Re: [Samba] Problems with group assignments
What about your ADS? You are authenticate against your ADS?! Why don't use winbind? http://wiki.samba.org/index.php/Samba__Active_Directory Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von F. David del Campo Hill Gesendet: Freitag, 20. Mai 2011 14:44 An: samba@lists.samba.org Betreff: [Samba] Problems with group assignments Dear All, We are trying to transfer a SaMBa installation from an old server to a newer more up-to-date one. The original server was sharing files to Windows XP systems in Active Directory (Windows Server 2003 R2 version), but as we move to Windows 7 and Active Directory (Windows Server 2008 R2 version) we need to upgrade the service. The old server was part of a NIS domain, with the valid users, write list, etc entries in its smb.conf referring to the NIS groups using the @ sign (which the documentation says it means is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database; see http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html#INVALIDUSERS). It all worked fine as it picked users' group membership from NIS. The new server is a Solaris 10 box running SaMBa 3.5.5, and we are having problems with it picking up the group memberships. The old server's smb.conf was transplanted to the new server (with a few path changes), and the new server was successfully added to our Active Directory domain. As the new server is NOT a member of NIS, we made a copy of all the smb.conf-relevant groups to its local /etc/group and added all the users to the /etc/passwd file. With these changes we can access the shares using the AD usernames and passwords as long as they are not access-limited by valid users, so the integration of the server into AD is working. But if we add a valid users = @group line to the share in smb.conf, it will completely refuse access to all users, even the ones belonging to the group. Leaving the share accessible to all, but adding a write list = @group line to smb.conf, will allow access, but no one will be able to write to it, even the members of the group. If we chan ge the write list and valid users lines to list the usernames directly instead of through a group membership, it works. To avoid even attempting to talk to NIS, we changed the @ signs for +, but it still kept refusing to recognize group memberships (NIS or local UNIX ones). So it seems our new SaMBa is having problems recognizing group memberships. What am I doing wrong? Have SUN/Oracle done something to stop SaMBa accessing its local UNIX groups? Thank you for your help. Yours, David del Campo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hi! Since there is no clean solution for this I wrote simple perl script. Simplified algorithm: 1. Load /etc/hosts 2. Use arping to check every ip from /etc/hosts (belonging to local network) for presence. 3. If there is an arp response check this host by issuing smbclient. 4. If there is an smb response (even error response from server) workstation gets added. Results are visible two way: 1. There is an directory in /tmp (tmpfs) where script creates or remove windows style links (lnk) to machines. Then this directory is shared by smb so windows clients can map it as windows drive. 2. Script replaces original browse.dat . It creates and remove workstation definitions from this file. It is both : very simple and VERY unclean. Thanks for everyone trying to help Me ! Bartek R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] The trust relationship between this workstation and the primary domain failed.
Samba 3.5.6 PDC, Windows 7 client. A user was unable to log on this morning with this error. The samba log for the machine is full of: [2011/02/10 09:09:50.145387, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENT machine account CLIENT$ [2011/02/10 09:10:18.693306, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/02/10 09:10:18.693343, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2011/02/10 09:10:36.694575, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/02/10 09:10:36.694604, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2011/02/10 09:13:14.855541, 1] smbd/service.c:1070(make_connection_snum) (Those messages go back as far as April when the user started using the machine.) I've got a feeling that SambaPwdLastSet isn't getting updated in our LDAP database. Removing the client from the domain and rejoining it fixed the problem. from smb.conf: [netlogon] comment = Network Logon Service path = /share/common/netlogon guest ok = yes writable = no share modes = no write list = root, administrator # getfacl /share/common/netlogon getfacl: Removing leading '/' from absolute path names # file: share/common/netlogon # owner: root # group: root user::rwx group::r-x other::r-x Does anyone know why this might be? Or what can be done about it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nt acl inheritance
Is there any solution / Work around to make this work in current samba releases, can one expect this to be resolved some time? Felix Am 2011-05-22 01:24, schrieb TAKAHASHI Motonobu: From: Felix Jousseinfelix.jouss...@gmx.at Date: Mon, 16 May 2011 13:42:44 +0200 I've observed the following missbehaivoure, while playing around with nc acl's. (see relevant configuration below): Working with Windows XP: Open acl enabled share Set default share permissions by right click on the explorer's top left clip control - properties. Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I already know, that these two default groups cause trouble while saving acl's and result in a Windows Error Message Invalid Parameter. Also I set some default security settings for users and groups accordingly to my needs and I apply it to This Folder, and any sub folder or file. After applying to all new settings, I create a folder. As expected my default share security settings have been inherited to the new folder. I add an additional user to the acl and take care, that the inheritance is also Folder, sub folder and file. I create a new sub folder to this one and check the acl. Here is the unwanted behavior: The new sub folder got user permissions from it's parent folder, but unlike the default share permissions which have been inherited, the additional user's permissions have not been inherited but have been copied. When I set the option Inherit permissions to sub elements as far as applicable, and apply, then a new acl entry is created with the same user but this time inherited. Now I can delete the copied settings, and apply to everything. I hope, these explanations where clear enough. Here now the configuration: Version: 3.5.8~dfsg-1ubuntu2.1 smb.conf: [acl] comment = ACL Labor path = /home/acllabor vfs objects = acl_xattr read only = no browsable = yes valid users = me,you acl map full control = false inherit acls = yes map acl inherit = yes map read only = Permissions map archive = no map hidden = no map system = no nt acl support = yes acl group control = true dos filemode = yes enable privileges = yes store dos attributes = yes mount options: /dev/mapper/system-user on /home type ext4 (rw,errors=remount-ro,acl,user_xattr,) AFAIK, map acl inherit = yes does not work well: https://bugzilla.samba.org/show_bug.cgi?id=6841 Also acl_xattr will not work as you expected, because even if you enable acl_xattr, POSIX ACL semantics is still used in actual access control and inheriting ACLs. P.S. map read only parameter is always ignored when store dos attributes = yes. --- TAKAHASHI Motonobumo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.2.5 + ACLs - read/write permission become read only
