Re: [Samba] Samba4 Multi-Master replication
You always need to have two Samba4/dns and the entries of both dns in your clients network settings too. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gémes Géza Gesendet: Dienstag, 12. Juni 2012 19:19 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration ,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba3+OpenLDAP - Samba4 implications.
Hi everyone, I might be going over old stuff, and if so, I apologise. I administer a network that uses Samba 3 with an OpenLDAP backend for domain logons, printing and file sharing. I am interested in moving to Samba4 for the domain control side of things, but the twist is that I have many other things relying on OpenLDAP for authentication and configuration, with several custom schemas. Is there a samba4 schema for OpenLDAP or is there a migration path for networks like mine? Alex Ferrara Director Receptive IT Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 samba-tool dns question
Hello Everyone, I am used to messing with bind zones directly. With samba 4, I cannot do that. Is the following the correct way to add a TXT record for SPF to the zone using samba-tool? /usr/local/samba/bin/samba-tool dns add s4server.example.org example.org example.org TXT v=spf1 mx -all I am not sure it is because it is showing up with dig as v=spf1 mx -all where it should be all one string, I believe. Thank you for any help, Trever -- Life is a comedy for those who think and a tragedy for those who feel. -- Unknown signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication ( slave setup possible ?)
Is it possible to create slave DNS servers of the samba server. I would like to setup like this. ( this is also my running setup with samba 3) SLAVEDNS1 \ SAMBA(DNS) / Clients pc's with dns servers slave1 and slave2 \ SLAVEDNS2 / I my case slavedns(1) is also master of an external lan which is replicated to slavedns2. This was needed because of security and the way i extract the external dns settings, dont ask why, i just created a solution which my ICT company could not. so the question is, can i do this with samba4 and bind DLZ setup? Louis -Oorspronkelijk bericht- Van: muel...@tropenklinik.de [mailto:samba-boun...@lists.samba.org] Namens Daniel Müller Verzonden: 2012-06-13 09:01 Aan: 'Gémes Géza'; samba@lists.samba.org Onderwerp: Re: [Samba] Samba4 Multi-Master replication You always need to have two Samba4/dns and the entries of both dns in your clients network settings too. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gémes Géza Gesendet: Dienstag, 12. Juni 2012 19:19 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration ,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Self-Service-Password check_ntlm_password
Hello all, I've got a problem to change my password with self-service-password ( http://ltb-project.org/wiki/documentation/self-service-password/latest/start ) who is an web interface. In fact, I can change my password but when I close the session windows return me an error who said that windows cannot change my profile blabla and talk about security rights. However, the password is well changed :/ In the log i've got this : check_ntlm_password: Authentication for user [troll] - [troll] FAILED with error NT_STATUS_WRONG_PASSWORD I googled this, but no solution for my problem :/ Has anyone use self-service-password and anyone can help me ? -- Cédric CARLEN Élève-ingénieur à TELECOM Lille 1 Promotion FI15 ☎ 06.59.42.81.55 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 samba-tool dns question
On 2012-06-13 11:21, Trever L. Adams wrote: Hi Trever, /usr/local/samba/bin/samba-tool dns add s4server.example.org example.org example.org TXT v=spf1 mx -all I am not sure it is because it is showing up with dig as v=spf1 mx -all where it should be all one string, I believe. Well, this is how the current code is set up, Amitay added this behavior to the DLZ backend recently, and I followed along for the internal server. I'm not aware of how the string tokenization is actually described in the standard. I'm also not sure if the issue actually is that samba-tool doesn't preserve the quotes around the string, so the data is tokenized when added to the AD record. Amitay, any insights on that one? Cheers, Kai -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 for AD using existing LDAP, Kerberos, and Bind Setup.
G'day Dewayne, Thank you your reply. I'll submit the question on the technical list. Sorry for the slowness of my reply. I've been on leave. Cheers, David Minard. Ph:0247 360 155 Fax:0247 360 770 School of Computing, Engineering, and Mathematics Building Y - Penrith Campus (Kingswood) Locked bag 1797 Penrith South DC NSW 1797 [Sometimes waking up just isn't worth the insult of the day to come.] On 19/05/2012, at 6:59 AM, Dewayne wrote: David, I'd echo Gemes comment about posting your question to the samba-techni...@lists.samba.org list which would be more appropriate. There is some topical discussion going on there regarding content of a samba4 Beta release, and your question would be well timed. I'd suggest that you also consider the samba4 on existing: dhcp, dns ntp infrastructure. Good sources of information are at: WhatsNew - http://gitweb.samba.org/?p=samba.git;a=blob;f=WHATSNEW.txt;h=8798a875cc7618 da819e9ecd1db6cb7f25f85a94;hb=edb15ffef29fbb69a4d1dfc862fe8d6a3a027347 Other useful references: 1. https://wiki.samba.org/index.php/Samba4/HOWTO 2. https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 3. https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO 4. Last updated March 2011 https://wiki.samba.org/index.php/Samba4_DRS_TODO_List#Support_RODC Kind regards, Dewayne. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication
On 2012-06-13 17:10, steve wrote: On 12/06/12 19:19, Gémes Géza wrote: On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Hi Would both DC's and every client have both IP's in their resolv.conf (or whatever windoze calls it)? Cheers, Steve Short answer: Yes Longer answer: The easiest is to do that via dhcp Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] how to automount a kerberos cifs share
Hi I have an automount map: * -fstype=cifs,sec=krb5 ://server/share/ It works fine, but only if Administrator has tickets. I can't do that on every client! Is there any way I can store the Administrator key in a keytab and use that? Or any other solution? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to automount a kerberos cifs share
How about if you use NFS v4 with kerberos instead of CIFS? On 06/13/12 14:58, steve wrote: Hi I have an automount map: * -fstype=cifs,sec=krb5 ://server/share/ It works fine, but only if Administrator has tickets. I can't do that on every client! Is there any way I can store the Administrator key in a keytab and use that? Or any other solution? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to automount a kerberos cifs share
On 13/06/12 21:10, Gaiseric Vandal wrote: How about if you use NFS v4 with kerberos instead of CIFS? On 06/13/12 14:58, steve wrote: Hi I have an automount map: * -fstype=cifs,sec=krb5 ://server/share/ It works fine, but only if Administrator has tickets. I can't do that on every client! Is there any way I can store the Administrator key in a keytab and use that? Or any other solution? Cheers, Steve Hi Gaiseric Yes, that would be perfect as we are using kerberized nfs3 for everything else. The problem with nfs4 is that you can't have group rw shares and also there is no document locking between libreoffice and m$office:-( This particular share _has_ to be cifs. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 64 bit compilation
Which platform? If on Solaris 10 sparc, GCC (either from Sun or sunfreeware.com) should be 64-bit by default. GCC from Sunfreeware for Solaris 10 x86 will compile 32-bit by default. For Solaris, you are better off using Sun Studio and Dmake. Actually, you are better off just using the compiled version from Oracle/Sun. On 06/13/12 02:08, prabu.muru...@emc.com wrote: Hi, Have tried to compile samba 64 bit. By default it is compiling 32 bit. Google doesn't give much info about it. Please share your experience on 64bit samba. Thanks, Prabu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to automount a kerberos cifs share
On 06/13/12 17:08, steve wrote: On 13/06/12 21:10, Gaiseric Vandal wrote: How about if you use NFS v4 with kerberos instead of CIFS? On 06/13/12 14:58, steve wrote: Hi I have an automount map: * -fstype=cifs,sec=krb5 ://server/share/ It works fine, but only if Administrator has tickets. I can't do that on every client! Is there any way I can store the Administrator key in a keytab and use that? Or any other solution? Cheers, Steve Hi Gaiseric Yes, that would be perfect as we are using kerberized nfs3 for everything else. The problem with nfs4 is that you can't have group rw shares and also there is no document locking between libreoffice and m$office:-( This particular share _has_ to be cifs. Thanks, Steve What OS are you running? My experience is that Solaris backported kerberos to nfs v3 but that linux requires nfs v4 for kerberos.NFS talks to GSS which in turn talks to Kerberos.autofs runs as root so with nfs you would add creds to the local keytab for root to make that work. No I take it autofs on linux works with more than just NFS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Two attempts required to join domain
