[Samba] Windows server 2003 can't join SAMBA domain - solved
Hi all, I sent post few days ago with question: why I can't add win2k3 to samba domain? NO answer ;) But today we were able to add it. This is strange but pure 2k3 throws message The specified user already exist. This is not the first time I saw this message so thought that maybe this has something to do with machine account. But account in LDAP for this server was the same like in any other example. The only difference was that I never have added 2k3 to PDC only 100+ XPs. Here is how my basic account for machine looks like: dn: uid=test3$,ou=machines,dc=giedz,dc=pl uid: test3$ uidNumber: 11003 objectClass: top objectCLass: device objectClass: posixAccount objectClass: sambaSamAccount sambaSID: S-1-5-21-1087407793-3782532767-1892621526-11003 gidNumber: 515 cn: test3$ homeDirectory: /dev/null loginShell: /bin/false gecos: test3$ description: test3 userPassword: 11 But for 2k3 was to small. I simply had to add sambaAcctFlags: [UW ] and after that I was able to join my Samba domain. I hope this can help. Regards, Marcin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
Hello, Can someone tell me how to resolve the winbindd: Exceeding 200 client connections, no idle connection found error in my log.winbind? I see tons of them on a regular basis. samba-3.0.28,1 squid-2.6.18 FreeBSD 6.2-STABLE #1: Thu Mar 15 01:46:50 CDT 2007 Kind regards, Elvar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: SID problem with working samba
toni [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] this server has also a ldap server to resolve system users (via nsswitch), and the contents are replicated from a master ldap in the PDC (i think this is what you are proposing, isn't it?) Not really. On a Windows 2003 domain, there are a few domain controllers that contain Active Directory. Active Directory is not loaded on member servers. No replication takes place there. The member server is configured to redirect all authentication requests to a domain controller. Chapter 7 discusses the various ways that Samba member servers can be configured to redirect authentication requests to a single database of usernames and passwords. You can use NSS/LDAP. You can use NSS and Winbind. You can use an adduser script if you don't want to use NSS. The common factor in all three approaches is the fact that the pdc contains the authoritative list of usernames and passwords. Member servers query that list. The member server will cache the data it sees on the pdc but the pdc is the definitive source. Look at the smb.conf file in example 7.1.. It simply tells the member server to look to the ldap installation on the pdc when it needs to authenticate users. The /etc/nsswitch.conf is configured to use ldap for authentication. The only difference here is that the ldap is stored on another machine. I am not looking at my member server now, but I think your /etc/ldap.conf file should also point to the pdc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] roaming profiles moved to a new machine - big confusion
Hi Dale, thanks a lot for your hints, I suppose your accordance to be quotet on the mailinglist.. Dale Schroeder wrote: here is documentation to help you with the migration. http://us1.samba.org/samba/docs/man/Samba-Guide/upgrades.html aparently, I followed that _not_ todo step by step. I suppose it was written, because I'm not the only one. :o)) Roaming profiles: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id425774 I'm digging that stuff while resting from keeping workstations beeing workstations. ;o)) Good luck, As far as I learned, this seems to be a main chapter in the manual of a Windows domain administrator. :o)) Thanks again. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login with special groups
Hi, Is it possible to allow login from certain machines in a samba3 domain just to users who are in certain special groups? I could not find any options on this. Thank you very much, Niki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba hangs DOS apps (foxpro and clipper)
Hi. I start to manage small network with about twenty workstation. There is an old DELL with Novell 3 as file server and spooler for four printers. Clients (Win98 and WinXP) runs dos applications written in clipper and foxpro. Everything works fine, but... :) I want to migrate file server and spooler in to new server with RHEL5. Cups works fine, but Samba not. DOS apps randomly hangs or freeze for few sec. without any any reason. Someone told me to try Samba 2.2.8a and reedit smb.conf I turning off read/write raw also change blocking locks, locking, kernel oplocks and strict locking options. Now frequency of hangs is smaller then before, but it's still. Anyone help? PS. Sorry for my english. [global] #unix charset = UTF8 #character set = UTF8 client code page = 852 netbios name = serwer server string = serwer workgroup = TBS security = user encrypt passwords = yes kernel oplocks = no interfaces = 10.1.1.253/24, 127.0.0.1 bind interfaces only = yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=16384 IPTOS_LOWDELAY read raw = no write raw = no getwd cache = no preserve case = yes max open files = 1000 guest account = pcguest level2 oplocks = no oplocks = no veto oplock files = /*.DBF/*.dbf/*.CDX/*.cdx/*.STX/*.stx blocking locks = no locking = yes strict locking = yes username map = /usr/local/samba/private/smbusers log level = 2 log file = /var/log/samba/%m.log max log size = 50 time server = Yes logon script = %U.bat logon path = logon home = domain logons = Yes os level = 255 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes load printers = yes printing = cups printcap name = cups #cups options = raw keep alive = 10 dead time = 5 [homes] comment = Home Directories valid users = %U read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/logon guest ok = Yes browseable = No share modes = No [D2] path = /var/samba/D2 valid users = @samba, root read only = No force create mode = 770 create mask = 0770 directory mask = 0770 dos filetime resolution = Yes dos filetimes = yes [D3] path = /var/samba/D3 read only = No create mask = 0770 directory mask = 0770 dos filetime resolution = Yes [BETA] path = /var/samba/D2/PRZELEW/BETA valid users = root, @przelew write list = root, @przelew read only = No create mask = 0770 directory mask = 0770 dos filetime resolution = Yes [SYS] path = /var/samba/SYS valid users = root, @samba write list = @root read only = No create mask = 0755 dos filetime resolution = Yes [OKI3321] comment = OKI3221 w serwerowni path = /var/spool/samba printer name = OKI3321 public = yes guest ok = yes printable = yes writable = no use client driver = yes [HP1200] comment = HP1200 w ksiegowosci path = /var/spool/samba printer name = HP1200 public = yes guest ok = yes printable = yes writable = no use client driver = yes [HP2015] comment = HP2015 w ksiegowosci path = /var/spool/samba printer name = HP2015 public = yes guest ok = yes printable = yes writable = no use client driver = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login with special groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Helmut Hullen wrote: Hallo, Niki, Du (mailinglists) meintest am 24.01.08: Is it possible to allow login from certain machines in a samba3 domain just to users who are in certain special groups? I could not find any options on this. Which OS do you use? Samba has the option preexec which can be used for checking something. And preexec has the option close (p.e. close = yes) which can be used as a kind of if user has no legitimation then exit. Can't this be done via Windows account policy these days, like logon hours, or is that not the case? =R - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmMGwmb+gadEcsb4RAjwrAJ9BlzzpobagYwXMdhhgbNi01c9VDgCgiHdI clsFN58xUXzY6w4gEIlWjTM= =HEFB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Odd transfer speed issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There was talk about changes to the TCP window and RSSIZE etc. a month or two ago. Could any of this be related? Stuart Gall wrote: Hi Will, Did you get anywhere with this ? I have this exact same problem on one system Debian 4.0r2 I can download with http super fast. Access from linux using mount.cifs is fast. Access from OSX is fast. ONLY access from windows is slow I have an older samba box on the same network it is fine. I built 3.0.28 from source with async io , still no good. Made hundreds of tweaks the smb.conf nothing I do makes any differance. Wierder . . . I set up another file-server today same NIC same motherboard same version of debian - no problems. I am going to go mad On 18 Jan 2008, at 21:39, Will Payne wrote: I'm seeing slow transfers to/from my samba server. I just tried to copy a 270MB file from a samba share to an XP machine. At first, the estimated time displayed as 141 minutes :( -snip- Microsoft's estimates are known to be completely off a lot of times. If you do not make any load on the server how long does the transfer take? I don't know how long it'd *actually* take (life's too short to let it complete) but it's definately at least several minutes when it should just be a matter of seconds.. HTTP downloads from the machine, scp-ing files to/from, etc are fine.. it's just samba that seems to have this issue.. Perplexed, Will -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Stuart Gall -- All of your mail are belong to us - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmMJRmb+gadEcsb4RAsnsAJ9a40ZcuraFe0+DQfHDPbqHEkOMMgCaA/Hg NO/XtTYdZU1VUwKbJ0BEmxY= =H0xk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: SID problem with working samba
hi again, El Thu, 24 Jan 2008 05:49:20 -0500 Jamrock [EMAIL PROTECTED] ha escrit: toni [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] this server has also a ldap server to resolve system users (via nsswitch), and the contents are replicated from a master ldap in the PDC (i think this is what you are proposing, isn't it?) Not really. On a Windows 2003 domain, there are a few domain controllers that contain Active Directory. Active Directory is not loaded on member servers. No replication takes place there. The member server is configured to redirect all authentication requests to a domain controller. Chapter 7 discusses the various ways that Samba member servers can be configured to redirect authentication requests to a single database of usernames and passwords. You can use NSS/LDAP. You can use NSS and Winbind. You can use an adduser script if you don't want to use NSS. i would like to use nss/ldap, because BDC and PDC use it, for simplicity. this is what i'm trying The common factor in all three approaches is the fact that the pdc contains the authoritative list of usernames and passwords. Member servers query that list. The member server will cache the data it sees on the pdc but the pdc is the definitive source. yes, this is what i'm doing, ldap server on BDC and member server is replicated from PDC and synchronized using slurpd. however i've changed my ldap.conf and smb.conf to check directly against ldap on the PDC Look at the smb.conf file in example 7.1.. It simply tells the member server to look to the ldap installation on the pdc when it needs to authenticate users. The /etc/nsswitch.conf is configured to use ldap for authentication. The only difference here is that the ldap is stored on another machine. i have same configuration (as far as i can understand) that example 7.1 shows, but with winbindd started i can't mount shares from clients and log file shows: [2008/01/24 17:13:32, 0, effective(0, 0), real(0, 0)] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2362) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED if i stop winbindd, i can mount shres but i must wait the 60 seconds timeout. i'm trying to figure out where the problem is, regards to the nss/ldap configuration, and i think the problem is Primary Group SID, when winbindd runs, pdbedit shows the correct value, but when it's stopped, it shows an incorrect value (i think it causes the timeout) thanks for your help! my smb.conf now (complete): [global] netbios name = SERVER workgroup = DOMAIN local master = no security = domain password server = * mangling method = hash2 encrypt passwords = yes passdb backend = ldapsam:ldaps://pdc ldap://localhost; idmap backend = ldap:ldaps://pdc ldap://localhost; ldap suffix = dc=domain,dc=intranet ldap admin dn = cn=Manager,dc=domain,dc=intranet ldap ssl = yes ldap machine suffix = ou=Machines ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap passwd sync = Yes ldap delete dn = Yes add user script = /opt/smbldap_tools-0.9.1/smbldap-useradd -a '%u' delete user script = /opt/smbldap_tools-0.9.1/smbldap-userdel '%u' add group script = /opt/smbldap_tools-0.9.1/smbldap-groupadd -p '%g' delete group script = /opt/smbldap_tools-0.9.1/smbldap-groupdel '%g' add user to group script = /opt/smbldap_tools-0.9.1/smbldap-groupmod -m '%u' '%g' delete user from group script = /opt/smbldap_tools-0.9.1/smbldap-groupmod -x '%u' '%g' set primary group script = /opt/smbldap_tools-0.9.1/smbldap-usermod -g '%g' '%u' add machine script = /opt/smbldap_tools-0.9.1/smbldap-useradd -w '%u' passwd program = /opt/smbldap_tools-0.9.1/smbldap-passwd '%u' passwd chat = *ew*password* %n\n *new*password* %n\n passwd chat debug = Yes socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 name resolve order = hosts wins lmhosts bcast dos charset = CP850 unix charset = ISO8859-1 wins server = 10.0.2.11 time server = yes log file = /var/log/samba/samba.%m.log log level = 0 max log size = 10 debug uid = yes load printers = yes printing = cups printcap name = cups cups server = 10.0.2.22 enable privileges = yes nt acl support = yes inherit acls = Yes unix password sync = no unix extensions = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hide Home Share for a single user
Hi, Does anyone knows how to hide a home share just for a particular user? Thx Nelson Vale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hide Home Share for a single user
Nelson Vale wrote: Hi, Does anyone knows how to hide a home share just for a particular user? Thx Nelson Vale How do you mean hide? So that they can't browse it, or so that they cannot see the 'homes' service? And do you mean hide from everyone else, or hide from that user themselves? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] View Workgroup Computers is Slow to Come Up
What would cause the View Workgroup Computers to be slow in coming up. It will take from 10 seconds to 1 minute. A am using Windows XP hosts with an SCO OpenServer using Samba in a workgroup, and Samba is the preferred master (os 255) with WINS support. I have the Browser service turned off on all Windows clients. Thanks, Rick Cone Secure Payment Systems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] View Workgroup Computers is Slow to Come Up
Rick Cone,Secure Payment Systems wrote: What would cause the View Workgroup Computers to be slow in coming up. It will take from 10 seconds to 1 minute. A am using Windows XP hosts with an SCO OpenServer using Samba in a workgroup, and Samba is the preferred master (os 255) with WINS support. I have the Browser service turned off on all Windows clients. Thanks, Rick Cone Secure Payment Systems Is winbind the first name resolution protocol for the server, or is it trying to get host names from hosts/DNS/NIS/NIS+/LDAP first? You have to fail down the chain until you get a positive name resolution, which could involve recursive lookups and such. Just a gut reaction to browsing problems. Also, I've had old hosts in my winbind cache that it tries to find and cannot - but that was under the outside influence of my own stupidity, I'm not sure that it can happen very well under normal conditions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd
Is there a command I can run that will compare the users in /etc/samba/smbpasswd against the users in /etc/passwd and print the ones that exist in smbpasswd but not passwd? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netbios sid and domain sid
Hi all, I'm installing a pdc samba+openldap on a debian etch server. I have this problem: with ldap configuration ended successfully, I start samba for the first time, so samba adds a sambaDomainName entry in ldap database. the problem is that this entry has a wrong sid (different from the one returned by net getlocalsid). Then I have errors in granting privileges and so on. In particular I have 2 different sids for domain (the one wrong) and or netbios name (the one right). Why? is it a samba bug? I use samba 3.0.24-6etch9. Thanks in advance, Fabio -- Dott. Fabio Marcone 2T srl Telefono+39 - 0871- 540154 Fax +39 - 0871- 571594 Email fabio.marcone(AT)duet.it Indirizzo Viale B. Croce 573 66013 Chieti Scalo (CH) GNU/Linux registered user #400424 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Retry: Mapping AD domain users to UNIX users
