member server. + + + + + EXAMPLES + + + The follow sets of a LDAP configuration which uses a slave server + running on localhost for fetching SID/gid/uid mappings while + sending update requests to the directory master server. + + + + [global] + idmap domain = SAMBA TRUSTEDDOMAINS + + idmap config SAMBA:backend = nss + idmap config SAMBA:readonly = yes + + idmap config TRUSTEDDOMAINS:default = yes + idmap config TRUSTEDDOMAINS:backend = tdb + idmap config TRUSTEDDOMAINS:range = 1 - 5 + + idmap alloc backend = tdb + idmap alloc config:range = 1 - 5 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + +
svn commit: samba-docs r1075 - in trunk/manpages-3: .
Author: jerry Date: 2007-03-21 20:29:23 + (Wed, 21 Mar 2007) New Revision: 1075 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1075 Log: fix a typo in idmap_ldap man page Modified: trunk/manpages-3/idmap_ldap.8.xml Changeset: Modified: trunk/manpages-3/idmap_ldap.8.xml === --- trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 20:22:12 UTC (rev 1074) +++ trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 20:29:23 UTC (rev 1075) @@ -109,7 +109,7 @@ idmap config ALLDOMAINS:backend = ldap idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com idmap config ALLDOMAINS:ldap_url = ldap://localhost/ - idmap config default:range = 1 - 5 + idmap config ALLDOMAINS:range= 1 - 5 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com
svn commit: samba-docs r1074 - in trunk: manpages-3 smbdotconf/winbind
Author: jerry Date: 2007-03-21 20:22:12 + (Wed, 21 Mar 2007) New Revision: 1074 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1074 Log: more idmap doc updates Modified: trunk/manpages-3/idmap_ldap.8.xml trunk/manpages-3/idmap_tdb.8.xml trunk/smbdotconf/winbind/idmapbackend.xml trunk/smbdotconf/winbind/idmapconfig.xml trunk/smbdotconf/winbind/idmapdomains.xml Changeset: Modified: trunk/manpages-3/idmap_ldap.8.xml === --- trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 19:38:36 UTC (rev 1073) +++ trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 20:22:12 UTC (rev 1074) @@ -104,17 +104,17 @@ [global] - idmap domain = default + idmap domain = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = ldap + idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config ALLDOMAINS:ldap_url = ldap://localhost/ + idmap config default:range = 1 - 5 - idmap config default:backend = ldap - idmap alloc backend:ldap_base_dn = ou=idmap,dc=example,dc=com - idmap alloc backend:ldap_url = ldap://localhost/ - idmap config default:range = 1 - 5 - idmap alloc backend = ldap - idmap alloc backend:ldap_base_dn = ou=idmap,dc=example,dc=com - idmap alloc backend:ldap_url = ldap://master.example.com/ - idmap alloc config:range = 1 - 5 + idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc config:ldap_url = ldap://master.example.com/ + idmap alloc config:range= 1 - 5 Modified: trunk/manpages-3/idmap_tdb.8.xml === --- trunk/manpages-3/idmap_tdb.8.xml2007-03-21 19:38:36 UTC (rev 1073) +++ trunk/manpages-3/idmap_tdb.8.xml2007-03-21 20:22:12 UTC (rev 1074) @@ -66,11 +66,11 @@ [global] - idmap domain = default + idmap domain = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = tdb + idmap config ALLDOMAINS:range = 1 - 5 - idmap config default:backend = tdb - idmap config default:range = 1 - 5 - idmap alloc backend = tdb idmap alloc config:range = 1 - 5 Modified: trunk/smbdotconf/winbind/idmapbackend.xml === --- trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 19:38:36 UTC (rev 1073) +++ trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 20:22:12 UTC (rev 1074) @@ -24,7 +24,5 @@ - -ldap:ldap://ldapslave.example.com/ -ad +tdb Modified: trunk/smbdotconf/winbind/idmapconfig.xml === --- trunk/smbdotconf/winbind/idmapconfig.xml2007-03-21 19:38:36 UTC (rev 1073) +++ trunk/smbdotconf/winbind/idmapconfig.xml2007-03-21 20:22:12 UTC (rev 1074) @@ -8,24 +8,57 @@ The idmap config prefix provides a means of managing each domain defined by the option using Samba's parameteric option support. The idmap config prefix should be - followed by the name of the domain, a colon, and either the option - name "backend" or a setting specific to the chosen - backend. + followed by the name of the domain, a colon, and a setting specific to + the chosen backend. There are three options available for all domains: + + + + backend = backend_name + + Specifies the name of the idmap plugin to use as the + SID/uid/gid backend for this domain. + + + + default = [yes|no] + + The default domain/backend will be used for searching for + users and groups not belonging to one of the explicitly + listed domains (matched by comparing the account SID and the + domain SID). + + + + + readonly = [yes|no] + + Mark the domain as readonly which means that no attempts to + allocate a uid or gid (by the ) for any user or group in that domain + will be attempted. + + + + The following example illustrates how to configure the idmap_ad8 for the CORP domain and the idmap_tdb - 8 backend for all other domains. + 8 backend for all other domains. The +
svn commit: samba-docs r1073 - in trunk/manpages-3: .
Author: jerry Date: 2007-03-21 19:38:36 + (Wed, 21 Mar 2007) New Revision: 1073 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1073 Log: Fill in the idmap_ldap man page and clean up a few things in the idmap_tdb docs Added: trunk/manpages-3/idmap_ldap.8.xml Modified: trunk/manpages-3/idmap_tdb.8.xml Changeset: Added: trunk/manpages-3/idmap_ldap.8.xml === --- trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 19:16:56 UTC (rev 1072) +++ trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 19:38:36 UTC (rev 1073) @@ -0,0 +1,132 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + idmap_ldap + 8 + + + + + idmap_ldap + Samba's idmap_ldap Backend for Winbind + + + + DESCRIPTION + + The idmap_ldap plugin provides a means for Winbind to + store and retrieve SID/uid/gid mapping tables in an LDAP directory + service. The module implements both the "idmap" and + "idmap alloc" APIs. + + + + + IDMAP OPTIONS + + + + ldap_base_dn = DN + + Defines the directory base suffix to use when searching for + SID/uid/gid mapping entries. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + + + + + ldap_url = ldap://server/ + + Specifies the LDAP server to use when searching for existing + SID/uid/gid map entries. If not defined, idmap_ldap will + assume that ldap://localhost/ should be used. + + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + + + + + + + IDMAP ALLOC OPTIONS + + + + ldap_base_dn = DN + + Defines the directory base suffix under which new SID/uid/gid mapping + entries should be stored. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + + + + + ldap_url = ldap://server/ + + Specifies the LDAP server to which modify/add/delete requests should + be sent. If not defined, idmap_ldap will assume that ldap://localhost/ + should be used. + + + + + range = low - high + + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + + + + + + + EXAMPLES + + + The follow sets of a LDAP configuration which uses a slave server + running on localhost for fetching SID/gid/uid mappings while + sending update requests to the directory master server. + + + + [global] + idmap domain = default + + idmap config default:backend = ldap + idmap alloc backend:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc backend:ldap_url = ldap://localhost/ + idmap config default:range = 1 - 5 + + idmap alloc backend = ldap + idmap alloc backend:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc backend:ldap_url = ldap://master.example.com/ + idmap alloc config:range = 1 - 5 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + Modified: trunk/manpages-3/idmap_tdb.8.xml === --- trunk/manpages-3/idmap_tdb.8.xml2007-03-21 19:16:56 UTC (rev 1072) +++ trunk/manpages-3/idmap_tdb.8.xml2007-03-21 19:38:36 UTC (rev 1073) @@ -10,7 +10,7 @@
svn commit: samba-docs r1072 - in trunk/manpages-3: .