IN SHORT: - READ+WRITE becomes READ ONLY - OWNER ACL Permissions for another User affects Group ACL Permissions Hi Experts, we recently figured some strange behaviour on our Debian 5 (Lenny, uname 2.6.26-2-686) + Samba 2:3.2.5-4lenny14 server that i would like to discuss here. I cannot tell apart if its a bug or just lack of understanding. Here is the Scenario: I got a samba shared Directory like this: host:/someparentdirs/_AW_TEST# ls -lad . d---rws---+ 3 root root 4096 2011-05-23 10:33 . host:/someparentdirs/_AW_TEST# host:/someparentdirs/_AW_TEST# getfacl . # file: . # owner: root # group: root user::--- group::--- group:ALL:rwx group:CCIGUESTS:rwx mask::rwx other::--- default:user::--- default:group::--- default:group:ALL:rwx default:mask::rwx default:other::--- As u can see the Groups ALL are granted RWX. ANYTHING ELSE is been set to owner root.root with 000 Permissions. This Directory contains several Files. a .txt a .doc and a .xls as u can see here: host:/someparentdirs/_AW_TEST# ls -la total 56 d---rws---+ 3 root root 4096 2011-05-23 10:33 . drwxrws---+ 32 root root 4096 2011-05-20 12:40 .. rwx---+ 1 root root 13824 2011-05-20 16:15 excel1.xls rwx---+ 1 root root24 2011-05-20 16:15 file1.txt rwx---+ 1 root root 24064 2011-05-20 16:15 word1.doc host:/someparentdirs/_AW_TEST# ACLs on those Files are set similar: host:/someparentdirs/_AW_TEST# getfacl file1.txt # file: file1.txt # owner: root # group: root user::--- group::--- group:ALL:rwx mask::rwx other::--- host:/someparentdirs/_AW_TEST# NOW a given Regular Windows-User wernera which is MEMBER OF ALL is supposed to have READ-/WRITE PERSMISSIONS on those Files, right?? At least i would expect that. But Fact is, that in this configuration my user wernera can only access these Files READ ONLY, independent of what Windows Application used. He will be able to creat new files and all. But those existing Files became READONLY for some reason. IF i now change that ACLs to something like this (only the OWNERS Part changed) ... host:/someparentdirs/_AW_TEST# getfacl file1.txt # file: file1.txt # owner: root # group: root user::rwx group::--- group:ALL:rwx mask::rwx other::--- host:/someparentdirs/_AW_TEST# ... the hole Thing starts to work just as expected. Even though the root User should not matter here. BTW: The User wernera as a regular User CAN write to those Files from the Linux Console (via ssh using vim or such for example). So it looks like Samba is handling this strangly different. Any Ideas wtf is going on here ? Here are my Configs: Kernel: uname -r : 2.6.26-2-686 - Samba: dpkg -l |grep -i samba samba 2:3.2.5-4lenny14 samba-common 2:3.2.5-4lenny14 samba-doc 2:3.2.5-4lenny14 samba-doc-pdf 2:3.2.5-4lenny14 smbldap-tools 0.9.4-1 - ACL Tools: dpkg -l | grep -i acl ii acl 2.2.47-2 ii libacl1 2.2.47-2 - Samba Config: grep -v -e '^[[:space:]]*#' -e '^$' /etc/samba/smb.conf [global] domain logons = Yes domain master = auto workgroup = xxx server string = os level = 66 dns proxy = No wins support = Yes panic action = /usr/share/samba/panic-action %d guest account = nobody socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = ldapsam:ldap://localhost.domain.de; encrypt passwords = true obey pam restrictions = yes unix password sync = no check password script = /sbin/crackcheck -c -d /var/cache/cracklib/cracklib_dict ldap suffix = dc=someou,dc=someou,dc=de ldap admin dn = cn=admin,dc=someou,dc=someou,dc=de ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=people ldap idmap suffix = ou=idmap ldap passwd sync = no ldap ssl = start tls ldap delete dn = no add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u debug pid = yes log level = 0 auth:3 log file = /var/log/samba/samba.log max log size = 1 syslog only = yes syslog = 1000 logon drive = h: logon home=\\host\%U logon script = scripts\logon.cmd logon path = show add printer wizard = no inherit acls = yes inherit owner = no [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /home/netlogon admin users = root guest ok = yes browsable = yes writable = no write list = @itadmin, root, Administrator [I] comment = Drive I path = /data1/I/ browseable =
[Samba] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) Cannot allocate gid above 20000!
Hello everybody, I got a few servers that where running stable and somehow winbindd started complaining. There were no users added or any samba related updates. Also the problems did not started on the same day one of the servers started today and on other one months ago... winbindd[14450]: [2011/05/23 13:33:13.442070, 0] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) winbindd[14450]: Cannot allocate gid above 2! # winbindd --version Version 3.5.6 How can I fix my this? Kind regards, Jelle de Jong -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) Cannot allocate gid above 20000!
On 05/23/2011 06:37 AM, Jelle de Jong wrote: Hello everybody, I got a few servers that where running stable and somehow winbindd started complaining. There were no users added or any samba related updates. Also the problems did not started on the same day one of the servers started today and on other one months ago... winbindd[14450]: [2011/05/23 13:33:13.442070, 0] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) winbindd[14450]: Cannot allocate gid above 2! Jelle, In the [global] stanza do you perhaps have: idmap gid = 0-2 If yes, you need to increase that upper limit. If not, please share with us the output of: testparm -s Cheers, John T. # winbindd --version Version 3.5.6 How can I fix my this? Kind regards, Jelle de Jong -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The trust relationship between this workstation and the primary domain failed.
On Mon, May 23, 2011 at 4:00 AM, Andrew Spiers 7and...@gmail.com wrote: Samba 3.5.6 PDC, Windows 7 client. A user was unable to log on this morning with this error. The samba log for the machine is full of: [2011/02/10 09:09:50.145387, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENT machine account CLIENT$ [2011/02/10 09:10:18.693306, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/02/10 09:10:18.693343, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2011/02/10 09:10:36.694575, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/02/10 09:10:36.694604, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2011/02/10 09:13:14.855541, 1] smbd/service.c:1070(make_connection_snum) (Those messages go back as far as April when the user started using the machine.) I've got a feeling that SambaPwdLastSet isn't getting updated in our LDAP database. Removing the client from the domain and rejoining it fixed the problem. from smb.conf: [netlogon] comment = Network Logon Service path = /share/common/netlogon guest ok = yes writable = no share modes = no write list = root, administrator # getfacl /share/common/netlogon getfacl: Removing leading '/' from absolute path names # file: share/common/netlogon # owner: root # group: root user::rwx group::r-x other::r-x Does anyone know why this might be? Or what can be done about it? I believe you have to disable the machine password from being automatically changed on the client. The default is every 30 days. I believe if no user is logged in during the password exchange the Windows 7 box changes the password but samba does not get the change. See this thread: http://samba.2283325.n4.nabble.com/Windows-7-machine-trust-accounts-expiring-td2456812.html John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.2.5 + ACLs - read/write permission become read only