Hi Everyone. I have run across an issue that is driving me crazy. This is a new deployment of Samba v3.6.5 with openldap v2.4.30 and smbldap-tools v0.9.8 When trying to join the domain, on the first attempt the machine account is properly created in the correct ou - e.g. ou=Computers,dc=domain,dc=local But the failed to join domain pop-up with reason of The user name could not be found is displayed (which really means the machine name was not found in LDAP) and of course the machine is not yet a domain member. However, a 2nd attempt to join the domain with the same credentials, immediately after the failure results in a Welcome to the X domain and the machine is now a domain member. Setting the openldap slapd loglevel to 416 to show the queries during this process reveals the following: On 1st join attempt Samba searches the whole directory from dc=domain,dc=local with a scope of 2 (sub) for uid=MyMachine, objectClass=sambaSamAccount. It of course does not find it, so the smbldap-useradd script is called and the machine account is properly added to ou=Computers. Then Samba immediately searches _ONLY_ ou=People,dc=domain,dc=local for the newly created machine account and of course does not find it. And the failed to join domain pop-up is displayed on the WinXP machine. On the second join attempt, Samba _ONLY_ searches ou=Computers,dc=domain,dc=local, which is where it SHOULD search for machines as defined everywhere in my configs and it finds the machine and the machine successfully joins the domain. If I set all configs - samba, smbldap etc to be such that computers are in the People organizational unit, then joining the domain works on the first try, every time. Also, if I un-join the domain, but leave the machine account in LDAP in ou=Computers and then re-join the domain, this always works on first try too since Samba's initial scope 2 sub search of the directory starting at the top will find the machine account under ou=Computers. Can someone offer guidance as to why during the new machine creation process (joining a domain) Samba does not look for the machine in the defined machines ou but always in the People ou? Thank you in advance for any help on this! -- Bill Arlofski Reverse Polarity, LLC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Gentoo Linux-installed Samba 4 alpha 21 getting python error
I installed the Samba 4 alpha 21 using the Samba 4 alpha 20 ebuild as a template: When I try to run the samba-tool command, I keep getting *Code:*File /usr/bin/samba-tool, line 38 except SystemExit, e: ^ SyntaxError: invalid syntax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Multi-Master replication
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline, I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Creating a package to upgrade several solaris servers
Hi, I have to upgrade several servers with different versions of Solaris (9 10) and different installations and I thought that creating a package will help me save some time, but I am facing more issues this way than installing manually. I understand that I have to run ./configure first from source3 folder, then make and last the makepkg.sh script, right? I have also changed the install path to match the install directory. configure make seem to work without errors after a couple of fixes, but makepkg.sh is throwing me some errors (I don't have them here but I can post them later) My question is, did anyone create a successful package for Solaris with latest version? can anyone give me a little bit of guidance, please? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Multi-Master replication
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 (S4) [homes] special share availability
I mates, We'd like to know if the beta version of S4 with the s3fs file system now allow to use the [homes] special share. Are we now allowed to use it in smb.conf, and does it works like in S3, as the home share of the user is converted by it's username? Sorry for my approximate english. Cheers. Thank you for your work. Good luck. O.Bilhaut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Gentoo Linux-installed Samba 4 alpha 21 getting python error
On Fri, Jun 8, 2012 at 6:19 AM, John Dekowski jdekow...@gmail.com wrote: I installed the Samba 4 alpha 21 using the Samba 4 alpha 20 ebuild as a template: When I try to run the samba-tool command, I keep getting *Code:*File /usr/bin/samba-tool, line 38 except SystemExit, e: ^ SyntaxError: invalid syntax What version of python are you using? Samba requires python 2.x and not 3.x. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 samba-tool dns question
On Wed, Jun 13, 2012 at 8:45 PM, Kai Blin k...@samba.org wrote: On 2012-06-13 11:21, Trever L. Adams wrote: Hi Trever, /usr/local/samba/bin/samba-tool dns add s4server.example.org example.org example.org TXT v=spf1 mx -all I am not sure it is because it is showing up with dig as v=spf1 mx -all where it should be all one string, I believe. Well, this is how the current code is set up, Amitay added this behavior to the DLZ backend recently, and I followed along for the internal server. I'm not aware of how the string tokenization is actually described in the standard. I'm also not sure if the issue actually is that samba-tool doesn't preserve the quotes around the string, so the data is tokenized when added to the AD record. Amitay, any insights on that one? Cheers, Kai Hi Trever/Kai, The tokenization changes were added to support multiple strings in txt record. If you want to use a single string with spaces in it as a txt record, you have to quote it twice. samba-tool dns add s4server example.org example.org TXT 'v=spf1 mx -all' If you are using nsupdate to add the record, then make sure to quote it as follows: server s4server update add example.org 3600 IN TXT v=spf1 mx -all send That should get you the desired result. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 samba-tool dns question
Thank you kindly! -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. Amitay Isaacs ami...@samba.org wrote: On Wed, Jun 13, 2012 at 8:45 PM, Kai Blin k...@samba.org wrote: On 2012-06-13 11:21, Trever L. Adams wrote: Hi Trever, /usr/local/samba/bin/samba-tool dns add s4server.example.org example.org example.org TXT v=spf1 mx -all I am not sure it is because it is showing up with dig as v=spf1 mx -all where it should be all one string, I believe. Well, this is how the current code is set up, Amitay added this behavior to the DLZ backend recently, and I followed along for the internal server. I'm not aware of how the string tokenization is actually described in the standard. I'm also not sure if the issue actually is that samba-tool doesn't preserve the quotes around the string, so the data is tokenized when added to the AD record. Amitay, any insights on that one? Cheers, Kai Hi Trever/Kai, The tokenization changes were added to support multiple strings in txt record. If you want to use a single string with spaces in it as a txt record, you have to quote it twice. samba-tool dns add s4server example.org example.org TXT 'v=spf1 mx -all' If you are using nsupdate to add the record, then make sure to quote it as follows: server s4server update add example.org 3600 IN TXT v=spf1 mx -all send That should get you the desired result. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 96ada4d s4:ntvfs: add '_fn' suffix to all ntvfs_ops function pointers from 855d23b s3: Use talloc_tos() in more places in dbwrap_util http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 96ada4d87b6d8618919c614765f2ec1d706f4f4a Author: Stefan Metzmacher me...@samba.org Date: Wed Jun 13 09:11:42 2012 +0200 s4:ntvfs: add '_fn' suffix to all ntvfs_ops function pointers This hopefully fixes the build on systems where _LARGE_FILES triggers defines of syscalls e.g. '#define lseek lseek64' on AIX. metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jun 13 11:03:15 CEST 2012 on sn-devel-104 --- Summary of changes: source4/ntvfs/cifs/vfs_cifs.c | 64 +++--- source4/ntvfs/cifs_posix_cli/vfs_cifs_posix.c | 60 +++--- source4/ntvfs/ipc/vfs_ipc.c | 60 +++--- source4/ntvfs/nbench/vfs_nbench.c | 62 +++--- source4/ntvfs/ntvfs.h | 68 source4/ntvfs/ntvfs_generic.c | 54 +++--- source4/ntvfs/ntvfs_interface.c | 256 source4/ntvfs/posix/vfs_posix.c | 62 +++--- source4/ntvfs/print/vfs_print.c |8 +- source4/ntvfs/simple/vfs_simple.c | 60 +++--- source4/ntvfs/smb2/vfs_smb2.c | 62 +++--- source4/ntvfs/unixuid/vfs_unixuid.c | 62 +++--- 12 files changed, 439 insertions(+), 439 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index fb7a485..552f664 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -1191,38 +1191,38 @@ NTSTATUS ntvfs_cifs_init(void) ops.type = NTVFS_DISK; /* fill in all the operations */ - ops.connect = cvfs_connect; - ops.disconnect = cvfs_disconnect; - ops.unlink = cvfs_unlink; - ops.chkpath = cvfs_chkpath; - ops.qpathinfo = cvfs_qpathinfo; - ops.setpathinfo = cvfs_setpathinfo; - ops.open = cvfs_open; - ops.mkdir = cvfs_mkdir; - ops.rmdir = cvfs_rmdir; - ops.rename = cvfs_rename; - ops.copy = cvfs_copy; - ops.ioctl = cvfs_ioctl; - ops.read = cvfs_read; - ops.write = cvfs_write; - ops.seek = cvfs_seek; - ops.flush = cvfs_flush; - ops.close = cvfs_close; - ops.exit = cvfs_exit; - ops.lock = cvfs_lock; - ops.setfileinfo = cvfs_setfileinfo; - ops.qfileinfo = cvfs_qfileinfo; - ops.fsinfo = cvfs_fsinfo; - ops.lpq = cvfs_lpq; - ops.search_first = cvfs_search_first; - ops.search_next = cvfs_search_next; - ops.search_close = cvfs_search_close; - ops.trans = cvfs_trans; - ops.logoff = cvfs_logoff; - ops.async_setup = cvfs_async_setup; - ops.cancel = cvfs_cancel; - ops.notify = cvfs_notify; - ops.trans2 = cvfs_trans2; + ops.connect_fn = cvfs_connect; + ops.disconnect_fn = cvfs_disconnect; + ops.unlink_fn = cvfs_unlink; + ops.chkpath_fn = cvfs_chkpath; + ops.qpathinfo_fn = cvfs_qpathinfo; + ops.setpathinfo_fn = cvfs_setpathinfo; + ops.open_fn = cvfs_open; + ops.mkdir_fn = cvfs_mkdir; + ops.rmdir_fn = cvfs_rmdir; + ops.rename_fn = cvfs_rename; + ops.copy_fn = cvfs_copy; + ops.ioctl_fn = cvfs_ioctl; + ops.read_fn = cvfs_read; + ops.write_fn = cvfs_write; + ops.seek_fn = cvfs_seek; + ops.flush_fn = cvfs_flush; + ops.close_fn = cvfs_close; + ops.exit_fn = cvfs_exit; + ops.lock_fn = cvfs_lock; + ops.setfileinfo_fn = cvfs_setfileinfo; + ops.qfileinfo_fn = cvfs_qfileinfo; + ops.fsinfo_fn = cvfs_fsinfo; + ops.lpq_fn = cvfs_lpq; + ops.search_first_fn = cvfs_search_first; + ops.search_next_fn = cvfs_search_next; + ops.search_close_fn = cvfs_search_close; + ops.trans_fn = cvfs_trans; + ops.logoff_fn = cvfs_logoff; + ops.async_setup_fn = cvfs_async_setup; + ops.cancel_fn = cvfs_cancel; + ops.notify_fn = cvfs_notify; + ops.trans2_fn = cvfs_trans2; /* register ourselves with the NTVFS subsystem. We register under the name 'cifs'. */ diff --git a/source4/ntvfs/cifs_posix_cli/vfs_cifs_posix.c b/source4/ntvfs/cifs_posix_cli/vfs_cifs_posix.c index 949b6db..8c5a53b 100644 --- a/source4/ntvfs/cifs_posix_cli/vfs_cifs_posix.c +++ b/source4/ntvfs/cifs_posix_cli/vfs_cifs_posix.c @@ -1061,36 +1061,36 @@ NTSTATUS ntvfs_cifs_posix_init(void) ZERO_STRUCT(ops); /* fill in all the operations */ - ops.connect = cifspsx_connect; - ops.disconnect = cifspsx_disconnect; -
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via ec7a5f2 Forward port of Richard Sharpe's
realrichardsha...@gmail.com fix for bug #8970 - Possible memory leaks in the
samba master process.