Author: jerry Date: 2007-03-21 19:16:56 + (Wed, 21 Mar 2007) New Revision: 1072 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1072 Log: fill in the idmap_tdb man page Added: trunk/manpages-3/idmap_tdb.8.xml Changeset: Added: trunk/manpages-3/idmap_tdb.8.xml === --- trunk/manpages-3/idmap_tdb.8.xml2007-03-21 18:45:50 UTC (rev 1071) +++ trunk/manpages-3/idmap_tdb.8.xml2007-03-21 19:16:56 UTC (rev 1072) @@ -0,0 +1,91 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + idmap_tdb + 8 + + + + + idmap_tdb + Samba's idmap_tdb Backend for winbindd + + + + DESCRIPTION + + The idmap_tdb plugin is the default backend used by winbindd + for storing SID/uid/gid mapping tables and implements + both the "idmap" and "idmap alloc" APIs. + + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retreive SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + + + + + + + IDMAP ALLOC OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + + + + + + + EXAMPLES + + + The following example is equivalent to the pre-3.0.25 default idmap + configuration using the "idmap backend = tdb" setting. + + + + [global] + idmap domain = default + + idmap config default:backend = tdb + idmap config default:default = yes + idmap config default:range = 1 - 5 + + idmap alloc backend = tdb + idmap alloc config:range = 1 - 5 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + +
svn commit: samba r21917 - in branches/SAMBA_3_0/source: include libsmb smbd
Author: jra Date: 2007-03-21 19:15:14 + (Wed, 21 Mar 2007) New Revision: 21917 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21917 Log: Start to do the gss versions of sign+seal. Jeremy. Modified: branches/SAMBA_3_0/source/include/client.h branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/libsmb/smb_seal.c branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/include/client.h === --- branches/SAMBA_3_0/source/include/client.h 2007-03-21 18:33:13 UTC (rev 21916) +++ branches/SAMBA_3_0/source/include/client.h 2007-03-21 19:15:14 UTC (rev 21917) @@ -79,14 +79,14 @@ }; /* Transport encryption state. */ -enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_KRB5 }; +enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_GSS }; struct smb_trans_enc_state { enum smb_trans_enc_type smb_enc_type; BOOL enc_on; union { NTLMSSP_STATE *ntlmssp_state; -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) gss_ctx_id_t context_handle; #endif }; Modified: branches/SAMBA_3_0/source/include/includes.h === --- branches/SAMBA_3_0/source/include/includes.h2007-03-21 18:33:13 UTC (rev 21916) +++ branches/SAMBA_3_0/source/include/includes.h2007-03-21 19:15:14 UTC (rev 21917) @@ -1187,10 +1187,10 @@ krb5_data *reply); /* Call for SMB transport encryption. */ -#if defined(HAVE_GSSAPI_SUPPORT) +#if defined(HAVE_GSSAPI) NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf); #endif -#if defined(HAVE_GSSAPI_SUPPORT) +#if defined(HAVE_GSSAPI) NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out); #endif Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 18:33:13 UTC (rev 21916) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 19:15:14 UTC (rev 21917) @@ -124,7 +124,7 @@ gss-api decrypt an incoming buffer. **/ -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf) { return NT_STATUS_NOT_SUPPORTED; @@ -136,10 +136,65 @@ gss-api encrypt an outgoing buffer. Return the alloced encrypted pointer in buf_out. **/ -#if defined(HAVE_GSSAPI_SUPPORT) && defined(HAVE_KRB5) - NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **buf_out) +#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) + NTSTATUS common_gss_encrypt_buffer(gss_ctx_id_t context_handle, char *buf, char **ppbuf_out) { - return NT_STATUS_NOT_SUPPORTED; + OM_uint32 ret = 0; + OM_uint32 minor = 0; + int flags_got = 0; + gss_buffer_desc in_buf, out_buf; + size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */ + + *ppbuf_out = NULL; + + if (buf_len < 8) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + in_buf.value = buf + 8; + in_buf.length = buf_len - 8; + + ret = gss_wrap(&minor, + context_handle, + True, /* we want sign+seal. */ + GSS_C_QOP_DEFAULT, + &in_buf, + &flags_got, /* did we get sign+seal ? */ + &out_buf); + + if (ret != GSS_S_COMPLETE) { + /* Um - no mapping for gss-errs to NTSTATUS yet. */ + return NT_STATUS_UNSUCCESSFUL; + } + + if (!flags_got) { + /* Sign+seal not supported. */ + gss_release_buffer(&minor, &out_buf); + return NT_STATUS_NOT_SUPPORTED; + } + + /* Ya see - this is why I *hate* gss-api. I don't +* want to have to malloc another buffer of the +* same size + 8 bytes just to get a continuous +* header + buffer, but gss won't let me pass in +* a pre-allocated buffer. Bastards (and you know +* who you are). I might fix this by +* going to "encrypt_and_send" passing in a file +* descriptor and doing scatter-gather write with +* TCP cork on Linux. But I shouldn't have to +* bother :-*(. JRA. +*/ + + *ppbuf_out = SMB_MALLOC(out_buf.length + 8); /* We know this can't wrap. */ + if (!*ppbuf_out) { + gss_release_buffer(&minor, &out_buf); + re
svn commit: samba-docs r1071 - in trunk/smbdotconf/winbind: .
Author: jerry Date: 2007-03-21 18:45:50 + (Wed, 21 Mar 2007) New Revision: 1071 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1071 Log: add more idmap alloc smb.conf entries Added: trunk/smbdotconf/winbind/idmapallocbackend.xml trunk/smbdotconf/winbind/idmapallocconfig.xml Changeset: Added: trunk/smbdotconf/winbind/idmapallocbackend.xml === --- trunk/smbdotconf/winbind/idmapallocbackend.xml 2007-03-21 18:30:11 UTC (rev 1070) +++ trunk/smbdotconf/winbind/idmapallocbackend.xml 2007-03-21 18:45:50 UTC (rev 1071) @@ -0,0 +1,25 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + + The idmap alloc backend provides a plugin interface for Winbind to use + when allocating Unix uids/gids for Windows SIDs. This option is + to be used in conjunction with the + parameter and refers to the name of the idmap module which will provide + the id allocation functionality. Please refer to the man page + for each idmap plugin to determine whether or not the module implements + the allocation feature. The most common plugins are the tdb ( + idmap_tdb8) +and ldap (idmap_ldap +8) libraries. + + + Also refer to the option. + + + +tdb + Added: trunk/smbdotconf/winbind/idmapallocconfig.xml === --- trunk/smbdotconf/winbind/idmapallocconfig.xml 2007-03-21 18:30:11 UTC (rev 1070) +++ trunk/smbdotconf/winbind/idmapallocconfig.xml 2007-03-21 18:45:50 UTC (rev 1071) @@ -0,0 +1,14 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + + The idmap alloc config prefix provides a means of managing settings + for the backend defined by the + parameter. Refer to the man page for each idmap plugin regarding + specific configuration details. + + +
svn commit: samba r21916 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-21 18:33:13 + (Wed, 21 Mar 2007) New Revision: 21916 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21916 Log: Fix couple of "return" calls on void functions. Ensure we ignore reqests to free keepalive buffers as we only copied these. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 17:59:29 UTC (rev 21915) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 18:33:13 UTC (rev 21916) @@ -238,6 +238,14 @@ return; } + /* We know this is an smb buffer, and we +* didn't malloc, only copy, for a keepalive, +* so ignore session keepalives. */ + + if(CVAL(buf,0) == SMBkeepalive) { + return; + } + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { SAFE_FREE(buf); return; @@ -267,7 +275,7 @@ void cli_free_encryption_context(struct cli_state *cli) { - return common_free_encryption_state(&cli->trans_enc_state); + common_free_encryption_state(&cli->trans_enc_state); } /** @@ -276,7 +284,7 @@ void cli_free_enc_buffer(struct cli_state *cli, char *buf) { - return common_free_enc_buffer(cli->trans_enc_state, buf); + common_free_enc_buffer(cli->trans_enc_state, buf); } /**
svn commit: samba-docs r1070 - in trunk/smbdotconf/winbind: .