From: Axel Werner m...@awerner.homeip.net Date: Mon, 23 May 2011 12:49:17 +0200 (snip) I got a samba shared Directory like this: host:/someparentdirs/_AW_TEST# ls -lad . d---rws---+ 3 root root 4096 2011-05-23 10:33 . host:/someparentdirs/_AW_TEST# host:/someparentdirs/_AW_TEST# getfacl . # file: . # owner: root # group: root user::--- group::--- group:ALL:rwx group:CCIGUESTS:rwx mask::rwx other::--- default:user::--- default:group::--- default:group:ALL:rwx default:mask::rwx default:other::--- As u can see the Groups ALL are granted RWX. ANYTHING ELSE is been set to owner root.root with 000 Permissions. (snip) NOW a given Regular Windows-User wernera which is MEMBER OF ALL is supposed to have READ-/WRITE PERSMISSIONS on those Files, right?? At least i would expect that. But Fact is, that in this configuration my user wernera can only access these Files READ ONLY, independent of what Windows Application used. He will be able to creat new files and all. But those existing Files became READONLY for some reason. As far as I examined at Samba 3.5.6 self-compiled on Lenny and ACLs were set: # file: aclshare3/ # owner: root # group: root user::--- group::rwx owner group permission group:aclshare3rw:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:aclshare3rw:rwx default:mask::rwx default:other::--- [aclshare3] path = /some/where/aclshare3 writeable = yes force group = root inherit permissions = yes ; inherit owner = yes store dos attributes = yes map archive = no map read only = no Actually the owner group permission works as mask value. When I set: # setfacl -m m:rwx,g::--- aclshare3/ then no user can access to aclshare3 directory and when I set: # setfacl -m m:rwx,g::r-x aclshare3/ then no user can write to aclshare3 directory. Anyway, I recommend that root always have rwx on files when you use POSIX ACL to control access like: 1) chown root; chgrp root 2) chmod g+rwx; setfacl -m g::rwx; setfacl -d -m g::rwx 3) set force group = root --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with group assignments
Dear Daniel, The usernames and passwords are already authenticating against ADS; the problem is the groups. We want the groups to authenticate against the local UNIX groups, NOT ADS (like the original server did, and the documentation states); having the groups work through ADS will make us have to keep the local and ADS groups synchronized manually, which we do not want to do (the new server is also a NFS server, so we cannot have the two types of groups drift apart). David -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: 23 May 2011 07:52 To: F. David del Campo Hill; samba@lists.samba.org Subject: AW: [Samba] Problems with group assignments What about your ADS? You are authenticate against your ADS?! Why don't use winbind? http://wiki.samba.org/index.php/Samba__Active_Directory Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] Im Auftrag von F. David del Campo Hill Gesendet: Freitag, 20. Mai 2011 14:44 An: samba@lists.samba.org Betreff: [Samba] Problems with group assignments Dear All, We are trying to transfer a SaMBa installation from an old server to a newer more up-to-date one. The original server was sharing files to Windows XP systems in Active Directory (Windows Server 2003 R2 version), but as we move to Windows 7 and Active Directory (Windows Server 2008 R2 version) we need to upgrade the service. The old server was part of a NIS domain, with the valid users, write list, etc entries in its smb.conf referring to the NIS groups using the @ sign (which the documentation says it means is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database; see http://samba.org/samba/docs/man/manpages- 3/smb.conf.5.html#INVALIDUSERS). It all worked fine as it picked users' group membership from NIS. The new server is a Solaris 10 box running SaMBa 3.5.5, and we are having problems with it picking up the group memberships. The old server's smb.conf was transplanted to the new server (with a few path changes), and the new server was successfully added to our Active Directory domain. As the new server is NOT a member of NIS, we made a copy of all the smb.conf-relevant groups to its local /etc/group and added all the users to the /etc/passwd file. With these changes we can access the shares using the AD usernames and passwords as long as they are not access-limited by valid users, so the integration of the server into AD is working. But if we add a valid users = @group line to the share in smb.conf, it will completely refuse access to all users, even the ones belonging to the group. Leaving the share accessible to all, but adding a write list = @group line to smb.conf, will allow access, but no one will be able to write to it, even the members of the group. If we chan ge the write list and valid users lines to list the usernames directly instead of through a group membership, it works. To avoid even attempting to talk to NIS, we changed the @ signs for +, but it still kept refusing to recognize group memberships (NIS or local UNIX ones). So it seems our new SaMBa is having problems recognizing group memberships. What am I doing wrong? Have SUN/Oracle done something to stop SaMBa accessing its local UNIX groups? Thank you for your help. Yours, David del Campo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Basic questions about share permissions
I'm implementing a Samba 3.5.4 server, and have some basic questions about controlling share-level permissions. To let you know my level of knowledge, I'm a pretty good Linux admin, and can do basic Windows domain admin work. My goal is fairly simple: I need several shares that will be used by Windows users to send and get files from a Unix process. One share would do it, except that I need different security on different directories. I have the shares all created and in use, but I have NO security on any of them, yet. The configuration of each one is the same. Here's a sample: [TEST] path = /xxx/test read only = No force group = user1 force create mode = 060 My basic question is: Given that I'd be happy with simply creating a Windows group for each share, and giving full read/write access to the group associated with each share, what's the best practice for doing this? From my reading (chapter16 of the Samba HOWTO), it appears that one way is just to say: valid users = domain\group1 in the smb.conf for each share. Is this NOT a perfectly good way to do it? Any reason why I might not want to do it? From reading the HOWTO, and expermenting, it looks like I can assign permissions from a Windows client, by right-clicking the share, select properties, going to the security tab, and adding permissions, just like it was a real Windows server. This appears to work, but I haven't tested it much, and I'm concerned because I can't figure out where Samba is storing the permission changes I'm making. None of the TDB files seem to change when I fiddle with the permissions, and I think Samba must be storing these changes SOMEWHERE. So, question 2 is: Can I indeed assign permissions from a Windows client, without doing anything at all in smb.conf? if so, can you point me to docs that explain how this works? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem printing from one user only