from 7ca2654 s3: fix compile of krb5 locator on Solaris
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit ec7a5f2593b67797fc3924611d3b0b05b807d0bf
Author: Jeremy Allison j...@samba.org
Date: Thu May 31 16:25:52 2012 -0700
Forward port of Richard Sharpe's realrichardsha...@gmail.com fix for bug
#8970 - Possible memory leaks in the samba master process.
---
Summary of changes:
source3/include/proto.h |6 +++---
source3/nmbd/nmbd.c |3 ++-
source3/param/loadparm.c | 12
source3/printing/load.c |7 ++-
source3/smbd/server_reload.c |1 +
source3/winbindd/winbindd.c |3 ++-
6 files changed, 22 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 28b58b2..e22fc9c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1338,9 +1338,9 @@ NTSTATUS change_trust_account_password( const char
*domain, const char *remote_m
/* The following definitions come from param/loadparm.c */
char *lp_smb_ports(void);
-char *lp_dos_charset(void);
-char *lp_unix_charset(void);
-char *lp_display_charset(void);
+const char *lp_dos_charset(void);
+const char *lp_unix_charset(void);
+const char *lp_display_charset(void);
char *lp_logfile(void);
char *lp_configfile(void);
char *lp_smb_passwd_file(void);
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 986c575..0172e08 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -365,11 +365,12 @@ static bool reload_nmbd_services(bool test)
set_remote_machine_name(nmbd, False);
if ( lp_loaded() ) {
- const char *fname = lp_configfile();
+ char *fname = lp_configfile();
if (file_exist(fname)
!strcsequal(fname,get_dyn_CONFIGFILE())) {
set_dyn_CONFIGFILE(fname);
test = False;
}
+ TALLOC_FREE(fname);
}
if ( test !lp_file_list_changed() )
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 6ad2452..dd63339 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -5575,9 +5575,9 @@ static char *lp_string(const char *s)
char fn_name(const struct share_params *p) {return(LP_SNUM_OK(p-service)?
ServicePtrs[(p-service)]-val : sDefault.val);}
FN_GLOBAL_STRING(lp_smb_ports, Globals.smb_ports)
-FN_GLOBAL_STRING(lp_dos_charset, Globals.dos_charset)
-FN_GLOBAL_STRING(lp_unix_charset, Globals.unix_charset)
-FN_GLOBAL_STRING(lp_display_charset, Globals.display_charset)
+FN_GLOBAL_CONST_STRING(lp_dos_charset, Globals.dos_charset)
+FN_GLOBAL_CONST_STRING(lp_unix_charset, Globals.unix_charset)
+FN_GLOBAL_CONST_STRING(lp_display_charset, Globals.display_charset)
FN_GLOBAL_STRING(lp_logfile, Globals.szLogFile)
FN_GLOBAL_STRING(lp_configfile, Globals.szConfigFile)
FN_GLOBAL_STRING(lp_smb_passwd_file, Globals.szSMBPasswdFile)
@@ -9647,7 +9647,11 @@ static bool lp_load_ex(const char *pszFname,
}
}
- lp_add_auto_services(lp_auto_services());
+ {
+ char *serv = lp_auto_services();
+ lp_add_auto_services(serv);
+ TALLOC_FREE(serv);
+ }
if (add_ipc) {
/* When 'restrict anonymous = 2' guest connections to ipc$
diff --git a/source3/printing/load.c b/source3/printing/load.c
index 5acc258..829c3e3 100644
--- a/source3/printing/load.c
+++ b/source3/printing/load.c
@@ -30,6 +30,7 @@ static void add_auto_printers(void)
int pnum = lp_servicenumber(PRINTERS_NAME);
char *str;
char *saveptr;
+ char *auto_serv = NULL;
if (pnum 0)
if (process_registry_service(PRINTERS_NAME))
@@ -38,8 +39,12 @@ static void add_auto_printers(void)
if (pnum 0)
return;
- if ((str = SMB_STRDUP(lp_auto_services())) == NULL)
+ auto_serv = lp_auto_services();
+ str = SMB_STRDUP(auto_serv);
+ TALLOC_FREE(auto_serv);
+ if (str == NULL) {
return;
+ }
for (p = strtok_r(str, LIST_SEP, saveptr); p;
p = strtok_r(NULL, LIST_SEP, saveptr)) {
diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c
index 6e0ab39..fd6dc1a 100644
--- a/source3/smbd/server_reload.c
+++ b/source3/smbd/server_reload.c
@@ -127,6 +127,7 @@ bool reload_services(struct messaging_context *msg_ctx, int
smb_sock,
set_dyn_CONFIGFILE(fname);
test = False;
}
+ TALLOC_FREE(fname);
}
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via d853bc0 Fix bug #8970 - Possible memory leaks in the samba master
process.
from 0529cf9 Fix bug #8882 - Broken processing of %U with vfs_full_audit
when force user is set.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit d853bc02c32a4c1172bf5f3f64c75db5ecc5ccca
Author: Richard Sharpe realrichardsha...@gmail.com
Date: Thu May 31 15:43:14 2012 -0700
Fix bug #8970 - Possible memory leaks in the samba master process.
Signed-off-by: Jeremy Allison j...@samba.org
---
Summary of changes:
source3/include/proto.h |6 +++---
source3/lib/debug.c | 13 -
source3/nmbd/nmbd.c |3 ++-
source3/param/loadparm.c| 12
source3/smbd/server.c |1 +
source3/winbindd/winbindd.c |3 ++-
6 files changed, 24 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 579fc1b..559a34e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3918,9 +3918,9 @@ void expire_workgroups_and_servers(time_t t);
/* The following definitions come from param/loadparm.c */
char *lp_smb_ports(void);
-char *lp_dos_charset(void);
-char *lp_unix_charset(void);
-char *lp_display_charset(void);
+const char *lp_dos_charset(void);
+const char *lp_unix_charset(void);
+const char *lp_display_charset(void);
char *lp_logfile(void);
char *lp_configfile(void);
char *lp_smb_passwd_file(void);
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index 80b8310..05e9eee 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -657,9 +657,11 @@ bool reopen_logs( void )
SAFE_FREE(fname);
fname = SMB_STRDUP(logfname);
if (!fname) {
+ TALLOC_FREE(logfname);
return false;
}
}
+ TALLOC_FREE(logfname);
}
debugf = fname;
@@ -1028,6 +1030,8 @@ bool dbghdrclass(int level, int cls, const char
*location, const char *func)
*/
if( lp_timestamp_logs() || lp_debug_prefix_timestamp() ||
!(lp_loaded()) ) {
char header_str[200];
+ char *curtime = current_timestring(talloc_tos(),
+ lp_debug_hires_timestamp());
header_str[0] = '\0';
@@ -1050,19 +1054,18 @@ bool dbghdrclass(int level, int cls, const char
*location, const char *func)
, class=%s,
default_classname_table[cls]);
}
-
+
/* Print it all out at once to prevent split syslog output. */
if( lp_debug_prefix_timestamp() ) {
(void)Debug1( [%s, %2d%s] ,
- current_timestring(talloc_tos(),
- lp_debug_hires_timestamp()),
+ curtime,
level, header_str);
} else {
(void)Debug1( [%s, %2d%s] %s(%s)\n,
- current_timestring(talloc_tos(),
- lp_debug_hires_timestamp()),
+ curtime,
level, header_str, location, func );
}
+ TALLOC_FREE(curtime);
}
errno = old_errno;
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 48e6d93..2a7b28d 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -366,11 +366,12 @@ static bool reload_nmbd_services(bool test)
set_remote_machine_name(nmbd, False);
if ( lp_loaded() ) {
- const char *fname = lp_configfile();
+ char *fname = lp_configfile();
if (file_exist(fname)
!strcsequal(fname,get_dyn_CONFIGFILE())) {
set_dyn_CONFIGFILE(fname);
test = False;
}
+ TALLOC_FREE(fname);
}
if ( test !lp_file_list_changed() )
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 28ffc08..8c1cf09 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -5318,9 +5318,9 @@ static char *lp_string(const char *s)
char fn_name(const struct share_params *p) {return(LP_SNUM_OK(p-service)?