Author: jerry Date: 2007-03-21 18:30:11 + (Wed, 21 Mar 2007) New Revision: 1070 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1070 Log: add references id idmap uid/gid to the new idmap parameters Modified: trunk/smbdotconf/winbind/idmapgid.xml trunk/smbdotconf/winbind/idmapuid.xml Changeset: Modified: trunk/smbdotconf/winbind/idmapgid.xml === --- trunk/smbdotconf/winbind/idmapgid.xml 2007-03-21 16:12:55 UTC (rev 1069) +++ trunk/smbdotconf/winbind/idmapgid.xml 2007-03-21 18:30:11 UTC (rev 1070) @@ -1,17 +1,19 @@ http://www.samba.org/samba/DTD/samba-doc";> - winbind gid + winbind gid + The idmap gid parameter specifies the range of group ids + that are allocated for the purpose of mapping UNX groups to NT group + SIDs. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can + occur otherwise. - The idmap gid parameter specifies the range of group ids that are allocated for - the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no - existing local or NIS groups within it as strange conflicts can occur otherwise. - - The availability of an idmap gid range is essential for correct operation of - all group mapping. + See also the , , and options. + Modified: trunk/smbdotconf/winbind/idmapuid.xml === --- trunk/smbdotconf/winbind/idmapuid.xml 2007-03-21 16:12:55 UTC (rev 1069) +++ trunk/smbdotconf/winbind/idmapuid.xml 2007-03-21 18:30:11 UTC (rev 1070) @@ -1,13 +1,19 @@ http://www.samba.org/samba/DTD/samba-doc";> winbind uid - The idmap uid parameter specifies the range of user ids that are allocated for use - in mapping UNIX users to NT user SIDs. This range of ids should have no existing local + + The idmap uid parameter specifies the range of user ids that are + allocated for use in mapping UNIX users to NT user SIDs. This + range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise. + + See also the , , and options. +
svn commit: samba r21915 - in branches/SAMBA_3_0_RELEASE: . source/nsswitch
Author: jerry Date: 2007-03-21 17:59:29 + (Wed, 21 Mar 2007) New Revision: 21915 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21915 Log: grab the sid_peek_check_rid() fix from 3.0.25 and the release notes Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-03-21 17:54:49 UTC (rev 21914) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-03-21 17:59:29 UTC (rev 21915) @@ -82,6 +82,8 @@ Parameter Name Description Default -- --- --- debug prefix timestamp New No +idmap cache time Renamed 900 +idmap negative cache time Renamed 120 lock spin count Removed n/a Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c 2007-03-21 17:54:49 UTC (rev 21914) +++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c 2007-03-21 17:59:29 UTC (rev 21915) @@ -603,8 +603,13 @@ /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (sid_compare_domain(sid, &domain->sid) == 0) + /* We need to use sid_peek_check_rid, because we want +* to make sure that the SIDs we send to the backends are +* as specific as possible. +*/ + if (sid_peek_check_rid(&domain->sid, sid, &discard)) { return domain; + } } /* Not found */
svn commit: samba r21914 - in branches/SAMBA_3_0_25/source/nsswitch: .
Author: jerry Date: 2007-03-21 17:54:49 + (Wed, 21 Mar 2007) New Revision: 21914 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21914 Log: grab the sid_peek_check_rid() change for find_domain_from_sid_noinit() in SAMBA_3_0 Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c 2007-03-21 17:43:49 UTC (rev 21913) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_util.c 2007-03-21 17:54:49 UTC (rev 21914) @@ -603,8 +603,13 @@ /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (sid_compare_domain(sid, &domain->sid) == 0) + /* We need to use sid_peek_check_rid, because we want +* to make sure that the SIDs we send to the backends are +* as specific as possible. +*/ + if (sid_peek_check_rid(&domain->sid, sid, &discard)) { return domain; + } } /* Not found */
svn commit: samba r21913 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jerry Date: 2007-03-21 17:43:49 + (Wed, 21 Mar 2007) New Revision: 21913 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21913 Log: fix one bug in build 717: correctly check the return from sid_peek_check_rid() when trying to find a matching domain Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-21 17:13:35 UTC (rev 21912) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-03-21 17:43:49 UTC (rev 21913) @@ -608,7 +608,7 @@ * to make sure that the SIDs we send to the backends are * as specific as possible. */ - if (sid_peek_check_rid(&domain->sid, sid, &discard) == 0) { + if (sid_peek_check_rid(&domain->sid, sid, &discard)) { return domain; } }
svn commit: samba r21912 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2007-03-21 17:13:35 + (Wed, 21 Mar 2007) New Revision: 21912 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21912 Log: There's no point checksumming the packet length this already has to be right. This makes the signed+sealed area the same as it will be with gss calls. Now to go implement them. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c === --- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 17:05:39 UTC (rev 21911) +++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 17:13:35 UTC (rev 21912) @@ -54,8 +54,8 @@ status = ntlmssp_unseal_packet(ntlmssp_state, (unsigned char *)buf + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */ buf_len - 8, - (unsigned char *)buf, - buf_len, + (unsigned char *)buf + 8, + buf_len - 8, &sig); if (!NT_STATUS_IS_OK(status)) { @@ -104,8 +104,8 @@ status = ntlmssp_seal_packet(ntlmssp_state, (unsigned char *)buf_out + 8, /* 4 byte len + 0xFF 'S' 'M' 'B' */ buf_len - 8, - (unsigned char *)buf_out, - buf_len, + (unsigned char *)buf_out + 8, + buf_len - 8, &sig); if (!NT_STATUS_IS_OK(status)) {
svn commit: samba r21911 - in branches/SAMBA_4_0: . source/rpc_server
Author: jelmer Date: 2007-03-21 17:05:39 + (Wed, 21 Mar 2007) New Revision: 21911 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21911 Log: Some more work on making the ncacn_np handling in smbd be less special. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c branches/SAMBA_4_0/source/rpc_server/dcerpc_sock.c Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:merge ...skipped... Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c === --- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c2007-03-21 16:26:25 UTC (rev 21910) +++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c2007-03-21 17:05:39 UTC (rev 21911) @@ -1409,9 +1409,9 @@ break; case NCACN_NP: -/* FIXME: status = dcesrv_add_ep_np(dce_ctx, e, task->event_ctx, task->model_ops); + status = dcesrv_add_ep_np(dce_ctx, e, task->event_ctx, task->model_ops); if (!NT_STATUS_IS_OK(status)) goto failed; -*/ break; + break; default: status = NT_STATUS_NOT_SUPPORTED; Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_sock.c === --- branches/SAMBA_4_0/source/rpc_server/dcerpc_sock.c 2007-03-21 16:26:25 UTC (rev 21910) +++ branches/SAMBA_4_0/source/rpc_server/dcerpc_sock.c 2007-03-21 17:05:39 UTC (rev 21911) @@ -267,9 +267,55 @@ return status; } + /* add a socket address to the list of events, one event per dcerpc endpoint */ +static NTSTATUS add_socket_rpc_pipe_iface(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e, +struct event_context *event_ctx, const struct model_ops *model_ops) +{ + struct dcesrv_socket_context *dcesrv_sock; + NTSTATUS status; + + if (e->ep_description->endpoint == NULL) { + DEBUG(0, ("Endpoint mandatory for named pipes\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + dcesrv_sock = talloc(event_ctx, struct dcesrv_socket_context); + NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock); + + /* remember the endpoint of this socket */ + dcesrv_sock->endpoint = e; + dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx); + + status = NT_STATUS_OK; +#if 0 + + status = stream_setup_smb_pipe(event_ctx, model_ops, &dcesrv_stream_ops, +e->ep_description->endpoint, dcesrv_sock); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n", +e->ep_description->endpoint, nt_errstr(status))); + } +#endif + return status; +} + +NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e, + struct event_context *event_ctx, const struct model_ops *model_ops) +{ + NTSTATUS status; + + status = add_socket_rpc_pipe_iface(dce_ctx, e, event_ctx, model_ops); + NT_STATUS_NOT_OK_RETURN(status); + + return status; +} + +/* + add a socket address to the list of events, one event per dcerpc endpoint +*/ static NTSTATUS add_socket_rpc_tcp_iface(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e, struct event_context *event_ctx, const struct model_ops *model_ops, const char *address) @@ -324,5 +370,3 @@ return NT_STATUS_OK; } - -