Bless you Hans! I've been trying to figure this out for a while now. I did not know that idmap_nss existed! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hansjörg Maurer Sent: Wednesday, January 23, 2008 5:20 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Retry: Mapping AD domain users to UNIX users Hi with recent ( =3.0.26 I think) samba Versions it is possible to use http://us3.samba.org/samba/docs/man/manpages-3/idmap_nss.8.html idmap domains = DOMNAME idmap config DOMNAME:backend = nss idmap config DOMNAME:readonly = yes in our case. We are running 3.0.28 in security = ADS, and Linux gets the same usernames from NIS vis nss. They are correctly mapped , and zhe windows security dialog shows DOMNAME\username Regards Hansjörg [EMAIL PROTECTED] wrote: Further information: Someone suggested that the problem might be because of the AD user names being uppercase, which could be resolved with a usermap file. There are some AD user IDs that are uppercase (whereas all the UNIX ones are lowercase). However, I thought that the automatic mapping took care of that? Also, I wanted to avoid having an explicit usermap file as that's one extra thing to manage. Maybe I'm expecting too much of Samba? I tried configuring for a usermap file and adding an account mapping into it. However, the security properties on the Windows side still display the account in the form: u123456 (Unix User\u123456) Regards, Nigel Nigel Pain The Scottish Government Corporate Systems Support Information Systems and Information Services (ISIS) Victoria Quay EDINBURGH EH6 6QQ UK This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return. Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by CableWireless in partnership with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -- _ Deutsches Zentrum fuer Luft- und Raumfahrt e.V. in der Helmholtz-Gemeinschaft Institut fuer Robotik und Mechatronik Dr. Hansjörg Maurer LAN- und Systemmanager Münchner Strasse 20 82234 Wessling Germany Telefon: 08153/28-2431 Telefax: 08153/28-1134 E-Mail: [EMAIL PROTECTED] Internet: http://www.robotic.dlr.de/ __ There are 10 types of people in this world, those who understand binary and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd
diff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Williams Sent: Thursday, January 24, 2008 12:04 PM To: Samba Subject: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd Is there a command I can run that will compare the users in /etc/samba/smbpasswd against the users in /etc/passwd and print the ones that exist in smbpasswd but not passwd? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd
On Jan 24, 2008 1:15 PM, Kristoffer Knigga [EMAIL PROTECTED] wrote: diff probably sort as well and maybe awk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hide Home Share for a single user
Hi again, How do you mean hide? So that they can't browse it, or so that they cannot see the 'homes' service? What I wan't is to just hide (well wath I'd really wanted was to disable it but I don't know if it is possible), the Home Share for one particular user, i.e. don't show it when the user browses the available shares. The user is not allowed to connect to the share anyway. And do you mean hide from everyone else, or hide from that user themselves? The other users have no access to it. Thx, Nelson Vale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC kills WinXP
Thanks for the advice. I'll give it a try tomorrow. Markus On Jan 21, 2008, at 9:52 PM, Dale Schroeder wrote: Markus, I took out most of the comments so that I could follow what you have. I see three possibilities. 1. You have two passdb backend's defined. 2. I believe the share is called [profiles] instead of [profile] 3. Normally the profile acls and hide files would be placed in [profiles] instead of [global]. Perhaps someone else can see something else. Dale #=== Global Settings === [global] workgroup = FET netbios name = atlas server string = Atlas has it all dns proxy = no unix extensions = yes log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes guest account = nobody passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n . domain logons = yes logon script = logon.bat logon path = \\xxx.xxx.xxx.xxx\profile profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/?humbs.db/ os level = 55 domain master = yes preferred master = yes # FQDN changed for privacy reasons passdb backend = ldapsam:ldap://ldapserver.mydomain.at/ ldap admin dn = cn=smbadmin,ou=eumel,dc=fet,dc=at ldap ssl = start_tls ldap suffix = dc=fet,dc=at ldap user suffix = ou=wappler ldap group suffix = ou=gruppen ldap idmap suffix = ou=idmap,ou=eumel ldap machine suffix = ou=kraxen,ou=wappler ldap passwd sync = yes time server = yes template shell = /bin/bash # Winbind stuff, we don't currently use it idmap uid = 15-55 idmap gid = 15-55 # FQDN changed for privacy reasons idmap backend = ldap:ldap://ldapserver.mydomain.at/ add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u socket options = TCP_NODELAY unix charset = UTF8 display charset = UTF8 #=== Share Definitions === [save] path = /mnt/save/ writable = yes create mask = 644 # alles fuer die Domaene [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no ; share modes = no [profile] comment = Profildaten path = /home/samba/profile/%U valid users = %U read only = no guest ok = no browseable = no writeable = yes Markus Bajones wrote: Hi, I have a little problem with my Samba PDC setup. I have a Debian / Etch with Samba 3.0.24 with OpenLDAP Backend and use it as PDC with domain logons and roaming profiles enabled. The logon for normal domain users work without any problems, but when I login with my domain administrator account my Windows XP Professional client I have a big problem. After the logout, when it tries to copy the user data back to the profiles folder on my samba server it freezes. Then I have to restart. After this I cannot boot into Windows anymore, as some files from the C:\Windows\system32 directory are missing. My smb.conf is attached. Cheers, Markus No virus found in this incoming message. Checked by AVG. Version: 7.5.516 / Virus Database: 269.19.8/1235 - Release Date: 1/21/2008 9:39 AM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hide Home Share for a single user
On Jan 24, 2008 2:17 PM, Nelson Vale [EMAIL PROTECTED] wrote: Hi again, How do you mean hide? So that they can't browse it, or so that they cannot see the 'homes' service? What I wan't is to just hide (well wath I'd really wanted was to disable it but I don't know if it is possible), the Home Share for one particular user, i.e. don't show it when the user browses the available shares. The user is not allowed to connect to the share anyway. And do you mean hide from everyone else, or hide from that user themselves? The other users have no access to it. Thx, Nelson Vale The most flexible way that I could come up with off the top of my head, is to use a custom netlogon script, using the user name variable (%u or %U, I can't remember which, there is a subtle difference between them) and changing the value of their home path environment variable in Windows. Or, if you have logon scripts now, you could just add to it. -- Peace and Blessings, -Scott. Of course, that's just my opinion; I could be wrong -Dennis Miller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] compare users in /etc/passwd versus /etc/samba/smbpasswd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Drescher wrote: On Jan 24, 2008 1:15 PM, Kristoffer Knigga [EMAIL PROTECTED] wrote: diff probably sort as well and maybe awk cut -f1 -d: to get the first field. Then sort, then diff, or a new favorite: comm . =R - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmOYcmb+gadEcsb4RAlwxAKDZMjjuURRaHss5hM4QraGP52g7fQCgg3vX Iaqio+2+Xb7afWRGSUGoe2M= =I0yg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hide Home Share for a single user
Nelson Vale wrote: Hi again, How do you mean hide? So that they can't browse it, or so that they cannot see the 'homes' service? What I wan't is to just hide (well wath I'd really wanted was to disable it but I don't know if it is possible), the Home Share for one particular user, i.e. don't show it when the user browses the available shares. The user is not allowed to connect to the share anyway. And do you mean hide from everyone else, or hide from that user themselves? The other users have no access to it. Try the option invalid users = joe I think the user would still see it when browsing, but couldn't connect. That might be a compromise you could accept. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC kills WinXP
I think that with duplicate parameter entries the last one found takes precedence. A testparm shold confirm this. Thank You for the insight. Just read in Using Samba that the last mentioning of a parameter/value pair is valid. So, thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Vista password dialog keeps coming up
Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc. is all relatively new to me. BTW, I've tried it without valid users and it doesn't work. The images and bernardy_images mounts work fine. No authentication problems. smb.conf content: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 15:29:49 [global] netbios aliases = bernardy, kullback, cva wins support = Yes valid users = im_user, bernardy [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Vista password dialog keeps coming up
2 questions: 1. Why does 2 accounts work fine and the third one not? 2. How do you set the local security policy? What app do you use? Thanks! - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:42 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc. is all relatively new to me. BTW, I've tried it without valid users and it doesn't work. The images and bernardy_images mounts work fine. No authentication problems. smb.conf content: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 15:29:49 [global] netbios aliases = bernardy, kullback, cva wins support = Yes valid users = im_user, bernardy [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows Vista password dialog keeps coming up
By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc. is all relatively new to me. BTW, I've tried it without valid users and it doesn't work. The images and bernardy_images mounts work fine. No authentication problems. smb.conf content: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 15:29:49 [global] netbios aliases = bernardy, kullback, cva wins support = Yes valid users = im_user, bernardy [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows Vista password dialog keeps coming up
I don't know the answer to your first question. To edit this local security policy on a Vista system: Start:Programs:Administrative Tools:Local Security Policy:Local Policies:Security Options:Network Security:LAN Manager authentication level. In the pull-down menu select Send LM NTLM - use NTLMv2 session security if negotiated Then click on the Apply button. It might ask you to reboot the system. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: Robert Pollard [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 1:46 PM To: Philipoff, Andrew; samba@lists.samba.org Subject: Re: [Samba] Windows Vista password dialog keeps coming up 2 questions: 1. Why does 2 accounts work fine and the third one not? 2. How do you set the local security policy? What app do you use? Thanks! - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:42 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc. is all relatively new to me. BTW, I've tried it without valid users and it doesn't work. The images and bernardy_images mounts work fine. No authentication problems. smb.conf content: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 15:29:49 [global] netbios aliases = bernardy, kullback, cva wins support = Yes valid users = im_user, bernardy [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login with special groups
Ryan Novosielski schrieb: [...] Can't this be done via Windows account policy these days, like logon hours, or is that not the case? Hi, No, I haven't seen such settings in the policies (in SAM database). Best Regards, Niki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login with special groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niki Hammler wrote: Ryan Novosielski schrieb: [...] Can't this be done via Windows account policy these days, like logon hours, or is that not the case? Hi, No, I haven't seen such settings in the policies (in SAM database). Best Regards, Niki Alright, then what is the Workstations spot there for? I could have sworn that was for allowed workstations. If not, does anyone know what that IS for? Now, even if I am correct about that, it is quite possible that there is no easy way to set that for a group of users, which means that this doesn't necessarily answer the question... [EMAIL PROTECTED] ~]# /opt/samba/bin/pdbedit -Lv -u novosirj Unix username:novosirj NT username: Account Flags:[U ] User SID: S-1-5-21-2781399532-2025599175-580277851-6378 Primary Group SID:S-1-5-21-2781399532-2025599175-580277851-1401 Full Name:Ryan Novosielski,MSB C630,0922,973/792.0497 Home Directory: \\njmsa-lm\novosirj HomeDir Drive:S: Logon Script: novosirj.bat Profile Path: Domain: NEWARK Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 EST Kickoff time: Mon, 18 Jan 2038 22:14:07 EST Password last set:Sun, 20 Jan 2008 18:32:56 EST Password can change: Sun, 20 Jan 2008 18:32:56 EST Password must change: Mon, 18 Jan 2038 22:14:07 EST Last bad password : 0 Bad password count : 0 Logon hours : FF - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmQw8mb+gadEcsb4RAgnCAJwJZHbrvnjIYlhGdUvEn0lVFY/1zACguBZQ +dCirnGSacRRmW8FvpoeqjA= =FyUb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Vista password dialog keeps coming up
I don't have Local Security Policy option in the Administrative menu. Is this something else they left out that I have to manually install? - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:56 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up I don't know the answer to your first question. To edit this local security policy on a Vista system: Start:Programs:Administrative Tools:Local Security Policy:Local Policies:Security Options:Network Security:LAN Manager authentication level. In the pull-down menu select Send LM NTLM - use NTLMv2 session security if negotiated Then click on the Apply button. It might ask you to reboot the system. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: Robert Pollard [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 1:46 PM To: Philipoff, Andrew; samba@lists.samba.org Subject: Re: [Samba] Windows Vista password dialog keeps coming up 2 questions: 1. Why does 2 accounts work fine and the third one not? 2. How do you set the local security policy? What app do you use? Thanks! - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:42 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc. is all relatively new to me. BTW, I've tried it without valid users and it doesn't work. The images and bernardy_images mounts work fine. No authentication problems. smb.conf content: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 15:29:49 [global] netbios aliases = bernardy, kullback, cva wins support = Yes valid users = im_user, bernardy [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows Vista password dialog keeps coming up
What version of Vista are you talking about? I use Vista Business and Ultimate but if you are using Vista Home or Premium, then you need to edit your registry. Start:Run:regedit, change the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel from a 3 to a 1. However I did completely overlook the obvious way to solve this, you could enable NTLMv2 support in your smb.conf. By default NTLMv2 auth is not enabled. You would have to add the following and restart smbd: client ntlmv2 auth = yes From the smb.conf man page: client ntlmv2 auth (G) This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted pass- word response. If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Many servers (including NT4 SP4, Win9x and Samba 2.2) are not compatible with NTLMv2. Similarly, if enabled, NTLMv1, client lanman auth and client plain- text auth authentication will be disabled. This also disables share-level authentication. If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth. Note that some sites (particularly those following âbest practiceâ security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM. Default: client ntlmv2 auth = no Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: Robert Pollard [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 2:13 PM To: Philipoff, Andrew; samba@lists.samba.org Subject: Re: [Samba] Windows Vista password dialog keeps coming up I don't have Local Security Policy option in the Administrative menu. Is this something else they left out that I have to manually install? - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:56 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up I don't know the answer to your first question. To edit this local security policy on a Vista system: Start:Programs:Administrative Tools:Local Security Policy:Local Policies:Security Options:Network Security:LAN Manager authentication level. In the pull-down menu select Send LM NTLM - use NTLMv2 session security if negotiated Then click on the Apply button. It might ask you to reboot the system. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: Robert Pollard [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 1:46 PM To: Philipoff, Andrew; samba@lists.samba.org Subject: Re: [Samba] Windows Vista password dialog keeps coming up 2 questions: 1. Why does 2 accounts work fine and the third one not? 2. How do you set the local security policy? What app do you use? Thanks! - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:42 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc.
Re: [Samba] Windows Vista password dialog keeps coming up