ServicePtrs[(p-service)]-val : sDefault.val);}
FN_GLOBAL_STRING(lp_smb_ports, Globals.smb_ports)
-FN_GLOBAL_STRING(lp_dos_charset, Globals.dos_charset)
-FN_GLOBAL_STRING(lp_unix_charset, Globals.unix_charset)
-FN_GLOBAL_STRING(lp_display_charset, Globals.display_charset)
+FN_GLOBAL_CONST_STRING(lp_dos_charset, Globals.dos_charset)
+FN_GLOBAL_CONST_STRING(lp_unix_charset, Globals.unix_charset)
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 445f314 s3: Fix uninitialized memory read in talloc_free()
from ec7a5f2 Forward port of Richard Sharpe's
realrichardsha...@gmail.com fix for bug #8970 - Possible memory leaks in the
samba master process.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 445f314614e4e514a70ff5f1fbbfedb4d3ab0aac
Author: Volker Lendecke v...@samba.org
Date: Tue May 29 15:31:49 2012 +0200
s3: Fix uninitialized memory read in talloc_free()
Thanks to laurent gaffie laurent.gaf...@gmail.com for reporting
this issue!
---
Summary of changes:
source3/libsmb/clispnego.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 4581ce4..0a907ba 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -127,6 +127,9 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
asn1_start_tag(data,ASN1_SEQUENCE(0));
for (i=0; asn1_tag_remaining(data) 0 i ASN1_MAX_OIDS-1; i++) {
asn1_read_OID(data,ctx, OIDs[i]);
+ if (data-has_error) {
+ break;
+ }
}
OIDs[i] = NULL;
asn1_end_tag(data);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via bc4a2c1 s3: Fix uninitialized memory read in talloc_free()
from d853bc0 Fix bug #8970 - Possible memory leaks in the samba master
process.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit bc4a2c143b531f9362acb8f3d6e099cbac070840
Author: Volker Lendecke v...@samba.org
Date: Mon Jun 4 12:22:21 2012 -0700
s3: Fix uninitialized memory read in talloc_free()
Thanks to laurent gaffie laurent.gaf...@gmail.com for reporting
this issue!
---
Summary of changes:
source3/libsmb/clispnego.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 36d21d0..3322529 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -161,6 +161,9 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
for (i=0; asn1_tag_remaining(data) 0 i ASN1_MAX_OIDS-1; i++) {
const char *oid_str = NULL;
asn1_read_OID(data,talloc_autofree_context(),oid_str);
+ if (data-has_error) {
+ break;
+ }
OIDs[i] = CONST_DISCARD(char *, oid_str);
}
OIDs[i] = NULL;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 8b3b1aa We are triggering the cleanup_timeout_fn() too often, on
exiting when an smbd is idle.
via 777ac04 Stop spamming the logs with Could not remove pid XX from
serverid.tdb messages and initiating the cleanup function on every process deat
from 445f314 s3: Fix uninitialized memory read in talloc_free()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 8b3b1aa4ff76d7f03285e3fa87f30f3068a7ea5d
Author: Jeremy Allison j...@samba.org
Date: Fri Jun 1 12:28:33 2012 -0700
We are triggering the cleanup_timeout_fn() too often, on exiting when an
smbd is idle.
Calls to exit_server_cleanly() should be treated as a clean shutdown,
and not trigger the master smbd to call cleanup_timeout_fn.
The last 2 patches address bug #8971 (cleanup_timeout_fn() is called too
often,
on exiting when an smbd is idle.)
commit 777ac04a99467594805a03635b04011c495ff7e7
Author: Jeremy Allison j...@samba.org
Date: Fri Jun 1 12:02:04 2012 -0700
Stop spamming the logs with Could not remove pid XX from serverid.tdb
messages and initiating the cleanup function on every process deat
We now have many sub-processes from smbd that don't serve SMB1/SMB2
requests and
don't register themselves in the serverid.tdb. Only initiate the cleanup
from processes that were explicitly in the child list.
---
Summary of changes:
source3/smbd/server.c | 35 +++
source3/smbd/server_exit.c | 15 ---
2 files changed, 23 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 8cda180..9a8cdc0 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -283,6 +283,25 @@ static void remove_child_pid(pid_t pid, bool
unclean_shutdown)
static struct timed_event *cleanup_te;
struct server_id child_id;
+ child_id = procid_self(); /* Just initialize pid and potentially vnn */
+ child_id.pid = pid;
+
+ for (child = children; child != NULL; child = child-next) {
+ if (child-pid == pid) {
+ struct child_pid *tmp = child;
+ DLIST_REMOVE(children, child);
+ SAFE_FREE(tmp);
+ num_children -= 1;
+ break;
+ }
+ }
+
+ if (child == NULL) {
+ /* not all forked child processes are added to the children
list */
+ DEBUG(2, (Could not find child %d -- ignoring\n, (int)pid));
+ return;
+ }
+
if (unclean_shutdown) {
/* a child terminated uncleanly so tickle all
processes to see if they can grab any of the
@@ -301,26 +320,10 @@ static void remove_child_pid(pid_t pid, bool
unclean_shutdown)
}
}
- child_id = procid_self(); /* Just initialize pid and potentially vnn */
- child_id.pid = pid;
-
if (!serverid_deregister(child_id)) {
DEBUG(1, (Could not remove pid %d from serverid.tdb\n,
(int)pid));
}
-
- for (child = children; child != NULL; child = child-next) {
- if (child-pid == pid) {
- struct child_pid *tmp = child;
- DLIST_REMOVE(children, child);
- SAFE_FREE(tmp);
- num_children -= 1;
- return;
- }
- }
-
- /* not all forked child processes are added to the children list */
- DEBUG(1, (Could not find child %d -- ignoring\n, (int)pid));
}
/
diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c
index 4c71d8f..fc77dee 100644
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -83,7 +83,6 @@ static void exit_server_common(enum server_exit_reason how,
static void exit_server_common(enum server_exit_reason how,
const char *const reason)
{
- bool had_open_conn = false;
struct smbd_server_connection *sconn = smbd_server_conn;
if (!exit_firsttime)
@@ -101,7 +100,7 @@ static void exit_server_common(enum server_exit_reason how,
bool found = false;
files_forall(sconn, log_writeable_file_fn, found);
}
- had_open_conn = conn_close_all(sconn);
+ (void)conn_close_all(sconn);
invalidate_all_vuids(sconn);
}
@@ -175,6 +174,8 @@ static void exit_server_common(enum server_exit_reason how,
dump_core();
+ /* Notreached. */
+ exit(1);
} else {
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 185c205 s3-librpc-crypto: avoid crash with MIT krb5 1.10.0 in
gss_get_name_attribute()
from 8b3b1aa We are triggering the cleanup_timeout_fn() too often, on
exiting when an smbd is idle.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 185c2054fd22de0ab07a762a279a7ef0db5d802c
Author: Alexander Bokovoy a...@samba.org
Date: Thu Jun 7 18:24:38 2012 +0300
s3-librpc-crypto: avoid crash with MIT krb5 1.10.0 in
gss_get_name_attribute()
gss_get_name_attribute() can return unintialized pac_display_buffer
and later gss_release_buffer() will crash on attempting to release it.
The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT
upstream:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guestpass=guestid=7087
We need to initialize variables before using gss_get_name_attribute()
Fix bug #8988 (avoid crash with MIT krb5 1.10.0 in
gss_get_name_attribute()).
---
Summary of changes:
source3/librpc/crypto/gse.c | 20 ++--
1 files changed, 18 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 335dc1c..02fb0f6 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -688,8 +688,24 @@ NTSTATUS gse_get_pac_blob(struct gse_context *gse_ctx,
TALLOC_CTX *mem_ctx, DATA_BLOB *pac_blob)
{
OM_uint32 gss_min, gss_maj;
- gss_buffer_desc pac_buffer;
- gss_buffer_desc pac_display_buffer;
+/*
+ * gss_get_name_attribute() in MIT krb5 1.10.0 can return unintialized
pac_display_buffer
+ * and later gss_release_buffer() will crash on attempting to release it.
+ *
+ * So always initialize the buffer descriptors.
+ *
+ * See following links for more details:
+ * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
+ * http://krbdev.mit.edu/rt/Ticket/Display.html?user=guestpass=guestid=7087
+ */
+ gss_buffer_desc pac_buffer = {
+ .value = NULL,
+ .length = 0
+ };
+ gss_buffer_desc pac_display_buffer = {
+ .value = NULL,
+ .length = 0
+ };
gss_buffer_desc pac_name = {
.value = discard_const_p(char, urn:mspac:),
.length = sizeof(urn:mspac:) - 1
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 87d75c6 Fix bug #8311 - Winzip occasionally can not read files out
of an open winzip dialog.
from 185c205 s3-librpc-crypto: avoid crash with MIT krb5 1.10.0 in
gss_get_name_attribute()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 87d75c675ccd1cd455afb67e149ce1e835ad6b21
Author: Stefan Metzmacher me...@samba.org
Date: Mon Jun 4 15:59:35 2012 -0700
Fix bug #8311 - Winzip occasionally can not read files out of an open
winzip dialog.
