Re: [Samba] 3.0.9-3.0.37 Deleting files not working
x86 zfs and Sparc ufs. Problem happens on both platforms though. On 08/08/12 08:01, gaiseric.van...@gmail.com wrote: zfs or ufs? On 08/08/12 08:01, ing...@gmx.net wrote: Hello, we were using Samba 3.0.9 on Solaris 10 x86 and Sparc in a productive environment and upgraded to 3.0.37 to fix a security vulnerability. Now we experience problems in some circumstances when we try to delete a file from a share mounted by a Windows Client. The share is named ZENTRAL. This is the share entry: [ZENTRAL] comment=Ablage ZENTRAL path=/daten/ablagen/ZENTRAL case sensitive=no create mask=0770 valid users=@ZENTRAL write list=@ZENTRAL force group=ZENTRAL These are the unix rights: drwxrwx--- 2 root other512 Aug 8 11:15 . drwxrwx--x 35 rootZENTRAL 2048 Aug 8 10:26 .. (This is the share root directory: /daten/ablagen/ZENTRAL) -rwxrwxrwx 1 user1 ZENTRAL0 Aug 8 11:15 neu.txt user1 belongs to the groups other and ZENTRAL and is able to delete this file Using a unix shell and navigate to the directory but he is not able to delete it using the samba share. He gets a permission denied. This behaviour is new. With 3.0.9 it is possible to delete this file. When i chgrp the directory . to ZENTRAL everything works as expected with 3.0.37 too. The problem only exists, when the . directory does not have the same group as the share. If needed, here is our global section. Some of these entries could be plain wrong respectively not needed, but we are not able to change them easily because of company guidelines. [global] os level=65 password level=1 security=user encrypt passwords=yes smb passwd file=/usr/local/samba/private/smbpasswd workgroup=ourgroup guest account=nobody max log size=30 share modes=yes locking=yes strict locking=yes lock directory=/var/adm/samba/locks ; max log size = 5000 log level=1 log file=/var/adm/samba/smb.log pid directory=/var/run server string=%h force directory mode=0770 browseable=no follow symlinks=no preserve case=no short preserve case=no case sensitive=no oplocks=no level2 oplocks=no wins support=yes The question is: Is this a bug or feature? If feature, then what is the intention behind this feature, as the user has delete rights for this file using unix and so should have this rights using samba too i think. Is there a conf parameter that we can set to get back the old behaviour? With kind regards, Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind normalize names = yes disable winbind cache mechanism and cause LDAP heavy load / poor performances
Context : client linux Ubuntu 12.04 SSO authentification against Microsoft 2008 AD server, Winbind 3.6.3 (Ubuntu 12.04 LTS, Linux 3.2.0-27-generic, winbind 2:3.6.3-2ubuntu2.3 ) I'have discovered that setting option winbind normalize names = yes cause winbind client to send LDAP search for each username/group resolution even those in cache. Setting this option to No makes winbind use cache, setting winbind in offline mode works fine too (smbcontrol winbind offline). This behavior cause heavy load on client/server if resolving a full tree files or simply slow down apache SSO authentification based on winbind as each web object read will cause multiple LDAP search before serving. How to reproduce : running shell command # id pnomblot will makes winbind send 3 LDAP search to solve pnomblot alias (can be checked with wireshark) for i in {0..10}; do id pnomblot ;done cause 30 ldap search to be send to ldap server to solve the same id. My smb.conf : [global] workgroup = nomblot.org realm = nomblot.org security = ads domain master = no local master = no allow trusted domains = no socket options = TCP_NODELAY template homedir = /home/%U template shell = /bin/bash kerberos method = secrets and keytab password server = * client ntlmv2 auth = yes idmap config NOMBLOT:backend = ad idmap config NOMBLOT:default = yes idmap config NOMBLOT:schema_mode = rfc2307 idmap config NOMBLOT:range = 500 - 3 idmap config *:backend = ad idmap config *:range = 500 - 3 idmap cache time = 1209600 idmap negative cache time = 1209600 username map cache time = 300 winbind cache time = 300 winbind expand groups = 10 winbind use default domain = yes winbind refresh tickets = yes winbind nss info = rfc2307 winbind offline logon = yes winbind enum users = no winbind enum groups = no winbind nested groups = yes winbind reconnect delay = 5 winbind normalize names = yes dns proxy = no log file = /var/log/samba/log.%m log level = 0 idmap:0 winbind:1 max log size = 1000 obey pam restrictions = yes pam password change = yes name resolve order = host create krb5 conf = no private dir = /var/lib/samba state directory = /var/lib/samba cache directory = /var/cache/samba lock directory = /var/lib/samba pid directory = /var/run dos charset = ASCII unix charset = UTF8 display charset = UTF8 invalid users = root daemon bin sys sync games man lp ... #end of smb.conf Hope this can help samba project, Any usefull comment is appreciated. Thank's Patrick. -- Patrick Nomblot Systems Networks Engineer Parkeon Parc Lafayette - 6 rue Isaac Newton 25075 Besancon - Cedex 9 - France Phone +33(0) 381 545 212 Mobile +33(0) 633 323 423 Fax +33(0) 381 527 638 pnomb...@parkeon.com mailto:pnomb...@parkeon.com www.parkeon.com http://www.parkeon.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
Here's some more information on my problem: smb.conf: --- begin smb.conf --- [global] workgroup = MYWORKGROUP server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon script = logon.cmd logon path = logon home = domain logons = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers --- end smb.conf --- Here's the pdbedit -Lv spitout for my user: --- begin output--- Unix username:myadmin NT username: Account Flags:[U ] User SID: S-1-5-21-2762049607-2166809996-183419993-1000 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name: Home Directory: HomeDir Drive: Logon Script: logon.cmd Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 17:54:50 EDT Password can change: Wed, 08 Aug 2012 17:54:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- end output --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] %localappdata%\google\drive get lost
Hello! I use samba 3.6.7 as PDC for Windows 7. For Google Drive the config files are stored in %localappdata%\google\drive. These files are needed for logon and syncronisation. As a local user all works fine. When I logout and logon to Windows as domain user the %localappdata%\google folder disappeared. Is this a Windows, Google or samba problem ? Any ideas? Thx! Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 3.0.9-3.0.37 Deleting files not working
I ran into issues when I switched to zfs. the problem is that ZFS ACL's seem be more similar to NTFS ACL's (compared to UFS-NTFS compatibility.) But you can run into an issue were perms that are additive in unix are interpreted as least permissive or deny trumps all in Windows. For example, a 770 perm in unix means user and group are granted full perms, no perms are granted to anyone else.In Windows this can get interpreted as deny the world even if the user or group had explicitly been granted permissions. Samba 3.0.x from source code does not include the zfs modules. The version bundled with the OS (from Sun) has it backported.Assuming you are using the version from Sun? They should be up to 3.5.x. I added some vfs and nfs parameters in my share configs. I had to open a support ticket with Sun/Oracle, since Office files would get deleted on the 5th or 7th save when Office tried to rewrite the entire file. [projects] path = /export/Projects #valid users = @group1, user1 read only = No create mask = 0770 force create mode = 0600 directory mask = 0775 force directory mode = 0600 vfs objects = zfsacl nfs4: mode = special zfsacl: acesort = dontcare inherit acls = Yes nfs4:acedup = merge nfs4:chown = yes The inheritance thing is also a little tricky - even tho zfs supports inheritance, I think the Window inheritance rules are uses for the Windows clients- which is fine. (the latest kernel update seems to have changed something tho.) Setting zfs ACL perms via command line is a PITA. It is probably easier for the windows owner of the file to reset permissions- he or she may get a message that the perms are incorrectly ordered, and he/she may need to clear out explicit deny access control entries. I skipped the valid users entry in the share config , since the permissions are enforced via ACL's anyway. Samba permissions with UFS did not cause as much headache for me. On 08/09/12 03:02, ing...@gmx.net wrote: x86 zfs and Sparc ufs. Problem happens on both platforms though. On 08/08/12 08:01, gaiseric.van...@gmail.com wrote: zfs or ufs? On 08/08/12 08:01, ing...@gmx.net wrote: Hello, we were using Samba 3.0.9 on Solaris 10 x86 and Sparc in a productive environment and upgraded to 3.0.37 to fix a security vulnerability. Now we experience problems in some circumstances when we try to delete a file from a share mounted by a Windows Client. The share is named ZENTRAL. This is the share entry: [ZENTRAL] comment=Ablage ZENTRAL path=/daten/ablagen/ZENTRAL case sensitive=no create mask=0770 valid users=@ZENTRAL write list=@ZENTRAL force group=ZENTRAL These are the unix rights: drwxrwx--- 2 root other512 Aug 8 11:15 . drwxrwx--x 35 rootZENTRAL 2048 Aug 8 10:26 .. (This is the share root directory: /daten/ablagen/ZENTRAL) -rwxrwxrwx 1 user1 ZENTRAL0 Aug 8 11:15 neu.txt user1 belongs to the groups other and ZENTRAL and is able to delete this file Using a unix shell and navigate to the directory but he is not able to delete it using the samba share. He gets a permission denied. This behaviour is new. With 3.0.9 it is possible to delete this file. When i chgrp the directory . to ZENTRAL everything works as expected with 3.0.37 too. The problem only exists, when the . directory does not have the same group as the share. If needed, here is our global section. Some of these entries could be plain wrong respectively not needed, but we are not able to change them easily because of company guidelines. [global] os level=65 password level=1 security=user encrypt passwords=yes smb passwd file=/usr/local/samba/private/smbpasswd workgroup=ourgroup guest account=nobody max log size=30 share modes=yes locking=yes strict locking=yes lock directory=/var/adm/samba/locks ; max log size = 5000 log level=1 log file=/var/adm/samba/smb.log pid directory=/var/run server string=%h force directory mode=0770 browseable=no follow symlinks=no preserve case=no short preserve case=no case sensitive=no oplocks=no level2 oplocks=no wins support=yes The question is: Is this a bug or feature? If feature, then what is the intention behind this feature, as the user has delete rights for this file using unix and so should have this rights using samba too i think. Is there a conf parameter that we can set to get back the old behaviour? With kind regards, Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