Just found out through research that since I have Vista Home Premium I can't even modify Local Security Policies. Any other ideas would be appreciated. - Original Message - From: Robert Pollard [EMAIL PROTECTED] To: Philipoff, Andrew [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 4:12 PM Subject: Re: [Samba] Windows Vista password dialog keeps coming up I don't have Local Security Policy option in the Administrative menu. Is this something else they left out that I have to manually install? - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:56 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up I don't know the answer to your first question. To edit this local security policy on a Vista system: Start:Programs:Administrative Tools:Local Security Policy:Local Policies:Security Options:Network Security:LAN Manager authentication level. In the pull-down menu select Send LM NTLM - use NTLMv2 session security if negotiated Then click on the Apply button. It might ask you to reboot the system. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: Robert Pollard [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 1:46 PM To: Philipoff, Andrew; samba@lists.samba.org Subject: Re: [Samba] Windows Vista password dialog keeps coming up 2 questions: 1. Why does 2 accounts work fine and the third one not? 2. How do you set the local security policy? What app do you use? Thanks! - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:42 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through Windows (Vista by the way). I have 2 other accounts and they work fine. Anything you see in the file that may be something that is stupid please point it out. SMB/NetBIOS, etc. is all relatively new to me. BTW, I've tried it without valid users and it doesn't work. The images and bernardy_images mounts work fine. No authentication problems. smb.conf content: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 15:29:49 [global] netbios aliases = bernardy, kullback, cva wins support = Yes valid users = im_user, bernardy [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL
Re: [Samba] Login with special groups
Ryan Novosielski schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niki Hammler wrote: Ryan Novosielski schrieb: [...] Can't this be done via Windows account policy these days, like logon hours, or is that not the case? No, I haven't seen such settings in the policies (in SAM database). Alright, then what is the Workstations spot there for? I could have sworn that was for allowed workstations. If not, does anyone know what that IS for? Ouh, I've read over this ;-) Anyway, as you've found out below, this is the wrong direction ;-) Now, even if I am correct about that, it is quite possible that there is no easy way to set that for a group of users, which means that this doesn't necessarily answer the question... Yes, the problem is that I've dozens of workstations where everyone (approx. 600 users!) in LDAP should be allowed to login. But there are a few workstations where only users should be allowed to login who are members in some certain groups. Best regards, Niki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Vista password dialog keeps coming up
Hello again, After looking at the smb.conf file again I saw the problem... I had valid users set in Globals to the only 2 that could connect, du. Here's the updated config file: # Samba config file created using SWAT # from 192.168.1.103 (192.168.1.103) # Date: 2008/01/24 16:48:48 [global] netbios aliases = bernardy, kullback, cva client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No wins support = Yes valid users = im_user, bernardy, cva, kullback [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No - Original Message - From: Robert Pollard [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; Philipoff, Andrew [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 4:29 PM Subject: Re: [Samba] Windows Vista password dialog keeps coming up Just found out through research that since I have Vista Home Premium I can't even modify Local Security Policies. Any other ideas would be appreciated. - Original Message - From: Robert Pollard [EMAIL PROTECTED] To: Philipoff, Andrew [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 4:12 PM Subject: Re: [Samba] Windows Vista password dialog keeps coming up I don't have Local Security Policy option in the Administrative menu. Is this something else they left out that I have to manually install? - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:56 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up I don't know the answer to your first question. To edit this local security policy on a Vista system: Start:Programs:Administrative Tools:Local Security Policy:Local Policies:Security Options:Network Security:LAN Manager authentication level. In the pull-down menu select Send LM NTLM - use NTLMv2 session security if negotiated Then click on the Apply button. It might ask you to reboot the system. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: Robert Pollard [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 1:46 PM To: Philipoff, Andrew; samba@lists.samba.org Subject: Re: [Samba] Windows Vista password dialog keeps coming up 2 questions: 1. Why does 2 accounts work fine and the third one not? 2. How do you set the local security policy? What app do you use? Thanks! - Original Message - From: Philipoff, Andrew [EMAIL PROTECTED] To: Robert Pollard [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, January 24, 2008 3:42 PM Subject: RE: [Samba] Windows Vista password dialog keeps coming up By Default Vista clients expect that SMB connections will use NTLMv2 only. You could set the Vista client local security policy to Send LM NTLM - use NTLMv2 session security if negotiated. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Pollard Sent: Thursday, January 24, 2008 1:34 PM To: samba@lists.samba.org Subject: [Samba] Windows Vista password dialog keeps coming up Hi, I have come to my wits end again (lately, it's a very short trip). I have been trying to connect to Samba 3.0.21b but Windows keeps throwing up the logon dialog. I'm using Map network drive to try to mount this share. It seems the problem is only on the Windows side since I have tested the connection through the Unix account. Both user id and password work fine. I've tested it through the command line on the Unix server using smbclient //cva/cva_images -U cva and it works fine there since it gives me the smb prompt and I can execute commands (ls to look at the directory, etc.). For some reason I cannot authenticate through
Re: [Samba] PDC Multiple users
Harol Hunter wrote: Hi list: I've been using samba+ldap as a PDC with roaming profiles for some time but recently I joined some machines to the domain wich are used by several users and then started the problems, the profiles loaded are not the ones owned by the users, I mean user1 loads the profile of the user2 and so on. I'm using Debian Etch (stable) with samba 3.0.24. Any Help Thanks Harol Hunter Harol, How are you mapping your UIDs? Are they statically mapped? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] VPN and NetBIOS aliases
Hi,I'm wondering if anyone has run into this but I found out that I can't use Window's VPN connection and logon to Samba using Aliases. I can log into the server using the server's main NetBIOS name but I can't use any of the aliases. Whilst inside the network the aliases work fine.Any ideas on how to get around this?# Samba config file created using SWAT # from 192.168.1.200 (192.168.1.200) # Date: 2008/01/24 20:06:30 [global] netbios aliases = bernardy, kullback, cva client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No wins support = Yes valid users = im_user, bernardy, cva, kullback [bernardy_images] comment = Bernardy images for viewing path = /data/images/image_viewing/bernardy username = bernardy valid users = bernardy, im_user, Robert read list = bernardy, Robert write list = Robert, im_user read only = No [homes] comment = Home Directories invalid users = root, admin, bin, daemon, sys, adm, uucp, nuucp, smmsp, listen, gdm, webservd, rpollard, mysql valid users = im_user, bernardy, kullback, cva [images] comment = Image administrator access point path = /data/images username = im_user valid users = im_user read only = No [kullback_images] comment = Viewing directory for Kullback path = /data/images/image_viewing/kullback username = kullback valid users = im_user, kullback read list = kullback, im_user write list = im_user read only = No [cva_images] comment = CVA image viewing directory path = /data/images/image_viewing/cva username = cva valid users = cva, im_user, Robert read list = im_user, cva, Robert write list = im_user, Robert read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd errors in syslog - how to get rid of them? {solved}
David C. Rankin wrote: Listmates, I know the following are harmless, but how do I keep them from filling up my syslog? log level = 03. They still appear with log level = 1. Any thoughts? The logs: Jan 23 22:01:30 bonza smbd[16474]: [2008/01/23 22:01:30, 0] lib/util_sock.c:get_peer_addr(1232) Jan 23 22:01:30 bonza smbd[16474]: getpeername failed. Error was smb ports = 139 in the Globals section of smb.conf -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1629-gf1d7de4
The branch, v3-2-test has been updated via f1d7de462cf0f64648a3a1fc6f0c64a7bbdb3c2a (commit) from 4c08725a42a8babf0f078fb4b221a96f58deeb50 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit f1d7de462cf0f64648a3a1fc6f0c64a7bbdb3c2a Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Jan 23 17:37:59 2008 +0100 More read_data - read_socket_with_timeout --- Summary of changes: source/lib/util_sock.c | 19 +++ 1 files changed, 3 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c index fb8f415..1a7cc02 100644 --- a/source/lib/util_sock.c +++ b/source/lib/util_sock.c @@ -1126,12 +1126,7 @@ ssize_t read_smb_length_return_keepalive(int fd, bool ok = false; while (!ok) { - if (timeout 0) { - ok = (read_socket_with_timeout(fd,inbuf,4,4, - timeout,pre) == 4); - } else { - ok = (read_data(fd,inbuf,4,pre) == 4); - } + ok = (read_socket_with_timeout(fd,inbuf,4,4,timeout,pre) == 4); if (!ok) { return -1; } @@ -1237,16 +1232,8 @@ ssize_t receive_smb_raw(int fd, len = MIN(len,maxlen); } - if (timeout 0) { - ret = read_socket_with_timeout(fd, - buffer+4, - len, - len, - timeout, - pre); - } else { - ret = read_data(fd,buffer+4,len,pre); - } + ret = read_socket_with_timeout(fd, buffer+4, len, len, timeout, + pre); if (ret != len) { cond_set_smb_read_error(pre,SMB_READ_ERROR); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-543-g6d68161
The branch, v4-0-test has been updated via 6d68161e676d381600c77c3f862bd7e013968724 (commit) via 3c5bae2249d01213ff4bd7df2b4e3ac04da4a52d (commit) from be5eb2da241452ccc0526f4f115aa44c0793c351 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 6d68161e676d381600c77c3f862bd7e013968724 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 10:24:41 2008 +0100 netlogon.idl: make use of bitmap samr_GroupAttrs metze commit 3c5bae2249d01213ff4bd7df2b4e3ac04da4a52d Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 10:22:45 2008 +0100 netlogon.idl: remove unused netr_GroupsMembership structure We have samr_RidWithAttribute and use that in all cases. metze --- Summary of changes: source/auth/auth_sam_reply.c |2 +- source/librpc/idl/netlogon.idl |8 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/auth_sam_reply.c b/source/auth/auth_sam_reply.c index 6ab2204..ea6f0a1 100644 --- a/source/auth/auth_sam_reply.c +++ b/source/auth/auth_sam_reply.c @@ -132,7 +132,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, continue; } sam3-sids[sam3-sidcount].sid = talloc_reference(sam3-sids,server_info-domain_groups[i]); - sam3-sids[sam3-sidcount].attribute = + sam3-sids[sam3-sidcount].attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; sam3-sidcount += 1; } diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl index dcbb647..63e7aaf 100644 --- a/source/librpc/idl/netlogon.idl +++ b/source/librpc/idl/netlogon.idl @@ -19,6 +19,7 @@ import lsa.idl, samr.idl, security.idl, nbt.idl; interface netlogon { typedef bitmap samr_AcctFlags samr_AcctFlags; + typedef bitmap samr_GroupAttrs samr_GroupAttrs; /*/ /* Function 0x00 */ @@ -126,11 +127,6 @@ interface netlogon [case(6)] netr_NetworkInfo *network; } netr_LogonLevel; - typedef [public] struct { - uint32 rid; - uint32 attributes; - } netr_GroupMembership; - typedef [public,flag(NDR_PAHEX)] struct { uint8 key[16]; } netr_UserSessionKey; @@ -187,7 +183,7 @@ interface netlogon typedef struct { dom_sid2 *sid; - uint32 attribute; + samr_GroupAttrs attributes; } netr_SidAttr; typedef [public] struct { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1631-g9b5f69c
The branch, v3-2-test has been updated via 9b5f69cb1f7d22174b2cd67ebf02a271d4bf6e2f (commit) via 6ed640fadea6355dd6808db156228e6876d9f064 (commit) from f1d7de462cf0f64648a3a1fc6f0c64a7bbdb3c2a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 9b5f69cb1f7d22174b2cd67ebf02a271d4bf6e2f Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 10:24:41 2008 +0100 netlogon.idl: make use of bitmap samr_GroupAttrs metze (from v4-0-test 6d68161e676d381600c77c3f862bd7e013968724) commit 6ed640fadea6355dd6808db156228e6876d9f064 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 10:22:45 2008 +0100 netlogon.idl: remove unused netr_GroupsMembership structure We have samr_RidWithAttribute and use that in all cases. metze (cherry picked from commit 3c5bae2249d01213ff4bd7df2b4e3ac04da4a52d) --- Summary of changes: source/librpc/idl/netlogon.idl |8 ++-- 1 files changed, 2 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl index 51efebd..581d307 100644 --- a/source/librpc/idl/netlogon.idl +++ b/source/librpc/idl/netlogon.idl @@ -19,6 +19,7 @@ import lsa.idl, samr.idl, security.idl; interface netlogon { typedef bitmap samr_AcctFlags samr_AcctFlags; + typedef bitmap samr_GroupAttrs samr_GroupAttrs; /*/ /* Function 0x00 */ @@ -126,11 +127,6 @@ interface netlogon [case(6)] netr_NetworkInfo *network; } netr_LogonLevel; - typedef [public] struct { - uint32 rid; - uint32 attributes; - } netr_GroupMembership; - typedef [public,flag(NDR_PAHEX)] struct { uint8 key[16]; } netr_UserSessionKey; @@ -188,7 +184,7 @@ interface netlogon typedef struct { dom_sid2 *sid; - uint32 attribute; + samr_GroupAttrs attributes; } netr_SidAttr; typedef [public] struct { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-544-g7222edb
The branch, v4-0-test has been updated via 7222edb9cde5cdeb9d065e890775a7254b26648f (commit) from 6d68161e676d381600c77c3f862bd7e013968724 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7222edb9cde5cdeb9d065e890775a7254b26648f Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 13:52:47 2008 +0100 netlogon.idl: add some MSV1_0_ values from samba3 and use a bitmap32 metze --- Summary of changes: source/librpc/idl/netlogon.idl | 13 + 1 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl index 63e7aaf..3e4d46d 100644 --- a/source/librpc/idl/netlogon.idl +++ b/source/librpc/idl/netlogon.idl @@ -87,13 +87,18 @@ interface netlogon [size_is(size/2),length_is(length/2)] uint16 *bindata; } netr_AcctLockStr; - const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002; - const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020; - const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800; + typedef [public,bitmap32bit] bitmap { + MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x0002, + MSV1_0_UPDATE_LOGON_STATISTICS = 0x0004, + MSV1_0_RETURN_USER_PARAMETERS = 0x0008, + MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x0020, + MSV1_0_RETURN_PROFILE_PATH = 0x0200, + MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x0800 + } netr_LogonParameterControl; typedef struct { lsa_String domain_name; - uint32 parameter_control; /* see MSV1_0_* */ + netr_LogonParameterControl parameter_control; /* see MSV1_0_* */ uint32 logon_id_low; uint32 logon_id_high; lsa_String account_name; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1634-g1781a57
The branch, v3-2-test has been updated via 1781a57b18f681f1bc03873330147a813f10eba2 (commit) via 57f2b8d0a8d8987a62419e9852ac9a9cf39c3109 (commit) via 3b87c5ce4f74f8dd01bfdf8859c6c832da15cd24 (commit) from 9b5f69cb1f7d22174b2cd67ebf02a271d4bf6e2f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 1781a57b18f681f1bc03873330147a813f10eba2 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 13:53:36 2008 +0100 Re-run make idl and use generated ndr based on samba4 security.idl (except for DOM_SID). Guenther commit 57f2b8d0a8d8987a62419e9852ac9a9cf39c3109 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 13:45:38 2008 +0100 Merge over security.idl from samba4. Guenther commit 3b87c5ce4f74f8dd01bfdf8859c6c832da15cd24 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 11:44:29 2008 +0100 Fix samr_EnumDomainUsers in samba3, must not be a ref pointer here. Guenther --- Summary of changes: source/Makefile.in |3 +- source/include/smb.h |5 +- source/librpc/gen_ndr/cli_samr.c |4 +- source/librpc/gen_ndr/ndr_samr.c | 28 +- .../ndr_sec_helper.c = gen_ndr/ndr_security.c}| 420 +++ source/librpc/gen_ndr/ndr_security.h | 41 +- source/librpc/gen_ndr/samr.h |2 +- source/librpc/gen_ndr/security.h | 335 - source/librpc/idl/samr.idl |2 +- source/librpc/idl/security.idl | 31 +- source/librpc/ndr/libndr.h |2 +- source/librpc/ndr/ndr_sec_helper.c | 815 source/librpc/ndr/security.h | 257 -- source/librpc/ndr/sid.c| 67 -- 14 files changed, 692 insertions(+), 1320 deletions(-) copy source/librpc/{ndr/ndr_sec_helper.c = gen_ndr/ndr_security.c} (68%) delete mode 100644 source/librpc/ndr/security.h Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index c519ff8..5b408a5 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -257,6 +257,7 @@ LIBNDR_OBJ = librpc/ndr/ndr_basic.o \ librpc/ndr/ndr.o \ librpc/ndr/ndr_misc.o \ librpc/gen_ndr/ndr_misc.o \ +librpc/gen_ndr/ndr_security.o \ librpc/ndr/ndr_sec_helper.o \ librpc/ndr/ndr_string.o \ librpc/ndr/sid.o \ @@ -1091,7 +1092,7 @@ modules: SHOWFLAGS $(MODULES) ## Perl IDL Compiler IDL_FILES = unixinfo.idl lsa.idl dfs.idl echo.idl winreg.idl initshutdown.idl \ srvsvc.idl svcctl.idl eventlog.idl wkssvc.idl netlogon.idl notify.idl \ - epmapper.idl messaging.idl xattr.idl misc.idl samr.idl + epmapper.idl messaging.idl xattr.idl misc.idl samr.idl security.idl idl: @IDL_FILES=$(IDL_FILES) CPP=$(CPP) PERL=$(PERL) \ diff --git a/source/include/smb.h b/source/include/smb.h index f3cf1db..3160365 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -259,9 +259,6 @@ typedef struct dom_sid { uint32 sub_auths[MAXSUBAUTHS]; } DOM_SID; -#define dom_sid2 dom_sid -#define dom_sid28 dom_sid - enum id_mapping { ID_UNKNOWN = 0, ID_MAPPED, @@ -296,7 +293,7 @@ typedef struct data_blob { extern const DATA_BLOB data_blob_null; #include librpc/gen_ndr/misc.h -#include librpc/ndr/security.h +#include librpc/gen_ndr/security.h #include librpc/ndr/libndr.h #include librpc/gen_ndr/lsa.h #include librpc/gen_ndr/dfs.h diff --git a/source/librpc/gen_ndr/cli_samr.c b/source/librpc/gen_ndr/cli_samr.c index 99e7e45..73c123b 100644 --- a/source/librpc/gen_ndr/cli_samr.c +++ b/source/librpc/gen_ndr/cli_samr.c @@ -621,7 +621,9 @@ NTSTATUS rpccli_samr_EnumDomainUsers(struct rpc_pipe_client *cli, /* Return variables */ *resume_handle = *r.out.resume_handle; - *sam = *r.out.sam; + if (sam r.out.sam) { + *sam = *r.out.sam; + } *num_entries = *r.out.num_entries; /* Return result */ diff --git a/source/librpc/gen_ndr/ndr_samr.c b/source/librpc/gen_ndr/ndr_samr.c index f407fcf..ed80da2 100644 --- a/source/librpc/gen_ndr/ndr_samr.c +++ b/source/librpc/gen_ndr/ndr_samr.c @@ -6409,10 +6409,10 @@ static enum ndr_err_code ndr_push_samr_EnumDomainUsers(struct ndr_push *ndr, int return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, NULL [ref] pointer); } NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r-out.resume_handle)); - if (r-out.sam == NULL) { - return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, NULL [ref]