Backport of the changes in master without the VFS change. Move
all processing into smb_fsctl().
---
Summary of changes:
source3/smbd/nttrans.c| 392 -
source3/smbd/proto.h |9 +
source3/smbd/smb2_ioctl.c | 138 +++--
3 files changed, 242 insertions(+), 297 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index de508eb..429250e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2112,44 +2112,29 @@ static void
call_nt_transact_set_security_desc(connection_struct *conn,
return;
}
-/
- Reply to NT IOCTL
-/
-
-static void call_nt_transact_ioctl(connection_struct *conn,
- struct smb_request *req,
- uint16 **ppsetup, uint32 setup_count,
- char **ppparams, uint32 parameter_count,
- char **ppdata, uint32 data_count,
- uint32 max_data_count)
-{
- uint32 function;
- uint16 fidnum;
- files_struct *fsp;
- uint8 isFSctl;
- uint8 compfilter;
- char *pdata = *ppdata;
-
- if (setup_count != 8) {
- DEBUG(3,(call_nt_transact_ioctl: invalid setup count %d\n,
setup_count));
- reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
- return;
- }
-
- function = IVAL(*ppsetup, 0);
- fidnum = SVAL(*ppsetup, 4);
- isFSctl = CVAL(*ppsetup, 6);
- compfilter = CVAL(*ppsetup, 7);
+/*
+ * Implement the default fsctl operation.
+ */
- DEBUG(10,(call_nt_transact_ioctl: function[0x%08X] FID[0x%04X]
isFSctl[0x%02X] compfilter[0x%02X]\n,
-function, fidnum, isFSctl, compfilter));
+static bool vfswrap_logged_ioctl_message = false;
- fsp=file_fsp(req, fidnum);
- /* this check is done in each implemented function case for now
- because I don't want to break anything... --metze
- FSP_BELONGS_CONN(fsp,conn);*/
-
- SMB_PERFCOUNT_SET_IOCTL(req-pcd, function);
+/*
+ * In 3.6 we do not have a SMB_VFS_FSCTL() function
+ * it's just faked to make it more look like
+ * master (4.0)
+ */
+NTSTATUS smb_fsctl(struct files_struct *fsp,
+ TALLOC_CTX *ctx,
+ uint32_t function,
+ uint16_t req_flags, /* Needed for UNICODE ... */
+ const uint8_t *_in_data,
+ uint32_t in_len,
+ uint8_t **_out_data,
+ uint32_t max_out_len,
+ uint32_t *out_len)
+{
+ const char *in_data = (const char *)_in_data;
+ char **out_data = (char **)_out_data;
switch (function) {
case FSCTL_SET_SPARSE:
@@ -2157,79 +2142,61 @@ static void call_nt_transact_ioctl(connection_struct
*conn,
bool set_sparse = true;
NTSTATUS status;
- if (data_count = 1 pdata[0] == 0) {
+ if (in_len = 1 in_data[0] == 0) {
set_sparse = false;
}
- DEBUG(10,(FSCTL_SET_SPARSE: called on FID[0x%04X]set[%u]\n,
-fidnum, set_sparse));
+ status = file_set_sparse(fsp-conn, fsp, set_sparse);
- if (!check_fsp_open(conn, req, fsp)) {
- return;
- }
-
- status = file_set_sparse(conn, fsp, set_sparse);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(9,(FSCTL_SET_SPARSE: fname[%s] set[%u] - %s\n,
-smb_fname_str_dbg(fsp-fsp_name), set_sparse,
nt_errstr(status)));
- reply_nterror(req, status);
- return;
- }
+ DEBUG(NT_STATUS_IS_OK(status) ? 10 : 9,
+ (FSCTL_SET_SPARSE: fname[%s] set[%u] - %s\n,
+ smb_fname_str_dbg(fsp-fsp_name), set_sparse,
+ nt_errstr(status)));
- DEBUG(10,(FSCTL_SET_SPARSE: fname[%s]
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 4cf3fb8 s3-winbindd: call dump_core_setup after command line option
has been parsed
from 87d75c6 Fix bug #8311 - Winzip occasionally can not read files out
of an open winzip dialog.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 4cf3fb815610c6f0939f8b142296cd836faac7e6
Author: Matthieu Patou m...@matws.net
Date: Fri Jun 1 15:33:04 2012 -0700
s3-winbindd: call dump_core_setup after command line option has been parsed
Without this fix in some situations winbindd can't coredump.
Such cases append when samba is compiled in a custom prefix (ie.
/home/build/mat/prod/1/) in this case get_dyn_LOGFILEBASE or
basename(lp_logfile)
before the configuration file and the command line is parsed will be
something like /home/build/mat/prod/1/var
which might not exists on the host where you run it (where it's most
probably more normal directories).
Specifying --log-basename didn't help as dump_core_setup is called before
the command line and
the config file is read so it didn't help getting a correct value in
dump_core_setup.
We fix this issue by calling dump_core_setup() also after the command
line has been read and also after the configfile has been parsed so that
the final location for the coredump is coherent with the final logile
location.
Fix bug #8975 (winbindd can't coredump).
---
Summary of changes:
source3/winbindd/winbindd.c | 14 ++
1 files changed, 14 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index f80949d..15aafeb 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1303,6 +1303,15 @@ int main(int argc, char **argv, char **envp)
}
}
+ /* We call dump_core_setup one more time because the command line can
+* set the log file or the log-basename and this will influence where
+* cores are stored. Without this call get_dyn_LOGFILEBASE will be
+* the default value derived from build's prefix. For EOM this value
+* is often not related to the path where winbindd is actually run
+* in production.
+*/
+ dump_core_setup(winbindd);
+
if (is_daemon interactive) {
d_fprintf(stderr,\nERROR:
Option -i|--interactive is not allowed together with
-D|--daemon\n\n);
@@ -1341,6 +1350,11 @@ int main(int argc, char **argv, char **envp)
DEBUG(0, (error opening config file\n));
exit(1);
}
+ /* After parsing the configuration file we setup the core path one more
time
+* as the log file might have been set in the configuration and cores's
+* path is by default basename(lp_logfile()).
+*/
+ dump_core_setup(winbindd);
/* Initialise messaging system */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via 529 s3-winbindd: call dump_core_setup after command line option
has been parsed
from bc4a2c1 s3: Fix uninitialized memory read in talloc_free()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit 52922fb373ad23a0ce9034bf9630cdb17765
Author: Matthieu Patou m...@matws.net
Date: Fri Jun 1 15:33:04 2012 -0700
s3-winbindd: call dump_core_setup after command line option has been parsed
Without this fix in some situations winbindd can't coredump.
Such cases append when samba is compiled in a custom prefix (ie.
/home/build/mat/prod/1/) in this case get_dyn_LOGFILEBASE or
basename(lp_logfile)
before the configuration file and the command line is parsed will be
something like /home/build/mat/prod/1/var
which might not exists on the host where you run it (where it's most
probably more normal directories).
Specifying --log-basename didn't help as dump_core_setup is called before
the command line and
the config file is read so it didn't help getting a correct value in
dump_core_setup.
We fix this issue by calling dump_core_setup() also after the command
line has been read and also after the configfile has been parsed so that
the final location for the coredump is coherent with the final logile
location.
Fix bug #8975 (winbindd can't coredump).
(cherry picked from commit 4cf3fb815610c6f0939f8b142296cd836faac7e6)
---
Summary of changes:
source3/winbindd/winbindd.c | 14 ++
1 files changed, 14 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 0550da8..ca5a53b 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1073,6 +1073,15 @@ int main(int argc, char **argv, char **envp)
}
}
+ /* We call dump_core_setup one more time because the command line can
+* set the log file or the log-basename and this will influence where
+* cores are stored. Without this call get_dyn_LOGFILEBASE will be
+* the default value derived from build's prefix. For EOM this value
+* is often not related to the path where winbindd is actually run
+* in production.
+*/
+ dump_core_setup(winbindd);
+
if (is_daemon interactive) {
d_fprintf(stderr,\nERROR:
Option -i|--interactive is not allowed together with
-D|--daemon\n\n);
@@ -1107,6 +1116,11 @@ int main(int argc, char **argv, char **envp)
DEBUG(0, (error opening config file\n));
exit(1);
}
+ /* After parsing the configuration file we setup the core path one more
time
+* as the log file might have been set in the configuration and cores's
+* path is by default basename(lp_logfile()).
+*/
+ dump_core_setup(winbindd);
/* Initialise messaging system */
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via bb750d7 Fix bug #8972 - Directory group write permission bit is set
if unix extensions are enabled
from 4cf3fb8 s3-winbindd: call dump_core_setup after command line option
has been parsed
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit bb750d7232bd266c06a14ac3ea577aeecfb81b14
Author: Jeremy Allison j...@samba.org
Date: Wed Jun 13 10:48:32 2012 -0700
Fix bug #8972 - Directory group write permission bit is set if unix
extensions are enabled
We can't manipulate file_attributes if it's a posix call.