did you make the appropriate registry changes on Win 7 as per http://wiki.samba.org/index.php/Windows7 On 08/09/12 09:28, Brandon wrote: Here's some more information on my problem: smb.conf: --- begin smb.conf --- [global] workgroup = MYWORKGROUP server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon script = logon.cmd logon path = logon home = domain logons = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers --- end smb.conf --- Here's the pdbedit -Lv spitout for my user: --- begin output--- Unix username:myadmin NT username: Account Flags:[U ] User SID: S-1-5-21-2762049607-2166809996-183419993-1000 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name: Home Directory: HomeDir Drive: Logon Script: logon.cmd Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 17:54:50 EDT Password can change: Wed, 08 Aug 2012 17:54:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- end output --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 - Win7 Latency with MS Office files
Did you try enabling the name service caching daemon on the server? (has its pros can cons.) I would also try XP+Office 2010 and WIn 7+ Office 2007 to see if you can shake out which is the actual problem. Also, can you configure office to store temp files on the local PC, and not the same directory as the office file is located. On 08/08/12 16:51, John Goubeaux wrote: Folks, I am running a 3.3.4 version of Samba ( stand alone) on Solaris 10 configured to auth against LDAP for user auth and have recently, after migrating a variety of user desktops to Win7 and MS Office 2010, began seeing an increased latency in opening files. ie previous 3 times are now 30-45 Users were previously running WinXP and using MS office 2007. Question: Is an upgrade to the latest stable 3.x Ver likely to resolve this OR am I also missing some more stringent security settings I need to address b/c of Win7 ? Any ideas or clues appreciated. -john -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP - Samba password synchronization
Is there a way to syncronize SambaLmPassword NTLMpassword from LDAP password. ldap passwd sync allows to sync ldap passwd from samba, I need the other way. I already have external LDAP server with CRYPT passwords and need to set SambaLMPasswd with these LDAP passwords. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
Have you tried adding a machine account for your CLIENTPC i.e. # pdbedit -a -m -u CLIENTPC This will create the CLIENTPC$ account it was squawking about. In my experience, the machine needs a Samba account too. Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada On 12-08-09 09:28 AM, Brandon wrote: Here's some more information on my problem: smb.conf: --- begin smb.conf --- [global] workgroup = MYWORKGROUP server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon script = logon.cmd logon path = logon home = domain logons = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = Yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers --- end smb.conf --- Here's the pdbedit -Lv spitout for my user: --- begin output--- Unix username:myadmin NT username: Account Flags:[U ] User SID: S-1-5-21-2762049607-2166809996-183419993-1000 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name: Home Directory: HomeDir Drive: Logon Script: logon.cmd Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 17:54:50 EDT Password can change: Wed, 08 Aug 2012 17:54:50 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- end output --- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP - Samba password synchronization
The best approach is to configure samba to change the ldap password when a samba password changes. See the smb.conf man page and password sync and password chat options. If you have unix users who want to change their ldap passwords, tell them to use the smbpasswd -r pdc_server_name command- if password sync is enabled in samba then both their ldap and samba passwords will change. Samba and Unix use different password hash mechanisms so you have to have separate password fields. The only other secure way may be to configure Windows clients to use kerberos authentication- but that is a much bigger project. On 08/09/12 09:55, RAKESH PRITMANI wrote: Is there a way to syncronize SambaLmPassword NTLMpassword from LDAP password. ldap passwd sync allows to sync ldap passwd from samba, I need the other way. I already have external LDAP server with CRYPT passwords and need to set SambaLMPasswd with these LDAP passwords. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
did you make the appropriate registry changes on Win 7 as per http://wiki.samba.org/index.php/Windows7 Yes, I've downloaded the 3.6.3 script and ran it on the client, as well as manually checked that the settings were only the two described in the wiki article Have you tried adding a machine account for your CLIENTPC i.e. # pdbedit -a -m -u CLIENTPC Yes, I let the account be auto-generated when connecting to the domain. I should have specified that there are other users I didn't include in the print out. Here is the machine account from pdbedit (note that I changed the logon script in smb.conf from .cmd to .bat a few minutes ago, and the update can be seen here): --- Unix username:CLIENTPC$ NT username: Account Flags:[W ] User SID: S-1-5-21-2762049607-2166809996-183419993-1001 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name:CLIENTPC$ Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 13:44:36 EDT Password can change: Wed, 08 Aug 2012 13:44:36 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- Also, I've got a bit more information from the log.CLIENTPC: [2012/08/09 10:14:56.686577, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bind) pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2 [2012/08/09 10:14:56.794994, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENTPC machine account CLIENTPC$ There are also a number of windows events: --- begin windows events paste --- The winlogon notification subscriber Profiles failed a critical notification event. Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\myadmin\NTUSER.DAT. This error may be caused by network problems or insufficient security rights. Windows cannot copy file \\?\C:\Users\Default\Videos to location \\?\C:\Users\myadmin\Videos. This error may be caused by network problems or insufficient security rights. Windows cannot copy file \\?\C:\Users\Default\Saved Games to location \\?\C:\Users\myadmin\Saved Games. This error may be caused by network problems or insufficient security rights. Note: To keep e-mail shorter I won't paste them all, but the last events repeat with a bunch of similar directories There are too many profile copy errors. Refer to the previous events for details. Windows will not log any additional copy errors for this copy process. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\TEMP.MYWORKGROUP\NTUSER.DAT. This error may be caused by network problems or insufficient security rights. Note: This last event again repeats with a number of similar directories There are too many profile copy errors. Refer to the previous events for details. Windows will not log any additional copy errors for this copy process. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. The winlogon notification subscriber Sens failed a notification event. --- end windows events paste --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
that looks OK. You should not need a login script defined for a computer account. Are you able to login as the Domain Administrator? Are your group mappings correct? I ask because it may be that the Domain Users is not properly recognized as a member of the Users group on the PC. Can you login as the domain (or local) admins and explicitly add domain users and domain groups to a local group? On 08/09/12 10:37, Brandon wrote: did you make the appropriate registry changes on Win 7 as per http://wiki.samba.org/index.php/Windows7 Yes, I've downloaded the 3.6.3 script and ran it on the client, as well as manually checked that the settings were only the two described in the wiki article Have you tried adding a machine account for your CLIENTPC i.e. # pdbedit -a -m -u CLIENTPC Yes, I let the account be auto-generated when connecting to the domain. I should have specified that there are other users I didn't include in the print out. Here is the machine account from pdbedit (note that I changed the logon script in smb.conf from .cmd to .bat a few minutes ago, and the update can be seen here): --- Unix username:CLIENTPC$ NT username: Account Flags:[W ] User SID: S-1-5-21-2762049607-2166809996-183419993-1001 Primary Group SID:S-1-5-21-2762049607-2166809996-183419993-513 Full Name:CLIENTPC$ Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: MYWORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set:Wed, 08 Aug 2012 13:44:36 EDT Password can change: Wed, 08 Aug 2012 13:44:36 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- Also, I've got a bit more information from the log.CLIENTPC: [2012/08/09 10:14:56.686577, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bind) pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2 [2012/08/09 10:14:56.794994, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CLIENTPC machine account CLIENTPC$ There are also a number of windows events: --- begin windows events paste --- The winlogon notification subscriber Profiles failed a critical notification event. Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\myadmin\NTUSER.DAT. This error may be caused by network problems or insufficient security rights. Windows cannot copy file \\?\C:\Users\Default\Videos to location \\?\C:\Users\myadmin\Videos. This error may be caused by network problems or insufficient security rights. Windows cannot copy file \\?\C:\Users\Default\Saved Games to location \\?\C:\Users\myadmin\Saved Games. This error may be caused by network problems or insufficient security rights. Note: To keep e-mail shorter I won't paste them all, but the last events repeat with a bunch of similar directories There are too many profile copy errors. Refer to the previous events for details. Windows will not log any additional copy errors for this copy process. Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\TEMP.MYWORKGROUP\NTUSER.DAT. This error may be caused by network problems or insufficient security rights. Note: This last event again repeats with a number of similar directories There are too many profile copy errors. Refer to the previous events for details. Windows will not log any additional copy errors for this copy process. Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. The winlogon notification subscriber Sens failed a notification event. --- end windows events paste --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