Rev 11751: Some more work on making the ncacn_np handling in smbd be less special. in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11751 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: SAMBA_4_0 timestamp: Wed 2007-03-21 18:03:34 +0100 message: Some more work on making the ncacn_np handling in smbd be less special. modified: source/rpc_server/dcerpc_server.c svn-v2:[EMAIL PROTECTED] source/rpc_server/dcerpc_sock.c svn-v2:[EMAIL PROTECTED] === modified file 'source/rpc_server/dcerpc_server.c' --- a/source/rpc_server/dcerpc_server.c 2007-03-13 22:58:23 + +++ b/source/rpc_server/dcerpc_server.c 2007-03-21 17:03:34 + @@ -1409,9 +1409,9 @@ break; case NCACN_NP: -/* FIXME: status = dcesrv_add_ep_np(dce_ctx, e, task->event_ctx, task->model_ops); + status = dcesrv_add_ep_np(dce_ctx, e, task->event_ctx, task->model_ops); if (!NT_STATUS_IS_OK(status)) goto failed; -*/ break; + break; default: status = NT_STATUS_NOT_SUPPORTED; === modified file 'source/rpc_server/dcerpc_sock.c' --- a/source/rpc_server/dcerpc_sock.c 2006-08-17 13:37:04 + +++ b/source/rpc_server/dcerpc_sock.c 2007-03-21 17:03:34 + @@ -267,6 +267,52 @@ return status; } + +/* + add a socket address to the list of events, one event per dcerpc endpoint +*/ +static NTSTATUS add_socket_rpc_pipe_iface(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e, +struct event_context *event_ctx, const struct model_ops *model_ops) +{ + struct dcesrv_socket_context *dcesrv_sock; + NTSTATUS status; + + if (e->ep_description->endpoint == NULL) { + DEBUG(0, ("Endpoint mandatory for named pipes\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + dcesrv_sock = talloc(event_ctx, struct dcesrv_socket_context); + NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock); + + /* remember the endpoint of this socket */ + dcesrv_sock->endpoint = e; + dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx); + + status = NT_STATUS_OK; +#if 0 + + status = stream_setup_smb_pipe(event_ctx, model_ops, &dcesrv_stream_ops, +e->ep_description->endpoint, dcesrv_sock); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n", +e->ep_description->endpoint, nt_errstr(status))); + } +#endif + return status; +} + +NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e, + struct event_context *event_ctx, const struct model_ops *model_ops) +{ + NTSTATUS status; + + status = add_socket_rpc_pipe_iface(dce_ctx, e, event_ctx, model_ops); + NT_STATUS_NOT_OK_RETURN(status); + + return status; +} + /* add a socket address to the list of events, one event per dcerpc endpoint */ @@ -324,5 +370,3 @@ return NT_STATUS_OK; } - -
Rev 11750: Clean up some unused functions. in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11750 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: SAMBA_4_0 timestamp: Wed 2007-03-21 17:26:00 +0100 message: Clean up some unused functions. modified: source/script/tests/mktestdc.sh svn-v2:[EMAIL PROTECTED] source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] source/script/tests/test_binding_string.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_blackbox.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_echo.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_ejs.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_functions.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_ldap.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_local.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_nbt.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_net.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_pidl.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_posix.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_quick.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_rpc.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_rpc_quick.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_s3upgrade.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_session_key.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_simple.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_swig.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_w2k3.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_w2k3_file.sh svn-v2:[EMAIL PROTECTED] source/script/tests/tests_win.sh svn-v2:[EMAIL PROTECTED] === modified file 'source/script/tests/mktestdc.sh' --- a/source/script/tests/mktestdc.sh 2007-03-21 15:57:07 + +++ b/source/script/tests/mktestdc.sh 2007-03-21 16:26:00 + @@ -70,7 +70,7 @@ [global] iconv:native = $nativeiconv netbios name = $NETBIOSNAME -netbios aliases = $SERVER + netbios aliases = $SERVER workgroup = $DOMAIN realm = $REALM private dir = $PRIVATEDIR @@ -80,10 +80,10 @@ share backend = $SHARE_BACKEND setup directory = $SRCDIR/setup js include = $SRCDIR/scripting/libjs -winbindd socket directory = $WINBINDD_SOCKET_DIR + winbindd socket directory = $WINBINDD_SOCKET_DIR name resolve order = bcast interfaces = 127.0.0.1/8 -tls dh params file = $DHFILE + tls dh params file = $DHFILE panic action = $SRCDIR/script/gdb_backtrace %PID% %PROG% wins support = yes server role = domain controller @@ -91,14 +91,12 @@ server max protocol = SMB2 notify:inotify = false ldb:nosync = true - torture:subunitdir = $SRCDIR/bin/torture torture:basedir = $TEST_DATA_PREFIX system:anonymous = true #We don't want to pass our self-tests if the PAC code is wrong -gensec:require_pac = true - -log level = $SMBD_LOGLEVEL + gensec:require_pac = true + log level = $SMBD_LOGLEVEL [tmp] path = $TMPDIR @@ -297,4 +295,4 @@ echo "SMBD_LOGLEVEL=$SMBD_LOGLEVEL" echo "LDAPDIR=$LDAPDIR" echo "PROVISION_OPTIONS=$PROVISION_OPTIONS" -echo "PROVISION_ACI=$PROVISION_ACI" \ No newline at end of file +echo "PROVISION_ACI=$PROVISION_ACI" === modified file 'source/script/tests/selftest.pl' --- a/source/script/tests/selftest.pl 2007-03-21 15:57:07 + +++ b/source/script/tests/selftest.pl 2007-03-21 16:26:00 + @@ -313,7 +313,7 @@ --one abort when the first test fails --immediateprint test output for failed tests during run --verbose be verbose - --analyse-cmd CMD command to run after each test + --analyse-cmd CMD command to run after each test "; exit(0); } @@ -346,6 +346,7 @@ # quick hack to disable rpc validation when using valgrind - its way too slow unless (defined($ENV{VALGRIND})) { $ENV{VALIDATE} = "validate"; +$ENV{MALLOC_CHECK_} = 2; } my $old_pwd = "$RealBin/../.."; === modified file 'source/script/tests/test_binding_string.sh' --- a/source/script/tests/test_binding_string.sh2007-03-21 15:57:07 + +++ b/source/script/tests/test_binding_string.sh2007-03-21 16:26:00 + @@ -16,7 +16,6 @@ incdir=`dirname $0` . $incdir/test_functions.sh -failed=0; for I in "ncacn_np:$server" \ "ncacn_ip_tcp:$server" \ "ncacn_np:$server[rpcecho]" \ @@ -28,7 +27,5 @@ "[EMAIL PROTECTED]:$server" \ "[EMAIL PROTECTED]:$server" do - testit "$I" rpc bin/smbtorture $TORTURE_OPTIONS "$I" -U"$username"%"$password" -W $domain --option=torture:quick=yes RPC-ECHO "$*" + plantest "$I" rpc bin/smbtorture $TORTURE_OPTIONS "$I" -U"$username"%"$password" -
svn commit: samba r21910 - in branches/SAMBA_4_0: . source/script/tests