---
Summary of changes:
source3/smbd/open.c |6 --
1 files changed, 4 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 202643f..72b7d8e 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2583,8 +2583,10 @@ static NTSTATUS open_directory(connection_struct *conn,
SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
- /* Ensure we have a directory attribute. */
- file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
+ if (!(file_attributes FILE_FLAG_POSIX_SEMANTICS)) {
+ /* Ensure we have a directory attribute. */
+ file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
+ }
DEBUG(5,(open_directory: opening directory %s, access_mask = 0x%x,
share_access = 0x%x create_options = 0x%x,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via fe7d9d8 Fix bug #8972 - Directory group write permission bit is set
if unix extensions are enabled
from 529 s3-winbindd: call dump_core_setup after command line option
has been parsed
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit fe7d9d85102613346a1365929f4545e43f412ab8
Author: Jeremy Allison j...@samba.org
Date: Wed Jun 13 10:48:32 2012 -0700
Fix bug #8972 - Directory group write permission bit is set if unix
extensions are enabled
We can't manipulate file_attributes if it's a posix call.
(cherry picked from commit bb750d7232bd266c06a14ac3ea577aeecfb81b14)
---
Summary of changes:
source3/smbd/open.c |6 --
1 files changed, 4 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ded07a1..dfa45ef 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2296,8 +2296,10 @@ static NTSTATUS open_directory(connection_struct *conn,
SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
- /* Ensure we have a directory attribute. */
- file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
+ if (!(file_attributes FILE_FLAG_POSIX_SEMANTICS)) {
+ /* Ensure we have a directory attribute. */
+ file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
+ }
DEBUG(5,(open_directory: opening directory %s, access_mask = 0x%x,
share_access = 0x%x create_options = 0x%x,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated
via c615d8e Fix bug #8994 - winbind normalize names.
from fe7d9d8 Fix bug #8972 - Directory group write permission bit is set
if unix extensions are enabled
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -
commit c615d8e8e037996a9dd8d5a1982cf49d7c19a831
Author: Jeremy Allison j...@samba.org
Date: Thu Jul 29 13:47:27 2010 -0700
Fix bug #8994 - winbind normalize names.
We should be using the winbindd separator in this case, not hardcoding a \\
value.
Jeremy.
(cherry picked from commit b7f029016a6a3fb98652c65f27ae80ad78048396)
Signed-off-by: Andreas Schneider a...@samba.org
---
Summary of changes:
source3/winbindd/winbindd_pam.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b0b8e40..c8910d6 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1558,7 +1558,9 @@ enum winbindd_result winbindd_dual_pam_auth(struct
winbindd_domain *domain,
parse_domain_user(mapped_user, name_domain, name_user);
if ( mapped_user != state-request-data.auth.user ) {
- fstr_sprintf( domain_user, %s\\%s, name_domain, name_user );
+ fstr_sprintf( domain_user, %s%c%s, name_domain,
+ *lp_winbind_separator(),
+ name_user );
safe_strcpy( state-request-data.auth.user, domain_user,
sizeof(state-request-data.auth.user)-1 );
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 2041ef3 s3: remove dependency on automake for make everything from bb750d7 Fix bug #8972 - Directory group write permission bit is set if unix extensions are enabled http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 2041ef3df94842822102d371029cbb14a7f2c024 Author: Björn Jacke b...@sernet.de Date: Tue Jun 5 15:37:00 2012 +0200 s3: remove dependency on automake for make everything the dependency was introduced by 737a1c9b96a4ba8d8688f4dba1df6d931e10e64d We now call auto* in examples/VFS from within the main autogen.sh. This fixes bug #8978. Autobuild-User: Björn Jacke b...@sernet.de Autobuild-Date: Tue Jun 5 17:32:22 CEST 2012 on sn-devel-104 (cherry picked from commit 5cc86fd560568202bef069eb89f5906f20050085) --- Summary of changes: source3/Makefile.in |1 - source3/autogen.sh |9 + 2 files changed, 9 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 2c28e2b..1a7ad8a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -3557,7 +3557,6 @@ bin/ndrdump4: $(BINARY_PREREQS) vfs_examples: ( \ cd ../examples/VFS \ - ./autogen.sh \ ./configure \ make clean \ make \ diff --git a/source3/autogen.sh b/source3/autogen.sh index d9f6030..52b5fa6 100755 --- a/source3/autogen.sh +++ b/source3/autogen.sh @@ -75,6 +75,15 @@ $AUTOCONF $IPATHS || exit 1 rm -rf autom4te*.cache +( cd ../examples/VFS || exit 1 + echo $0: running $AUTOHEADER in ../examples/VFS/ + $AUTOHEADER || exit 1 + echo $0: running $AUTOCONF in ../examples/VFS/ + $AUTOCONF || exit 1 + rm -rf autom4te*.cache +) || exit 1 + + if gcc -E tests/preproc-dummy.c -o /dev/null ; then PIDL_OUTPUTDIR=librpc/gen_ndr CPP=gcc -E PIDL=../pidl/pidl \ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via e5e8668 Complete fix for bug #8811 - sd_has_inheritable_components
segfaults on an SD that se_access_check accepts.
from 2041ef3 s3: remove dependency on automake for make everything
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit e5e86688bdcb91817954fb23ecf10a3b6ddd3933
Author: Jeremy Allison j...@samba.org
Date: Fri Mar 30 11:58:31 2012 -0700
Complete fix for bug #8811 - sd_has_inheritable_components segfaults on an
SD that se_access_check accepts.
---
Summary of changes:
source3/lib/secdesc.c|4
source3/modules/vfs_acl_common.c | 25 -
source3/smbd/file_access.c |5 -
3 files changed, 28 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 001eccb..007e097 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -534,6 +534,10 @@ bool sd_has_inheritable_components(const struct
security_descriptor *parent_ctr,
unsigned int i;
const struct security_acl *the_acl = parent_ctr-dacl;
+ if (the_acl == NULL) {
+ return false;
+ }
+
for (i = 0; i the_acl-num_aces; i++) {
const struct security_ace *ace = the_acl-aces[i];
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 56da3af..a537011 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -166,7 +166,7 @@ static NTSTATUS create_acl_blob(const struct
security_descriptor *psd,
CREATOR_OWNER/CREATOR_GROUP/WORLD.
***/
-static void add_directory_inheritable_components(vfs_handle_struct *handle,
+static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
const char *name,
SMB_STRUCT_STAT *psbuf,
struct security_descriptor *psd)
@@ -184,7 +184,7 @@ static void
add_directory_inheritable_components(vfs_handle_struct *handle,
num_aces + 3);
if (new_ace_list == NULL) {
- return;
+ return NT_STATUS_NO_MEMORY;
}
/* Fake a quick smb_filename. */
@@ -236,8 +236,19 @@ static void
add_directory_inheritable_components(vfs_handle_struct *handle,
SEC_ACE_FLAG_CONTAINER_INHERIT|
SEC_ACE_FLAG_OBJECT_INHERIT|
SEC_ACE_FLAG_INHERIT_ONLY);
- psd-dacl-aces = new_ace_list;
- psd-dacl-num_aces += 3;
+ if (psd-dacl) {
+ psd-dacl-aces = new_ace_list;
+ psd-dacl-num_aces += 3;
+ } else {
+ psd-dacl = make_sec_acl(talloc_tos(),
+ NT4_ACL_REVISION,
+ 3,
+ new_ace_list);
+ if (psd-dacl == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ return NT_STATUS_OK;
}
/***
@@ -393,10 +404,14 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct
*handle,
if (is_directory
!sd_has_inheritable_components(psd,
true)) {
- add_directory_inheritable_components(handle,
+ status = add_directory_inheritable_components(
+ handle,
name,
psbuf,
psd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
}
/* The underlying POSIX module always sets
the ~SEC_DESC_DACL_PROTECTED bit, as ACLs
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 9f95d68..bd65a70 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -261,7 +261,10 @@ bool directory_has_default_acl(connection_struct *conn,
const char *fname)
NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
SECINFO_DACL, secdesc);
- if (!NT_STATUS_IS_OK(status) || secdesc == NULL) {
+ if (!NT_STATUS_IS_OK(status) ||
+ secdesc == NULL ||
+ secdesc-dacl == NULL) {
+ TALLOC_FREE(secdesc);
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6330936 Fix bug #8922. from e5e8668 Complete fix for bug #8811 - sd_has_inheritable_components segfaults on an SD that se_access_check accepts. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 633093685734e44afd7a0de1d58a0ffe905ae13a Author: Jeremy Allison j...@samba.org Date: Fri May 11 03:27:01 2012 -0700 Fix bug #8922. Looking at the do_list status returns was historically ignored, allowing tar to continue after NT_STATUS_ACCESS_DENIED. Return to this state. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri May 11 14:55:53 CEST 2012 on sn-devel-104 --- Summary of changes: source3/client/clitar.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 3c08734..b658688 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -907,7 +907,7 @@ strlen(finfo-name)=%d\nname=%s,cur_dir=%s\n, return NT_STATUS_NO_MEMORY; } DEBUG(5, (Doing list with mtar_mask: %s\n, mtar_mask)); - status = do_list(mtar_mask, attribute, do_tar, False, True); + do_list(mtar_mask, attribute, do_tar, False, True); client_set_cur_dir(saved_curdir); TALLOC_FREE(saved_curdir); TALLOC_FREE(new_cd); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 43c56dc s3: fix build without ads support
via e2747fc replace: fix unused variable warning
via dba3b2e doc: fix typo uniq → unique
from 96ada4d s4:ntvfs: add '_fn' suffix to all ntvfs_ops function
pointers
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 43c56dc4255a7a6cbd176e6ae66a7652c6d72d2c
Author: Björn Jacke b...@sernet.de
Date: Wed Jun 13 19:28:06 2012 +0200
s3: fix build without ads support
when we have no ads support we don't have the ads_get_sid_token symbol used
in
this unused code :-)
Autobuild-User(master): Björn Jacke b...@sernet.de
Autobuild-Date(master): Wed Jun 13 21:20:15 CEST 2012 on sn-devel-104
commit e2747fc62c2acbab143c4971469e0a4fc36d8789
Author: Björn Jacke b...@sernet.de
Date: Wed Jun 13 18:55:56 2012 +0200
replace: fix unused variable warning
found by the IRIX compiler
commit dba3b2e0b62d385599057a6e6b5d604e1e70394c
Author: Björn Jacke b...@sernet.de
Date: Tue Jun 12 11:35:29 2012 +0200
doc: fix typo uniq → unique
---
Summary of changes:
docs-xml/smbdotconf/winbind/idmapconfig.xml |2 +-
lib/replace/strptime.c |9 +
libgpo/gpo_util.c |7 ---
3 files changed, 10 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml
b/docs-xml/smbdotconf/winbind/idmapconfig.xml
index 265fa12..b9aec46 100644
--- a/docs-xml/smbdotconf/winbind/idmapconfig.xml
+++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml
@@ -83,7 +83,7 @@
Defines the available matching uid and gid range for which the
backend is authoritative. For allocating backends, this also
defines the start and the end of the range for allocating
- new uniq IDs.