On 8/9/2012 10:58 AM, Gaiseric Vandal wrote: that looks OK. You should not need a login script defined for a computer account. This must have been generated from smb.conf, I didn't actually change anything. Are you able to login as the Domain Administrator? No. myadmin is supposed to be the domain administrator. I followed this guide for setting up domain admins (even though I'm running 12.04): https://help.ubuntu.com/11.04/serverguide/samba-dc.html # net rpc rights list -U myadmin Enter myadmin's password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security Is this correct? Are your group mappings correct? I ask because it may be that the Domain Users is not properly recognized as a member of the Users group on the PC. Can you login as the domain (or local) admins and explicitly add domain users and domain groups to a local group? When I try to add MYWORKGROUP\myadmin to Users group from the local admin I get this: The following error occurred while using the user name and password you entered: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. As far as I know, I don't have any other connections going with the server (except SSH). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: samba is failing to save to samba share
Hi, We have a bunch of software that use tmp file - rename tmp file to original file name to save changes append to an existing one. how it's happen 1. open modify the original file 2. save file - the software create tmp file 3. want to rename tmp file to original name - the software raise an error message 4. delete tmp files without any saving Samba version running is 3.5.6 packaged by Debian stable version. I've attached log file in which we can see the full transaction from open to close apps and saving error. What have seen so far is this following error: [2012/08/08 14:24:00.595122, 5] smbd/open.c:1684(open_file_ntcreate) open_file_ntcreate: attributes missmatch for file 06. Informatique/test/480E.tmp (24 0) (0100770, 0760) [2012/08/08 14:24:00.595132, 5] smbd/files.c:497(file_free) freed files structure 4787 (0 used) [2012/08/08 14:24:00.595132, 3] smbd/error.c:80(error_packet_set) error packet at smbd/error.c(160) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED I've also attached the output of tertparm any help are welcome babatoko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 - Win7 Latency with MS Office files
Thanks for the ideas ! Does enabling nameservice cacheing mean starting winbindd ? Wondering what the implications of having this running on a network with an actual Win DC running as well are ? Meaning this is a standalone instance of a samba server that I am trbl shooting. I have a development version running the latest, 3.6.7 build and am testing with Win7 clients but seem to still be getting latency after multiple files are opened. I will try the temp file default location change though as well. -john At 9:50 AM -0400 8/9/12, Gaiseric Vandal wrote: Did you try enabling the name service caching daemon on the server? (has its pros can cons.) I would also try XP+Office 2010 and WIn 7+ Office 2007 to see if you can shake out which is the actual problem. Also, can you configure office to store temp files on the local PC, and not the same directory as the office file is located. On 08/08/12 16:51, John Goubeaux wrote: Folks, I am running a 3.3.4 version of Samba ( stand alone) on Solaris 10 configured to auth against LDAP for user auth and have recently, after migrating a variety of user desktops to Win7 and MS Office 2010, began seeing an increased latency in opening files. ie previous 3 times are now 30-45 Users were previously running WinXP and using MS office 2007. Question: Is an upgrade to the latest stable 3.x Ver likely to resolve this OR am I also missing some more stringent security settings I need to address b/c of Win7 ? Any ideas or clues appreciated. -john -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara Education 4203C 805 893-8190 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 - Win7 Latency with MS Office files
name service works at unix level- it caches user and group looks (e.g. results of getent passwd and getent group.) So that could include winbind if nsswitch.conf includes winbind. On solaris, it is defined as follows. bash-3.00# svcs -a | grep name disabled Jul_18 svc:/system/name-service-cache:default Actual executable is nscd (same as linux.) A DC normally doesn't need winbind since the samba users map directly to local unix accounts. However, the delay could be in the ldap user retrieval. I don't use nameservice cache myself because I found that group changes did not come into effect quick enough. On 08/09/12 14:14, John Goubeaux wrote: Thanks for the ideas ! Does enabling nameservice cacheing mean starting winbindd ? Wondering what the implications of having this running on a network with an actual Win DC running as well are ? Meaning this is a standalone instance of a samba server that I am trbl shooting. I have a development version running the latest, 3.6.7 build and am testing with Win7 clients but seem to still be getting latency after multiple files are opened. I will try the temp file default location change though as well. -john At 9:50 AM -0400 8/9/12, Gaiseric Vandal wrote: Did you try enabling the name service caching daemon on the server? (has its pros can cons.) I would also try XP+Office 2010 and WIn 7+ Office 2007 to see if you can shake out which is the actual problem. Also, can you configure office to store temp files on the local PC, and not the same directory as the office file is located. On 08/08/12 16:51, John Goubeaux wrote: Folks, I am running a 3.3.4 version of Samba ( stand alone) on Solaris 10 configured to auth against LDAP for user auth and have recently, after migrating a variety of user desktops to Win7 and MS Office 2010, began seeing an increased latency in opening files. ie previous 3 times are now 30-45 Users were previously running WinXP and using MS office 2007. Question: Is an upgrade to the latest stable 3.x Ver likely to resolve this OR am I also missing some more stringent security settings I need to address b/c of Win7 ? Any ideas or clues appreciated. -john -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.3.4 - Win7 Latency with MS Office files
Ok, thanks for that detail on winbind usage. Oddly my testing of the problem might have pinpointed the issue to be the fact that the Win7 is running on iMacs, YES! AND there might be a driver related latency with the network card. Networking via the wireless card shows faster results. Someone decided to buy a bunch of iMacs and run Windows on them and this is when we began seeing the issue. I will see. With regards to a possible LDAP user retrieval issue I cannot see this changing if one went from WinXPWin7 on the client but the Samba LDAP mechanism has not changed at the server level where Samba is running. -john At 3:09 PM -0400 8/9/12, Gaiseric Vandal wrote: name service works at unix level- it caches user and group looks (e.g. results of getent passwd and getent group.) So that could include winbind if nsswitch.conf includes winbind. On solaris, it is defined as follows. bash-3.00# svcs -a | grep name disabled Jul_18 svc:/system/name-service-cache:default Actual executable is nscd (same as linux.) A DC normally doesn't need winbind since the samba users map directly to local unix accounts. However, the delay could be in the ldap user retrieval. I don't use nameservice cache myself because I found that group changes did not come into effect quick enough. On 08/09/12 14:14, John Goubeaux wrote: Thanks for the ideas ! Does enabling nameservice cacheing mean starting winbindd ? Wondering what the implications of having this running on a network with an actual Win DC running as well are ? Meaning this is a standalone instance of a samba server that I am trbl shooting. I have a development version running the latest, 3.6.7 build and am testing with Win7 clients but seem to still be getting latency after multiple files are opened. I will try the temp file default location change though as well. -john At 9:50 AM -0400 8/9/12, Gaiseric Vandal wrote: Did you try enabling the name service caching daemon on the server? (has its pros can cons.) I would also try XP+Office 2010 and WIn 7+ Office 2007 to see if you can shake out which is the actual problem. Also, can you configure office to store temp files on the local PC, and not the same directory as the office file is located. On 08/08/12 16:51, John Goubeaux wrote: Folks, I am running a 3.3.4 version of Samba ( stand alone) on Solaris 10 configured to auth against LDAP for user auth and have recently, after migrating a variety of user desktops to Win7 and MS Office 2010, began seeing an increased latency in opening files. ie previous 3 times are now 30-45 Users were previously running WinXP and using MS office 2007. Question: Is an upgrade to the latest stable 3.x Ver likely to resolve this OR am I also missing some more stringent security settings I need to address b/c of Win7 ? Any ideas or clues appreciated. -john -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara Education 4203C 805 893-8190 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems connecting win7 client to new Samba PDC
Are your group mappings correct? I ask because it may be that the Domain Users is not properly recognized as a member of the Users group on the PC. Can you login as the domain (or local) admins and explicitly add domain users and domain groups to a local group? An update to this: I was able to add domain users after a reboot. So I've added MYWORKGROUP\myadmin to my Users group on the local machine. I was also able to search my domain for users, and came up with a list of my users, a nobody user, and a Domain Admins group. I've added MYWORKGROUP\myadmin (user) and MYWORKGROUP\Domain Admins (group) to the User group on the local machine. I am still getting the same errors when logging on though. It seems to me like it's trying to pull a roaming profile when I have roaming profiles disabled (or I thought I did), and/or windows doesn't actually know the netbios name, based on the series of these events: Windows cannot copy file \\?\C:\Users\Default\Documents to location \\?\C:\Users\TEMP.MYWORKGROUP\Documents. This error may be caused by network problems or insufficient security rights. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to build vfs_zfsacl module on Linux platform?