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-545-gc1ac13e
The branch, v4-0-test has been updated via c1ac13ee12d6d7e41b3700f207c9a8811bb05cd4 (commit) from 7222edb9cde5cdeb9d065e890775a7254b26648f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c1ac13ee12d6d7e41b3700f207c9a8811bb05cd4 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 14:57:30 2008 +0100 pidl/Samba4::Header: we don't need to check if (defined($enum-{ELEMENTS})) twice metze --- Summary of changes: source/pidl/lib/Parse/Pidl/Samba4/Header.pm | 38 -- 1 files changed, 18 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source/pidl/lib/Parse/Pidl/Samba4/Header.pm b/source/pidl/lib/Parse/Pidl/Samba4/Header.pm index 2b3a9df..b2d5126 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/Header.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/Header.pm @@ -131,27 +131,25 @@ sub HeaderEnum($$) my $count = 0; my $with_val = 0; my $without_val = 0; - if (defined($enum-{ELEMENTS})) { - pidl { __donnot_use_enum_$name=0x7FFF}\n; - foreach my $e (@{$enum-{ELEMENTS}}) { - my $t = $e; - my $name; - my $value; - if ($t =~ /(.*)=(.*)/) { - $name = $1; - $value = $2; - $with_val = 1; - fatal($e-{ORIGINAL}, you can't mix enum member with values and without values!) - unless ($without_val == 0); - } else { - $name = $t; - $value = $count++; - $without_val = 1; - fatal($e-{ORIGINAL}, you can't mix enum member with values and without values!) - unless ($with_val == 0); - } - pidl #define $name ( $value )\n; + pidl { __donnot_use_enum_$name=0x7FFF}\n; + foreach my $e (@{$enum-{ELEMENTS}}) { + my $t = $e; + my $name; + my $value; + if ($t =~ /(.*)=(.*)/) { + $name = $1; + $value = $2; + $with_val = 1; + fatal($e-{ORIGINAL}, you can't mix enum member with values and without values!) + unless ($without_val == 0); + } else { + $name = $t; + $value = $count++; + $without_val = 1; + fatal($e-{ORIGINAL}, you can't mix enum member with values and without values!) + unless ($with_val == 0); } + pidl #define $name ( $value )\n; } pidl #endif\n; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-546-gdd77fc4
The branch, v4-0-test has been updated via dd77fc45eee2dde7bdd31a2e39387e94cec158aa (commit) from c1ac13ee12d6d7e41b3700f207c9a8811bb05cd4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit dd77fc45eee2dde7bdd31a2e39387e94cec158aa Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 15:04:58 2008 +0100 pidl: get rid of stupid ';' char to terminate bitmap defines metze --- Summary of changes: source/pidl/lib/Parse/Pidl/Samba4/Header.pm | 45 +-- 1 files changed, 22 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source/pidl/lib/Parse/Pidl/Samba4/Header.pm b/source/pidl/lib/Parse/Pidl/Samba4/Header.pm index b2d5126..14f4723 100644 --- a/source/pidl/lib/Parse/Pidl/Samba4/Header.pm +++ b/source/pidl/lib/Parse/Pidl/Samba4/Header.pm @@ -82,9 +82,9 @@ sub HeaderElement($) # # parse a struct -sub HeaderStruct($$) +sub HeaderStruct($$;$) { - my($struct,$name) = @_; + my($struct,$name,$tail) = @_; pidl struct $name; return if (not defined($struct-{ELEMENTS})); pidl {\n; @@ -103,13 +103,14 @@ sub HeaderStruct($$) if (defined $struct-{PROPERTIES}) { HeaderProperties($struct-{PROPERTIES}, []); } + pidl $tail if defined($tail); } # # parse a enum -sub HeaderEnum($$) +sub HeaderEnum($$;$) { - my($enum,$name) = @_; + my($enum,$name,$tail) = @_; my $first = 1; pidl enum $name; @@ -153,6 +154,7 @@ sub HeaderEnum($$) } pidl #endif\n; } + pidl $tail if defined($tail); } # @@ -170,9 +172,9 @@ sub HeaderBitmap($$) # # parse a union -sub HeaderUnion($$) +sub HeaderUnion($$;$) { - my($union,$name) = @_; + my($union,$name,$tail) = @_; my %done = (); pidl union $name; @@ -193,18 +195,19 @@ sub HeaderUnion($$) if (defined $union-{PROPERTIES}) { HeaderProperties($union-{PROPERTIES}, []); } + pidl $tail if defined($tail); } # # parse a type -sub HeaderType($$$) +sub HeaderType($$$;$) { - my($e,$data,$name) = @_; + my($e,$data,$name,$tail) = @_; if (ref($data) eq HASH) { - ($data-{TYPE} eq ENUM) HeaderEnum($data, $name); + ($data-{TYPE} eq ENUM) HeaderEnum($data, $name, $tail); ($data-{TYPE} eq BITMAP) HeaderBitmap($data, $name); - ($data-{TYPE} eq STRUCT) HeaderStruct($data, $name); - ($data-{TYPE} eq UNION) HeaderUnion($data, $name); + ($data-{TYPE} eq STRUCT) HeaderStruct($data, $name, $tail); + ($data-{TYPE} eq UNION) HeaderUnion($data, $name, $tail); return; } @@ -213,14 +216,15 @@ sub HeaderType($$$) } else { pidl mapTypeName($e-{TYPE}); } + pidl $tail if defined($tail); } # # parse a typedef -sub HeaderTypedef($) +sub HeaderTypedef($;$) { - my($typedef) = shift; - HeaderType($typedef, $typedef-{DATA}, $typedef-{NAME}) if defined ($typedef-{DATA}); + my($typedef,$tail) = @_; + HeaderType($typedef, $typedef-{DATA}, $typedef-{NAME}, $tail) if defined ($typedef-{DATA}); } # @@ -357,16 +361,11 @@ sub HeaderInterface($) } foreach my $t (@{$interface-{TYPES}}) { - HeaderTypedef($t) if ($t-{TYPE} eq TYPEDEF); - HeaderStruct($t, $t-{NAME}) if ($t-{TYPE} eq STRUCT); - HeaderUnion($t, $t-{NAME}) if ($t-{TYPE} eq UNION); - HeaderEnum($t, $t-{NAME}) if ($t-{TYPE} eq ENUM); + HeaderTypedef($t, ;\n\n) if ($t-{TYPE} eq TYPEDEF); + HeaderStruct($t, $t-{NAME}, ;\n\n) if ($t-{TYPE} eq STRUCT); + HeaderUnion($t, $t-{NAME}, ;\n\n) if ($t-{TYPE} eq UNION); + HeaderEnum($t, $t-{NAME}, ;\n\n) if ($t-{TYPE} eq ENUM); HeaderBitmap($t, $t-{NAME}) if ($t-{TYPE} eq BITMAP); - pidl ;\n\n if ($t-{TYPE} eq BITMAP or -$t-{TYPE} eq STRUCT or -$t-{TYPE} eq TYPEDEF or -$t-{TYPE} eq UNION or -$t-{TYPE} eq ENUM); } foreach my $fn (@{$interface-{FUNCTIONS}}) { --
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1636-g37b9545
The branch, v3-2-test has been updated via 37b95450518419e2153e9930b63f894b68096d3d (commit) via 503082e15e03def33434d3e5ff4fbe750873aab0 (commit) from 1781a57b18f681f1bc03873330147a813f10eba2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 37b95450518419e2153e9930b63f894b68096d3d Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 15:12:00 2008 +0100 rerun 'make idl' metze commit 503082e15e03def33434d3e5ff4fbe750873aab0 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jan 24 15:17:06 2008 +0100 netlogon.idl: add some MSV1_0_ values from samba3 and use a bitmap32 metze (cherry picked from commit 7222edb9cde5cdeb9d065e890775a7254b26648f) --- Summary of changes: source/include/rpc_netlogon.h|2 +- source/librpc/gen_ndr/dfs.h |6 --- source/librpc/gen_ndr/eventlog.h |4 -- source/librpc/gen_ndr/lsa.h |2 - source/librpc/gen_ndr/ndr_netlogon.c | 72 +++-- source/librpc/gen_ndr/ndr_netlogon.h |6 +- source/librpc/gen_ndr/netlogon.h | 30 -- source/librpc/gen_ndr/samr.h | 22 -- source/librpc/gen_ndr/srvsvc.h |6 --- source/librpc/gen_ndr/svcctl.h |2 - source/librpc/gen_ndr/winreg.h |4 -- source/librpc/gen_ndr/wkssvc.h |4 -- source/librpc/idl/netlogon.idl | 13 -- 13 files changed, 55 insertions(+), 118 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index 48a2a32..e522486 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -92,7 +92,6 @@ #if 0 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x0020 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x0800 -#endif /* updates the logon time on network logon */ #define MSV1_0_UPDATE_LOGON_STATISTICS 0x0004 @@ -103,6 +102,7 @@ /* returns the profilepath in the driveletter and * sets LOGON_PROFILE_PATH_RETURNED user_flag */ #define MSV1_0_RETURN_PROFILE_PATH 0x0200 +#endif #if 0 /* I think this is correct - it's what gets parsed on the wire. JRA. */ diff --git a/source/librpc/gen_ndr/dfs.h b/source/librpc/gen_ndr/dfs.h index 38e7f93..dc11e70 100644 --- a/source/librpc/gen_ndr/dfs.h +++ b/source/librpc/gen_ndr/dfs.h @@ -37,8 +37,6 @@ struct dfs_Info1 { #define DFS_VOLUME_STATE_STANDALONE ( DFS_VOLUME_FLAVOR_STANDALONE ) #define DFS_VOLUME_STATE_AD_BLOB ( DFS_VOLUME_FLAVOR_AD_BLOB ) -; - struct dfs_Info2 { const char *path;/* [unique,charset(UTF16)] */ const char *comment;/* [unique,charset(UTF16)] */ @@ -51,8 +49,6 @@ struct dfs_Info2 { #define DFS_STORAGE_STATE_ONLINE ( 2 ) #define DFS_STORAGE_STATE_ACTIVE ( 4 ) -; - struct dfs_StorageInfo { uint32_t state; const char *server;/* [unique,charset(UTF16)] */ @@ -84,8 +80,6 @@ struct dfs_Info4 { #define DFS_PROPERTY_FLAG_TARGET_FAILBACK ( 0x08 ) #define DFS_PROPERTY_FLAG_CLUSTER_ENABLED ( 0x10 ) -; - struct dfs_Info5 { const char *path;/* [unique,charset(UTF16)] */ const char *comment;/* [unique,charset(UTF16)] */ diff --git a/source/librpc/gen_ndr/eventlog.h b/source/librpc/gen_ndr/eventlog.h index e13fb50..656dadc 100644 --- a/source/librpc/gen_ndr/eventlog.h +++ b/source/librpc/gen_ndr/eventlog.h @@ -13,8 +13,6 @@ #define EVENTLOG_FORWARDS_READ ( 0x0004 ) #define EVENTLOG_BACKWARDS_READ ( 0x0008 ) -; - /* bitmap eventlogEventTypes */ #define EVENTLOG_SUCCESS ( 0x ) #define EVENTLOG_ERROR_TYPE ( 0x0001 ) @@ -23,8 +21,6 @@ #define EVENTLOG_AUDIT_SUCCESS ( 0x0008 ) #define EVENTLOG_AUDIT_FAILURE ( 0x0010 ) -; - struct eventlog_OpenUnknown0 { uint16_t unknown0; uint16_t unknown1; diff --git a/source/librpc/gen_ndr/lsa.h b/source/librpc/gen_ndr/lsa.h index cbaa908..2657557 100644 --- a/source/librpc/gen_ndr/lsa.h +++ b/source/librpc/gen_ndr/lsa.h @@ -9,8 +9,6 @@ #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER ( 60 ) #define LSA_REF_DOMAIN_LIST_MULTIPLIER ( 32 ) #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER( 82 ) -; - struct lsa_String { uint16_t length;/* [value(2*strlen_m(string))] */ uint16_t size;/* [value(2*strlen_m(string))] */ diff --git a/source/librpc/gen_ndr/ndr_netlogon.c b/source/librpc/gen_ndr/ndr_netlogon.c index 8a5ac47..88b9fbd 100644 --- a/source/librpc/gen_ndr/ndr_netlogon.c +++ b/source/librpc/gen_ndr/ndr_netlogon.c @@ -327,12 +327,39 @@ _PUBLIC_ void ndr_print_netr_AcctLockStr(struct ndr_print *ndr, const char *name ndr-depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_netr_LogonParameterControl(struct ndr_push *ndr, int ndr_flags, uint32_t r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); +
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1639-g54ad97b
The branch, v3-2-test has been updated via 54ad97bd8364c393de2c9471a4c14ca5b880b318 (commit) via 4389e4dadbf07c176d9102b74c06e62ecfc242be (commit) via 10fa43f2840899c0854763e55b9174827c522a5b (commit) from 37b95450518419e2153e9930b63f894b68096d3d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 54ad97bd8364c393de2c9471a4c14ca5b880b318 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 16:19:58 2008 +0100 Add winbind_msg_dump_domain_list to winbindd. Guenther commit 4389e4dadbf07c176d9102b74c06e62ecfc242be Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 16:10:18 2008 +0100 Add winbindd debugging ndr_print helpers. Guenther commit 10fa43f2840899c0854763e55b9174827c522a5b Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 16:09:20 2008 +0100 Add dump-domain-list command for debugging winbindd's domain_list. Guenther --- Summary of changes: source/Makefile.in |1 + source/include/messages.h |1 + source/utils/smbcontrol.c | 57 +++ source/winbindd/winbindd.c |4 + source/winbindd/winbindd_dual.c | 84 ++ source/winbindd/winbindd_ndr.c | 149 +++ 6 files changed, 296 insertions(+), 0 deletions(-) create mode 100644 source/winbindd/winbindd_ndr.c Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index 5b408a5..4de96a8 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -944,6 +944,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_domain.o \ winbindd/winbindd_idmap.o \ winbindd/winbindd_locator.o \ + winbindd/winbindd_ndr.o \ auth/token_util.o WINBINDD_OBJ = \ diff --git a/source/include/messages.h b/source/include/messages.h index 8de41ca..c97ad98 100644 --- a/source/include/messages.h +++ b/source/include/messages.h @@ -97,6 +97,7 @@ #define MSG_WINBIND_TRY_TO_GO_ONLINE 0x0406 #define MSG_WINBIND_FAILED_TO_GO_ONLINE 0x0407 #define MSG_WINBIND_VALIDATE_CACHE 0x0408 +#define MSG_WINBIND_DUMP_DOMAIN_LIST 0x0409 /* event messages */ #define MSG_DUMP_EVENT_LIST0x0500 diff --git a/source/utils/smbcontrol.c b/source/utils/smbcontrol.c index fe0c229..76036bf 100644 --- a/source/utils/smbcontrol.c +++ b/source/utils/smbcontrol.c @@ -1008,6 +1008,62 @@ static bool do_dump_event_list(struct messaging_context *msg_ctx, return send_message(msg_ctx, pid, MSG_DUMP_EVENT_LIST, NULL, 0); } +static bool do_winbind_dump_domain_list(struct messaging_context *msg_ctx, + const struct server_id pid, + const int argc, const char **argv) +{ + const char *domain = NULL; + int domain_len = 0; + struct server_id myid; + uint8_t *buf = NULL; + int buf_len = 0; + + myid = pid_to_procid(sys_getpid()); + + if (argc 1 || argc 2) { + fprintf(stderr, Usage: smbcontrol dest dump_domain_list + domain\n); + return false; + } + + if (argc == 2) { + domain = argv[1]; + domain_len = strlen(argv[1]) + 1; + } + + messaging_register(msg_ctx, NULL, MSG_WINBIND_DUMP_DOMAIN_LIST, + print_pid_string_cb); + + buf_len = sizeof(myid)+domain_len; + buf = SMB_MALLOC(buf_len); + if (!buf) { + return false; + } + + memcpy(buf, myid, sizeof(myid)); + memcpy(buf[sizeof(myid)], domain, domain_len); + + if (!send_message(msg_ctx, pid, MSG_WINBIND_DUMP_DOMAIN_LIST, + buf, buf_len)) + { + SAFE_FREE(buf); + return false; + } + + wait_replies(msg_ctx, procid_to_pid(pid) == 0); + + /* No replies were received within the timeout period */ + + SAFE_FREE(buf); + if (num_replies == 0) { + printf(No replies received\n); + } + + messaging_deregister(msg_ctx, MSG_WINBIND_DUMP_DOMAIN_LIST, NULL); + + return num_replies; +} + static void winbind_validate_cache_cb(struct messaging_context *msg, void *private_data, uint32_t msg_type, @@ -1150,6 +1206,7 @@ static const struct { { dump-event-list, do_dump_event_list, Dump event list}, { validate-cache , do_winbind_validate_cache, Validate winbind's credential cache }, + { dump-domain-list, do_winbind_dump_domain_list, Dump winbind domain list}, { noop, do_noop, Do nothing }, { NULL } }; diff --git a/source/winbindd/winbindd.c
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1642-g902d1d6
The branch, v3-2-test has been updated via 902d1d6709e47fbc8b538f28cb4364b006c431f8 (commit) via 21d126c56a633d2d72ffad08db7331ecc0ee3c0c (commit) via 8629a0e1c3da7c2d2b0c1d99224177c54bbae930 (commit) from 54ad97bd8364c393de2c9471a4c14ca5b880b318 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 902d1d6709e47fbc8b538f28cb4364b006c431f8 Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Jan 24 16:12:42 2008 +0100 Fix Coverity ID 454 commit 21d126c56a633d2d72ffad08db7331ecc0ee3c0c Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Jan 24 15:57:00 2008 +0100 Fix Coverity ID 463 commit 8629a0e1c3da7c2d2b0c1d99224177c54bbae930 Author: Volker Lendecke [EMAIL PROTECTED] Date: Thu Jan 24 15:52:45 2008 +0100 Fix Coverity ID 465 --- Summary of changes: source/client/clitar.c |4 +++- source/nmbd/nmbd.c |9 - source/nmbd/nmbd_synclists.c |2 ++ 3 files changed, 13 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/clitar.c b/source/client/clitar.c index 816e7b1..04cc987 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -1471,8 +1471,10 @@ int cmd_tar(void) } argl=toktocliplist(argcl, NULL); - if (!tar_parseargs(argcl, argl, buf, 0)) + if (!tar_parseargs(argcl, argl, buf, 0)) { + SAFE_FREE(argl); return 1; + } ret = process_tar(); SAFE_FREE(argl); diff --git a/source/nmbd/nmbd.c b/source/nmbd/nmbd.c index 344831d..378b6f3 100644 --- a/source/nmbd/nmbd.c +++ b/source/nmbd/nmbd.c @@ -676,11 +676,18 @@ static bool open_sockets(bool isdaemon, int port) ClientNMB = 0; } + if (ClientNMB == -1) { + return false; + } + ClientDGRAM = open_socket_in(SOCK_DGRAM, DGRAM_PORT, 3, ss, true); - if (ClientNMB == -1) { + if (ClientDGRAM == -1) { + if (ClientNMB != 0) { + close(ClientNMB); + } return false; } diff --git a/source/nmbd/nmbd_synclists.c b/source/nmbd/nmbd_synclists.c index 147df68..5a2f5c4 100644 --- a/source/nmbd/nmbd_synclists.c +++ b/source/nmbd/nmbd_synclists.c @@ -81,12 +81,14 @@ static void sync_child(char *name, int nm_type, } if (!cli_set_port(cli, 139)) { + cli_shutdown(cli); return; } in_addr_to_sockaddr_storage(ss, ip); status = cli_connect(cli, name, ss); if (!NT_STATUS_IS_OK(status)) { + cli_shutdown(cli); return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1643-g40daef4