Author: jelmer Date: 2007-03-21 16:26:25 + (Wed, 21 Mar 2007) New Revision: 21910 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21910 Log: Clean up some unused functions. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/script/tests/mktestdc.sh branches/SAMBA_4_0/source/script/tests/selftest.pl branches/SAMBA_4_0/source/script/tests/test_binding_string.sh branches/SAMBA_4_0/source/script/tests/test_blackbox.sh branches/SAMBA_4_0/source/script/tests/test_echo.sh branches/SAMBA_4_0/source/script/tests/test_ejs.sh branches/SAMBA_4_0/source/script/tests/test_functions.sh branches/SAMBA_4_0/source/script/tests/test_ldap.sh branches/SAMBA_4_0/source/script/tests/test_local.sh branches/SAMBA_4_0/source/script/tests/test_nbt.sh branches/SAMBA_4_0/source/script/tests/test_net.sh branches/SAMBA_4_0/source/script/tests/test_pidl.sh branches/SAMBA_4_0/source/script/tests/test_posix.sh branches/SAMBA_4_0/source/script/tests/test_quick.sh branches/SAMBA_4_0/source/script/tests/test_rpc.sh branches/SAMBA_4_0/source/script/tests/test_rpc_quick.sh branches/SAMBA_4_0/source/script/tests/test_s3upgrade.sh branches/SAMBA_4_0/source/script/tests/test_session_key.sh branches/SAMBA_4_0/source/script/tests/test_simple.sh branches/SAMBA_4_0/source/script/tests/test_swig.sh branches/SAMBA_4_0/source/script/tests/test_w2k3.sh branches/SAMBA_4_0/source/script/tests/test_w2k3_file.sh branches/SAMBA_4_0/source/script/tests/tests_win.sh Changeset: Sorry, the patch is too large (593 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21910
Rev 5297: net conf import: add support for parameter types P_LIST and P_OCTAL in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5297 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam <[EMAIL PROTECTED]> branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-03-21 17:16:32 +0100 message: net conf import: add support for parameter types P_LIST and P_OCTAL code taken more or less from loadparm.c:print_parameter next steps: replace printing to stdout by putting stuff into the registry... modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-03-21 15:59:01 + +++ b/source/utils/net_conf.c 2007-03-21 16:16:32 + @@ -361,8 +361,21 @@ } } break; + case P_OCTAL: + d_printf("%s\n", octal_string(*(int *)ptr)); + break; case P_LIST: - d_printf("\n"); + if ((char ***)ptr && *(char ***)ptr) { + char **list = *(char ***)ptr; + for (; *list; list++) { + /* surround strings with whitespace in double quotes */ + if ( strchr_m( *list, ' ' ) ) + d_printf("\"%s\"%s", *list, ((*(list+1))?", ":"")); + else + d_printf("%s%s", *list, ((*(list+1))?", ":"")); + } + } + d_printf("\n"); break; case P_SEP: break;
svn commit: samba-docs r1069 - in trunk/smbdotconf/winbind: .
Author: jerry Date: 2007-03-21 16:12:55 + (Wed, 21 Mar 2007) New Revision: 1069 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1069 Log: more idmap option updates Added: trunk/smbdotconf/winbind/idmapcachetime.xml trunk/smbdotconf/winbind/idmapnegativecachetime.xml Modified: trunk/smbdotconf/winbind/winbindcachetime.xml Changeset: Added: trunk/smbdotconf/winbind/idmapcachetime.xml === --- trunk/smbdotconf/winbind/idmapcachetime.xml 2007-03-21 15:12:08 UTC (rev 1068) +++ trunk/smbdotconf/winbind/idmapcachetime.xml 2007-03-21 16:12:55 UTC (rev 1069) @@ -0,0 +1,13 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + This parameter specifies the number of seconds that Winbind's + idmap interface will cache positive SID/uid/gid query results. + + + +900 + Added: trunk/smbdotconf/winbind/idmapnegativecachetime.xml === --- trunk/smbdotconf/winbind/idmapnegativecachetime.xml 2007-03-21 15:12:08 UTC (rev 1068) +++ trunk/smbdotconf/winbind/idmapnegativecachetime.xml 2007-03-21 16:12:55 UTC (rev 1069) @@ -0,0 +1,13 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + This parameter specifies the number of seconds that Winbind's + idmap interface will cache negative SID/uid/gid query results. + + + +120 + Modified: trunk/smbdotconf/winbind/winbindcachetime.xml === --- trunk/smbdotconf/winbind/winbindcachetime.xml 2007-03-21 15:12:08 UTC (rev 1068) +++ trunk/smbdotconf/winbind/winbindcachetime.xml 2007-03-21 16:12:55 UTC (rev 1069) @@ -9,8 +9,12 @@ 8 daemon will cache user and group information before querying a Windows NT server again. -This does not apply to authentication requests, - these are always evaluated in real time. + + + This does not apply to authentication requests, these are always + evaluated in real time unless the option has been enabled. + 300
Rev 11695: Couple of random minor improvements. in file:///home/jelmer/bzr.samba/4.0-envs/
At file:///home/jelmer/bzr.samba/4.0-envs/ revno: 11695 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 15:27:43 +0100 message: Couple of random minor improvements. modified: source/script/tests/Windows.pm windows.pm-20070307001935-dmbansbt3gpgi44l-1 source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] === modified file 'source/script/tests/Windows.pm' --- a/source/script/tests/Windows.pm2007-03-07 01:13:14 + +++ b/source/script/tests/Windows.pm2007-03-21 14:27:43 + @@ -9,6 +9,14 @@ use FindBin qw($RealBin); use POSIX; +sub new($) +{ + my ($classname) = @_; + my $self = { }; + bless $self; + return $self; +} + sub provision($$$) { my ($self, $environment, $prefix) = @_; @@ -24,4 +32,9 @@ $ENV{WINTEST_DIR}="$ENV{SRCDIR}/script/tests/win"; } +sub setup_env($$) +{ + my ($self, $name) = @_; +} + 1; === modified file 'source/script/tests/selftest.pl' --- a/source/script/tests/selftest.pl 2007-03-21 01:36:59 + +++ b/source/script/tests/selftest.pl 2007-03-21 14:27:43 + @@ -383,19 +383,6 @@ my @torture_options = (); -die("Windows tests will not run with socket wrapper enabled.") - if ($opt_socket_wrapper and $opt_target eq "win"); - -my $target; - -if ($opt_target eq "samba4") { - $target = new Samba4("$srcdir/bin", $ldap, "$srcdir/setup"); -} elsif ($opt_target eq "samba3") { - $target = new Samba3("$srcdir/bin", "$srcdir/setup"); -} elsif ($opt_target eq "win") { - $target = new Windows(); -} - if ($opt_socket_wrapper_pcap) { $ENV{SOCKET_WRAPPER_PCAP_FILE} = $opt_socket_wrapper_pcap; # Socket wrapper pcap implies socket wrapper @@ -409,10 +396,17 @@ print "SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n"; } -my $testenv_vars; -$testenv_vars = $target->provision("dc", "$prefix/dc"); +my $target; -foreach (keys %$testenv_vars) { $ENV{$_} = $testenv_vars->{$_}; } +if ($opt_target eq "samba4") { + $target = new Samba4("$srcdir/bin", $ldap, "$srcdir/setup"); +} elsif ($opt_target eq "samba3") { + $target = new Samba3("$srcdir/bin", "$srcdir/setup"); +} elsif ($opt_target eq "win") { + die("Windows tests will not run with socket wrapper enabled.") + if ($opt_socket_wrapper); + $target = new Windows(); +} if (defined($opt_expected_failures)) { open(KNOWN, "<$opt_expected_failures") or die("unable to read known failures file: $!"); @@ -432,6 +426,11 @@ close(SKIP); } +my $testenv_vars; +$testenv_vars = $target->provision("dc", "$prefix/dc"); + +foreach (keys %$testenv_vars) { $ENV{$_} = $testenv_vars->{$_}; } + SocketWrapper::set_default_iface(1); $target->check_or_start($testenv_vars, $socket_wrapper_dir, ($ENV{SMBD_MAX_TIME} or 5400)); @@ -446,7 +445,7 @@ "127.0.0.11/8")); push (@torture_options, "--option=interfaces=$interfaces"); -push (@torture_options, $ENV{CONFIGURATION}); +push (@torture_options, $testenv_vars->{CONFIGURATION}); # ensure any one smbtorture call doesn't run too long push (@torture_options, "--maximum-runtime=$torture_maxtime"); push (@torture_options, "--target=$opt_target"); @@ -489,6 +488,7 @@ my $i = 0; $| = 1; +# The Kerberos tests fail if this variable is set. delete $ENV{DOMAIN}; if ($opt_testenv) { @@ -538,7 +538,6 @@ my $ok = $statistics->{TESTS_EXPECTED_OK} + $statistics->{TESTS_EXPECTED_FAIL}; print "ALL OK ($ok tests in $statistics->{SUITES_OK} testsuites)\n"; } else { - unless ($from_build_farm) { if (not $opt_immediate and not $opt_verbose) { foreach (@$suitesfailed) {