On Wed, Aug 08, 2012 at 03:02:23PM +0400, Александр Фахрутдинов wrote: Solaris OS has ZFS as primary filesystem, that has own implementation of ACL (NFS v4 ACL). Samba uses zfsacl and acl_xattr modules for converting NT ACL to ZFS ACL and extended attributes of file in this OS. ZfsOnLinux team ported ZFS as a number of kernel-linked modules to Linux OS, so ZFS on Linux supports NFS ACL, deduplication, compresson and other features of Solaris ZFS v.28. But NFS ACL is not compatible with POSIX ACL, the one type of ACL Samba can use on Linux platform. Acl_xattr and acl_tdb modules cannot solve problem, because it's required a filesytem with POSIX ACL support for storing generic ACL attrbutes. So, can I build vfs_zfsacl module on Linux, or building required Solaris-specific header files? As part of the ZFS-on-Linux code, they should provide header files that allow the vfs_zfsacl to build on Linux. If they don't, then the project isn't done yet. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: rfc2307 compatibility with Samba3
Hi In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. The workarounds are to use the winbind [homes] share and link from there to the real unixHomeDirectory or else use nss-ldapd. Is it planned that Samba4 winbind will inherit all of rfc2307 at some stage? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a117fd6 s4-dsdb: Ensure we have indexing enabled during the provision via ef87b4e s4-pydsdb: Provide control of if we should write index attributes when reloading a schema from 1a1f01e s4-dsdb: Change talloc parent http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a117fd6d11aef5360a1af1fc6da542829da8b7b0 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 14:33:49 2012 +1000 s4-dsdb: Ensure we have indexing enabled during the provision Because we set the schema before we connected the ldb to a file, the @INDEX records were not added until next startup. This cost 100% more time in running provision on my laptop. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 08:20:36 CEST 2012 on sn-devel-104 commit ef87b4e4f10eb7d5974cb0e0861648d537153a00 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 14:23:12 2012 +1000 s4-pydsdb: Provide control of if we should write index attributes when reloading a schema This allows us to carefully control the loading of the schema. Andrew Bartlett --- Summary of changes: source4/dsdb/pydsdb.c |6 -- .../scripting/python/samba/provision/__init__.py |7 ++- source4/scripting/python/samba/samdb.py|8 3 files changed, 14 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index 3558049..9023d69 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -873,7 +873,9 @@ static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args) struct ldb_context *from_ldb; struct dsdb_schema *schema; int ret; - if (!PyArg_ParseTuple(args, OO, py_ldb, py_from_ldb)) + char write_attributes = true; + if (!PyArg_ParseTuple(args, OO|b, + py_ldb, py_from_ldb, write_attributes)) return NULL; PyErr_LDB_OR_RAISE(py_ldb, ldb); @@ -886,7 +888,7 @@ static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args) return NULL; } - ret = dsdb_reference_schema(ldb, schema, true); + ret = dsdb_reference_schema(ldb, schema, write_attributes); PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb); Py_RETURN_NONE; diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 192130e..94e857e 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1121,7 +1121,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names, logger.info(Pre-loading the Samba 4 and AD schema) # Load the schema from the one we computed earlier -samdb.set_schema(schema) +samdb.set_schema(schema, write_attributes=False) # Set the NTDS settings DN manually - in order to have it already around # before the provisioned tree exists and we connect @@ -1131,6 +1131,11 @@ def setup_samdb(path, session_info, provision_backend, lp, names, # DB samdb.connect(path) +# But we have to give it one more kick to have it use the schema +# during provision - it needs, now that it is connected, to write +# the schema @INDEX records to the database. +samdb.set_schema(schema, write_attributes=True) + return samdb diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 7451b6c..3355e9a 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -608,11 +608,11 @@ accountExpires: %u def load_partition_usn(self, base_dn): return dsdb._dsdb_load_partition_usn(self, base_dn) -def set_schema(self, schema): -self.set_schema_from_ldb(schema.ldb) +def set_schema(self, schema, write_attributes=True): +self.set_schema_from_ldb(schema.ldb, write_attributes=write_attributes) -def set_schema_from_ldb(self, ldb_conn): -dsdb._dsdb_set_schema_from_ldb(self, ldb_conn) +def set_schema_from_ldb(self, ldb_conn, write_attributes=True): +dsdb._dsdb_set_schema_from_ldb(self, ldb_conn, write_attributes) def dsdb_DsReplicaAttribute(self, ldb, ldap_display_name, ldif_elements): '''convert a list of attribute values to a DRSUAPI DsReplicaAttribute''' -- Samba Shared Repository
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.46-2-g55b243a
The branch, 1.2.40 has been updated via 55b243a0387b8b0e58615f3b87afaa000189ade9 (commit) via f24b2188839074e43d3d23ff7b87b4f09fb40b78 (commit) from ec1bfcec167194344a5694427bede4597bcf2547 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 55b243a0387b8b0e58615f3b87afaa000189ade9 Author: Amitay Isaacs ami...@gmail.com Date: Thu Aug 9 16:57:15 2012 +1000 New version 1.2.47 Signed-off-by: Amitay Isaacs ami...@gmail.com commit f24b2188839074e43d3d23ff7b87b4f09fb40b78 Author: Martin Schwenke mar...@meltin.net Date: Fri Aug 3 10:54:30 2012 +1000 Eventscripts: Add reconfigure pseudo-event for policy routing This rebuilds all policy routes and can be used if the configuration changes. Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: config/events.d/13.per_ip_routing | 14 -- packaging/RPM/ctdb.spec.in|4 +++- 2 files changed, 15 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/13.per_ip_routing b/config/events.d/13.per_ip_routing index f16a74e..25f388b 100755 --- a/config/events.d/13.per_ip_routing +++ b/config/events.d/13.per_ip_routing @@ -275,7 +275,8 @@ flush_rules_and_routes () # Add any missing routes. Some might have gone missing if, for # example, all IPs on the network were removed (possibly if the -# primary was removed). +# primary was removed). If $1 is force then (re-)add all the +# routes. add_missing_routes () { ctdb ip -v -Y | { @@ -291,7 +292,8 @@ add_missing_routes () [ -n $_iface ] || continue _table_id=${table_id_prefix}${_ip} - if [ -z $(ip route show table $_table_id 2/dev/null) ] ; then + if [ -z $(ip route show table $_table_id 2/dev/null) -o \ + $1 = force ] ; then add_routing_for_ip $_iface $_ip fi done @@ -387,6 +389,14 @@ case $1 in remove_bogus_routes ;; +reconfigure) + add_missing_routes force + remove_bogus_routes + + # flush our route cache + set_proc sys/net/ipv4/route/flush 1 + ;; + *) ctdb_standard_event_handler $@ ;; diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in index 7a8c080..39e14c7 100644 --- a/packaging/RPM/ctdb.spec.in +++ b/packaging/RPM/ctdb.spec.in @@ -3,7 +3,7 @@ Name: ctdb Summary: Clustered TDB Vendor: Samba Team Packager: Samba Team sa...@samba.org -Version: 1.2.46 +Version: 1.2.47 Release: 1GITHASH Epoch: 0 License: GNU GPL version 3 @@ -144,6 +144,8 @@ development libraries for ctdb %{_libdir}/libctdb.a %changelog +* Thu Aug 08 2012 : Version 1.2.47 + - Add reconfigure event for policy routing * Tue Jul 24 2012 : Version 1.2.46 - Default route on NAT gateway should have a metric of 10 * Thu Jul 12 2012 : Version 1.2.45 -- CTDB repository