On 5/15/2011 18:12, Christ Schlacta wrote: I'm trying to figure out why I'm getting permission denied when trying to print from one user account only. all others work fine. the print server is configured as a domain controller backed by ldap. aarcane@density:/var/log$ sudo testparm -s Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [print$] Processing section [downloads] Processing section [backups] Processing section [videos] Processing section [music] Processing section [ebooks] Processing section [games] Processing section [misc] Processing section [www] Loaded services file OK. Server role: ROLE_DOMAIN_PDC [global] workgroup = TEMPEST server string = File/Print Services (%h) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://density.aarcane.info/ log level = 4 syslog = 0 log file = /var/log/samba.log max log size = 1000 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w %u logon script = logon.cmd logon path = \\%N\profiles\%U logon drive = V: domain logons = Yes os level = 30 preferred master = Yes domain master = Yes dns proxy = No ldap admin dn = cn=admin,dc=aarcane,dc=info ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=aarcane,dc=info ldap ssl = no ldap user suffix = ou=People usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S read only = No create mask = 0750 directory mask = 0750 browseable = No [netlogon] comment = Network Logon Service path = /tank/samba/netlogon guest ok = Yes browseable = No [profiles] comment = Users profiles path = /tank/samba/profiles create mask = 01600 directory mask = 01700 guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = root, @PrintAdmin [misclenaeous shares omitted] the printer has permissions granted to group ml-2851-nd (which is the same model as the printer), Print checkbox is checked in permissions window in windows. getent shows: aarcane@density:/var/log$ getent group ml-2851-nd ml-2851-nd:*:10013:reesie,debra,aarcane reesie and debra can print fine, aarcane can't. another printer is titled f4440, same as above. aarcane@density:/var/log$ getent group f4440 f4440:*:10012:reesie,aarcane reesie and aarcane can both print fine. aside from the one group difference, both printers have the following permissions: CREATOR OWNER: Manage Documents specific group: Print PrintAdmin: All 3 Domain Admins: all 3 if I add special user permissions to the printer ml-2851-nd IZANAMI\aarcane I can then print to the ml-2851-nd. it shouldn't be needed, but it is. The following is log output at level = 3 of me trying to double-click the printer from windows 7 explorer (I typed in \\density and double-clicked the printer), which yields Operation could not be completed (error 0x05). Access is denied. as you can see, there's no mention of the word denied in the following log, so I can't figure out where or why it's getting denied. I've checked all my permissions repeatedly, and can find no problems. [2011/05/15 14:41:13.466276, 3] smbd/process.c:1485(process_smb) Transaction 1818 of length 2196 (0 toread) [2011/05/15 14:41:13.466410, 3] smbd/process.c:1294(switch_message) switch message SMBtrans (pid 6487) conn 0xb8fd6490 [2011/05/15 14:41:13.466457, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2011/05/15 14:41:13.466518, 3] smbd/ipc.c:545(handle_trans) trans \PIPE\ data=2108 params=0 setup=2 [2011/05/15 14:41:13.466570, 3] smbd/ipc.c:496(named_pipe) named pipe command on name [2011/05/15 14:41:13.466617, 3] smbd/ipc.c:460(api_fd_reply) Got API command 0x26 on pipe spoolss (pnum 2f54) [2011/05/15 14:41:13.466686, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2011/05/15 14:41:13.466736, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2011/05/15 14:41:13.466804, 4]
[Samba] Cannot authenticate new ldap users (unless they are in /etc/passwd too)
Hi, I migrated a PDC to use an ldap backend and am having fun with a few last issues.. Existing user accounts and machine accounts were migrated, and existing users can authenticate. Now I've added some new users and none of them can authenticate. e.g. for the user inktec. The user can login via SSH, but not mount a share: smbclient server3\\someshare -U=inktec mypassword May 23 19:40:47 server3 smbd[7364]: [2011/05/23 19:40:47, 0] passdb/pdb_get_set.c:211(pdb_get_group_sid) May 23 19:40:47 server3 smbd[7364]: pdb_get_group_sid: Failed to find Unix account for inktec May 23 19:40:47 server3 smbd[7364]: [2011/05/23 19:40:47, 1] auth/auth_util.c:577(make_server_info_sam) May 23 19:40:47 server3 smbd[7364]: User inktec in passdb, but getpwnam() fails! May 23 19:40:47 server3 smbd[7364]: [2011/05/23 19:40:47, 0] auth/auth_sam.c:355(check_sam_security) May 23 19:40:47 server3 smbd[7364]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Sama can see the users and groups. The following find the user just fine: ldapsearch -x '(uid=inktec)' pdbedit -L -v inktec getent passwd inktec smbldap-usershow inktec id inktec uid=18664(inktec) gid=513(Domain Users) groups=513(Domain Users),203(buser) Users were added with the tool smbldap-useradd -a, and also with ldapadmin... I also compared the ldap entries for users that work fine with the new users in ldap admin, they are basically the same. Perhaps related is that on a Windows XP client in the domain, if inktec is added to a User Groups such as Remote Desktop Users, windows complains Information return for object picket for object inktec was incomplete. Then by chance I added the test user (inktec) to /etc/passwd (but not to shadow), just to see. It worked! Its like the passwd line is nssswitch_conf is being ignored? group: compat ldap passwd: compat ldap shadow: compat ldap But then why did getent passwd inktec work, and why would SSH login work. Before ldap I would add users with both useradd and smbpasswd -a, but this should not be necessary with the ldap store? Thanks in advance, Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot authenticate new ldap users (unless they are in /etc/passwd too)
From: Sean Boran s...@boran.com Date: Mon, 23 May 2011 23:47:41 +0200 snip) Now I've added some new users and none of them can authenticate. e.g. for the user inktec. The user can login via SSH, but not mount a share: smbclient server3\\someshare -U=inktec mypassword (snip) May 23 19:40:47 server3 smbd[7364]: User inktec in passdb, but getpwnam() fails! May 23 19:40:47 server3 smbd[7364]: [2011/05/23 19:40:47, 0] auth/auth_sam.c:355(check_sam_security) May 23 19:40:47 server3 smbd[7364]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' According to these logs, you probably failed at Get_Pwnam_alloc() in lib/username.c referenced by make_server_info_sam() in auth/auth_util.c Adding -d10 to smbclient, you may see useful messages to analyze such as: * Get_Pwnam: empty username! * Finding user * Trying _Get_Pwnam(), username given as ... --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can CIFS files in read only mode be cached by client?
Hello! I am writing a Linux server, and I want to pre-fetch a number of CIFS files and cache locally. The files are on a CIFS share mounted as read only. I was planning on opening the file, calling posix_fadvise(,POSIX_FADV_WILLNEED) on the file descriptor, and then closing the file. Will this work? Is there a better way of doing this? Thanks!! Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 28d7282 s3: Remove unused cli_[en|de]crypt_message via 1a393b7 s3: Directly call common_encrypt_buffer in cli_smb_req_iov_send from df0e330 s3: Remove cli_send/receive_smb http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 28d728273834e740e15d32a9eedec8c8760abae3 Author: Volker Lendecke v...@samba.org Date: Sun May 22 19:14:44 2011 +0200 s3: Remove unused cli_[en|de]crypt_message Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon May 23 12:15:33 CEST 2011 on sn-devel-104 commit 1a393b7cd6bb2cffd4618932fc96367f6b2bb9dd Author: Volker Lendecke v...