Rev 11749: Merge some of my recent improvements to the test infrastructure: in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11749 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: SAMBA_4_0 timestamp: Wed 2007-03-21 16:51:06 +0100 message: Merge some of my recent improvements to the test infrastructure: - Allow tests to specify what environment they need to run in (dc and none are thecurrent supported ones). - Move more Samba4-specific code out of the common code added: source/script/tests/Samba3.pm samba3.pm-20070321010054-iuaa65j1qcdh0i66-1 source/script/tests/TODO todo-20070306235556-368tkklzig1g0c99-1 source/script/tests/Windows.pm windows.pm-20070307001935-dmbansbt3gpgi44l-1 renamed: source/script/tests/mktestsetup.sh => source/script/tests/mktestdc.sh svn-v2:[EMAIL PROTECTED] source/script/tests/mktestsetup.sh.share_ldb => source/script/tests/mktestdc.sh.share_ldb svn-v2:[EMAIL PROTECTED] modified: source/main.mk svn-v2:[EMAIL PROTECTED] source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED] source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] source/script/tests/test_binding_string.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_blackbox.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_echo.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_ejs.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_functions.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_ldap.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_local.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_nbt.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_net.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_pidl.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_posix.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_quick.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_rpc.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_rpc_quick.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_s3upgrade.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_session_key.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_simple.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_w2k3.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_w2k3_file.sh svn-v2:[EMAIL PROTECTED] source/script/tests/test_win.sh svn-v2:[EMAIL PROTECTED] source/script/tests/tests_win2k3_dc.sh svn-v2:[EMAIL PROTECTED] source/torture/config.mk svn-v2:[EMAIL PROTECTED] source/torture/local/torture.c svn-v2:[EMAIL PROTECTED] revno: 11684.1.12 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 16:28:40 +0100 message: Add support for running a custom command after each test. This should help in listing which tests test what code. revno: 11684.1.11 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 15:27:43 +0100 message: Couple of random minor improvements. revno: 11684.1.10 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 02:36:59 +0100 message: Initial work on support for a Samba3 target. revno: 11684.1.9 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 01:52:30 +0100 message: Remove unnecessary functions. revno: 11684.1.8 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 01:50:26 +0100 message: Fix test after rename of script. revno: 11684.1.7 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Wed 2007-03-21 01:14:56 +0100 message: Move more target-specific code into a separate Samba4 module. revno: 11684.1.6 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij <[EMAIL PROTECTED]> branch nick: 4.0-envs timestamp: Tue 2007-03-20 23:37:18 +0100 mes
Rev 5296: * fix handling of local string type parameters (needed to get "ptr" in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5296 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam <[EMAIL PROTECTED]> branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-03-21 16:59:01 +0100 message: * fix handling of local string type parameters (needed to get "ptr" correct before accessing the values). * add support for P_ENUM parameters modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-03-20 15:20:51 + +++ b/source/utils/net_conf.c 2007-03-21 15:59:01 + @@ -286,8 +286,7 @@ struct share_iterator *shares; struct share_params *share; struct parm_struct *parm; - int i = 0; - char *utf8_s1; + int pnum = 0; ctx = talloc_init("net_conf_import"); @@ -319,30 +318,51 @@ while ((share = next_share(shares)) != NULL) { d_printf("TEST: snum%i : [%s]\n", share->service, lp_servicename(share->service)); - i = 0; - while ((parm = lp_next_parameter(share->service, &i, 0))) + pnum = 0; + while ((parm = lp_next_parameter(share->service, &pnum, 0))) { + void *ptr = parm->ptr; + int i = 0; + + if (parm->p_class == P_LOCAL && share->service >= 0) { + ptr = lp_local_ptr(share->service, ptr); + } + if (parm->type != P_SEP) { - d_printf("TEST: param %3d : %s = ", i, + d_printf("TEST: param %3d : %s = ", pnum, parm->label); } switch (parm->type) { case P_CHAR: - d_printf("%c", *(char *)(parm->ptr)); + d_printf("%c", *(char *)ptr); break; case P_STRING: case P_USTRING: - d_printf("%s\n", *(char **)(parm->ptr)); + d_printf("%s\n", *(char **)ptr); break; case P_GSTRING: case P_UGSTRING: - d_printf("%s\n", (char *)(parm->ptr)); + d_printf("%s\n", (char *)ptr); break; case P_BOOL: - d_printf("%s\n", BOOLSTR(*(BOOL *)(parm->ptr))); + d_printf("%s\n", BOOLSTR(*(BOOL *)ptr)); break; case P_BOOLREV: - d_printf("%s\n", BOOLSTR(!*(BOOL *)(parm->ptr))); + d_printf("%s\n", BOOLSTR(!*(BOOL *)ptr)); + break; + case P_ENUM: + for (i = 0; parm->enum_list[i].name; i++) { + if (*(int *)ptr == + parm->enum_list[i].value) + { + d_printf("%s\n", + parm->enum_list[i].name); + break; + } + } + break; + case P_LIST: + d_printf("\n"); break; case P_SEP: break;
svn commit: samba r21909 - in branches/SAMBA_4_0: . source source/script/tests source/torture source/torture/local
Author: jelmer Date: 2007-03-21 15:57:07 + (Wed, 21 Mar 2007) New Revision: 21909 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21909 Log: Merge some of my recent improvements to the test infrastructure: - Allow tests to specify what environment they need to run in (dc and none are thecurrent supported ones). - Move more Samba4-specific code out of the common code Added: branches/SAMBA_4_0/source/script/tests/Samba3.pm branches/SAMBA_4_0/source/script/tests/TODO branches/SAMBA_4_0/source/script/tests/Windows.pm branches/SAMBA_4_0/source/script/tests/mktestdc.sh branches/SAMBA_4_0/source/script/tests/mktestdc.sh.share_ldb Removed: branches/SAMBA_4_0/source/script/tests/mktestsetup.sh branches/SAMBA_4_0/source/script/tests/mktestsetup.sh.share_ldb Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/main.mk branches/SAMBA_4_0/source/script/tests/Samba4.pm branches/SAMBA_4_0/source/script/tests/selftest.pl branches/SAMBA_4_0/source/script/tests/test_binding_string.sh branches/SAMBA_4_0/source/script/tests/test_blackbox.sh branches/SAMBA_4_0/source/script/tests/test_echo.sh branches/SAMBA_4_0/source/script/tests/test_ejs.sh branches/SAMBA_4_0/source/script/tests/test_functions.sh branches/SAMBA_4_0/source/script/tests/test_ldap.sh branches/SAMBA_4_0/source/script/tests/test_local.sh branches/SAMBA_4_0/source/script/tests/test_nbt.sh branches/SAMBA_4_0/source/script/tests/test_net.sh branches/SAMBA_4_0/source/script/tests/test_pidl.sh branches/SAMBA_4_0/source/script/tests/test_posix.sh branches/SAMBA_4_0/source/script/tests/test_quick.sh branches/SAMBA_4_0/source/script/tests/test_rpc.sh branches/SAMBA_4_0/source/script/tests/test_rpc_quick.sh branches/SAMBA_4_0/source/script/tests/test_s3upgrade.sh branches/SAMBA_4_0/source/script/tests/test_session_key.sh branches/SAMBA_4_0/source/script/tests/test_simple.sh branches/SAMBA_4_0/source/script/tests/test_w2k3.sh branches/SAMBA_4_0/source/script/tests/test_w2k3_file.sh branches/SAMBA_4_0/source/script/tests/test_win.sh branches/SAMBA_4_0/source/script/tests/tests_win2k3_dc.sh branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/local/torture.c Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:merge ...skipped...