[SCM] CTDB repository - annotated tag ctdb-1.2.47 created - ctdb-1.2.47
The annotated tag, ctdb-1.2.47 has been created at f7b25cc8a27ad57b902f048bfab624813c151bc2 (tag) tagging 55b243a0387b8b0e58615f3b87afaa000189ade9 (commit) replaces ctdb-1.2.46 tagged by Amitay Isaacs on Thu Aug 9 16:58:04 2012 +1000 - Log - version 1.2.47 Amitay Isaacs (1): New version 1.2.47 Martin Schwenke (1): Eventscripts: Add reconfigure pseudo-event for policy routing --- -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0d7b17f s3:smb2_sesssetup: setup global-[en|de]cryption_key via 0cb11ef s3:smb2_read: don't try sendfile if encryption is used via a0cf42b s3:smb2_server: add smbd_smb2_request-do_encryption via 95e4270 s3:smb2_tcon: set global-encryption_required and enforce it via 64dce26 s3:smb2_sesssetup: set global-encryption_required and enforce it via 8734887 s3:smbXsrv.idl: add encryption_required to smbXsrv_tcon_global0 via b5a72f4 s3:smb2_server: check the session before we could response with an error. via f15d9a6 s3:smb2_server: do central file_id check if the operation requires it from a117fd6 s4-dsdb: Ensure we have indexing enabled during the provision http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0d7b17f4db9d271ae41ade7c7b003b8d264cf6bf Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 09:32:22 2012 +0200 s3:smb2_sesssetup: setup global-[en|de]cryption_key metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Aug 9 09:59:02 CEST 2012 on sn-devel-104 commit 0cb11efa873d6e70ef54454240df7fbdd54fd3f2 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:35:34 2012 +0200 s3:smb2_read: don't try sendfile if encryption is used metze commit a0cf42b7099097121e14cd337ea659a37ec824c4 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:35:03 2012 +0200 s3:smb2_server: add smbd_smb2_request-do_encryption For now it's always false... metze commit 95e4270813fa8bfda2dc899b1c8537e49fb9c115 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:25:10 2012 +0200 s3:smb2_tcon: set global-encryption_required and enforce it This the account or client doesn't support encryption we should reject the tree connect. metze commit 64dce265338f325e9fdee6b4a95e918d3b704cbf Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:25:10 2012 +0200 s3:smb2_sesssetup: set global-encryption_required and enforce it This the account or client doesn't support encryption we should reject the session setup. metze commit 87348873486b01a0367ff9889d8a7b51b7073e26 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:24:01 2012 +0200 s3:smbXsrv.idl: add encryption_required to smbXsrv_tcon_global0 metze commit b5a72f4f35a3aecba6294a3f8c07fb2ea252284b Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 8 06:57:45 2012 +0200 s3:smb2_server: check the session before we could response with an error. metze commit f15d9a66701eaf580a0b641cf3f0dec185d6dd48 Author: Stefan Metzmacher me...@samba.org Date: Tue Aug 7 09:44:31 2012 +0200 s3:smb2_server: do central file_id check if the operation requires it Note that it's fine to call file_fsp_smb2() twice, the 2nd call just returns smb2req-compat_chain_fsp without a 2nd lookup. metze --- Summary of changes: source3/librpc/idl/smbXsrv.idl |1 + source3/smbd/globals.h |1 + source3/smbd/smb2_read.c |1 + source3/smbd/smb2_server.c | 87 +--- source3/smbd/smb2_sesssetup.c | 58 ++ source3/smbd/smb2_tcon.c | 34 +-- 6 files changed, 162 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl index be52723..9111b3d 100644 --- a/source3/librpc/idl/smbXsrv.idl +++ b/source3/librpc/idl/smbXsrv.idl @@ -224,6 +224,7 @@ interface smbXsrv server_id server_id; NTTIME creation_time; [charset(UTF8),string] char share_name[]; + boolean8encryption_required; } smbXsrv_tcon_global0; typedef union { diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 7b2d31d..ac8a1b2 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -456,6 +456,7 @@ struct smbd_smb2_request { int current_idx; bool do_signing; + bool do_encryption; struct tevent_timer *async_te; bool cancelled; bool compound_related; diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c index 150bdb8..e0c615a 100644 --- a/source3/smbd/smb2_read.c +++ b/source3/smbd/smb2_read.c @@ -276,6 +276,7 @@ static NTSTATUS schedule_smb2_sendfile_read(struct smbd_smb2_request *smb2req, if (!lp__use_sendfile(SNUM(fsp-conn)) || smb2req-do_signing || + smb2req-do_encryption || smb2req-in.vector_count (2*SMBD_SMB2_NUM_IOV_PER_REQ)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d799b25 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort via 8dd09ef s4-dsdb: Do not reload partition metadata except on transaction start from 0d7b17f s3:smb2_sesssetup: setup global-[en|de]cryption_key http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d799b25dd3ed0f72ee03949225ba241c5538d7d6 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 16:16:03 2012 +1000 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort In all callers, we must already have a attributeID for each of the values or else we would have already given an error, or could not have obtained the message over DRS. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 11:39:54 CEST 2012 on sn-devel-104 commit 8dd09ef46dee1056e1ea029375a250b12dacae10 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 15:16:37 2012 +1000 s4-dsdb: Do not reload partition metadata except on transaction start This ensures that we do not add objects that should go into a partition, but we simply return that an object is not present if the connection was created before the partition was loaded. It is rare to create a new partition. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/partition.c | 11 --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c |7 --- 2 files changed, 0 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 4a9216b..f980b67 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -549,12 +549,6 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) int ret; bool domain_scope = false, phantom_root = false; - /* see if we are still up-to-date */ - ret = partition_reload_if_required(module, data, req); - if (ret != LDB_SUCCESS) { - return ret; - } - p = find_partition(data, NULL, req); if (p != NULL) { /* the caller specified what partition they want the @@ -1129,11 +1123,6 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque * this reload for every query of the next global seq * number */ - ret = partition_reload_if_required(module, data, req); - if (ret != LDB_SUCCESS) { - return ret; - } - p = find_partition(data, NULL, req); if (p != NULL) { /* the caller specified what partition they want the diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 4bfbee1..6b5e121 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -661,13 +661,6 @@ static int replmd_ldb_message_element_attid_sort(const struct ldb_message_elemen a1 = dsdb_attribute_by_lDAPDisplayName(schema, e1-name); a2 = dsdb_attribute_by_lDAPDisplayName(schema, e2-name); - /* -* TODO: remove this check, we should rely on e1 and e2 having valid attribute names -* in the schema -*/ - if (!a1 || !a2) { - return strcasecmp(e1-name, e2-name); - } if (a1-attributeID_id == a2-attributeID_id) { return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 11d60d1 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown via 73f0cb5 lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown via 7e562cf s4-events: Do not vasprintf() the tevent debug messages that will not be shown via 434bed7 s3-events: Do not vasprintf() the tevent debug messages that will not be shown via 299fc75 lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free() from