+ new unique IDs.
/para
para
winbind uses this parameter to find the backend that is
diff --git a/lib/replace/strptime.c b/lib/replace/strptime.c
index 0e40f75..181fd12 100644
--- a/lib/replace/strptime.c
+++ b/lib/replace/strptime.c
@@ -251,7 +251,6 @@ strptime_internal (rp, fmt, tm, decided, era_cnt)
enum locale_status *decided;
int era_cnt;
{
- const char *rp_backup;
int cnt;
size_t val;
int have_I, is_pm;
@@ -261,15 +260,17 @@ strptime_internal (rp, fmt, tm, decided, era_cnt)
int have_yday;
int have_mon, have_mday;
#ifdef _NL_CURRENT
+ const char *rp_backup;
size_t num_eras;
-#endif
struct era_entry *era;
+ era = NULL;
+#endif
+
have_I = is_pm = 0;
century = -1;
want_century = 0;
want_era = 0;
- era = NULL;
have_wday = want_xday = have_yday = have_mon = have_mday = 0;
@@ -297,10 +298,10 @@ strptime_internal (rp, fmt, tm, decided, era_cnt)
#ifndef _NL_CURRENT
/* We need this for handling the `E' modifier. */
start_over:
-#endif
/* Make back up of current processing pointer. */
rp_backup = rp;
+#endif
switch (*fmt++)
{
diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index ca529f8..cfb4512 100644
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -838,13 +838,11 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
const char *dn,
struct security_token **token)
{
+#ifdef HAVE_ADS
struct security_token *ad_token = NULL;
ADS_STATUS status;
NTSTATUS ntstatus;
-#ifndef HAVE_ADS
- return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
-#endif
status = ads_get_sid_token(ads, mem_ctx, dn, ad_token);
if (!ADS_ERR_OK(status)) {
return status;
@@ -855,4 +853,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
return ADS_ERROR_NT(ntstatus);
}
return ADS_SUCCESS;
+#else
+ return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
+#endif
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6edb239 replace: fix unused variable warning via 6a3b3fa Revert replace: fix unused variable warning from 43c56dc s3: fix build without ads support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6edb239f8ed724abaa594fbbac8c2eb6e485209e Author: Björn Jacke b...@sernet.de Date: Wed Jun 13 22:02:53 2012 +0200 replace: fix unused variable warning e2747fc62c2acbab143c4971469e0a4fc36d8789 fixed ... Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Wed Jun 13 23:57:58 CEST 2012 on sn-devel-104 commit 6a3b3fa3b079072d6a4bc399e3e410a9bd09b42b Author: Björn Jacke b...@sernet.de Date: Wed Jun 13 21:55:42 2012 +0200 Revert replace: fix unused variable warning This reverts commit e2747fc62c2acbab143c4971469e0a4fc36d8789. one line slipped into a wrong ifndef ... --- Summary of changes: lib/replace/strptime.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/strptime.c b/lib/replace/strptime.c index 181fd12..20e5d8c 100644 --- a/lib/replace/strptime.c +++ b/lib/replace/strptime.c @@ -298,7 +298,9 @@ strptime_internal (rp, fmt, tm, decided, era_cnt) #ifndef _NL_CURRENT /* We need this for handling the `E' modifier. */ start_over: +#endif +#ifdef _NL_CURRENT /* Make back up of current processing pointer. */ rp_backup = rp; #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7e63e22 s3: Fix a comment
from 6edb239 replace: fix unused variable warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7e63e2230c25f0cbd3be7dcbbc29f0a26f9a5e90
Author: Volker Lendecke v...@samba.org
Date: Wed Jun 13 11:11:39 2012 +0200
s3: Fix a comment
The fd count is implicit
Signed-off-by: Jeremy Allison j...@samba.org
Autobuild-User(master): Jeremy Allison j...@samba.org
Autobuild-Date(master): Thu Jun 14 01:53:17 CEST 2012 on sn-devel-104
---
Summary of changes:
source3/locking/posix.c | 28 +---
1 files changed, 13 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/locking/posix.c b/source3/locking/posix.c
index 2a274f9..02d9b6d 100644
--- a/source3/locking/posix.c
+++ b/source3/locking/posix.c
@@ -392,12 +392,10 @@ bool posix_locking_end(void)
/
/
- The records in posix_pending_close_tdb are composed of an array of ints
- keyed by dev/ino pair.
- The first int is a reference count of the number of outstanding locks on
- all open fd's on this dev/ino pair. Any subsequent ints are the fd's that
- were open on this dev/ino pair that should have been closed, but can't as
- the lock ref count is non zero.
+ The records in posix_pending_close_db are composed of an array of
+ ints keyed by dev/ino pair. Those ints are the fd's that were open on
+ this dev/ino pair that should have been closed, but can't as the lock
+ ref count is non zero.
/
/
@@ -568,7 +566,8 @@ static void delete_windows_lock_ref_count(files_struct *fsp)
static void add_fd_to_close_entry(files_struct *fsp)
{
struct db_record *rec;
- uint8_t *new_data;
+ int *fds;
+ size_t num_fds;
NTSTATUS status;
TDB_DATA value;
@@ -579,19 +578,18 @@ static void add_fd_to_close_entry(files_struct *fsp)
SMB_ASSERT(rec != NULL);
value = dbwrap_record_get_value(rec);
+ SMB_ASSERT((value.dsize % sizeof(int)) == 0);
- new_data = talloc_array(rec, uint8_t,
- value.dsize + sizeof(fsp-fh-fd));
+ num_fds = value.dsize / sizeof(int);
+ fds = talloc_array(rec, int, num_fds+1);
- SMB_ASSERT(new_data != NULL);
+ SMB_ASSERT(fds != NULL);
- memcpy(new_data, value.dptr, value.dsize);
- memcpy(new_data + value.dsize,
- fsp-fh-fd, sizeof(fsp-fh-fd));
+ memcpy(fds, value.dptr, value.dsize);
+ fds[num_fds] = fsp-fh-fd;
status = dbwrap_record_store(
- rec, make_tdb_data(new_data,
- value.dsize + sizeof(fsp-fh-fd)), 0);
+ rec, make_tdb_data((uint8_t *)fds, talloc_get_size(fds)), 0);
SMB_ASSERT(NT_STATUS_IS_OK(status));
--
Samba Shared Repository
[SCM] CTDB repository - branch 1.13 updated - ctdb-1.43-13-g0cd522f
The branch, 1.13 has been updated
via 0cd522f854bb788317e15e5f9a562bdb5abcfb17 (commit)
from ba94a0a9ccad7c1de0939e74f0163ae41102 (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.13
- Log -
commit 0cd522f854bb788317e15e5f9a562bdb5abcfb17
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Wed Jun 13 16:17:18 2012 +1000
STATISTICS: Add tracking of the 10 hottest keys per database measured in
hopcount
and add mechanisms to dump it using the ctdb dbstatistics command
---
Summary of changes:
include/ctdb_protocol.h | 14
libctdb/control.c | 40 ---
server/ctdb_call.c| 50 -
server/ctdb_ltdb_server.c | 38 -
tools/ctdb.c |9
5 files changed, 144 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/include/ctdb_protocol.h b/include/ctdb_protocol.h
index 5c787ff..33187c7 100644
--- a/include/ctdb_protocol.h
+++ b/include/ctdb_protocol.h
@@ -614,6 +614,7 @@ struct ctdb_traverse_start_ext {
ctdb statistics information
*/
#define MAX_COUNT_BUCKETS 16
+#define MAX_HOT_KEYS 10
struct ctdb_statistics {
uint32_t num_clients;
@@ -680,10 +681,23 @@ struct ctdb_statistics_wire {
/*
* db statistics
*/
+struct ctdb_db_hot_key {
+ uint32_t count;
+ TDB_DATA key;