The branch, v3-2-test has been updated via 40daef4c3d822a28467ff521efca6a55a0370050 (commit) from 902d1d6709e47fbc8b538f28cb4364b006c431f8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 40daef4c3d822a28467ff521efca6a55a0370050 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 17:39:29 2008 +0100 Fix winbindd build w/o ADS. Guenther --- Summary of changes: source/winbindd/winbindd_ndr.c | 10 +++--- 1 files changed, 7 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_ndr.c b/source/winbindd/winbindd_ndr.c index 145d119..842c915 100644 --- a/source/winbindd/winbindd_ndr.c +++ b/source/winbindd/winbindd_ndr.c @@ -74,7 +74,9 @@ void ndr_print_winbindd_methods(struct ndr_print *ndr, const char *name, const struct winbindd_methods *r) { +#ifdef HAVE_ADS extern struct winbindd_methods ads_methods; +#endif extern struct winbindd_methods msrpc_methods; extern struct winbindd_methods passdb_methods; extern struct winbindd_methods reconnect_methods; @@ -89,10 +91,12 @@ void ndr_print_winbindd_methods(struct ndr_print *ndr, return; } - if (r == ads_methods) { - ndr_print_string(ndr, name, ads_methods); - } else if (r == msrpc_methods) { + if (r == msrpc_methods) { ndr_print_string(ndr, name, msrpc_methods); +#ifdef HAVE_ADS + } else if (r == ads_methods) { + ndr_print_string(ndr, name, ads_methods); +#endif } else if (r == passdb_methods) { ndr_print_string(ndr, name, passdb_methods); } else if (r == reconnect_methods) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1646-gb628269
The branch, v3-2-test has been updated via b628269b3260661cb4eeeab8c533b3129827ba62 (commit) via e898789e0d819df05b14bcedfa1d230c7a983440 (commit) via f5e50f42e7c79b4f8857602457db5b97886bd19e (commit) from 40daef4c3d822a28467ff521efca6a55a0370050 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b628269b3260661cb4eeeab8c533b3129827ba62 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 13:27:00 2008 -0800 Add debug messages to trace this if needed. Jeremy. commit e898789e0d819df05b14bcedfa1d230c7a983440 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 13:06:11 2008 -0800 The checks for OI and CI were just wrong Fix them. Thanks to Jim for testing this. Jeremy. commit f5e50f42e7c79b4f8857602457db5b97886bd19e Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 12:59:08 2008 -0800 First part of fix for bug #4929 - worked out by jmcd. Cope with protected ACL set correctly. Jeremy. --- Summary of changes: source/smbd/posix_acls.c | 136 -- 1 files changed, 47 insertions(+), 89 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 6cec39f..dee5d8e 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3202,57 +3202,8 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) return ret; } -static NTSTATUS append_ugw_ace(files_struct *fsp, - SMB_STRUCT_STAT *psbuf, - mode_t unx_mode, - int ugw, - SEC_ACE *se) -{ - mode_t perms; - SEC_ACCESS acc; - enum security_ace_type nt_acl_type; - DOM_SID trustee; - - switch (ugw) { - case S_IRUSR: - perms = unix_perms_to_acl_perms(unx_mode, - S_IRUSR, - S_IWUSR, - S_IXUSR); - uid_to_sid(trustee, psbuf-st_uid ); - break; - case S_IRGRP: - perms = unix_perms_to_acl_perms(unx_mode, - S_IRGRP, - S_IWGRP, - S_IXGRP); - gid_to_sid(trustee, psbuf-st_gid ); - break; - case S_IROTH: - perms = unix_perms_to_acl_perms(unx_mode, - S_IROTH, - S_IWOTH, - S_IXOTH); - sid_copy(trustee, global_sid_World); - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - acc = map_canon_ace_perms(SNUM(fsp-conn), - nt_acl_type, - perms, - fsp-is_directory); - - init_sec_ace(se, - trustee, - nt_acl_type, - acc, - 0); - return NT_STATUS_OK; -} - / - If this is an + Take care of parent ACL inheritance. / static NTSTATUS append_parent_acl(files_struct *fsp, @@ -3270,7 +3221,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, NTSTATUS status; int info; unsigned int i, j; - mode_t unx_mode; + bool is_dacl_protected = (psd-type SE_DESC_DACL_PROTECTED); ZERO_STRUCT(sbuf); @@ -3285,12 +3236,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, return NT_STATUS_NO_MEMORY; } - /* Create a default mode for u/g/w. */ - unx_mode = unix_mode(fsp-conn, - aARCH | (fsp-is_directory ? aDIR : 0), - fsp-fsp_name, - parent_name); - status = open_directory(fsp-conn, NULL, parent_name, @@ -3318,20 +3263,23 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* * Make room for potentially all the ACLs from -* the parent, plus the user/group/other triple. +* the parent. We used to add the ugw triple here, +* as we knew we were dealing with POSIX ACLs. +* We no longer need to do so as we can guarentee +* that a
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-105-g6b59499
The branch, v3-0-test has been updated via 6b594996a8dff0c6c663752f06a994c95020d869 (commit) via b83dfaf09679b0bbd7341230e1e96b53ae5289cb (commit) via 7a529c43181eb9b3926b214b2fe84aea06be7a3c (commit) from a3e3e2fc30c98b3daaea8ae9888ddc681847e8b4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 6b594996a8dff0c6c663752f06a994c95020d869 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 13:29:00 2008 -0800 Add debug messages to trace this if needed. Jeremy. commit b83dfaf09679b0bbd7341230e1e96b53ae5289cb Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 13:27:51 2008 -0800 The checks for OI and CI were just wrong Fix them. Thanks to Jim for testing this. Jeremy. commit 7a529c43181eb9b3926b214b2fe84aea06be7a3c Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 13:27:26 2008 -0800 First part of fix for bug #4929 - worked out by jmcd. Cope with protected ACL set correctly. Jeremy. --- Summary of changes: source/smbd/posix_acls.c | 138 -- 1 files changed, 48 insertions(+), 90 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 1088e8e..a861f77 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3099,57 +3099,8 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) return ret; } -static NTSTATUS append_ugw_ace(files_struct *fsp, - SMB_STRUCT_STAT *psbuf, - mode_t unx_mode, - int ugw, - SEC_ACE *se) -{ - mode_t perms; - SEC_ACCESS acc; - int nt_acl_type; /* Tru64 has acl_type as a macro.. */ - DOM_SID trustee; - - switch (ugw) { - case S_IRUSR: - perms = unix_perms_to_acl_perms(unx_mode, - S_IRUSR, - S_IWUSR, - S_IXUSR); - uid_to_sid(trustee, psbuf-st_uid ); - break; - case S_IRGRP: - perms = unix_perms_to_acl_perms(unx_mode, - S_IRGRP, - S_IWGRP, - S_IXGRP); - gid_to_sid(trustee, psbuf-st_gid ); - break; - case S_IROTH: - perms = unix_perms_to_acl_perms(unx_mode, - S_IROTH, - S_IWOTH, - S_IXOTH); - sid_copy(trustee, global_sid_World); - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } - acc = map_canon_ace_perms(SNUM(fsp-conn), - nt_acl_type, - perms, - fsp-is_directory); - - init_sec_ace(se, - trustee, - nt_acl_type, - acc, - 0); - return NT_STATUS_OK; -} - / - If this is an + Take care of parent ACL inheritance. / static NTSTATUS append_parent_acl(files_struct *fsp, @@ -3168,7 +3119,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, int info; size_t sd_size; unsigned int i, j; - mode_t unx_mode; + BOOL is_dacl_protected = (psd-type SE_DESC_DACL_PROTECTED); ZERO_STRUCT(sbuf); @@ -3183,12 +3134,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, return NT_STATUS_NO_MEMORY; } - /* Create a default mode for u/g/w. */ - unx_mode = unix_mode(fsp-conn, - aARCH | (fsp-is_directory ? aDIR : 0), - fsp-fsp_name, - parent_name); - status = open_directory(fsp-conn, parent_name, sbuf, @@ -3213,22 +3158,25 @@ static NTSTATUS append_parent_acl(files_struct *fsp, return NT_STATUS_ACCESS_DENIED; } - /* +/* * Make room for potentially all the ACLs from -* the parent, plus the user/group/other triple. +* the parent. We used to add the ugw triple here, +* as we knew we were dealing with
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1650-gcb1ff32
The branch, v3-2-test has been updated via cb1ff32eff06031150a6821658152e02a4077bbd (commit) via 231a4d051f24af7cf5bf13d7dd613f33dc06f21a (commit) via 212f6fc000d093bad9f78307743639b391db3fe5 (commit) via 6f38c2f06080943bb64ce24115ec2164b6c21b95 (commit) from b628269b3260661cb4eeeab8c533b3129827ba62 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit cb1ff32eff06031150a6821658152e02a4077bbd Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:39:38 2008 +0100 Add WERR_INVALID_COMPUTER_NAME. Guenther commit 231a4d051f24af7cf5bf13d7dd613f33dc06f21a Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:38:43 2008 +0100 Add cmd_netlogon_gettrustrid() to rpcclient. Guenther commit 212f6fc000d093bad9f78307743639b391db3fe5 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:37:57 2008 +0100 make idl. Guenther commit 6f38c2f06080943bb64ce24115ec2164b6c21b95 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:35:02 2008 +0100 Add IDL for netr_LogonGetTrustRid. Guenther --- Summary of changes: source/include/doserr.h |1 + source/librpc/gen_ndr/cli_netlogon.c | 20 -- source/librpc/gen_ndr/cli_netlogon.h |9 ++- source/librpc/gen_ndr/ndr_netlogon.c | 108 ++ source/librpc/gen_ndr/ndr_netlogon.h |4 +- source/librpc/gen_ndr/netlogon.h |8 ++- source/librpc/gen_ndr/srv_netlogon.c | 23 +--- source/librpc/gen_ndr/srv_netlogon.h |2 +- source/librpc/idl/netlogon.idl |6 ++- source/libsmb/doserr.c |1 + source/rpcclient/cmd_netlogon.c | 42 + 11 files changed, 190 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/doserr.h b/source/include/doserr.h index 546d069..5794fbe 100644 --- a/source/include/doserr.h +++ b/source/include/doserr.h @@ -202,6 +202,7 @@ #define WERR_SERVICE_ALREADY_RUNNING W_ERROR(1056) #define WERR_SERVICE_DISABLED W_ERROR(1058) #define WERR_SERVICE_NEVER_STARTED W_ERROR(1077) +#define WERR_INVALID_COMPUTER_NAME W_ERROR(1210) #define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_NO_LOGON_SERVERS W_ERROR(1311) #define WERR_NO_SUCH_LOGON_SESSION W_ERROR(1312) diff --git a/source/librpc/gen_ndr/cli_netlogon.c b/source/librpc/gen_ndr/cli_netlogon.c index 414e053..d6739c5 100644 --- a/source/librpc/gen_ndr/cli_netlogon.c +++ b/source/librpc/gen_ndr/cli_netlogon.c @@ -1183,24 +1183,29 @@ NTSTATUS rpccli_netr_NETRLOGONSETSERVICEBITS(struct rpc_pipe_client *cli, return werror_to_ntstatus(r.out.result); } -NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - WERROR *werror) +NTSTATUS rpccli_netr_LogonGetTrustRid(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *server_name, + const char *domain_name, + uint32_t *rid, + WERROR *werror) { - struct netr_NETRLOGONGETTRUSTRID r; + struct netr_LogonGetTrustRid r; NTSTATUS status; /* In parameters */ + r.in.server_name = server_name; + r.in.domain_name = domain_name; if (DEBUGLEVEL = 10) { - NDR_PRINT_IN_DEBUG(netr_NETRLOGONGETTRUSTRID, r); + NDR_PRINT_IN_DEBUG(netr_LogonGetTrustRid, r); } status = cli_do_rpc_ndr(cli, mem_ctx, PI_NETLOGON, ndr_table_netlogon, - NDR_NETR_NETRLOGONGETTRUSTRID, + NDR_NETR_LOGONGETTRUSTRID, r); if (!NT_STATUS_IS_OK(status)) { @@ -1208,7 +1213,7 @@ NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli, } if (DEBUGLEVEL = 10) { - NDR_PRINT_OUT_DEBUG(netr_NETRLOGONGETTRUSTRID, r); + NDR_PRINT_OUT_DEBUG(netr_LogonGetTrustRid, r); } if (NT_STATUS_IS_ERR(status)) { @@ -1216,6 +1221,7 @@ NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli, } /* Return variables */ + *rid = *r.out.rid; /* Return result */ if (werror) { diff --git a/source/librpc/gen_ndr/cli_netlogon.h b/source/librpc/gen_ndr/cli_netlogon.h index 30a9645..9716f40 100644 --- a/source/librpc/gen_ndr/cli_netlogon.h +++ b/source/librpc/gen_ndr/cli_netlogon.h @@ -185,9 +185,12 @@ NTSTATUS rpccli_netr_NETRLOGONDUMMYROUTINE1(struct
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-547-gfe299e0
The branch, v4-0-test has been updated via fe299e0336fcff780ef69a6b4f56cd1e0d0c50a8 (commit) from dd77fc45eee2dde7bdd31a2e39387e94cec158aa (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit fe299e0336fcff780ef69a6b4f56cd1e0d0c50a8 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 17:43:38 2008 +0100 Add pidl --samba3-libnetapi option. Guenther --- Summary of changes: .../Pidl/Samba3/{ClientNDR.pm = libnetapi.pm} | 81 +++- source/pidl/pidl | 15 2 files changed, 77 insertions(+), 19 deletions(-) copy source/pidl/lib/Parse/Pidl/Samba3/{ClientNDR.pm = libnetapi.pm} (69%) Changeset truncated at 500 lines: diff --git a/source/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm b/source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm similarity index 69% copy from source/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm copy to source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm index 86b8951..8476bfb 100644 --- a/source/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm +++ b/source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm @@ -1,11 +1,11 @@ ### -# Samba3 client generator for IDL structures +# Samba3 libnetapi generator for IDL structures # on top of Samba4 style NDR functions # Copyright [EMAIL PROTECTED] 2005-2006 # Copyright [EMAIL PROTECTED] 2008 # released under the GNU GPL -package Parse::Pidl::Samba3::ClientNDR; +package Parse::Pidl::Samba3::libnetapi; use Exporter; @ISA = qw(Exporter); @@ -25,7 +25,7 @@ $VERSION = '0.01'; sub indent($) { my ($self) = @_; $self-{tabs}.=\t; } sub deindent($) { my ($self) = @_; $self-{tabs} = substr($self-{tabs}, 1); } sub pidl($$) { my ($self,$txt) = @_; $self-{res} .= $txt ? $self-{tabs}$txt\n : \n; } -sub pidl_hdr($$) { my ($self, $txt) = @_; $self-{res_hdr} .= $txt\n; } +sub pidl_hdr($$) { my ($self, $txt) = @_; $self-{res_hdr} .= $txt\n; } sub fn_declare($$) { my ($self,$n) = @_; $self-pidl($n); $self-pidl_hdr($n;); } sub genpad($) @@ -49,25 +49,67 @@ sub ParseFunction($$$) my ($self, $if, $fn) = @_; my $fn_args = ; + my $fn_args2 = ctx; my $uif = uc($if); my $ufn = NDR_.uc($fn-{NAME}); - my $fn_str = NTSTATUS rpccli_$fn-{NAME}; + my $fn_str = NET_API_STATUS $fn-{NAME}; +# my $fn_str2 = werr = libnetapi_$fn-{NAME}; + my $fn_str_l = werr = $fn-{NAME}_l; + my $fn_str_r = werr = $fn-{NAME}_r; my $pad = genpad($fn_str); - - $fn_args .= struct rpc_pipe_client *cli,\n . $pad . TALLOC_CTX *mem_ctx; +# my $pad2 = genpad( x(8).$fn_str2); + my $pad2 = genpad( x(16).$fn_str_l); foreach (@{$fn-{ELEMENTS}}) { - $fn_args .= ,\n . $pad . DeclLong($_); + $fn_args .= ($fn_args eq ) ? DeclLong($_):,\n.$pad.DeclLong($_); } - if (defined($fn-{RETURN_TYPE}) ($fn-{RETURN_TYPE} eq WERROR)) { - $fn_args .= ,\n . $pad . WERROR *werror; + foreach (@{$fn-{ELEMENTS}}) { + $fn_args2 .= ,\n . $pad2 . $_-{NAME}; } + $self-pidl(/); + $self-pidl( $fn-{NAME}); + $self-pidl(/); + $self-pidl(); $self-fn_declare($fn_str($fn_args)); + $self-pidl_hdr(WERROR $fn-{NAME}_r(struct libnetapi_ctx *ctx,\n$pad$fn_args);); + $self-pidl_hdr(WERROR $fn-{NAME}_l(struct libnetapi_ctx *ctx,\n$pad$fn_args);); $self-pidl({); $self-indent; - $self-pidl(struct $fn-{NAME} r;); + $self-pidl(struct libnetapi_ctx *ctx = NULL;); + $self-pidl(NET_API_STATUS status;); + $self-pidl(WERROR werr;); + $self-pidl(); + + $self-pidl(status = libnetapi_getctx(ctx);); + $self-pidl(if (status != 0) {); + $self-indent; + $self-pidl(return status;); + $self-deindent; + $self-pidl(}); + $self-pidl(); + +# $self-pidl($fn_str2($fn_args2);); + $self-pidl(if (LIBNETAPI_LOCAL_SERVER($fn-{ELEMENTS}[0]-{NAME})) {); + $self-indent; + $self-pidl($fn_str_l($fn_args2);); + $self-deindent; + $self-pidl(} else {); + $self-indent; + $self-pidl($fn_str_r($fn_args2);); + $self-deindent; + $self-pidl(}); + $self-pidl(); + + $self-pidl(if (!W_ERROR_IS_OK(werr)) {); + $self-indent; + $self-pidl(return W_ERROR_V(werr);); + $self-deindent; + $self-pidl(}); + $self-pidl(); + $self-pidl(return NET_API_STATUS_SUCCESS;); +=cut $self-pidl(NTSTATUS status;); $self-pidl(); $self-pidl(/* In parameters */); @@ -150,8 +192,8 @@ sub ParseFunction($$$) $self-pidl(); $self-pidl(/*
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-548-ge22f042
The branch, v4-0-test has been updated via e22f042c6f3d535644e5a21f4175a10e5d74359f (commit) from fe299e0336fcff780ef69a6b4f56cd1e0d0c50a8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e22f042c6f3d535644e5a21f4175a10e5d74359f Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:55:40 2008 +0100 Revert Add pidl --samba3-libnetapi option. This reverts commit fe299e0336fcff780ef69a6b4f56cd1e0d0c50a8. --- Summary of changes: source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm | 250 source/pidl/pidl | 15 -- 2 files changed, 0 insertions(+), 265 deletions(-) delete mode 100644 source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm Changeset truncated at 500 lines: diff --git a/source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm b/source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm deleted file mode 100644 index 8476bfb..000 --- a/source/pidl/lib/Parse/Pidl/Samba3/libnetapi.pm +++ /dev/null @@ -1,250 +0,0 @@ -### -# Samba3 libnetapi generator for IDL structures -# on top of Samba4 style NDR functions -# Copyright [EMAIL PROTECTED] 2005-2006 -# Copyright [EMAIL PROTECTED] 2008 -# released under the GNU GPL - -package Parse::Pidl::Samba3::libnetapi; - -use Exporter; [EMAIL PROTECTED] = qw(Exporter); [EMAIL PROTECTED] = qw(ParseFunction $res $res_hdr); - -use strict; -use Parse::Pidl qw(fatal warning); -use Parse::Pidl::Typelist qw(hasType getType mapTypeName scalar_is_reference); -use Parse::Pidl::Util qw(has_property is_constant ParseExpr); -use Parse::Pidl::NDR qw(GetPrevLevel GetNextLevel ContainsDeferred); -use Parse::Pidl::Samba4 qw(DeclLong); -use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv); - -use vars qw($VERSION); -$VERSION = '0.01'; - -sub indent($) { my ($self) = @_; $self-{tabs}.=\t; } -sub deindent($) { my ($self) = @_; $self-{tabs} = substr($self-{tabs}, 1); } -sub pidl($$) { my ($self,$txt) = @_; $self-{res} .= $txt ? $self-{tabs}$txt\n : \n; } -sub pidl_hdr($$) { my ($self, $txt) = @_; $self-{res_hdr} .= $txt\n; } -sub fn_declare($$) { my ($self,$n) = @_; $self-pidl($n); $self-pidl_hdr($n;); } - -sub genpad($) -{ - my ($s) = @_; - my $nt = int((length($s)+1)/8); - my $lt = ($nt*8)-1; - my $ns = (length($s)-$lt); - return \tx($nt). x($ns); -} - -sub new($) -{ - my ($class) = shift; - my $self = { res = , res_hdr = , tabs = }; - bless($self, $class); -} - -sub ParseFunction($$$) -{ - my ($self, $if, $fn) = @_; - - my $fn_args = ; - my $fn_args2 = ctx; - my $uif = uc($if); - my $ufn = NDR_.uc($fn-{NAME}); - my $fn_str = NET_API_STATUS $fn-{NAME}; -# my $fn_str2 = werr = libnetapi_$fn-{NAME}; - my $fn_str_l = werr = $fn-{NAME}_l; - my $fn_str_r = werr = $fn-{NAME}_r; - my $pad = genpad($fn_str); -# my $pad2 = genpad( x(8).$fn_str2); - my $pad2 = genpad( x(16).$fn_str_l); - - foreach (@{$fn-{ELEMENTS}}) { - $fn_args .= ($fn_args eq ) ? DeclLong($_):,\n.$pad.DeclLong($_); - } - - foreach (@{$fn-{ELEMENTS}}) { - $fn_args2 .= ,\n . $pad2 . $_-{NAME}; - } - - $self-pidl(/); - $self-pidl( $fn-{NAME}); - $self-pidl(/); - $self-pidl(); - $self-fn_declare($fn_str($fn_args)); - $self-pidl_hdr(WERROR $fn-{NAME}_r(struct libnetapi_ctx *ctx,\n$pad$fn_args);); - $self-pidl_hdr(WERROR $fn-{NAME}_l(struct libnetapi_ctx *ctx,\n$pad$fn_args);); - $self-pidl({); - $self-indent; - $self-pidl(struct libnetapi_ctx *ctx = NULL;); - $self-pidl(NET_API_STATUS status;); - $self-pidl(WERROR werr;); - $self-pidl(); - - $self-pidl(status = libnetapi_getctx(ctx);); - $self-pidl(if (status != 0) {); - $self-indent; - $self-pidl(return status;); - $self-deindent; - $self-pidl(}); - $self-pidl(); - -# $self-pidl($fn_str2($fn_args2);); - $self-pidl(if (LIBNETAPI_LOCAL_SERVER($fn-{ELEMENTS}[0]-{NAME})) {); - $self-indent; - $self-pidl($fn_str_l($fn_args2);); - $self-deindent; - $self-pidl(} else {); - $self-indent; - $self-pidl($fn_str_r($fn_args2);); - $self-deindent; - $self-pidl(}); - $self-pidl(); - - $self-pidl(if (!W_ERROR_IS_OK(werr)) {); - $self-indent; - $self-pidl(return W_ERROR_V(werr);); - $self-deindent; - $self-pidl(}); - $self-pidl(); - $self-pidl(return NET_API_STATUS_SUCCESS;); -=cut - $self-pidl(NTSTATUS status;); - $self-pidl(); - $self-pidl(/* In parameters