d799b25 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 11d60d13dc54ff154b2a7bb53e326ed2180d473c Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 19:41:05 2012 +1000 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 13:51:06 CEST 2012 on sn-devel-104 commit 73f0cb5278e714740d0de75e6b0d0bf4c815491a Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 19:40:45 2012 +1000 lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC. This allows the debug handler to decide if the argument list should be printed. Andrew Bartlett commit 7e562cf3eb8d8aabf9b5d62a92e67221e4f07e3a Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 18:34:48 2012 +1000 s4-events: Do not vasprintf() the tevent debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC. Andrew Bartlett commit 434bed75c43d3d7854bd9433913448810d3ff511 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 18:34:28 2012 +1000 s3-events: Do not vasprintf() the tevent debug messages that will not be shown This malloc() and free() actually shows up quite high on a call profile of provision of the AD DC (and this is the matching patch for source3). Andrew Bartlett commit 299fc7522858e2d7ee6c54310a4e157c8142c74f Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 19:58:31 2012 +1000 lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free() This avoids pulling the record and doing an allocation when we just want to know if it exists. Andrew Bartlett --- Summary of changes: lib/ldb-samba/ldb_wrap.c | 12 +++- lib/ldb/ABI/{ldb-1.1.6.sigs = ldb-1.1.10.sigs}|1 + ...yldb-util-1.1.2.sigs = pyldb-util-1.1.10.sigs} |0 lib/ldb/common/ldb.c |9 - lib/ldb/common/ldb_debug.c | 16 lib/ldb/include/ldb_module.h |1 + lib/ldb/ldb_tdb/ldb_search.c | 14 +++--- lib/ldb/wscript|2 +- source3/lib/events.c | 10 ++ source4/lib/events/tevent_s4.c | 10 ++ 10 files changed, 45 insertions(+), 30 deletions(-) copy lib/ldb/ABI/{ldb-1.1.6.sigs = ldb-1.1.10.sigs} (99%) copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs = pyldb-util-1.1.10.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldb_wrap.c b/lib/ldb-samba/ldb_wrap.c index 83a0674..028bd6f 100644 --- a/lib/ldb-samba/ldb_wrap.c +++ b/lib/ldb-samba/ldb_wrap.c @@ -47,7 +47,6 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, const char *fmt, va_list ap) { int samba_level = -1; - char *s = NULL; switch (level) { case LDB_DEBUG_FATAL: samba_level = 0; @@ -63,10 +62,13 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, break; }; - vasprintf(s, fmt, ap); - if (!s) return; - DEBUG(samba_level, (ldb: %s\n, s)); - free(s); + if (CHECK_DEBUGLVL(samba_level)) { + char *s = NULL; + vasprintf(s, fmt, ap); + if (!s) return; + DEBUG(samba_level, (ldb: %s\n, s)); + free(s); + } } diff --git a/lib/ldb/ABI/ldb-1.1.6.sigs b/lib/ldb/ABI/ldb-1.1.10.sigs similarity index 99% copy from lib/ldb/ABI/ldb-1.1.6.sigs copy to lib/ldb/ABI/ldb-1.1.10.sigs index f90fa13..de5026e 100644 --- a/lib/ldb/ABI/ldb-1.1.6.sigs +++ b/lib/ldb/ABI/ldb-1.1.10.sigs @@ -255,4 +255,5 @@ ldb_val_map_remote: struct
[SCM] Samba Shared Repository - annotated tag ldb-1.1.10 created
The annotated tag, ldb-1.1.10 has been created at bc74156d32a51ccff52b52da0a83f11230728699 (tag) tagging 73f0cb5278e714740d0de75e6b0d0bf4c815491a (commit) replaces ldb-1.1.9 tagged by Stefan Metzmacher on Thu Aug 9 14:15:40 2012 +0200 - Log - ldb: tag release ldb-1.1.10 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQI6nsAAoJEEeTkWETCEAli44IAKQiAk3St39aJHyqB6NPFP5I gh6H+w085NsawNfcGGyBB5iv08Vsmk9+Unjn20rExhSyVF7GAB0+vVdxcTs8k9wM e5JkHYUs8HY5ppnISg2tVnW4gLHe7d4KPGb6zfhciviTQjvRg+vOVL+tKFdxWJr1 u+vvcqiWJxNICOkuJgj33nUYyHJYOrKDgZ6xrnMDd3qGzvd7RSGyRmPufHRbbRzM bdTx8+N5IfkvuJsCMaqwpTDKhUk+x0pFUrU5XdJIr7oSRKap9D79cD3TLr4/BeVF azfrStA8xwy64Wc6jdpWPQoBOiCyGV4qdOTZKy2Y+3LsearRT50JAI/r+ooBDD0= =zpW3 -END PGP SIGNATURE- Andreas Schneider (1): doc: Remove build/ from doxygen config or it will not work in brew. Andrew Bartlett (34): s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} s3-pysmbd: Add set_nt_acl() function based on parts of vfstest s3-pysmbd: Add my copyright s3-pysmbd: fix DEBUG s3-pysmbd: Add hook for get_nt_acl() build: fix typo lib/param: Also enable vlp when --enable-selftest is specified build: Remove duplicate declaration of --enable-selftest Rework recursive waf build to be a selftest-enabled not a developer build build: Make -Werror=format check only run where NULL is still accepted Revert ldb: Add parameter to avoid NULL format string flagged by -Werror=format s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper s3-passdb: Simplify idmap wrapper in pdb_samba4 s3-pysmbd: Use talloc_zero() s3-pysmbd: Try opening as a file, then as a directory s4-smbd: Check for failure of irpc_add_name s4-scripting: Remove unused variables from ntacl tests s3-param: Remove never-reached condition for opt_list == NULL s3-param: Remove never-reached condition for popts == NULL build: Remove pdbtest from the autoconf build s3-torture: Extend pdbtest to also run an authentication unit-test selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest s4-dsdb: Reduce calls to the ldb layer by reloading less often s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number s4-dsdb: Change talloc parent s4-pydsdb: Provide control of if we should write index attributes when reloading a schema s4-dsdb: Ensure we have indexing enabled during the provision s4-dsdb: Do not reload partition metadata except on transaction start s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free() s3-events: Do not vasprintf() the tevent debug messages that will not be shown s4-events: Do not vasprintf() the tevent debug messages that will not be shown lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown Andrew Klaassen (1): media_harmony VFS module: Add and build by default. Andrew Tridgell (1): heimdal: fixed -Werror=format error in com_err Björn Baumbach (3): s4: samba_spnupdate: fix if we are DNS server check docs-xml: fix dfree cache time example docs-xml: fix pid directory example Björn Jacke (6): vfs_media_harmony: fix return of void vfs_time_audit: Remove some unnecessary return; statements vfs_time_audit: Remove unnecessary return; statement vfs_full_audit: Remove some unnecessary return; statements vfs_afsacl.c: Remove some unnecessary return; statements vfs_dirsort: Remove unnecessary return; statement Christian Ambach (6): s3-ctdb: adjust a loglevel s3-ctdb: return proper exit code lib/param: move enum dns_update_settings to lib/param lib/socket_wrapper: writev returns ssize_t, not int smbXcli: add some includes to fix compiler warnings s4:libcli/smb2/write correct error checking Gregor Beck (1): lib/dbwrap: rewrite lock order check to ease debugging Rusty Russell (4): loadparm: Add ctx member to struct loadparm_global. source3/loadparm: make struct loadparm_service a talloc object. source3/smbd/conn.c: wean off string_set/string_free source3/loadparm.c: Move string_set/string_free inside. Stefan Metzmacher (97): s4:libcli: send the TCONX_FLAG_EXTENDED_RESPONSE flag s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag s4:dsdb:replicated_objects: do not move 'instanceType' to the end of msg-elements on RODC replication auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial() libcli/smb: change smb_signing to skip the NBT_HEADER_SIZE internally s3:smbd:
Re: [SCM] Samba Shared Repository - branch master updated