@samba.org Date: Sun May 22 19:13:19 2011 +0200 s3: Directly call common_encrypt_buffer in cli_smb_req_iov_send --- Summary of changes: source3/libsmb/async_smb.c |4 ++-- source3/libsmb/proto.h |2 -- source3/libsmb/smb_seal.c | 43 --- 3 files changed, 2 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index dfab82a..3ed3871 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -414,8 +414,8 @@ static NTSTATUS cli_smb_req_iov_send(struct tevent_req *req, if (buf == NULL) { return NT_STATUS_NO_MEMORY; } - status = cli_encrypt_message(state-cli, (char *)buf, -enc_buf); + status = common_encrypt_buffer(state-cli-trans_enc_state, + (char *)buf, enc_buf); TALLOC_FREE(buf); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (Error in encrypting client message: %s\n, diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index 089a88a..923dd38 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -811,8 +811,6 @@ void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf); bool cli_encryption_on(struct cli_state *cli); void cli_free_encryption_context(struct cli_state *cli); void cli_free_enc_buffer(struct cli_state *cli, char *buf); -NTSTATUS cli_decrypt_message(struct cli_state *cli); -NTSTATUS cli_encrypt_message(struct cli_state *cli, char *buf, char **buf_out); /* The following definitions come from libsmb/clisigning.c */ diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 5426c8d..73786ac 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -465,46 +465,3 @@ void cli_free_enc_buffer(struct cli_state *cli, char *buf) */ common_free_enc_buffer(cli-trans_enc_state, buf); } - -/** - Decrypt an incoming buffer. -**/ - -NTSTATUS cli_decrypt_message(struct cli_state *cli) -{ - NTSTATUS status; - uint16 enc_ctx_num; - - /* Ignore non-session messages. */ - if(CVAL(cli-inbuf,0)) { - return NT_STATUS_OK; - } - - status = get_enc_ctx_num((const uint8_t *)cli-inbuf, enc_ctx_num); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (enc_ctx_num != cli-trans_enc_state-enc_ctx_num) { - return NT_STATUS_INVALID_HANDLE; - } - - return common_decrypt_buffer(cli-trans_enc_state, cli-inbuf); -} - -/** - Encrypt an outgoing buffer. Return the encrypted pointer in buf_out. -**/ - -NTSTATUS cli_encrypt_message(struct cli_state *cli, char *buf, char **buf_out) -{ - /* Ignore non-session messages. */ - if (CVAL(buf,0)) { - return NT_STATUS_OK; - } - - /* If we supported multiple encrytion contexts -* here we'd look up based on tid. -*/ - return common_encrypt_buffer(cli-trans_enc_state, buf, buf_out); -} -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8167e84 selftest: create ncalrpcdir with 0755 permissions from 28d7282 s3: Remove unused cli_[en|de]crypt_message http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8167e840738febd3fad47094f3e948545c6f0677 Author: Stefan Metzmacher me...@samba.org Date: Sun May 22 19:40:19 2011 +0200 selftest: create ncalrpcdir with 0755 permissions We need to reset the umask in order to set to the desired permissions. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon May 23 13:26:33 CEST 2011 on sn-devel-104 --- Summary of changes: selftest/selftest.pl | 13 +++-- 1 files changed, 11 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 6f8cbe1..23434fc 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -597,11 +597,20 @@ sub write_clientconf($$$) mkdir($clientdir/lockdir, 0777); } + # this is ugly, but the ncalrpcdir needs exactly 0755 + # otherwise tests fail. + my $mask = umask; + umask 0022; + if ( -d $clientdir/ncalrpcdir/np ) { + unlink $clientdir/ncalrpcdir/np/*; + rmdir $clientdir/ncalrpcdir/np; + } if ( -d $clientdir/ncalrpcdir ) { unlink $clientdir/ncalrpcdir/*; - } else { - mkdir($clientdir/ncalrpcdir, 0777); + rmdir $clientdir/ncalrpcdir; } + mkdir($clientdir/ncalrpcdir, 0755); + umask $mask; open(CF, $conffile); print CF [global]\n; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 18ec1da s3: Remove unused cli_get_nt_error via 502a992 s3: Remove unused cli_set_nt_error via fddb944 s3: Remove unused cli_reset_error via e77da2f s3: Remove a reference to cli-inbuf via b1a7bdb s3: Remove two false references to cli-inbuf via 9514f96 s3: Fix a leftover from fstring removal in cli_state from 8167e84 selftest: create ncalrpcdir with 0755 permissions http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 18ec1dab59b16db7cf353c0144c43969cfdc3be7 Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:26:03 2011 +0200 s3: Remove unused cli_get_nt_error Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon May 23 16:54:21 CEST 2011 on sn-devel-104 commit 502a9924ca825f286e759219757455245367ab6b Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:25:32 2011 +0200 s3: Remove unused cli_set_nt_error commit fddb944a04c94555b36b77e69d01ecb0dabbd79b Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:24:52 2011 +0200 s3: Remove unused cli_reset_error commit e77da2f408a92822c7c1b08cc004890e18c8fc68 Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:22:41 2011 +0200 s3: Remove a reference to cli-inbuf This is only used for utf16 alignment calculations, rdata is aligned the same way as cli-inbuf is. commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:21:17 2011 +0200 s3: Remove two false references to cli-inbuf commit 9514f96856ccf822b683b5362fd2eb4a4e9e418a Author: Volker Lendecke v...@samba.org Date: Mon May 23 15:36:20 2011 +0200 s3: Fix a leftover from fstring removal in cli_state Jeremy, please check! --- Summary of changes: source3/libsmb/cliconnect.c | 13 - source3/libsmb/clierror.c | 38 -- source3/libsmb/clirap.c |2 +- source3/libsmb/proto.h |3 --- 4 files changed, 9 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 69d5ce6..a4a3c11 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2646,11 +2646,14 @@ static void cli_negprot_done(struct tevent_req *subreq) } /* work out if they sent us a workgroup */ if (!(cli-capabilities CAP_EXTENDED_SECURITY) - smb_buflen(cli-inbuf) 8) { - clistr_pull(cli-inbuf, cli-server_domain, - bytes+8, sizeof(cli-server_domain), - num_bytes-8, - STR_UNICODE|STR_NOALIGN); + smb_buflen(inbuf) 8) { + ssize_t ret; + status = smb_bytes_talloc_string( + cli, (char *)inbuf, cli-server_domain, + bytes + 8, num_bytes - 8, ret); + if (tevent_req_nterror(req, status)) { + return; + } } /* diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c index 145ce15..d5ac893 100644 --- a/source3/libsmb/clierror.c +++ b/source3/libsmb/clierror.c @@ -323,44 +323,6 @@ bool cli_is_dos_error(struct cli_state *cli) return cli_is_error(cli) !(flgs2 FLAGS2_32_BIT_ERROR_CODES); } -/* Return the last error always as an NTSTATUS. */ - -NTSTATUS cli_get_nt_error(struct cli_state *cli) -{ - if (cli_is_nt_error(cli)) { - return cli_nt_error(cli); - } else if (cli_is_dos_error(cli)) { - uint32 ecode; - uint8 eclass; - cli_dos_error(cli, eclass, ecode); - return dos_to_ntstatus(eclass, ecode); - } else { - /* Something went wrong, we don't know what. */ - return NT_STATUS_UNSUCCESSFUL; - } -} - -/* Push an error code into the inbuf to be returned on the next - * query. */ - -void cli_set_nt_error(struct cli_state *cli, NTSTATUS status) -{ - SSVAL(cli-inbuf,smb_flg2, SVAL(cli-inbuf,smb_flg2)|FLAGS2_32_BIT_ERROR_CODES); - SIVAL(cli-inbuf, smb_rcls, NT_STATUS_V(status)); -} - -/* Reset an error. */ - -void cli_reset_error(struct cli_state *cli) -{ -if (SVAL(cli-inbuf,smb_flg2) FLAGS2_32_BIT_ERROR_CODES) { - SIVAL(cli-inbuf, smb_rcls, NT_STATUS_V(NT_STATUS_OK)); - } else { - SCVAL(cli-inbuf,smb_rcls,0); - SSVAL(cli-inbuf,smb_err,0); - } -} - bool cli_state_is_connected(struct cli_state *cli) { if (cli == NULL) { diff --git a/source3/libsmb/clirap.c