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-551-g31980e0
The branch, v4-0-test has been updated via 31980e03faedaa44317f64d940c458d38a103627 (commit) via d0893014ab02f4a628bc05135e7afedd11427116 (commit) via 70773be51a568dfc793111044cef93baa343d715 (commit) from e22f042c6f3d535644e5a21f4175a10e5d74359f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 31980e03faedaa44317f64d940c458d38a103627 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Jan 25 00:04:24 2008 +0100 Fix netlogon rpc-server build. Guenther commit d0893014ab02f4a628bc05135e7afedd11427116 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:35:02 2008 +0100 Add IDL for netr_LogonGetTrustRid. Guenther commit 70773be51a568dfc793111044cef93baa343d715 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:52:16 2008 +0100 Rename samr_*AccessMask bitfields to start with SAMR_. Guenther --- Summary of changes: source/librpc/idl/netlogon.idl |6 ++- source/librpc/idl/samr.idl | 64 +- source/rpc_server/netlogon/dcerpc_netlogon.c |8 ++-- 3 files changed, 41 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/idl/netlogon.idl b/source/librpc/idl/netlogon.idl index 3e4d46d..7f7712e 100644 --- a/source/librpc/idl/netlogon.idl +++ b/source/librpc/idl/netlogon.idl @@ -992,7 +992,11 @@ interface netlogon // /* Function 0x17 */ - WERROR netr_NETRLOGONGETTRUSTRID(); + WERROR netr_LogonGetTrustRid( + [in] [string,charset(UTF16)] uint16 *server_name, + [in] [string,charset(UTF16)] uint16 *domain_name, + [out,ref] uint32 *rid + ); // /* Function 0x18 */ diff --git a/source/librpc/idl/samr.idl b/source/librpc/idl/samr.idl index b6d2b9f..5ddbf97 100644 --- a/source/librpc/idl/samr.idl +++ b/source/librpc/idl/samr.idl @@ -51,47 +51,47 @@ import misc.idl, lsa.idl, security.idl; } samr_ConnectAccessMask; typedef [bitmap32bit] bitmap { - USER_ACCESS_GET_NAME_ETC = 0x0001, - USER_ACCESS_GET_LOCALE = 0x0002, - USER_ACCESS_SET_LOC_COM = 0x0004, - USER_ACCESS_GET_LOGONINFO= 0x0008, - USER_ACCESS_GET_ATTRIBUTES = 0x0010, - USER_ACCESS_SET_ATTRIBUTES = 0x0020, - USER_ACCESS_CHANGE_PASSWORD = 0x0040, - USER_ACCESS_SET_PASSWORD = 0x0080, - USER_ACCESS_GET_GROUPS = 0x0100, - USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x0200, - USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x0400 + SAMR_USER_ACCESS_GET_NAME_ETC = 0x0001, + SAMR_USER_ACCESS_GET_LOCALE = 0x0002, + SAMR_USER_ACCESS_SET_LOC_COM = 0x0004, + SAMR_USER_ACCESS_GET_LOGONINFO= 0x0008, + SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x0010, + SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x0020, + SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x0040, + SAMR_USER_ACCESS_SET_PASSWORD = 0x0080, + SAMR_USER_ACCESS_GET_GROUPS = 0x0100, + SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x0200, + SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x0400 } samr_UserAccessMask; typedef [bitmap32bit] bitmap { - DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x0001, - DOMAIN_ACCESS_SET_INFO_1 = 0x0002, - DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x0004, - DOMAIN_ACCESS_SET_INFO_2 = 0x0008, - DOMAIN_ACCESS_CREATE_USER= 0x0010, - DOMAIN_ACCESS_CREATE_GROUP = 0x0020, - DOMAIN_ACCESS_CREATE_ALIAS = 0x0040, - DOMAIN_ACCESS_LOOKUP_ALIAS = 0x0080, - DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x0100, - DOMAIN_ACCESS_OPEN_ACCOUNT = 0x0200, - DOMAIN_ACCESS_SET_INFO_3 = 0x0400 + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x0001, + SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x0002, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x0004, + SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x0008, + SAMR_DOMAIN_ACCESS_CREATE_USER= 0x0010, + SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x0020, + SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x0040, +
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1652-gc0bf3af
The branch, v3-2-test has been updated via c0bf3af692bee5bc5a3405feb405e67d35d77a16 (commit) via 6226f2294e83501d01d18a954bb36efec37aea75 (commit) from cb1ff32eff06031150a6821658152e02a4077bbd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit c0bf3af692bee5bc5a3405feb405e67d35d77a16 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Jan 25 00:11:58 2008 +0100 Re-run make idl. Guenther commit 6226f2294e83501d01d18a954bb36efec37aea75 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jan 24 23:52:16 2008 +0100 Rename samr_*AccessMask bitfields to start with SAMR_. Guenther --- Summary of changes: source/librpc/gen_ndr/ndr_samr.c | 64 +- source/librpc/gen_ndr/ndr_security.c |4 -- source/librpc/gen_ndr/samr.h | 64 +- source/librpc/gen_ndr/security.h |8 source/librpc/idl/samr.idl | 64 +- 5 files changed, 96 insertions(+), 108 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/gen_ndr/ndr_samr.c b/source/librpc/gen_ndr/ndr_samr.c index ed80da2..adbe549 100644 --- a/source/librpc/gen_ndr/ndr_samr.c +++ b/source/librpc/gen_ndr/ndr_samr.c @@ -91,17 +91,17 @@ _PUBLIC_ void ndr_print_samr_UserAccessMask(struct ndr_print *ndr, const char *n { ndr_print_uint32(ndr, name, r); ndr-depth++; - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_GET_NAME_ETC, USER_ACCESS_GET_NAME_ETC, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_GET_LOCALE, USER_ACCESS_GET_LOCALE, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_SET_LOC_COM, USER_ACCESS_SET_LOC_COM, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_GET_LOGONINFO, USER_ACCESS_GET_LOGONINFO, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_GET_ATTRIBUTES, USER_ACCESS_GET_ATTRIBUTES, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_SET_ATTRIBUTES, USER_ACCESS_SET_ATTRIBUTES, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_CHANGE_PASSWORD, USER_ACCESS_CHANGE_PASSWORD, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_SET_PASSWORD, USER_ACCESS_SET_PASSWORD, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_GET_GROUPS, USER_ACCESS_GET_GROUPS, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_GET_GROUP_MEMBERSHIP, USER_ACCESS_GET_GROUP_MEMBERSHIP, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_GET_NAME_ETC, SAMR_USER_ACCESS_GET_NAME_ETC, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_GET_LOCALE, SAMR_USER_ACCESS_GET_LOCALE, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_SET_LOC_COM, SAMR_USER_ACCESS_SET_LOC_COM, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_GET_LOGONINFO, SAMR_USER_ACCESS_GET_LOGONINFO, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_GET_ATTRIBUTES, SAMR_USER_ACCESS_GET_ATTRIBUTES, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_SET_ATTRIBUTES, SAMR_USER_ACCESS_SET_ATTRIBUTES, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_CHANGE_PASSWORD, SAMR_USER_ACCESS_CHANGE_PASSWORD, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_SET_PASSWORD, SAMR_USER_ACCESS_SET_PASSWORD, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_GET_GROUPS, SAMR_USER_ACCESS_GET_GROUPS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP, SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, r); ndr-depth--; } @@ -123,17 +123,17 @@ _PUBLIC_ void ndr_print_samr_DomainAccessMask(struct ndr_print *ndr, const char { ndr_print_uint32(ndr, name, r); ndr-depth++; - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), DOMAIN_ACCESS_LOOKUP_INFO_1, DOMAIN_ACCESS_LOOKUP_INFO_1, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), DOMAIN_ACCESS_SET_INFO_1, DOMAIN_ACCESS_SET_INFO_1, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), DOMAIN_ACCESS_LOOKUP_INFO_2, DOMAIN_ACCESS_LOOKUP_INFO_2, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), DOMAIN_ACCESS_SET_INFO_2, DOMAIN_ACCESS_SET_INFO_2, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), DOMAIN_ACCESS_CREATE_USER, DOMAIN_ACCESS_CREATE_USER, r); -
Build status as of Fri Jan 25 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-01-24 00:00:40.0 + +++ /home/build/master/cache/broken_results.txt 2008-01-25 00:00:40.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Jan 24 00:00:02 2008 +Build status as of Fri Jan 25 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -9,14 +9,13 @@ ldb 30 22 0 libreplace 29 18 0 lorikeet-heimdal 25 15 0 -pidl 16 5 0 +pidl 16 15 0 ppp 8 6 0 rsync30 13 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba4 0 0 0 samba_3_2_test 30 17 0 -samba_4_0_test 28 24 2 +samba_4_0_test 28 28 0 smb-build28 3 0 talloc 30 9 0 tdb 29 18 0
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-106-g938f785
The branch, v3-0-test has been updated via 938f78546a4706f25d7b07efbca97a6b2d12d4b9 (commit) from 6b594996a8dff0c6c663752f06a994c95020d869 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 938f78546a4706f25d7b07efbca97a6b2d12d4b9 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 16:18:50 2008 -0800 Make explicit in debug we're ignoring flags from the parent SD. Jeremy --- Summary of changes: source/smbd/posix_acls.c | 16 ++-- 1 files changed, 10 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index a861f77..636bebf 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3196,9 +3196,10 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a directory - ignore. */ DEBUG(10,(append_parent_acl: directory %s ignoring non container - inherit flags %u\n, + inherit flags %u from parent %s\n, fsp-fsp_name, - (unsigned int)se-flags )); + (unsigned int)se-flags, + parent_name)); continue; } } else { @@ -3206,9 +3207,10 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a file - ignore. */ DEBUG(10,(append_parent_acl: file %s ignoring non object - inherit flags %u\n, + inherit flags %u from parent %s\n, fsp-fsp_name, - (unsigned int)se-flags )); + (unsigned int)se-flags, + parent_name)); continue; } } @@ -3227,9 +3229,11 @@ static NTSTATUS append_parent_acl(files_struct *fsp, if (k psd-dacl-num_aces) { /* SID matched. Ignore. */ DEBUG(10,(append_parent_acl: path %s - ignoring protected sid %s\n, + ignoring protected sid %s + from parent %s\n, fsp-fsp_name, - sid_string_static(se-trustee))); + sid_string_static(se-trustee), + parent_name)); continue; } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1653-gd4a9e46
The branch, v3-2-test has been updated via d4a9e46edf7336f673c001c559af96eb0ecf9f6f (commit) from c0bf3af692bee5bc5a3405feb405e67d35d77a16 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit d4a9e46edf7336f673c001c559af96eb0ecf9f6f Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Jan 25 01:00:51 2008 +0100 Trying to avoid defining new SAMR acct creation flags when we already have them with different names. Matt, Jeremy, please check. Guenther --- Summary of changes: source/include/rpc_samr.h | 25 - source/libnet/libnet_join.c | 10 ++ source/rpcclient/cmd_samr.c |9 + source/utils/net_domain.c | 10 ++ source/utils/net_rpc.c | 20 +++- source/utils/net_rpc_join.c | 11 +++ 6 files changed, 35 insertions(+), 50 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h index 5ddb877..9f4645b 100644 --- a/source/include/rpc_samr.h +++ b/source/include/rpc_samr.h @@ -145,31 +145,6 @@ SamrTestPrivateFunctionsUser #define SAMR_CHGPASSWD_USER3 0x3F #define SAMR_CONNECT5 0x40 -/* SAMR account creation flags/permissions */ -#define SAMR_USER_GETNAME 0x1 -#define SAMR_USER_GETLOCALE 0x2 -#define SAMR_USER_GETLOCCOM 0x4 -#define SAMR_USER_GETLOGONINFO 0x8 -#define SAMR_USER_GETATTR 0x10 -#define SAMR_USER_SETATTR 0x20 -#define SAMR_USER_CHPASS0x40 -#define SAMR_USER_SETPASS 0x80 -#define SAMR_USER_GETGROUPS 0x100 -#define SAMR_USER_GETMEMBERSHIP 0x200 -#define SAMR_USER_CHMEMBERSHIP 0x400 -#define SAMR_STANDARD_DELETE0x1 -#define SAMR_STANDARD_READCTRL 0x2 -#define SAMR_STANDARD_WRITEDAC 0x4 -#define SAMR_STANDARD_WRITEOWNER0x8 -#define SAMR_STANDARD_SYNC 0x10 -#define SAMR_GENERIC_ACCESSSACL 0x80 -#define SAMR_GENERIC_MAXALLOWED 0x200 -#define SAMR_GENERIC_ALL0x1000 -#define SAMR_GENERIC_EXECUTE0x2000 -#define SAMR_GENERIC_WRITE 0x4000 -#define SAMR_GENERIC_READ 0x8000 - - typedef struct logon_hours_info { uint32 max_len; /* normally 1260 bytes */ diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c index 538cca7..f83e0fb 100644 --- a/source/libnet/libnet_join.c +++ b/source/libnet/libnet_join.c @@ -684,10 +684,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, const_acct_name = acct_name; if (r-in.join_flags WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { - uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | - SAMR_USER_GETATTR | SAMR_USER_SETATTR; + uint32_t acct_flags = + SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, domain_pol, diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 5b42c6b..1bb13f3 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -1483,10 +1483,11 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, /* Create domain user */ acb_info = ACB_NORMAL; - acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | - SAMR_USER_GETATTR | SAMR_USER_SETATTR; + acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | +SEC_STD_WRITE_DAC | SEC_STD_DELETE | +SAMR_USER_ACCESS_SET_PASSWORD | +SAMR_USER_ACCESS_GET_ATTRIBUTES | +SAMR_USER_ACCESS_SET_ATTRIBUTES; result = rpccli_samr_create_dom_user(cli, mem_ctx, domain_pol, acct_name, acb_info, acct_flags, diff --git a/source/utils/net_domain.c b/source/utils/net_domain.c index a98f090..1c34a3b 100644 --- a/source/utils/net_domain.c +++ b/source/utils/net_domain.c @@ -245,12 +245,14 @@ NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-560-gd35d4f9
The branch, v4-0-test has been updated via d35d4f983d1eb7450cd9f92a5217c14ec073396f (commit) via 688adcbb635af87fcfedb869b7f1857a947fd2f9 (commit) via 59bb26772f089cf4d8727c12230cfef8126762b1 (commit) via e726ce5bc515ae8d10b472396e228cfd35737476 (commit) via c09efa7b778f9cb29032a6abfd914fcaae8df163 (commit) via d4d4120b715dc37b708b1c6074eab4f5c23d6b8f (commit) via 1de69a772e1cc007220add1f51bffe83784c3344 (commit) via a90f3e8c420bec7fd7a39e0d5e2df6b32aedcdd5 (commit) via 557207f86ba901262e76704df5c51888b2737ddf (commit) from 31980e03faedaa44317f64d940c458d38a103627 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit d35d4f983d1eb7450cd9f92a5217c14ec073396f Merge: 688adcbb635af87fcfedb869b7f1857a947fd2f9 31980e03faedaa44317f64d940c458d38a103627 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 01:03:13 2008 +0100 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivial commit 688adcbb635af87fcfedb869b7f1857a947fd2f9 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 01:02:13 2008 +0100 python/provision: Reconcile code partitions-only provisioning and generic provisioning, some other minor refactoring of the provisioning. Pair-programmed by Andrew and me using obby :-) commit 59bb26772f089cf4d8727c12230cfef8126762b1 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 00:51:09 2008 +0100 python: Make SamDB.set_ntds_invocation_id take a string. commit e726ce5bc515ae8d10b472396e228cfd35737476 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Jan 24 22:18:27 2008 +0100 python: Add function to look for unsubsituted variables. commit c09efa7b778f9cb29032a6abfd914fcaae8df163 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Jan 24 22:08:39 2008 +0100 python: Add bindings for SamDB.set_invocation_id(). commit d4d4120b715dc37b708b1c6074eab4f5c23d6b8f Merge: 1de69a772e1cc007220add1f51bffe83784c3344 dd77fc45eee2dde7bdd31a2e39387e94cec158aa Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Jan 24 22:00:07 2008 +0100 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivial commit 1de69a772e1cc007220add1f51bffe83784c3344 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Jan 24 01:06:19 2008 +0100 Python: add some docstrings. commit a90f3e8c420bec7fd7a39e0d5e2df6b32aedcdd5 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Jan 24 01:05:57 2008 +0100 python: Support --no-pass. commit 557207f86ba901262e76704df5c51888b2737ddf Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Jan 24 01:05:19 2008 +0100 python: Add bindings for cli_credentials_set_cmdline_callbacks(). --- Summary of changes: source/auth/credentials/config.mk |2 +- source/auth/credentials/credentials.i |3 + source/auth/credentials/credentials.py |1 + source/auth/credentials/credentials_wrap.c | 30 ++ source/auth/credentials/tests/bindings.py |3 + source/scripting/python/misc.i | 11 + source/scripting/python/misc.py |1 + source/scripting/python/misc_wrap.c | 51 +++ source/scripting/python/samba/__init__.py | 19 +- source/scripting/python/samba/getopt.py |6 + source/scripting/python/samba/provision.py | 506 ++- source/scripting/python/samba/samdb.py | 11 +- source/scripting/python/samba/tests/__init__.py |6 +- source/scripting/python/samba/upgrade.py|5 +- source/setup/provision.py | 83 ++-- 15 files changed, 487 insertions(+), 251 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/credentials/config.mk b/source/auth/credentials/config.mk index 8d33bdb..fee9519 100644 --- a/source/auth/credentials/config.mk +++ b/source/auth/credentials/config.mk @@ -14,5 +14,5 @@ PRIVATE_DEPENDENCIES = \ SECRETS [PYTHON::swig_credentials] -PUBLIC_DEPENDENCIES = CREDENTIALS +PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS SWIG_FILE = credentials.i diff --git a/source/auth/credentials/credentials.i b/source/auth/credentials/credentials.i index fedb8bd..41ec675 100644 --- a/source/auth/credentials/credentials.i +++ b/source/auth/credentials/credentials.i @@ -27,6 +27,7 @@ #include includes.h #include auth/credentials/credentials.h #include param/param.h +#include lib/cmdline/credentials.h typedef struct cli_credentials cli_credentials; %} @@ -93,6 +94,8 @@ typedef struct cli_credentials { bool authentication_requested(void); bool wrong_password(void); + +bool set_cmdline_callbacks(); } } cli_credentials; diff --git a/source/auth/credentials/credentials.py