+};
struct ctdb_db_statistics {
uint32_t db_ro_delegations;
uint32_t db_ro_revokes;
uint32_t hop_count_bucket[MAX_COUNT_BUCKETS];
+ uint32_t num_hot_keys;
+ struct ctdb_db_hot_key hot_keys[MAX_HOT_KEYS];
+};
+struct ctdb_db_statistics_wire {
+ uint32_t db_ro_delegations;
+ uint32_t db_ro_revokes;
+ uint32_t hop_count_bucket[MAX_COUNT_BUCKETS];
+ uint32_t num_hot_keys;
+ char hot_keys[1];
};
/*
diff --git a/libctdb/control.c b/libctdb/control.c
index b4c54cd..f927e08 100644
--- a/libctdb/control.c
+++ b/libctdb/control.c
@@ -120,6 +120,9 @@ bool ctdb_getdbstat_recv(struct ctdb_connection *ctdb,
{
struct ctdb_reply_control *reply;
struct ctdb_db_statistics *s;
+ struct ctdb_db_statistics_wire *wire;
+ int i;
+ char *ptr;
reply = unpack_reply_control(req, CTDB_CONTROL_GET_DB_STATISTICS);
if (!reply) {
@@ -129,16 +132,36 @@ bool ctdb_getdbstat_recv(struct ctdb_connection *ctdb,
DEBUG(ctdb, LOG_ERR, ctdb_getpnn_recv: status -1);
return false;
}
- if (reply-datalen != sizeof(struct ctdb_db_statistics)) {
- DEBUG(ctdb, LOG_ERR, ctdb_getdbstat_recv: returned data is %d
bytes but should be %d, reply-datalen, (int)sizeof(struct
ctdb_db_statistics));
+ if (reply-datalen offsetof(struct ctdb_db_statistics_wire,
hot_keys)) {
+ DEBUG(ctdb, LOG_ERR, ctdb_getdbstat_recv: returned data is %d
bytes but should be = %d, reply-datalen, (int)sizeof(struct
ctdb_db_statistics));
return false;
}
- s = malloc(sizeof(struct ctdb_db_statistics));
+ wire = reply-data;
+
+ s = malloc(offsetof(struct ctdb_db_statistics, hot_keys) +
sizeof(struct ctdb_db_hot_key) * wire-num_hot_keys);
if (!s) {
return false;
}
- memcpy(s, reply-data, sizeof(struct ctdb_db_statistics));
+ s-db_ro_delegations = wire-db_ro_delegations;
+ s-db_ro_revokes = wire-db_ro_revokes;
+ for (i = 0; i MAX_COUNT_BUCKETS; i++) {
+ s-hop_count_bucket[i] = wire-hop_count_bucket[i];
+ }
+ s-num_hot_keys = wire-num_hot_keys;
+ ptr = wire-hot_keys[0];
+ for (i = 0; i wire-num_hot_keys; i++) {
+ s-hot_keys[i].count = *(uint32_t *)ptr;
+ ptr += 4;
+
+ s-hot_keys[i].key.dsize = *(uint32_t *)ptr;
+ ptr += 4;
+
+ s-hot_keys[i].key.dptr = malloc(s-hot_keys[i].key.dsize);
+ memcpy(s-hot_keys[i].key.dptr, ptr, s-hot_keys[i].key.dsize);
+ ptr += s-hot_keys[i].key.dsize;
+ }
+
*stat = s;
return true;
@@ -158,9 +181,18 @@ struct ctdb_request *ctdb_getdbstat_send(struct
ctdb_connection *ctdb,
void ctdb_free_dbstat(struct ctdb_db_statistics *stat)
{
+ int i;
+
if (stat == NULL) {
return;
}
+
+ for (i = 0; i stat-num_hot_keys; i++) {
+ if (stat-hot_keys[i].key.dptr != NULL) {
+ free(stat-hot_keys[i].key.dptr);
+ }
+ }
+
free(stat);
}
diff --git a/server/ctdb_call.c b/server/ctdb_call.c
index fe7e947..56cb5e8 100644
--- a/server/ctdb_call.c
+++ b/server/ctdb_call.c
@@ -667,6 +667,54 @@ ctdb_defer_pinned_down_request(struct ctdb_context *ctdb,
[SCM] CTDB repository - branch master updated - ctdb-1.13-202-g8307c70
The branch, master has been updated
via 8307c70ed98996b430c470e9641a09fdeeb81bd8 (commit)
via 98e1b46adba11b9549b5c5976e1f561fe732fa6e (commit)
via 0dc204988eadff214dd149a756d756ab6e96e410 (commit)
via 7ebc00dc6a89043a971a720e7c21baf5f2a0233d (commit)
via cb2bbe93628c1ab932c2e1ad6e2ec199a98f74c6 (commit)
via 88040778aace229d724de1ba7556aded12e22f86 (commit)
via e0c9200c05b1f7a04e002f505ebb5ba9340c0ca1 (commit)
via 6559106b8b853920f325f2dba532f4008e931fa3 (commit)
from 1a6a011c772f7d302d114d7c8a151fa7820ec85f (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit 8307c70ed98996b430c470e9641a09fdeeb81bd8
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Wed Jun 13 16:17:18 2012 +1000
STATISTICS: Add tracking of the 10 hottest keys per database measured in
hopcount
and add mechanisms to dump it using the ctdb dbstatistics command
commit 98e1b46adba11b9549b5c5976e1f561fe732fa6e
Author: Martin Schwenke mar...@meltin.net
Date: Thu Jun 7 15:08:15 2012 +1000
Reimplement logging of long running events
Reimplement 5aba53e6adcfcd7edbdac9e30aa5fcba176aca00 using tevent
trace points.
Signed-off-by: Martin Schwenke mar...@meltin.net
commit 0dc204988eadff214dd149a756d756ab6e96e410
Author: Stefan Metzmacher me...@samba.org
Date: Fri Jun 8 12:50:21 2012 +0200
tevent: change version to 0.9.16
This adds tevent_*_trace_*() and tevent_context_init_ops()
metze
Autobuild-User(master): Stefan Metzmacher me...@samba.org
Autobuild-Date(master): Fri Jun 8 20:47:41 CEST 2012 on sn-devel-104
commit 7ebc00dc6a89043a971a720e7c21baf5f2a0233d
Author: Stefan Metzmacher me...@samba.org
Date: Fri May 11 15:19:55 2012 +0200
tevent: expose tevent_context_init_ops
This can be used to implement wrapper backends,
while passing a private pointer to the backens init function
via ev-additional_data.
metze
commit cb2bbe93628c1ab932c2e1ad6e2ec199a98f74c6
Author: Martin Schwenke mar...@meltin.net
Date: Tue Jun 5 16:00:07 2012 +1000
lib/tevent: Add trace point callback
Set/get a single callback function to be invoked at various trace
points. Define before wait and after wait trace points - more
trace points can be added later if required.
CTDB wants this to log long waits and events.
Pair-programmed-with: Amitay Isaacs ami...@gmail.com
Signed-off-by: Martin Schwenke mar...@meltin.net
Signed-off-by: Stefan Metzmacher me...@samba.org
commit 88040778aace229d724de1ba7556aded12e22f86
Author: Martin Schwenke mar...@meltin.net
Date: Thu Jun 7 14:20:13 2012 +1000
Revert TEVENT: Add back tracking of long runnig events to the local copy
of tevent library
This reverts commit 5aba53e6adcfcd7edbdac9e30aa5fcba176aca00.
Do this using new tevent trace point callback.
commit e0c9200c05b1f7a04e002f505ebb5ba9340c0ca1
Author: Martin Schwenke mar...@meltin.net
Date: Thu Jun 7 12:26:02 2012 +1000
lib/tevent: In poll_event_context, add a pointer back to the tevent_context
This makes it consistent with the other backends.
Signed-off-by: Martin Schwenke mar...@meltin.net
Signed-off-by: Stefan Metzmacher me...@samba.org
commit 6559106b8b853920f325f2dba532f4008e931fa3
Author: Stefan Metzmacher me...@samba.org
Date: Mon May 14 11:48:00 2012 +0200
lib/tevent/testsuite: no longer use 'compat' symbols
metze
---
Summary of changes:
include/ctdb_protocol.h| 14 +
.../ABI/{tevent-0.9.15.sigs = tevent-0.9.16.sigs} |4 ++
lib/tevent/testsuite.c | 24
lib/tevent/tevent.c|8 ++-
lib/tevent/tevent.h| 57
lib/tevent/tevent_debug.c | 24
lib/tevent/tevent_epoll.c |6 +--
lib/tevent/tevent_internal.h | 10 +++-
lib/tevent/tevent_poll.c |6 ++
lib/tevent/tevent_select.c |6 +--
lib/tevent/tevent_standard.c |6 +--
lib/tevent/tevent_util.c | 52 --
libctdb/control.c | 40 --
server/ctdb_call.c | 50 +-
server/ctdb_daemon.c | 46
server/ctdb_ltdb_server.c | 38 -
tools/ctdb.c |9 +++
17 files changed, 312 insertions(+), 88 deletions(-)
copy lib/tevent/ABI/{tevent-0.9.15.sigs = tevent-0.9.16.sigs} (94%)
Changeset