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f51ee94 Revert s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms. from c707b1f libwbclient: Fix bug 8087 -- wbcChangeUserPasswordEx in RESPONSE mode does not work http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f51ee94ee9034f88566c4441eed4ff11697454ec Author: Karolin Seeger ksee...@samba.org Date: Mon May 23 20:17:13 2011 +0200 Revert s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms. This reverts commit 73bec197a91a15aa9a69c9a3868ed51bdd3674ea. Please see bug #8129 (Application requests printing on Format A5, but prints as A4) fro details. --- Summary of changes: source3/printing/nt_printing.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 3d1d4e8..beaa9e5 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -91,8 +91,6 @@ static const nt_forms_struct default_forms[] = { {Legal,0x1,0x34b5c,0x56d10,0x0,0x0,0x34b5c,0x56d10}, {Statement,0x1,0x221b4,0x34b5c,0x0,0x0,0x221b4,0x34b5c}, {Executive,0x1,0x2cf56,0x411cc,0x0,0x0,0x2cf56,0x411cc}, - {A0,0x1,0xcd528,0x122488,0x0,0x0,0xcd528,0x122488}, - {A1,0x1,0x91050,0xcd528,0x0,0x0,0x91050,0xcd528}, {A3,0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0}, {A4,0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828}, {A4 Small,0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828}, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 318c77e Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case. via e66e505 Optimization. If the attributes passed to can_rename() include both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM then there's no point in reading the source DOS attribute, as we're not going to deny the rename on attribute match. from 9231770 Make protocol version 2 the default protocol, and only run on version 1 if V1 is explcitly given as a module option. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 318c77ec46c3769d462bada130956d0081c48be2 Author: Jeremy Allison j...@samba.org Date: Thu May 19 16:39:18 2011 -0700 Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case. When doing SMB2 renames, we need to match all filetypes (no attributes field in the SMB2 call). By default a file starting with a period is returned as FILE_ATTRIBUTE_HIDDEN in Samba. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri May 20 19:26:04 CEST 2011 on sn-devel-104 commit e66e505db8e3e6c7938eb09dc55e080f7754ddd1 Author: Jeremy Allison j...@samba.org Date: Thu May 19 16:38:11 2011 -0700 Optimization. If the attributes passed to can_rename() include both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM then there's no point in reading the source DOS attribute, as we're not going to deny the rename on attribute match. --- Summary of changes: source3/smbd/reply.c | 13 - source3/smbd/trans2.c |5 +++-- 2 files changed, 11 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 9c66dde..099a36e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2381,15 +2381,18 @@ void reply_ctemp(struct smb_request *req) static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp, uint16 dirtype) { - uint32 fmode; - if (!CAN_WRITE(conn)) { return NT_STATUS_MEDIA_WRITE_PROTECTED; } - fmode = dos_mode(conn, fsp-fsp_name); - if ((fmode ~dirtype) (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) { - return NT_STATUS_NO_SUCH_FILE; + if ((dirtype (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) != + (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) { + /* Only bother to read the DOS attribute if we might deny the + rename on the grounds of attribute missmatch. */ + uint32_t fmode = dos_mode(conn, fsp-fsp_name); + if ((fmode ~dirtype) (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) { + return NT_STATUS_NO_SUCH_FILE; + } } if (S_ISDIR(fsp-fsp_name-st.st_ex_mode)) { diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 42b915b..be3d5a6 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -6051,8 +6051,9 @@ static NTSTATUS smb2_file_rename_information(connection_struct *conn, SMB_FILE_RENAME_INFORMATION (fnum %d) %s - %s\n, fsp-fnum, fsp_str_dbg(fsp), smb_fname_str_dbg(smb_fname_dst))); - status = rename_internals_fsp(conn, fsp, smb_fname_dst, 0, - overwrite); + status = rename_internals_fsp(conn, fsp, smb_fname_dst, + (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM), + overwrite); out: TALLOC_FREE(smb_fname_dst); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via d4c8b92 s3: Remove two false references to cli-inbuf (cherry picked from commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b) via 0f574d1 s3: Fix a leftover from fstring removal in cli_state from 318c77e Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit d4c8b92a29aa9dcc976185aeb35ead8e911aab9c Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:21:17 2011 +0200 s3: Remove two false references to cli-inbuf (cherry picked from commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b) Fix bug #8159 (Memory corruption in fetching cli-server_domain from the server.). commit 0f574d1a2fbc1b043c96b103bda1b74b1088fd5b Author: Volker Lendecke v...@samba.org Date: Mon May 23 15:36:20 2011 +0200 s3: Fix a leftover from fstring removal in cli_state Jeremy, please check! (cherry picked from commit 9514f96856ccf822b683b5362fd2eb4a4e9e418a) --- Summary of changes: source3/libsmb/cliconnect.c | 13 - 1 files changed, 8 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 828cb2c..97dd068 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2655,11 +2655,14 @@ static void cli_negprot_done(struct tevent_req *subreq) } /* work out if they sent us a workgroup */ if (!(cli-capabilities CAP_EXTENDED_SECURITY) - smb_buflen(cli-inbuf) 8) { - clistr_pull(cli-inbuf, cli-server_domain, - bytes+8, sizeof(cli-server_domain), - num_bytes-8, - STR_UNICODE|STR_NOALIGN); + smb_buflen(inbuf) 8) { + ssize_t ret; + status = smb_bytes_talloc_string( + cli, (char *)inbuf, cli-server_domain, + bytes + 8, num_bytes - 8, ret); + if (tevent_req_nterror(req, status)) { + return; + } } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via a88126d s3-printing: remove pcap_cache_loaded asserts via 8070240 Revert Revert s3-printing: update parent smbd pcap cache via 9e427e5 Revert Revert s3-printing: reload shares after pcap cache fill from f51ee94 Revert s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit a88126d6e8577a9e0b6196acdee70633d0e06259 Author: David Disseldorp dd...@suse.de Date: Mon Jan 17 16:09:32 2011 +0100 s3-printing: remove pcap_cache_loaded asserts pcap_cache_loaded() assertions were added to the (re)load_printers() functions, to ensure the caller had called pcap_cache_reload() prior to reloading printer shares. The problem is, pcap_cache_loaded() returns false if the the pcap_cache contains no printer entries. i.e. pcap_cache_reload() has run but not detected any printers. Remove these assertions, correct call ordering is already enforced. Signed-off-by: Günther Deschner g...@samba.org The last 3 patches address bug #7836 (A newly added printer isn't visbile to clients). commit 8070240ed7e73b94aba591b6d985e7e32037bb5e Author: David Disseldorp dd...@suse.de Date: Thu May 19 11:22:37 2011 +0200 Revert Revert s3-printing: update parent smbd pcap cache This reverts commit b6268f507fa3276c2ef22c58bad400a3fed48cd9. Signed-off-by: Günther Deschner g...@samba.org commit 9e427e5aced5caeedeeff29b9b962913ee4f796d Author: David Disseldorp dd...@suse.de Date: Thu May 19 11:22:18 2011 +0200 Revert Revert s3-printing: reload shares after pcap cache fill This reverts commit e4579eab7fe3eab7a5209e6de74e6fd2f53099d0. Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/include/local.h |1 + source3/include/proto.h |4 ++-- source3/printing/load.c |5 + source3/printing/pcap.c | 18 ++ source3/printing/print_cups.c | 33 - source3/smbd/process.c|4 ++-- source3/smbd/server.c | 28 +--- source3/web/swat.c|4 ++-- 8 files changed, 67 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/local.h b/source3/include/local.h index a88b17b..d65cc00 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -148,6 +148,7 @@ #define LPQ_LOCK_TIMEOUT (5) #define NMBD_INTERFACES_RELOAD (120) #define NMBD_UNEXPECTED_TIMEOUT (15) +#define SMBD_HOUSEKEEPING_INTERVAL SMBD_SELECT_TIMEOUT /* the following are in milliseconds */ #define LOCK_RETRY_TIMEOUT (100) diff --git a/source3/include/proto.h b/source3/include/proto.h index e15a020..d560ee5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4899,7 +4899,7 @@ void pcap_cache_destroy_specific(struct pcap_cache **ppcache); bool pcap_cache_add(const char *name, const char *comment); bool pcap_cache_loaded(void); void pcap_cache_replace(const struct pcap_cache *cache); -void pcap_cache_reload(void); +void pcap_cache_reload(void (*post_cache_fill_fn)(void)); bool pcap_printername_ok(const char *printername); void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, void *), void *); void pcap_printer_fn(void (*fn)(const char *, const char *, void *), void *); @@ -4910,7 +4910,7 @@ bool aix_cache_reload(void); /* The following definitions come from printing/print_cups.c */ -bool cups_cache_reload(void); +bool cups_cache_reload(void (*post_cache_fill_fn)(void)); bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer); /* The following definitions come from printing/print_generic.c */ diff --git a/source3/printing/load.c b/source3/printing/load.c index 874f7f2..c80a479 100644 --- a/source3/printing/load.c +++ b/source3/printing/load.c @@ -53,13 +53,10 @@ static void add_auto_printers(void) } /*** -load automatic printer services +load automatic printer services from pre-populated pcap cache ***/ void load_printers(void) { - if (!pcap_cache_loaded()) - pcap_cache_reload(); - add_auto_printers(); /* load all printcap printers */ diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index a6bf52a..0d6480c 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -125,13 +125,14 @@ void pcap_cache_replace(const struct pcap_cache *pcache) } } -void pcap_cache_reload(void) +void pcap_cache_reload(void (*post_cache_fill_fn)(void)) { const char *pcap_name =
[SCM] Samba Shared Repository - branch v3-4-test updated
The branch, v3-4-test has been updated via da9b2d9 s3-printing: remove pcap_cache_loaded asserts via ee094b5 Revert Revert s3-printing: update parent smbd pcap cache via 3e1969d Revert Revert s3-printing: reload shares after pcap cache fill from 2c9a3db WHATSNEW: Start release notes for Samba 3.4.14. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit da9b2d9d58193ed3da36c2f8ff1e41a1e743ba07 Author: David Disseldorp dd...@suse.de Date: Mon Jan 17 16:09:32 2011 +0100 s3-printing: remove pcap_cache_loaded asserts pcap_cache_loaded() assertions were added to the (re)load_printers() functions, to ensure the caller had called pcap_cache_reload() prior to reloading printer shares. The problem is, pcap_cache_loaded() returns false if the the pcap_cache contains no printer entries. i.e. pcap_cache_reload() has run but not detected any printers. Remove these assertions, correct call ordering is already enforced. Signed-off-by: Günther Deschner g...@samba.org The last 3 patches address bug #7836 (A newly added printer isn't visbile to clients). commit ee094b53d7fd9c46bca57b9815993282c63af00c Author: David Disseldorp dd...@suse.de Date: Thu May 19 11:29:12 2011 +0200 Revert Revert s3-printing: update parent smbd pcap cache This reverts commit ad450870eacb114b3f15941a4478ba25701e035a. Signed-off-by: Günther Deschner g...@samba.org commit 3e1969d229dff2921b43189969dfbe522b167cc2 Author: David Disseldorp dd...@suse.de Date: Thu May 19 11:26:18 2011 +0200 Revert Revert s3-printing: reload shares after pcap cache fill This reverts commit 36ea03bbe28122ce03de4969e254dd276cfe5a79. Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/include/local.h |1 + source3/include/proto.h |4 ++-- source3/printing/load.c |5 + source3/printing/pcap.c | 18 ++ source3/printing/print_cups.c | 33 - source3/smbd/process.c|4 ++-- source3/smbd/server.c | 28 +--- source3/web/swat.c|4 ++-- 8 files changed, 67 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/local.h b/source3/include/local.h index a88b17b..d65cc00 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -148,6 +148,7 @@ #define LPQ_LOCK_TIMEOUT (5) #define NMBD_INTERFACES_RELOAD (120) #define NMBD_UNEXPECTED_TIMEOUT (15) +#define SMBD_HOUSEKEEPING_INTERVAL SMBD_SELECT_TIMEOUT /* the following are in milliseconds */ #define LOCK_RETRY_TIMEOUT (100) diff --git a/source3/include/proto.h b/source3/include/proto.h index 7c2893b..46ed4ab 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4869,7 +4869,7 @@ void pcap_cache_destroy_specific(struct pcap_cache **ppcache); bool pcap_cache_add(const char *name, const char *comment); bool pcap_cache_loaded(void); void pcap_cache_replace(const struct pcap_cache *cache); -void pcap_cache_reload(void); +void pcap_cache_reload(void (*post_cache_fill_fn)(void)); bool pcap_printername_ok(const char *printername); void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, void *), void *); void pcap_printer_fn(void (*fn)(const char *, const char *, void *), void *); @@ -4880,7 +4880,7 @@ bool aix_cache_reload(void); /* The following definitions come from printing/print_cups.c */ -bool cups_cache_reload(void); +bool cups_cache_reload(void (*post_cache_fill_fn)(void)); bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer); /* The following definitions come from printing/print_generic.c */ diff --git a/source3/printing/load.c b/source3/printing/load.c index 874f7f2..c80a479 100644 --- a/source3/printing/load.c +++ b/source3/printing/load.c @@ -53,13 +53,10 @@ static void add_auto_printers(void) } /*** -load automatic printer services +load automatic printer services from pre-populated pcap cache ***/ void load_printers(void) { - if (!pcap_cache_loaded()) - pcap_cache_reload(); - add_auto_printers(); /* load all printcap printers */ diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index a6bf52a..0d6480c 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -125,13 +125,14 @@ void pcap_cache_replace(const struct pcap_cache *pcache) } } -void pcap_cache_reload(void) +void pcap_cache_reload(void (*post_cache_fill_fn)(void)) { const char *pcap_name = lp_printcapname();
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via ccab9ef Patch for bug #8156 - net ads join fails to use the user's kerberos ticket. from d4c8b92 s3: Remove two false references to cli-inbuf (cherry picked from commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit ccab9efb653cfacdd357986f7a8a85c17df7abbb Author: Jeremy Allison j...@samba.org Date: Fri May 20 14:43:50 2011 -0700 Patch for bug #8156 - net ads join fails to use the user's kerberos ticket. If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to a misconfigured krb5.conf, try the realm = from smb.conf as a fallcback before going back to NTLMSSP (which we'll do anyway). --- Summary of changes: source3/libsmb/cliconnect.c | 37 +++-- 1 files changed, 27 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 97dd068..11062ef 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1887,6 +1887,9 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, host = strchr_m(cli-desthost, '.'); if (dest_realm) { realm = SMB_STRDUP(dest_realm); + if (!realm) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } strupper_m(realm); } else { if (host) { @@ -1898,19 +1901,33 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, } } - if (realm *realm) { - principal = talloc_asprintf(talloc_tos(), - cifs/%s@%s, - cli-desthost, - realm); - if (!principal) { - SAFE_FREE(realm); + if (realm == NULL || *realm == '\0') { + realm = SMB_STRDUP(lp_realm()); + if (!realm) { return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - DEBUG(3,(cli_session_setup_spnego: guessed - server principal=%s\n, - principal ? principal : null)); + strupper_m(realm); + DEBUG(3,(cli_session_setup_spnego: cannot + get realm from dest_realm %s, + desthost %s. Using default + smb.conf realm %s\n, + dest_realm ? dest_realm : null, + cli-desthost, + realm)); } + + principal = talloc_asprintf(talloc_tos(), + cifs/%s@%s, + cli-desthost, + realm); + if (!principal) { + SAFE_FREE(realm); + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } + DEBUG(3,(cli_session_setup_spnego: guessed + server principal=%s\n, + principal ? principal : null)); + SAFE_FREE(realm); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via bc602ad Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly. from ccab9ef Patch for bug #8156 - net ads join fails to use the user's kerberos ticket. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit bc602ad464291380d4dea007668d453439467cc4 Author: Jeremy Allison j...@samba.org Date: Fri May 20 12:27:02 2011 -0700 Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly. The parsing code made some strange assumptions about what is a printer name, and what is a comment. --- Summary of changes: source3/printing/print_standard.c | 13 + 1 files changed, 5 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/print_standard.c b/source3/printing/print_standard.c index 6a86d84..c4f9c5b 100644 --- a/source3/printing/print_standard.c +++ b/source3/printing/print_standard.c @@ -93,6 +93,10 @@ bool std_pcap_cache_reload(const char *pcap_name) has_punctuation = (strchr_m(p, ' ') || strchr_m(p, '\t') || + strchr_m(p, '') || + strchr_m(p, '\'') || + strchr_m(p, ';') || + strchr_m(p, ',') || strchr_m(p, '(') || strchr_m(p, ')')); @@ -101,11 +105,7 @@ bool std_pcap_cache_reload(const char *pcap_name) continue; } - if (strlen(p) = MAXPRINTERLEN - strlen(p) strlen(name) !has_punctuation) { - if (!*comment) { - strlcpy(comment, name, sizeof(comment)); - } + if (strlen(p) = MAXPRINTERLEN *name == '\0' !has_punctuation) { strlcpy(name, p, sizeof(name)); continue; } @@ -117,9 +117,6 @@ bool std_pcap_cache_reload(const char *pcap_name) } } - comment[60] = 0; - name[MAXPRINTERLEN] = 0; - if (*name !pcap_cache_add(name, comment, NULL)) { x_fclose(pcap_file); return false; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via ef1a0c1 Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly. from a88126d s3-printing: remove pcap_cache_loaded asserts http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit ef1a0c14ab41c87f133d310c5f976548caf15b9a Author: Jeremy Allison j...@samba.org Date: Fri May 20 12:36:56 2011 -0700 Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly. The parsing code made some strange assumptions about what is a printer name, and what is a comment. --- Summary of changes: source3/printing/pcap.c | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index 0d6480c..dbfbac7 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -209,6 +209,10 @@ void pcap_cache_reload(void (*post_cache_fill_fn)(void)) has_punctuation = (strchr_m(p, ' ') || strchr_m(p, '\t') || + strchr_m(p, '') || + strchr_m(p, '\'') || + strchr_m(p, ';') || + strchr_m(p, ',') || strchr_m(p, '(') || strchr_m(p, ')')); @@ -217,8 +221,7 @@ void pcap_cache_reload(void (*post_cache_fill_fn)(void)) continue; } - if (strlen(p) = MAXPRINTERLEN - strlen(p) strlen(name) !has_punctuation) { + if (strlen(p) = MAXPRINTERLEN *name == '\0' !has_punctuation) { if (!*comment) { strlcpy(comment, name, sizeof(comment)); } @@ -233,9 +236,6 @@ void pcap_cache_reload(void (*post_cache_fill_fn)(void)) } } - comment[60] = 0; - name[MAXPRINTERLEN] = 0; - if (*name !pcap_cache_add(name, comment)) { x_fclose(pcap_file); goto done; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 9a01a15 WHATSNEW: Start adding changes since rc1. from bc602ad Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 9a01a1569359ab7d527c2a080fb7861a03a8fe12 Author: Karolin Seeger ksee...@samba.org Date: Mon May 23 21:41:27 2011 +0200 WHATSNEW: Start adding changes since rc1. Karolin --- Summary of changes: WHATSNEW.txt | 35 ++- 1 files changed, 34 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6799831..3481c74 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,6 +1,6 @@ Release Notes for Samba 3.6.0rc2 - May , 2011 +June 7, 2011 @@ -255,6 +255,39 @@ o Andreas Schneider a...@samba.org Changes since 3.6.0rc1 -- +o Jeremy Allison j...@samba.org +* BUG 8133: Fix strange behavior for the file (whose filename first + character is period ) in SMB2 case. +* BUG 8144: Fix setting timestamp when touching files with CIFS clients. +* BUG 8153: Fix setting up getaddrinfo on IPv6-only machines. +* BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. +* BUG 8157: Fix parsing a cups printcap file. + + +o Christian Ambach a...@samba.org +* BUG 8152: Fix smbd crash in release_ip(). + + +o Sumit Bose sb...@redhat.com +* BUG 8142: Fix typos in LDAP schema files. + + +o Holger Hetterich hhet...@novell.com +* BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer. + + +o Stefan Metzmacher me...@samba.org +* BUG 8140: talloc: Fix Valgrind false positives and other backports. +* BUG 8141: Fix wrong permissions on lp_ncalrpc_dir(). + + +o Andreas Schneider a...@samba.org +* BUG 8155: Fix registering only named pipes on EPM for a service. + + +o Volker Lendecke v...@samba.org +* BUG 8159: Fix memory corruption in fetching cli-server_domain from the + server. Changes since 3.6.0pre3 -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-05-24-0244/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-05-24-0244/samba3.stderr http://git.samba.org/autobuild.flakey/2011-05-24-0244/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-05-24-0244/samba4.stderr http://git.samba.org/autobuild.flakey/2011-05-24-0244/samba4.stdout The top commit at the time of the failure was: commit 18ec1dab59b16db7cf353c0144c43969cfdc3be7 Author: Volker Lendecke v...@samba.org Date: Mon May 23 12:26:03 2011 +0200 s3: Remove unused cli_get_nt_error Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Mon May 23 16:54:21 CEST 2011 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9c3e538 Fix bug #8150 - Ban 'dos charset = utf8' from 18ec1da s3: Remove unused cli_get_nt_error http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9c3e5380ecabe44796f5d53f8aa9f81642434dd8 Author: Jeremy Allison j...@samba.org Date: Mon May 23 10:57:56 2011 -0700 Fix bug #8150 - Ban 'dos charset = utf8' Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue May 24 03:52:50 CEST 2011 on sn-devel-104 --- Summary of changes: source3/param/loadparm.c | 40 +++- 1 files changed, 39 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 3ed2308..9bb0ce1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -708,6 +708,7 @@ static bool handle_workgroup( int snum, const char *pszParmValue, char **ptr ); static bool handle_netbios_aliases( int snum, const char *pszParmValue, char **ptr ); static bool handle_netbios_scope( int snum, const char *pszParmValue, char **ptr ); static bool handle_charset( int snum, const char *pszParmValue, char **ptr ); +static bool handle_dos_charset( int snum, const char *pszParmValue, char **ptr ); static bool handle_printing( int snum, const char *pszParmValue, char **ptr); static bool handle_ldap_debug_level( int snum, const char *pszParmValue, char **ptr); @@ -955,7 +956,7 @@ static struct parm_struct parm_table[] = { .type = P_STRING, .p_class= P_GLOBAL, .ptr= Globals.dos_charset, - .special= handle_charset, + .special= handle_dos_charset, .enum_list = NULL, .flags = FLAG_ADVANCED }, @@ -7531,6 +7532,43 @@ static bool handle_charset(int snum, const char *pszParmValue, char **ptr) return True; } +static bool handle_dos_charset(int snum, const char *pszParmValue, char **ptr) +{ + bool is_utf8 = false; + size_t len = strlen(pszParmValue); + + if (len == 4 || len == 5) { + /* Don't use StrCaseCmp here as we don't want to + initialize iconv. */ + if ((toupper_ascii(pszParmValue[0]) == 'U') + (toupper_ascii(pszParmValue[1]) == 'T') + (toupper_ascii(pszParmValue[2]) == 'F')) { + if (len == 4) { + if (pszParmValue[3] == '8') { + is_utf8 = true; + } + } else { + if (pszParmValue[3] == '-' + pszParmValue[4] == '8') { + is_utf8 = true; + } + } + } + } + + if (strcmp(*ptr, pszParmValue) != 0) { + if (is_utf8) { + DEBUG(0,(ERROR: invalid DOS charset: 'dos charset' must not + be UTF8, using (default value) %s instead.\n, + DEFAULT_DOS_CHARSET)); + pszParmValue = DEFAULT_DOS_CHARSET; + } + string_set(ptr, pszParmValue); + init_iconv(); + } + return true; +} + static bool handle_workgroup(int snum, const char *pszParmValue, char **ptr) -- Samba Shared Repository