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1655-gef2913a
The branch, v3-2-test has been updated via ef2913a66c3888d4813d8b778ddd63b2c7e48f3e (commit) via 58cfa4b1bdc1ce30cc3befb342cc98ac0e283585 (commit) from d4a9e46edf7336f673c001c559af96eb0ecf9f6f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit ef2913a66c3888d4813d8b778ddd63b2c7e48f3e Merge: 58cfa4b1bdc1ce30cc3befb342cc98ac0e283585 d4a9e46edf7336f673c001c559af96eb0ecf9f6f Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 16:16:40 2008 -0800 Merge branch 'v3-2-test' of ssh://[EMAIL PROTECTED]/data/git/samba into v3-2-test commit 58cfa4b1bdc1ce30cc3befb342cc98ac0e283585 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 16:13:53 2008 -0800 Make explicit in debug we're ignoring flags from the parent SD. Jeremy --- Summary of changes: source/smbd/posix_acls.c | 16 ++-- 1 files changed, 10 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index dee5d8e..12e611f 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3299,9 +3299,10 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a directory - ignore. */ DEBUG(10,(append_parent_acl: directory %s ignoring non container - inherit flags %u\n, + inherit flags %u from parent %s\n, fsp-fsp_name, - (unsigned int)se-flags )); + (unsigned int)se-flags, + parent_name)); continue; } } else { @@ -3309,9 +3310,10 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a file - ignore. */ DEBUG(10,(append_parent_acl: file %s ignoring non object - inherit flags %u\n, + inherit flags %u from parent %s\n, fsp-fsp_name, - (unsigned int)se-flags )); + (unsigned int)se-flags, + parent_name)); continue; } } @@ -3330,9 +3332,11 @@ static NTSTATUS append_parent_acl(files_struct *fsp, if (k psd-dacl-num_aces) { /* SID matched. Ignore. */ DEBUG(10,(append_parent_acl: path %s - ignoring protected sid %s\n, + ignoring protected sid %s + from parent %s\n, fsp-fsp_name, - sid_string_dbg(se-trustee))); + sid_string_dbg(se-trustee), + parent_name)); continue; } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1661-gc0d9732
The branch, v3-2-test has been updated via c0d9732cf4482b0db02c75f316ff2b41f3336425 (commit) via 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061 (commit) via 373a00ae0d667d257fa93ab14c773e841f2c4f1a (commit) via 723e877c241dd5a0c8addb89507c9eda75b88ea4 (commit) via ba5373ed7f74d560a9de8620039b596b8938d1dc (commit) via 8bb21b8b3802e7b093a3c4fb41b8550033388878 (commit) from ef2913a66c3888d4813d8b778ddd63b2c7e48f3e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit c0d9732cf4482b0db02c75f316ff2b41f3336425 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Jan 25 01:40:42 2008 +0100 Fix lookup_sids to detect unix_groups and unix_users domain sids. This fixes panics in wbcLookupRids when 1-2-22 was passed as a domain sid. Michael commit 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Jan 25 01:40:01 2008 +0100 Add a debug message: show the sid lookup_sid() was called for. Michael commit 373a00ae0d667d257fa93ab14c773e841f2c4f1a Author: Michael Adam [EMAIL PROTECTED] Date: Fri Jan 25 01:21:56 2008 +0100 Add debug message: show which domain_child is being forked. Michael commit 723e877c241dd5a0c8addb89507c9eda75b88ea4 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Jan 24 23:44:05 2008 +0100 Add a debug message to lookup_rids() printing the domain SID. This is to ease debugging. I sporadically get panics that are apparently due to NULL domain sid passed to lookup_rids somewhere. Michael commit ba5373ed7f74d560a9de8620039b596b8938d1dc Author: Michael Adam [EMAIL PROTECTED] Date: Thu Jan 24 22:15:33 2008 +0100 Add a debug message winbindd_can_contact_domain() explaining the reason for failure. Michael commit 8bb21b8b3802e7b093a3c4fb41b8550033388878 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Jan 24 22:47:49 2008 +0100 Fix assignment to request-data.init_conn.is_primary in init_child_connection(). The present assignment request-data.init_conn.is_primary = domain-internal ? False : True simply feels wrong. This seems to be the thing right to do: request-data.init_conn.is_primary = domain-primary ? true : false. The question is: Does this have any purpose at all? data.init_conn.is_primary seems to be used nowhere in the whole code at all. Is it (still) needed? Michael --- Summary of changes: source/passdb/lookup_sid.c | 15 +++ source/winbindd/winbindd_dual.c |7 +++ source/winbindd/winbindd_util.c |4 +++- 3 files changed, 25 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index 55dd654..9f66eb9 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -464,6 +464,9 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, { int i; + DEBUG(10, (lookup_rids called for domain sid '%s'\n, + sid_string_dbg(domain_sid))); + if (num_rids) { *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids); *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); @@ -596,6 +599,16 @@ static bool lookup_as_domain(const DOM_SID *sid, TALLOC_CTX *mem_ctx, return true; } + if (sid_check_is_unix_users(sid)) { + *name = talloc_strdup(mem_ctx, unix_users_domain_name()); + return true; + } + + if (sid_check_is_unix_groups(sid)) { + *name = talloc_strdup(mem_ctx, unix_groups_domain_name()); + return true; + } + if (sid-num_auths != 4) { /* This can't be a domain */ return false; @@ -922,6 +935,8 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid, TALLOC_CTX *tmp_ctx; bool ret = false; + DEBUG(10, (lookup_sid called for SID '%s'\n, sid_string_dbg(sid))); + if (!(tmp_ctx = talloc_new(mem_ctx))) { DEBUG(0, (talloc_new failed\n)); return false; diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c index a9786d1..15ca564 100644 --- a/source/winbindd/winbindd_dual.c +++ b/source/winbindd/winbindd_dual.c @@ -959,6 +959,13 @@ static bool fork_domain_child(struct winbindd_child *child) struct winbindd_cli_state state; struct winbindd_domain *domain; + if (child-domain) { + DEBUG(10, (fork_domain_child called for domain '%s'\n, + child-domain-name)); + } else { + DEBUG(10, (fork_domain_child called without domain.\n)); + } + if (socketpair(AF_UNIX,
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-561-g859cffe
The branch, v4-0-test has been updated via 859cffed9d3a62f9f7610d74472aa3c0d1979a35 (commit) from d35d4f983d1eb7450cd9f92a5217c14ec073396f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 859cffed9d3a62f9f7610d74472aa3c0d1979a35 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 01:30:43 2008 +0100 python: fix tests for check_all_substituted. --- Summary of changes: source/scripting/python/samba/tests/__init__.py |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/scripting/python/samba/tests/__init__.py b/source/scripting/python/samba/tests/__init__.py index 9839811..e557dd9 100644 --- a/source/scripting/python/samba/tests/__init__.py +++ b/source/scripting/python/samba/tests/__init__.py @@ -69,8 +69,8 @@ class SubstituteVarTestCase(unittest.TestCase): samba.substitute_var(foo ${bla} gsff, {bar: bla})) def test_check_all_substituted(self): - check_all_substituted(nothing to see here) - self.assertRaises(Exception, check_all_substituted, Not subsituted: ${FOOBAR}) + samba.check_all_substituted(nothing to see here) + self.assertRaises(Exception, samba.check_all_substituted, Not subsituted: ${FOOBAR}) class LdbExtensionTests(TestCaseInTempDir): -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-563-g66df250
The branch, v4-0-test has been updated via 66df250ff355d3c1b7f0252fc1f95a8c79a28c6d (commit) via 9173c678efb6f74dbec64298bcb00952feff2ed7 (commit) from 859cffed9d3a62f9f7610d74472aa3c0d1979a35 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 66df250ff355d3c1b7f0252fc1f95a8c79a28c6d Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 01:41:06 2008 +0100 python/provision: Create private dir if it didn't exist yet. commit 9173c678efb6f74dbec64298bcb00952feff2ed7 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 01:37:47 2008 +0100 python: Add test for secretsdb_become_dc --- Summary of changes: source/scripting/python/samba/tests/provision.py | 21 ++--- source/setup/provision.py| 14 -- 2 files changed, 26 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source/scripting/python/samba/tests/provision.py b/source/scripting/python/samba/tests/provision.py index f5a0339..83952df 100644 --- a/source/scripting/python/samba/tests/provision.py +++ b/source/scripting/python/samba/tests/provision.py @@ -1,7 +1,7 @@ #!/usr/bin/python # Unix SMB/CIFS implementation. -# Copyright (C) Jelmer Vernooij [EMAIL PROTECTED] 2007 +# Copyright (C) Jelmer Vernooij [EMAIL PROTECTED] 2007-2008 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ # import os -from samba.provision import setup_secretsdb +from samba.provision import setup_secretsdb, secretsdb_become_dc import samba.tests from ldb import Dn @@ -37,7 +37,22 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir): finally: del ldb os.unlink(path) - + +def test_become_dc(self): +path = os.path.join(self.tempdir, secrets.ldb) +secrets_ldb = setup_secretsdb(path, setup_path, None, None, None) +try: +secretsdb_become_dc(secrets_ldb, setup_path, domain=EXAMPLE, + realm=example, netbiosname=myhost, + domainsid=S-5-22, keytab_path=keytab.path, + samdb_url=ldap://url/;, + dns_keytab_path=dns.keytab, dnspass=bla, + machinepass=machinepass, dnsdomain=example.com) +self.assertEquals(1, + len(secrets_ldb.search(samAccountName=krbtgt,flatname=EXAMPLE,CN=Principals))) +finally: +del secrets_ldb +os.unlink(path) class Disabled: def test_setup_templatesdb(self): diff --git a/source/setup/provision.py b/source/setup/provision.py index 743a947..c8087f7 100755 --- a/source/setup/provision.py +++ b/source/setup/provision.py @@ -2,7 +2,8 @@ # # Unix SMB/CIFS implementation. # provision a Samba4 server -# Copyright (C) Jelmer Vernooij [EMAIL PROTECTED] 2007 +# Copyright (C) Jelmer Vernooij [EMAIL PROTECTED] 2007-2008 +# Copyright (C) Andrew Bartlett [EMAIL PROTECTED] 2008 # # Based on the original in EJS: # Copyright (C) Andrew Tridgell 2005 @@ -115,11 +116,15 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf +private_dir = None lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) -lp.set(private dir, os.path.abspath(opts.targetdir)) +private_dir = os.path.join(opts.targetdir, private) +if not os.path.exists(private_dir): +os.mkdir(private_dir) +lp.set(private dir, os.path.abspath(private_dir)) lp.set(lock dir, os.path.abspath(opts.targetdir)) lp.set(realm, opts.realm) lp.set(workgroup, opts.domain) @@ -129,9 +134,6 @@ lp.set(server role, opts.server_role or domain controller) if opts.aci is not None: print set ACI: %s % opts.aci -private_dir = None -if opts.targetdir is not None: -private_dir = os.path.join(opts.targetdir, private) paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) paths.smbconf = sambaopts.get_loadparm_path() @@ -168,4 +170,4 @@ def shell_escape(arg): return arg message( .join([shell_escape(arg) for arg in sys.argv])) -message(All OK) \ No newline at end of file +message(All OK) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1662-gf5ca241
The branch, v3-2-test has been updated via f5ca241e2c1adf2ae836fae33a4adac916f46416 (commit) from c0d9732cf4482b0db02c75f316ff2b41f3336425 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit f5ca241e2c1adf2ae836fae33a4adac916f46416 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 17:40:35 2008 -0800 Fix missing error check that caused crash when winbindd not running. Jeremy. --- Summary of changes: source/nsswitch/libwbclient/wbc_sid.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/libwbclient/wbc_sid.c b/source/nsswitch/libwbclient/wbc_sid.c index abe1457..f5f553c 100644 --- a/source/nsswitch/libwbclient/wbc_sid.c +++ b/source/nsswitch/libwbclient/wbc_sid.c @@ -355,6 +355,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, request, response); talloc_free(ridlist); + BAIL_ON_WBC_ERROR(wbc_status); domain_name = talloc_strdup(NULL, response.data.domain_name); BAIL_ON_PTR_ERROR(domain_name, wbc_status); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1663-g3df2f7c
The branch, v3-2-test has been updated via 3df2f7ca782e418703d82f7a1f3c035a365f9589 (commit) from f5ca241e2c1adf2ae836fae33a4adac916f46416 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 3df2f7ca782e418703d82f7a1f3c035a365f9589 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 17:50:07 2008 -0800 Correctly set flags in ACE's inherited from parent. Still one bug left to find then I'll back-port to 3.0.28. Jeremy. --- Summary of changes: source/smbd/posix_acls.c | 38 +++--- 1 files changed, 35 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 12e611f..3470643 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3299,9 +3299,11 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a directory - ignore. */ DEBUG(10,(append_parent_acl: directory %s ignoring non container - inherit flags %u from parent %s\n, + inherit flags %u on ACE with sid %s + from parent %s\n, fsp-fsp_name, (unsigned int)se-flags, + sid_string_dbg(se-trustee), parent_name)); continue; } @@ -3310,9 +3312,11 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a file - ignore. */ DEBUG(10,(append_parent_acl: file %s ignoring non object - inherit flags %u from parent %s\n, + inherit flags %u on ACE with sid %s + from parent %s\n, fsp-fsp_name, (unsigned int)se-flags, + sid_string_dbg(se-trustee), parent_name)); continue; } @@ -3332,7 +3336,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, if (k psd-dacl-num_aces) { /* SID matched. Ignore. */ DEBUG(10,(append_parent_acl: path %s - ignoring protected sid %s + ignoring ACE with protected sid %s from parent %s\n, fsp-fsp_name, sid_string_dbg(se-trustee), @@ -3346,7 +3350,35 @@ static NTSTATUS append_parent_acl(files_struct *fsp, new_ace[i].flags = ~(SEC_ACE_FLAG_VALID_INHERIT); } new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE; + + if (fsp-is_directory) { + /* +* Strip off any inherit only. It's applied. +*/ + new_ace[i].flags = ~(SEC_ACE_FLAG_INHERIT_ONLY); + if (se-flags SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { + /* No further inheritance. */ + new_ace[i].flags = + ~(SEC_ACE_FLAG_CONTAINER_INHERIT| + SEC_ACE_FLAG_OBJECT_INHERIT); + } + } else { + /* +* Strip off any container or inherit +* flags, they can't apply to objects. +*/ + new_ace[i].flags = ~(SEC_ACE_FLAG_CONTAINER_INHERIT| + SEC_ACE_FLAG_INHERIT_ONLY| + SEC_ACE_FLAG_NO_PROPAGATE_INHERIT); + } i++; + + DEBUG(10,(append_parent_acl: path %s + inheriting ACE with sid %s + from parent %s\n, + fsp-fsp_name, + sid_string_dbg(se-trustee), + parent_name)); } parent_sd-dacl-aces = new_ace; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-107-g0e7886a
The branch, v3-0-test has been updated via 0e7886a3ceb8406c5e331a66c0e6fb6ab4493a3e (commit) from 938f78546a4706f25d7b07efbca97a6b2d12d4b9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 0e7886a3ceb8406c5e331a66c0e6fb6ab4493a3e Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 18:13:20 2008 -0800 Fix a really subtle old, old bug :-). When canonicalizing the NT ACL into a POSIX one, if the group being set is the primary group of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP. Otherwise we get an extra bogus group entry in the POSIX ACL. Jeremy. --- Summary of changes: source/smbd/posix_acls.c | 12 +--- 1 files changed, 9 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 636bebf..ee7b05c 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -1336,12 +1336,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, psa1-flags |= (psa2-flags (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa2-flags = ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); - + } else if (psa2-flags SEC_ACE_FLAG_INHERIT_ONLY) { psa2-flags |= (psa1-flags (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa1-flags = ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); - + } } } @@ -1405,7 +1405,13 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, current_ace-type = SMB_ACL_USER; } else if (sid_to_gid( current_ace-trustee, current_ace-unix_ug.gid)) { current_ace-owner_type = GID_ACE; - current_ace-type = SMB_ACL_GROUP; + /* If it's the primary group, this is a group_obj, not +* a group. */ + if (current_ace-unix_ug.gid == pst-st_gid) { + current_ace-type = SMB_ACL_GROUP_OBJ; + } else { + current_ace-type = SMB_ACL_GROUP; + } } else { fstring str; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-109-g485ceda