svn commit: samba r21908 - in branches/SAMBA_3_0/packaging/RHEL: .
Author: jerry Date: 2007-03-21 15:55:45 + (Wed, 21 Mar 2007) New Revision: 21908 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21908 Log: update with the 3.0.25 packaging Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl Changeset: Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2007-03-21 15:51:59 UTC (rev 21907) +++ branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2007-03-21 15:55:45 UTC (rev 21908) @@ -233,6 +233,14 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/samba/libmsrpc.* ln -s /%{_libdir}/libmsrpc.so $RPM_BUILD_ROOT%{_libdir}/libmsrpc.so.0 +# make install puts libsmbsharemodes.so in the wrong place on x86_64 +rm -f $RPM_BUILD_ROOT/usr/lib*/samba/libsmbsharemodes.so $RPM_BUILD_ROOT/usr/lib*/samba/libsmbsharemodes.a || true +install -m 755 source/bin/libsmbsharemodes.so $RPM_BUILD_ROOT%{_libdir}/libsmbsharemodes.so +install -m 755 source/bin/libsmbsharemodes.a $RPM_BUILD_ROOT%{_libdir}/libsmbsharemodes.a +install -m 644 source/include/smb_share_modes.h $RPM_BUILD_ROOT%{_includedir} +rm -f $RPM_BUILD_ROOT%{_libdir}/samba/libsmbsharemodes.* +ln -s /%{_libdir}/libsmbsharemodes.so $RPM_BUILD_ROOT%{_libdir}/libsmbsharemodes.so.0 + # Install pam_smbpass.so install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/%{_lib}/security/pam_smbpass.so @@ -376,9 +384,12 @@ %{_mandir}/man8/smbd.8* %{_mandir}/man8/tdbbackup.8* %{_mandir}/man8/tdbdump.8* +%{_mandir}/man8/tdbtool.8* +%{_mandir}/man8/eventlogadm.8* %{_mandir}/man8/winbindd.8* %{_mandir}/man1/ntlm_auth.1* %{_mandir}/man1/wbinfo.1* +%{_mandir}/man8/vfs_*.8* ## @@ -462,11 +473,11 @@ %attr(755,root,root) /%{_lib}/security/pam_smbpass.so %{_includedir}/libsmbclient.h -%{_libdir}/libsmbclient.a -%{_libdir}/libsmbclient.so* +%{_libdir}/libsmbclient.* %{_includedir}/libmsrpc.h -%{_libdir}/libmsrpc.a -%{_libdir}/libmsrpc.so* +%{_libdir}/libmsrpc.* +%{_includedir}/smb_share_modes.h +%{_libdir}/libsmbsharemodes.* %{_libdir}/samba/*.dat %{_libdir}/samba/*.msg
svn commit: samba r21907 - in branches: SAMBA_3_0_25/packaging/RHEL SAMBA_3_0_RELEASE/packaging/RHEL
Author: jerry Date: 2007-03-21 15:51:59 + (Wed, 21 Mar 2007) New Revision: 21907 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21907 Log: install smbmount pages now that Lars has fixed 'make install' Modified: branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl Changeset: Modified: branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl2007-03-21 15:49:43 UTC (rev 21906) +++ branches/SAMBA_3_0_25/packaging/RHEL/samba.spec.tmpl2007-03-21 15:51:59 UTC (rev 21907) @@ -441,9 +441,9 @@ %{_bindir}/net %{_bindir}/smbtree -#%{_mandir}/man8/smbmnt.8* -#%{_mandir}/man8/smbmount.8* -#%{_mandir}/man8/smbumount.8* +%{_mandir}/man8/smbmnt.8* +%{_mandir}/man8/smbmount.8* +%{_mandir}/man8/smbumount.8* %{_mandir}/man8/mount.cifs.8.* %{_mandir}/man8/umount.cifs.8.* %{_mandir}/man8/smbspool.8* Modified: branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl 2007-03-21 15:49:43 UTC (rev 21906) +++ branches/SAMBA_3_0_RELEASE/packaging/RHEL/samba.spec.tmpl 2007-03-21 15:51:59 UTC (rev 21907) @@ -441,9 +441,9 @@ %{_bindir}/net %{_bindir}/smbtree -#%{_mandir}/man8/smbmnt.8* -#%{_mandir}/man8/smbmount.8* -#%{_mandir}/man8/smbumount.8* +%{_mandir}/man8/smbmnt.8* +%{_mandir}/man8/smbmount.8* +%{_mandir}/man8/smbumount.8* %{_mandir}/man8/mount.cifs.8.* %{_mandir}/man8/umount.cifs.8.* %{_mandir}/man8/smbspool.8*
svn commit: samba r21906 - in branches/SAMBA_3_0_25: .
Author: jerry Date: 2007-03-21 15:49:43 + (Wed, 21 Mar 2007) New Revision: 21906 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21906 Log: add mention of idmap parameter renames Modified: branches/SAMBA_3_0_25/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_25/WHATSNEW.txt === --- branches/SAMBA_3_0_25/WHATSNEW.txt 2007-03-21 15:21:28 UTC (rev 21905) +++ branches/SAMBA_3_0_25/WHATSNEW.txt 2007-03-21 15:49:43 UTC (rev 21906) @@ -82,6 +82,8 @@ Parameter Name Description Default -- --- --- debug prefix timestamp New No +idmap cache time Renamed 900 +idmap negative cache time Renamed 120 lock spin count Removed n/a
svn commit: samba-docs r1068 - in trunk/smbdotconf/winbind: .
Author: jerry Date: 2007-03-21 15:12:08 + (Wed, 21 Mar 2007) New Revision: 1068 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1068 Log: fix bad ending tag Modified: trunk/smbdotconf/winbind/idmapbackend.xml Changeset: Modified: trunk/smbdotconf/winbind/idmapbackend.xml === --- trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 15:10:58 UTC (rev 1067) +++ trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 15:12:08 UTC (rev 1068) @@ -21,7 +21,7 @@ idmap_rid8), and ad (idmap_tdb 8). - +
svn commit: samba-docs r1067 - in trunk/smbdotconf/winbind: .