On Thu, 2012-08-09 at 08:21 +0200, Andrew Bartlett wrote: The branch, master has been updated via a117fd6 s4-dsdb: Ensure we have indexing enabled during the provision via ef87b4e s4-pydsdb: Provide control of if we should write index attributes when reloading a schema from 1a1f01e s4-dsdb: Change talloc parent http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a117fd6d11aef5360a1af1fc6da542829da8b7b0 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 14:33:49 2012 +1000 s4-dsdb: Ensure we have indexing enabled during the provision Because we set the schema before we connected the ldb to a file, the @INDEX records were not added until next startup. This cost 100% more time in running provision on my laptop. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Aug 9 08:20:36 CEST 2012 on sn-devel-104 commit ef87b4e4f10eb7d5974cb0e0861648d537153a00 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 14:23:12 2012 +1000 s4-pydsdb: Provide control of if we should write index attributes when reloading a schema This allows us to carefully control the loading of the schema. Andrew Bartlett --- Summary of changes: source4/dsdb/pydsdb.c |6 -- .../scripting/python/samba/provision/__init__.py |7 ++- source4/scripting/python/samba/samdb.py|8 3 files changed, 14 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c index 3558049..9023d69 100644 --- a/source4/dsdb/pydsdb.c +++ b/source4/dsdb/pydsdb.c @@ -873,7 +873,9 @@ static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args) struct ldb_context *from_ldb; struct dsdb_schema *schema; int ret; - if (!PyArg_ParseTuple(args, OO, py_ldb, py_from_ldb)) + char write_attributes = true; + if (!PyArg_ParseTuple(args, OO|b, + py_ldb, py_from_ldb, write_attributes)) return NULL; PyErr_LDB_OR_RAISE(py_ldb, ldb); @@ -886,7 +888,7 @@ static PyObject *py_dsdb_set_schema_from_ldb(PyObject *self, PyObject *args) return NULL; } - ret = dsdb_reference_schema(ldb, schema, true); + ret = dsdb_reference_schema(ldb, schema, write_attributes); PyErr_LDB_ERROR_IS_ERR_RAISE(py_ldb_get_exception(), ret, ldb); Py_RETURN_NONE; diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 192130e..94e857e 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1121,7 +1121,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names, logger.info(Pre-loading the Samba 4 and AD schema) # Load the schema from the one we computed earlier -samdb.set_schema(schema) +samdb.set_schema(schema, write_attributes=False) # Set the NTDS settings DN manually - in order to have it already around # before the provisioned tree exists and we connect @@ -1131,6 +1131,11 @@ def setup_samdb(path, session_info, provision_backend, lp, names, # DB samdb.connect(path) +# But we have to give it one more kick to have it use the schema +# during provision - it needs, now that it is connected, to write +# the schema @INDEX records to the database. +samdb.set_schema(schema, write_attributes=True) + return samdb diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 7451b6c..3355e9a 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -608,11 +608,11 @@ accountExpires: %u def load_partition_usn(self, base_dn): return dsdb._dsdb_load_partition_usn(self, base_dn) -def set_schema(self, schema): -self.set_schema_from_ldb(schema.ldb) +def set_schema(self, schema, write_attributes=True): +self.set_schema_from_ldb(schema.ldb, write_attributes=write_attributes) -def set_schema_from_ldb(self, ldb_conn): -dsdb._dsdb_set_schema_from_ldb(self, ldb_conn) +def set_schema_from_ldb(self, ldb_conn, write_attributes=True): +dsdb._dsdb_set_schema_from_ldb(self, ldb_conn, write_attributes) def dsdb_DsReplicaAttribute(self, ldb, ldap_display_name, ldif_elements): '''convert a list of attribute values to a DRSUAPI DsReplicaAttribute''' This code would be clearer if you called the variable write_index, rather then
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f64c970 s4:torture:basic: check the return status of the last open in deltest16 via 2352227 s4:torture:basic: fix a message typo in the delete17 test via 6cc5a54 s4:torture:basic: fix abundance of spaces in deltest6 via fac4a0d s4:torture:basic:delete: fix 4 vs 8 spc tab formatting in check_delete_on_close() via 5236028 s3:torture:delete: add a 12th subtest to the delete-on-close tests via db160bf s3:torture:delete: fix 11th test to work against windows via 2e53fb1 s3:torture:delete: simplify return code handling, fixing a couple of return codes in error cases via 49a2c68 s3:torture:delete: reduce indentation via 54e5810 s3:torture:delete: add a comment via c228b7a s3:torture:delete: add a comment via 7a7b86d s3:torture:delete: add a comment via 5b1afa6 s3:torture:delete: move the success message for a subtest to the correct place via 2f7a371 s3:torture:delete: remove an else, reducing indentation via 3668a4c s3:torture:delete: remove an else, reducing indentation via 777c7a9 s3:torture:delete: remove an else, reducing indentation via c36deaf s3:torture:delete: remove an else, reducing indentation via e833141 s3:torture:delete: really fail the test in a failure case via 9058288 s3:torture:delete: fix a comment via bf492d1 s3:torture:delete: fix a message via ff5e6e3 s3:torture:delete: fix a message via 4aac6d0 s3:torture:delete: fix a message via 595845c s3:torture:delete: fix a message (counting the opens) via 2aded6a s3:torture:delete: untangle function call from result check via ef36847 s3:torture:delete: untangle function call from result check via 4e75b0c s3:torture:delete: untangle function call from result check via ccb2583 s3:torture:delete: untanlge function call from result check via 8a92ae2 s3:torture:delete: untangle function call from result check via 02b0925 s3:torture:delete: untangle function call from result check via 5138eb5 s3:torture:delete: untangle function call from result check via 5bc7c77 s3:torture:delete: untangle function call from result check via b5e9378 s3:torture:delete: untangle function call from result check via 361429d s3:torture:delete: untangle function call from result check via 8684506 s3:torture:delete: untangle function call from result check via 1db70c0 s3:torture:delete: untangle function call from result check via a70a4ad s3:torture:delete: untangle function call from result check from 11d60d1 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f64c970e3e70632e9721f8d4993c68b3841bbfa5 Author: Michael Adam ob...@samba.org Date: Thu Aug 9 11:12:55 2012 +0200 s4:torture:basic: check the return status of the last open in deltest16 Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Thu Aug 9 18:01:50 CEST 2012 on sn-devel-104 commit 2352227b6609c6ba5111201db25711d9c7840dc1 Author: Michael Adam ob...@samba.org Date: Wed Aug 8 23:36:52 2012 +0200 s4:torture:basic: fix a message typo in the delete17 test commit 6cc5a54bc05e3379eafd4eb1cc571017903d7fe5 Author: Michael Adam ob...@samba.org Date: Thu Aug 9 12:56:48 2012 +0200 s4:torture:basic: fix abundance of spaces in deltest6 commit fac4a0d4a75f60f77ead9153f4b76cbf9636d1be Author: Michael Adam ob...@samba.org Date: Wed Aug 8 17:29:04 2012 +0200 s4:torture:basic:delete: fix 4 vs 8 spc tab formatting in check_delete_on_close() commit 523602863a7ad5bca4026cd72f146a3eace8f1fe Author: Michael Adam ob...@samba.org Date: Wed Aug 8 12:44:01 2012 +0200 s3:torture:delete: add a 12th subtest to the delete-on-close tests test whether second open is possible with initial delete on close and how setting and unsetting delete on close on the handle affects the initial delete on close (it does not...) commit db160bf5100b7c8bd7a1712c76354b30cd7c4925 Author: Michael Adam ob...@samba.org Date: Thu Aug 9 16:11:08 2012 +0200 s3:torture:delete: fix 11th test to work against windows commit 2e53fb109f36faa8781ce92b8171d8dd0f4f971f Author: Michael Adam ob...