The branch, v3-0-test has been updated via 485cedadb0e61775e6cb152f42f4dfdf17e82666 (commit) from fc0508922417e9ef9a4450067d29d15121b52902 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 485cedadb0e61775e6cb152f42f4dfdf17e82666 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 18:22:41 2008 -0800 Fix the same bug with user - user_obj. Jeremy. --- Summary of changes: source/smbd/posix_acls.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 21ad422..f40a344 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -1402,7 +1402,13 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, } else if (sid_to_uid( current_ace-trustee, current_ace-unix_ug.uid)) { current_ace-owner_type = UID_ACE; - current_ace-type = SMB_ACL_USER; + /* If it's the owning user, this is a user_obj, not +* a user. */ + if (current_ace-unix_ug.uid == pst-st_uid) { + current_ace-type = SMB_ACL_USER_OBJ; + } else { + current_ace-type = SMB_ACL_USER; + } } else if (sid_to_gid( current_ace-trustee, current_ace-unix_ug.gid)) { current_ace-owner_type = GID_ACE; /* If it's the primary group, this is a group_obj, not -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1665-gc5edf74
The branch, v3-2-test has been updated via c5edf7456955471b8590c2cfa67c7f47a387cdf0 (commit) from 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit c5edf7456955471b8590c2cfa67c7f47a387cdf0 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 18:22:43 2008 -0800 Fix the same bug with user - user_obj. Jeremy. --- Summary of changes: source/smbd/posix_acls.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 9c01526..f60329a 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -1474,7 +1474,13 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, } else if (sid_to_uid( current_ace-trustee, current_ace-unix_ug.uid)) { current_ace-owner_type = UID_ACE; - current_ace-type = SMB_ACL_USER; + /* If it's the owning user, this is a user_obj, not +* a user. */ + if (current_ace-unix_ug.uid == pst-st_uid) { + current_ace-type = SMB_ACL_USER_OBJ; + } else { + current_ace-type = SMB_ACL_USER; + } } else if (sid_to_gid( current_ace-trustee, current_ace-unix_ug.gid)) { current_ace-owner_type = GID_ACE; /* If it's the primary group, this is a group_obj, not -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-1664-g4d30225
The branch, v3-2-test has been updated via 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c (commit) from 3df2f7ca782e418703d82f7a1f3c035a365f9589 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 18:13:22 2008 -0800 Fix a really subtle old, old bug :-). When canonicalizing the NT ACL into a POSIX one, if the group being set is the primary group of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP. Otherwise we get an extra bogus group entry in the POSIX ACL. Jeremy. --- Summary of changes: source/smbd/posix_acls.c | 12 +--- 1 files changed, 9 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 3470643..9c01526 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, psa1-flags |= (psa2-flags (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa2-flags = ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); - + } else if (psa2-flags SEC_ACE_FLAG_INHERIT_ONLY) { psa2-flags |= (psa1-flags (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa1-flags = ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); - + } } } @@ -1477,7 +1477,13 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, current_ace-type = SMB_ACL_USER; } else if (sid_to_gid( current_ace-trustee, current_ace-unix_ug.gid)) { current_ace-owner_type = GID_ACE; - current_ace-type = SMB_ACL_GROUP; + /* If it's the primary group, this is a group_obj, not +* a group. */ + if (current_ace-unix_ug.gid == pst-st_gid) { + current_ace-type = SMB_ACL_GROUP_OBJ; + } else { + current_ace-type = SMB_ACL_GROUP; + } } else { /* * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc). -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-108-gfc05089
The branch, v3-0-test has been updated via fc0508922417e9ef9a4450067d29d15121b52902 (commit) from 0e7886a3ceb8406c5e331a66c0e6fb6ab4493a3e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit fc0508922417e9ef9a4450067d29d15121b52902 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Jan 24 18:17:59 2008 -0800 Back port : Correctly set flags in ACE's inherited from parent. Jeremy. --- Summary of changes: source/smbd/posix_acls.c | 40 +--- 1 files changed, 37 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index ee7b05c..21ad422 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3202,9 +3202,11 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a directory - ignore. */ DEBUG(10,(append_parent_acl: directory %s ignoring non container - inherit flags %u from parent %s\n, + inherit flags %u on ACE with sid %s + from parent %s\n, fsp-fsp_name, (unsigned int)se-flags, + sid_string_static(se-trustee), parent_name)); continue; } @@ -3213,9 +3215,11 @@ static NTSTATUS append_parent_acl(files_struct *fsp, /* Doesn't apply to a file - ignore. */ DEBUG(10,(append_parent_acl: file %s ignoring non object - inherit flags %u from parent %s\n, + inherit flags %u on ACE with sid %s + from parent %s\n, fsp-fsp_name, (unsigned int)se-flags, + sid_string_static(se-trustee), parent_name)); continue; } @@ -3235,7 +3239,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, if (k psd-dacl-num_aces) { /* SID matched. Ignore. */ DEBUG(10,(append_parent_acl: path %s - ignoring protected sid %s + ignoring ACE with protected sid %s from parent %s\n, fsp-fsp_name, sid_string_static(se-trustee), @@ -3249,7 +3253,37 @@ static NTSTATUS append_parent_acl(files_struct *fsp, new_ace[i].flags = ~(SEC_ACE_FLAG_VALID_INHERIT); } new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE; + + if (fsp-is_directory) { + /* +* Strip off any inherit only. It's applied. +*/ + new_ace[i].flags = ~(SEC_ACE_FLAG_INHERIT_ONLY); + if (se-flags SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { + /* No further inheritance. */ + new_ace[i].flags = + ~(SEC_ACE_FLAG_CONTAINER_INHERIT| + SEC_ACE_FLAG_OBJECT_INHERIT); + } + } else { + /* +* Strip off any container or inherit +* flags, they can't apply to objects. +*/ + new_ace[i].flags = ~(SEC_ACE_FLAG_CONTAINER_INHERIT| + SEC_ACE_FLAG_INHERIT_ONLY| + SEC_ACE_FLAG_NO_PROPAGATE_INHERIT); + } + i++; + + DEBUG(10,(append_parent_acl: path %s + inheriting ACE with sid %s + from parent %s\n, + fsp-fsp_name, + sid_string_static(se-trustee), + parent_name)); + } parent_sd-dacl-aces = new_ace; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-565-gdff54ff
The branch, v4-0-test has been updated via dff54ff043563f93b86361039c46e662045f62cc (commit) via 9f6ea4692ca79c607538871c597698b98abf13d0 (commit) from 66df250ff355d3c1b7f0252fc1f95a8c79a28c6d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit dff54ff043563f93b86361039c46e662045f62cc Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 03:54:33 2008 +0100 python: Fix representation of UUIDs as strings in zone files rather than binary blobs, fix escaping of LDAP URL's in PHP LDAP admin configuration. Pair-programmed with Andrew, but git doesn't appear to support multiple --author arguments. :-( commit 9f6ea4692ca79c607538871c597698b98abf13d0 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Fri Jan 25 03:46:47 2008 +0100 ldb/python: Add bindings for schema functions. --- Summary of changes: source/lib/ldb/ldb.i | 88 +- source/lib/ldb/ldb.py|5 + source/lib/ldb/ldb_wrap.c| 333 -- source/scripting/python/samba/__init__.py|4 +- source/scripting/python/samba/provision.py | 11 +- source/scripting/python/samba/samdb.py |2 +- source/scripting/python/samba/tests/__init__.py |2 +- source/scripting/python/samba/tests/provision.py | 10 +- 8 files changed, 412 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/ldb/ldb.i b/source/lib/ldb/ldb.i index 560142e..336100c 100644 --- a/source/lib/ldb/ldb.i +++ b/source/lib/ldb/ldb.i @@ -5,7 +5,7 @@ Copyright (C) 2005,2006 Tim Potter [EMAIL PROTECTED] Copyright (C) 2006 Simo Sorce [EMAIL PROTECTED] - Copyright (C) 2007 Jelmer Vernooij [EMAIL PROTECTED] + Copyright (C) 2007-2008 Jelmer Vernooij [EMAIL PROTECTED] ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -102,8 +102,44 @@ typedef int ldb_error; $1-data = PyString_AsString($input); } +%inline %{ +PyObject *ldb_val_to_py_object(struct ldb_context *ldb_ctx, + struct ldb_message_element *el, + struct ldb_val *val) +{ +const struct ldb_schema_attribute *a; +struct ldb_val new_val; +TALLOC_CTX *mem_ctx = talloc_new(NULL); +PyObject *ret; + +new_val = *val; + +if (ldb_ctx != NULL) { + a = ldb_schema_attribute_by_name(ldb_ctx, el-name); + + if (a != NULL) { + if (a-syntax-ldif_write_fn(ldb_ctx, mem_ctx, val, new_val) != 0) { + talloc_free(mem_ctx); + return NULL; + } + } +} + + ret = PyString_FromStringAndSize((const char *)new_val.data, new_val.length); + + talloc_free(mem_ctx); + + return ret; +} + +%} + +%typemap(out,noblock=1) struct ldb_val * { + $result = PyString_FromStringAndSize((const char *)$1-data, $1-length) +} + %typemap(out,noblock=1) struct ldb_val { - $result = PyString_FromStringAndSize((const char *)$1.data, $1.length); + $result = PyString_FromStringAndSize((const char *)$1.data, $1.length) } /* @@ -259,7 +295,8 @@ ldb_msg_element *ldb_msg_element_from_pyobject(TALLOC_CTX *mem_ctx, return me; } -PyObject *ldb_msg_element_to_set(ldb_msg_element *me) +PyObject *ldb_msg_element_to_set(struct ldb_context *ldb_ctx, + ldb_msg_element *me) { int i; PyObject *result; @@ -269,8 +306,7 @@ PyObject *ldb_msg_element_to_set(ldb_msg_element *me) for (i = 0; i me-num_values; i++) { PyList_SetItem(result, i, -PyString_FromStringAndSize((const char *)me-values[i].data, - me-values[i].length)); +ldb_val_to_py_object(ldb_ctx, me, me-values[i])); } return result; @@ -287,12 +323,12 @@ typedef struct ldb_message_element { #ifdef SWIGPYTHON PyObject *__iter__(void) { -return PyObject_GetIter(ldb_msg_element_to_set($self)); +return PyObject_GetIter(ldb_msg_element_to_set(NULL, $self)); } PyObject *__set__(void) { -return ldb_msg_element_to_set($self); +return ldb_msg_element_to_set(NULL, $self); } ldb_msg_element(PyObject *set_obj, int flags=0, const char *name = NULL) @@ -311,9 +347,7 @@ typedef struct ldb_message_element { if (i 0 || i = $self-num_values) return Py_None; -return PyString_FromStringAndSize( -(const char
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-566-g5370484
The branch, v4-0-test has been updated via 5370484d25b8c7a5bde730d9be36ecbbb0aaf315 (commit) from dff54ff043563f93b86361039c46e662045f62cc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5370484d25b8c7a5bde730d9be36ecbbb0aaf315 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Fri Jan 25 17:11:20 2008 +1100 Tidy up the last regresesions on the python smbscript, from my work with Jelmer today. The only remaining issue is that for the build farm, we will need to manually specify the users and groups from the NSS_WRAPPPER, as python isn't compiled with this. Andrew Bartlett --- Summary of changes: source/scripting/python/samba/provision.py | 27 +-- 1 files changed, 17 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py index 0e498f6..26c4afe 100644 --- a/source/scripting/python/samba/provision.py +++ b/source/scripting/python/samba/provision.py @@ -188,12 +188,17 @@ def provision_paths_from_lp(lp, dnsdomain, private_dir=None): paths = ProvisionPaths() if private_dir is None: private_dir = lp.get(private dir) +paths.keytab = secrets.keytab +paths.dns_keytab = dns.keytab +else: +paths.keytab = os.path.join(private_dir, secrets.keytab) +paths.dns_keytab = os.path.join(private_dir, dns.keytab) + paths.shareconf = os.path.join(private_dir, share.ldb) paths.samdb = os.path.join(private_dir, lp.get(sam database) or samdb.ldb) paths.secrets = os.path.join(private_dir, lp.get(secrets database) or secrets.ldb) paths.templates = os.path.join(private_dir, templates.ldb) -paths.keytab = os.path.join(private_dir, secrets.keytab) -paths.dns_keytab = os.path.join(private_dir, dns.keytab) + paths.dns = os.path.join(private_dir, dnsdomain + .zone) paths.winsdb = os.path.join(private_dir, wins.ldb) paths.s4_ldapi_path = os.path.join(private_dir, ldapi) @@ -407,6 +412,8 @@ def setup_secretsdb(path, setup_path, session_info, credentials, lp): lp=lp) secrets_ldb.erase() secrets_ldb.load_ldif_file_add(setup_path(secrets_init.ldif)) +secrets_ldb = Ldb(path, session_info=session_info, credentials=credentials, + lp=lp) secrets_ldb.load_ldif_file_add(setup_path(secrets.ldif)) return secrets_ldb @@ -695,18 +702,18 @@ def provision(lp, setup_dir, message, paths, session_info, if dnspass is None: dnspass = misc.random_password(12) if root is None: -root = findnss(pwd.getpwnam, root)[4] +root = findnss(pwd.getpwnam, root)[0] if nobody is None: -nobody = findnss(pwd.getpwnam, nobody)[4] +nobody = findnss(pwd.getpwnam, nobody)[0] if nogroup is None: -nogroup = findnss(grp.getgrnam, nogroup, nobody)[2] +nogroup = findnss(grp.getgrnam, nogroup, nobody)[0] if users is None: users = findnss(grp.getgrnam, users, guest, other, unknown, -usr)[2] +usr)[0] if wheel is None: -wheel = findnss(grp.getgrnam, wheel, root, staff, adm)[2] +wheel = findnss(grp.getgrnam, wheel, root, staff, adm)[0] if backup is None: -backup = findnss(grp.getgrnam, backup, wheel, root, staff)[2] +backup = findnss(grp.getgrnam, backup, wheel, root, staff)[0] if aci is None: aci = # no aci for local ldb if serverrole is None: @@ -721,11 +728,11 @@ def provision(lp, setup_dir, message, paths, session_info, raise Exception(realm '%s' in smb.conf must match chosen realm '%s' % (lp.get(realm), realm)) -ldapi_url = ldapi://%s % urllib.quote(paths.s4_ldapi_path) +ldapi_url = ldapi://%s % urllib.quote(paths.s4_ldapi_path, safe=) if ldap_backend == ldapi: # provision-backend will set this path suggested slapd command line / fedorads.inf - ldap_backend = ldapi:// % urllib.quote(os.path.join(lp.get(private dir), ldap, ldapi), ) + ldap_backend = ldapi:// % urllib.quote(os.path.join(lp.get(private dir), ldap, ldapi), safe=) assert realm is not None realm = realm.upper() -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-567-gba495f9
The branch, v4-0-test has been updated via ba495f9d19e7c7cfc9135a5d40e1050dd8f9ebc6 (commit) from 5370484d25b8c7a5bde730d9be36ecbbb0aaf315 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit ba495f9d19e7c7cfc9135a5d40e1050dd8f9ebc6 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Fri Jan 25 08:08:33 2008 +0100 repl_meta_data: add some TODOs to replmd_modify_originating() metze --- Summary of changes: source/dsdb/samdb/ldb_modules/repl_meta_data.c | 17 + 1 files changed, 17 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/dsdb/samdb/ldb_modules/repl_meta_data.c b/source/dsdb/samdb/ldb_modules/repl_meta_data.c index 5100b7c..441dbc9 100644 --- a/source/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -509,6 +509,18 @@ static int replmd_modify_originating(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } + /* TODO: +* - get the whole old object +* - if the old object doesn't exist report an error +* - give an error when a readonly attribute should +* be modified +* - merge the changed into the old object +* if the caller set values to the same value +* ignore the attribute, return success when no +* attribute was changed +* - calculate the new replPropertyMetaData attribute +*/ + if (add_time_element(msg, whenChanged, t) != 0) { talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; @@ -523,6 +535,11 @@ static int replmd_modify_originating(struct ldb_module *module, } } + /* TODO: +* - sort the attributes by attid with replmd_ldb_message_sort() +* - replace the old object with the newly constructed one +*/ + ldb_set_timeout_from_prev_req(module-ldb, req, down_req); /* go on with the call chain */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-569-gbcaba3c
The branch, v4-0-test has been updated via bcaba3cb725e1cbbe164132179a0849c7b546a73 (commit) via 2c75bd5009020171e31b56ab3d8d6a86f19f3b49 (commit) from ba495f9d19e7c7cfc9135a5d40e1050dd8f9ebc6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit bcaba3cb725e1cbbe164132179a0849c7b546a73 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Fri Jan 25 08:42:30 2008 +0100 configure.ac: we should use AC_CONFIG_FILES() in order to use AC_OUTPUT only once metze commit 2c75bd5009020171e31b56ab3d8d6a86f19f3b49 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Fri Jan 25 08:40:03 2008 +0100 configure.ac: we should only create ldb.pc when use the internal ldb metze --- Summary of changes: source/configure.ac | 20 ++-- 1 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source/configure.ac b/source/configure.ac index 23fc102..ed74bc1 100644 --- a/source/configure.ac +++ b/source/configure.ac @@ -27,20 +27,20 @@ m4_include(lib/charset/config.m4) m4_include(lib/socket/config.m4) m4_include(nsswitch/nsstest.m4) -AC_OUTPUT(lib/registry/registry.pc) -AC_OUTPUT(librpc/dcerpc.pc) -AC_OUTPUT(librpc/ndr.pc) -AC_OUTPUT(torture/torture.pc) -AC_OUTPUT(auth/gensec/gensec.pc) -AC_OUTPUT(param/samba-config.pc) -AC_OUTPUT(librpc/dcerpc_samr.pc) +AC_CONFIG_FILES(lib/registry/registry.pc) +AC_CONFIG_FILES(librpc/dcerpc.pc) +AC_CONFIG_FILES(librpc/ndr.pc) +AC_CONFIG_FILES(torture/torture.pc) +AC_CONFIG_FILES(auth/gensec/gensec.pc) +AC_CONFIG_FILES(param/samba-config.pc) +AC_CONFIG_FILES(librpc/dcerpc_samr.pc) SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc = 1.1.0, [], [ m4_include(lib/talloc/libtalloc.m4) SMB_INCLUDE_MK(lib/talloc/config.mk) - AC_OUTPUT(lib/talloc/talloc.pc) + AC_CONFIG_FILES(lib/talloc/talloc.pc) ] ) @@ -49,7 +49,7 @@ SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb = 1.1.0, [ m4_include(lib/tdb/libtdb.m4) SMB_INCLUDE_MK(lib/tdb/config.mk) - AC_OUTPUT(lib/tdb/tdb.pc) + AC_CONFIG_FILES(lib/tdb/tdb.pc) ] ) @@ -60,7 +60,6 @@ SMB_EXT_LIB_FROM_PKGCONFIG(LIBLDB, ldb = 0.9.1, SMB_INCLUDE_MK(lib/ldb/ldb_ildap/config.mk) SMB_INCLUDE_MK(lib/ldb/tools/config.mk) SMB_SUBSYSTEM(ldb_map, [], [LIBLDB]) - AC_OUTPUT(lib/ldb/ldb.pc) define_ldb_modulesdir=no ], [ @@ -84,6 +83,7 @@ SMB_EXT_LIB_FROM_PKGCONFIG(LIBLDB, ldb = 0.9.1, m4_include(lib/ldb/sqlite3.m4) m4_include(lib/ldb/libldb.m4) SMB_INCLUDE_MK(lib/ldb/config.mk) + AC_CONFIG_FILES(lib/ldb/ldb.pc) ] ) SMB_INCLUDE_MK(lib/ldb/python.mk) -- Samba Shared Repository