Author: jerry Date: 2007-03-21 15:10:58 + (Wed, 21 Mar 2007) New Revision: 1067 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1067 Log: man page updates for new idmap options (still a work in progress) Added: trunk/smbdotconf/winbind/idmapconfig.xml trunk/smbdotconf/winbind/idmapdomains.xml Modified: trunk/smbdotconf/winbind/idmapbackend.xml trunk/smbdotconf/winbind/winbindtrusteddomainsonly.xml Changeset: Modified: trunk/smbdotconf/winbind/idmapbackend.xml === --- trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-20 13:05:44 UTC (rev 1066) +++ trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 15:10:58 UTC (rev 1067) @@ -1,37 +1,30 @@ http://www.samba.org/samba/DTD/samba-doc";> - The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap - tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common - LDAP backend. This way all domain members and controllers will have the same UID and GID - to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux - systems that are sharing information over protocols other than SMB/CIFS (ie: NFS). + The idmap backend provides a plugin interface for Winbind to use + varying backends to store SID/uid/gid mapping tables. This + option is mutually exclusive with the newer and more flexible +parameter. The main difference + between the "idmap backend" and the "idmap domains" + is that the former only allows on backend for all domains while the + latter supports configuring backends on a per domain basis. + Examples of SID/uid/gid backends include tdb ( + idmap_tdb8), + ldap (idmap_ldap + 8), rid ( + idmap_rid8), + and ad (idmap_tdb + 8). - An alternate method of SID to UID / GID mapping can be achieved using the rid - plug-in. This plug-in uses the account RID to derive the UID and GID by adding the - RID to a base value specified. This utility requires that the parameter - allow trusted domains = No must be specified, as it is not compatible - with multiple domain environments. The idmap uid and idmap gid ranges must also be - specified. - - - - Finally, using the ad module, the UID and GID can directly - be retrieved from an Active Directory LDAP Server that supports an - RFC2307 compliant LDAP schema. ad supports "Services for Unix" - (SFU) version 2.x and 3.0. - - -ldap:ldap://ldapslave.example.com -rid:"BUILTIN=1000-1999,DOMNAME=2000-1" +ldap:ldap://ldapslave.example.com/ ad Added: trunk/smbdotconf/winbind/idmapconfig.xml === --- trunk/smbdotconf/winbind/idmapconfig.xml2007-03-20 13:05:44 UTC (rev 1066) +++ trunk/smbdotconf/winbind/idmapconfig.xml2007-03-21 15:10:58 UTC (rev 1067) @@ -0,0 +1,32 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + + The idmap config prefix provides a means of managing each domain + defined by the option using Samba's + parameteric option support. The idmap config prefix should be + followed by the name of the domain, a colon, and either the option + name "backend" or a setting specific to the chosen + backend. + + + The following example illustrates how to configure the + idmap_ad8 + for the CORP domain and the idmap_tdb + 8 backend for all other domains. + + + + idmap domains = CORP default + idmap config CORP:backend = ad + idmap config CORP:read_only = yes + idmap config default:backend = tdb + idmap config default:default = yes + idmap config default:range = 1000 - + + + + Added: trunk/smbdotconf/winbind/idmapdomains.xml === --- trunk/smbdotconf/winbind/idmapdomains.xml 2007-03-20 13:05:44 UTC (rev 1066) +++ trunk/smbdotconf/winbind/idmapdomains.xml 2007-03-21 15:10:58 UTC (rev 1067) @@ -0,0 +1,27 @@ +http://www.samba.org/samba/DTD/samba-doc";> + + + The idmap domains option defines a list of Windows domains which will each + have a separately configured backend for managing Winbind's SID/uid/gid + tables. This parameter is mutually exclusive with the older option. + + + + Values constist of the short domain name for Winbind's primary or collection + of trusted domains. The keyword "default" is used to + represent all domains not explicitly listed. + + + + Refer to the for details about + managing the SID/uid/gid backend for each domain. + + + +default AD CORP +
svn commit: samba r21904 - in branches/SAMBA_3_0/source/smbd: .
Author: vlendec Date: 2007-03-21 14:13:42 + (Wed, 21 Mar 2007) New Revision: 21904 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21904 Log: Fix HP build -- thanks, Don Modified: branches/SAMBA_3_0/source/smbd/seal.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/seal.c === --- branches/SAMBA_3_0/source/smbd/seal.c 2007-03-21 02:02:09 UTC (rev 21903) +++ branches/SAMBA_3_0/source/smbd/seal.c 2007-03-21 14:13:42 UTC (rev 21904) @@ -145,7 +145,7 @@ void srv_free_enc_buffer(char *buf) { if (srv_trans_enc_ctx) { - return common_free_enc_buffer(srv_trans_enc_ctx->es, buf); + common_free_enc_buffer(srv_trans_enc_ctx->es, buf); } }
Rev 5295: merge from upstream in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5295 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam <[EMAIL PROTECTED]> branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-03-21 12:15:40 +0100 message: merge from upstream modified: REVISION REVISION-20060530022625-68239662668b41c3 source/Makefile.in Makefile.in-20060530022626-b16dac2328ebe703 source/client/client.c client.c-20060530022627-a5e98bdfdd1ca9d9 source/lib/dummysmbd.c dummysmbd.c-20060530022627-0881298f6c26bb01 source/libsmb/cliconnect.c cliconnect.c-20060530022627-fb16a3a9bd86c44d source/libsmb/clifsinfo.c clifsinfo.c-20060530022627-9360212d14f20006 source/libsmb/clitrans.c clitrans.c-20060530022627-8d4f01dc98138adf source/libsmb/smb_seal.c smb_seal.c-20070317050048-jthijp4m79ic4h3q-1 source/libsmb/smb_signing.csmb_signing.c-20060530022627-1e3c4643957ae652 source/libsmb/trustdom_cache.c trustdom_cache.c-20060530022627-3b3f57f5b89e82f8 source/nsswitch/winbindd_pam.c winbindd_pam.c-20060530022627-6b827f2f7ba30f85 source/smbd/seal.c seal.c-20070320050326-brtwj05flzzelvyk-1 source/smbd/trans2.c trans2.c-20060530022627-7ce34cd85c3f02f5 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:03:34 -0500 message: [EMAIL PROTECTED] (r21903) 2007-03-20 21:02:09 -0500 (Tue, 20 Mar 2007) Get the length calculations right (I always forget the 4 byte length isn't included in the length :-). We now have working NTLMSSP transport encryption with sign+seal. W00t! Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:03:03 -0500 message: [EMAIL PROTECTED] (r21902) 2007-03-20 20:32:01 -0500 (Tue, 20 Mar 2007) Don't free the thing you're trying to set in the cli state. Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:02:34 -0500 message: [EMAIL PROTECTED] (r21901) 2007-03-20 20:21:16 -0500 (Tue, 20 Mar 2007) Don't use fstrcat when you mean fstrcpy. Doh ! Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:02:07 -0500 message: [EMAIL PROTECTED] (r21900) 2007-03-20 20:04:56 -0500 (Tue, 20 Mar 2007) Token exchange now seems to work, now why does the client encrypt fail ? Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:01:40 -0500 message: [EMAIL PROTECTED] (r21899) 2007-03-20 19:56:40 -0500 (Tue, 20 Mar 2007) At least we're getting to stage 2 of the blob exchange. Still not working but closer. Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:01:14 -0500 message: [EMAIL PROTECTED] (r21898) 2007-03-20 19:44:15 -0500 (Tue, 20 Mar 2007) Added test command, fixed first valgrind bugs. Now to investigate why it doesn't work :-). Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-03-21 00:00:42 -0500 message: [EMAIL PROTECTED] (r21897) 2007-03-20 19:25:08 -0500 (Tue, 20 Mar 2007) Add in a basic raw NTLM encrypt request. Now for testing. Jeremy. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Tue 2007-03-20 18:01:43 -0500 message: [EMAIL PROTECTED] (r21894) 2007-03-20 17:01:02 -0500 (Tue, 20 Mar 2007)