@samba.org Date: Wed Aug 8 12:25:09 2012 +0200 s3:torture:delete: simplify return code handling, fixing a couple of return codes in error cases commit 49a2c68011d9ce37a9d7cf8289a5e41771aaa646 Author: Michael Adam ob...@samba.org Date: Wed Aug 8 12:20:24 2012 +0200 s3:torture:delete: reduce indentation commit 54e5810638c2d0e8764a333fb0f853a7ee942a55 Author: Michael Adam ob...@samba.org Date: Wed Aug 8 12:19:52 2012 +0200 s3:torture:delete: add a comment commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a5495bc Remove smb_panic() from unix_strlower(). Just rely on error code return. via b70f23c Correctly check for errors in strlower_m() returns. via ce21d08 Fix strlower_m() to return an error indication. via c13887d Check error returns on strnorm(). via 526e875 Check error returns from strupper_m() (in all reasonable places). via e1ec86a Fix missing ads_destroy in error path. via 9fcc6f2 Change strupper_m() to return a value. via af3e529 Fix bad return in unix_strupper. via b6eb3a6 Prepare to remove smb_panic() from unix_strlower(). via 8605b35 Fix bad return values in unix_strlower/unix_strupper. from f64c970 s4:torture:basic: check the return status of the last open in deltest16 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a5495bc6b073d29041d9a8e229d37693d6a0c513 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 17:32:50 2012 -0700 Remove smb_panic() from unix_strlower(). Just rely on error code return. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Aug 9 23:52:53 CEST 2012 on sn-devel-104 commit b70f23c2b581c5d455362ab37f4846de9a910055 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 17:01:00 2012 -0700 Correctly check for errors in strlower_m() returns. commit ce21d0804012da27cec72abe896352d7f0e7e1e5 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 15:56:58 2012 -0700 Fix strlower_m() to return an error indication. commit c13887defc4c05b6b87f8f40ae0cf981a497f443 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 15:49:34 2012 -0700 Check error returns on strnorm(). commit 526e875cec15761099438e17df3f56bc2bd5b761 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 15:35:28 2012 -0700 Check error returns from strupper_m() (in all reasonable places). commit e1ec86a49ce1d7c3ebe99fc175ffad70a03c4a0b Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 15:21:33 2012 -0700 Fix missing ads_destroy in error path. commit 9fcc6f27fb2cf8cf5c30b701cb6788fc8f70cf82 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 12:16:40 2012 -0700 Change strupper_m() to return a value. commit af3e529c18dae94d10b617eb8377e2ab64d34982 Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 12:10:01 2012 -0700 Fix bad return in unix_strupper. commit b6eb3a68088a20fba4819064699abdddfd594a4d Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 12:07:54 2012 -0700 Prepare to remove smb_panic() from unix_strlower(). commit 8605b35e8824bf30633d47333df3720f9ff4dbaa Author: Jeremy Allison j...@samba.org Date: Wed Aug 8 12:06:34 2012 -0700 Fix bad return values in unix_strlower/unix_strupper. --- Summary of changes: libgpo/gpext/gpext.c|4 ++- source3/auth/auth_builtin.c |8 +++- source3/auth/auth_util.c|4 ++- source3/auth/pampass.c |4 +- source3/auth/pass_check.c |8 +++- source3/auth/user_util.c|4 ++- source3/client/client.c |9 - source3/client/clitar.c |2 +- source3/include/proto.h |6 ++-- source3/lib/afs.c |4 ++- source3/lib/charcnv.c |5 ++- source3/lib/substitute.c| 15 ++-- source3/lib/username.c | 16 +++-- source3/lib/util.c | 10 - source3/lib/util_names.c|3 +- source3/lib/util_str.c | 52 +- source3/libads/ads_struct.c |6 +++- source3/libads/kerberos.c |6 ++- source3/libads/kerberos_keytab.c|5 ++- source3/libads/ldap.c | 33 ++--- source3/libads/sasl.c | 27 -- source3/libnet/libnet_join.c| 27 +++--- source3/librpc/crypto/gse_krb5.c|5 ++- source3/libsmb/cliconnect.c |4 ++- source3/libsmb/clirap.c |8 +++- source3/libsmb/clirap2.c|8 +++- source3/libsmb/namequery_dc.c |6 +++- source3/libsmb/nmblib.c |6 ++- source3/modules/vfs_afsacl.c|4 ++- source3/modules/vfs_prealloc.c |4 ++- source3/modules/vfs_streams_depot.c |5 ++- source3/modules/vfs_streams_xattr.c |4 ++- source3/nmbd/nmbd_browserdb.c | 10 - source3/nmbd/nmbd_browsesync.c |5 ++- source3/nmbd/nmbd_elections.c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 51a7154 nsswitch: add ABI checking and symbol versions to libwbclient via fdd07e8 s4-dsdb: Explain better what records are written during schema set via 1d1bdc3 lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch() from a5495bc Remove smb_panic() from unix_strlower(). Just rely on error code return. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 51a71547ef0c883970e9ef86a33c42e1b815cc4d Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 10 10:17:31 2012 +1000 nsswitch: add ABI checking and symbol versions to libwbclient This will ensure that we do not unintentionally break the ABI. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 10 04:08:54 CEST 2012 on sn-devel-104 commit fdd07e87c6fc7a4a0ea7c6f99080d78e526042e6 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 10 08:44:04 2012 +1000 s4-dsdb: Explain better what records are written during schema set This is controlled by setting write_indices_and_attributes. Andrew Bartlett commit 1d1bdc315b4619f0ca5b2a0db602cbe283f8dca8 Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 9 22:46:48 2012 +1000 lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch() This avoid allocation at the tdb layer as we will allocate this with talloc right away anyway. Andrew Bartlett --- Summary of changes: lib/ldb/ldb_tdb/ldb_search.c | 54 ++ nsswitch/libwbclient/ABI/wbclient-0.9.sigs | 75 nsswitch/libwbclient/wscript |3 + source4/dsdb/pydsdb.c |6 +- source4/dsdb/schema/schema_set.c | 23 -- .../scripting/python/samba/provision/__init__.py |6 +- source4/scripting/python/samba/samdb.py|8 +- 7 files changed, 142 insertions(+), 33 deletions(-) create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.9.sigs Changeset truncated at 500 lines: diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c index e631f7b..703ad6a 100644 --- a/lib/ldb/ldb_tdb/ldb_search.c +++ b/lib/ldb/ldb_tdb/ldb_search.c @@ -234,6 +234,26 @@ static int ltdb_search_base(struct ldb_module *module, struct ldb_dn *dn) return LDB_ERR_NO_SUCH_OBJECT; } +struct ltdb_parse_data_unpack_ctx { + struct ldb_message *msg; + struct ldb_module *module; +}; + +static int ltdb_parse_data_unpack(TDB_DATA key, TDB_DATA data, + void *private_data) +{ + struct ltdb_parse_data_unpack_ctx *ctx = private_data; + + int ret = ltdb_unpack_data(ctx-module, data, ctx-msg); + if (ret == -1) { + struct ldb_context *ldb = ldb_module_get_ctx(ctx-module); + ldb_debug(ldb, LDB_DEBUG_ERROR, Invalid data for index %*.*s\n, + (int)key.dsize, (int)key.dsize, key.dptr); + return LDB_ERR_OPERATIONS_ERROR; + } + return ret; +} + /* search the database for a single simple dn, returning all attributes in a single message @@ -246,9 +266,11 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes void *data = ldb_module_get_private(module); struct ltdb_private *ltdb = talloc_get_type(data, struct ltdb_private); int ret; - TDB_DATA tdb_key, tdb_data; - - memset(msg, 0, sizeof(*msg)); + TDB_DATA tdb_key; + struct ltdb_parse_data_unpack_ctx ctx = { + .msg = msg, + .module = module + }; /* form the key */ tdb_key = ltdb_key(module, dn); @@ -256,24 +278,24 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes return LDB_ERR_OPERATIONS_ERROR; } - tdb_data = tdb_fetch(ltdb-tdb, tdb_key); - talloc_free(tdb_key.dptr); - if (!tdb_data.dptr) { - return LDB_ERR_NO_SUCH_OBJECT; - } - + memset(msg, 0, sizeof(*msg)); + msg-num_elements = 0; msg-elements = NULL; - ret = ltdb_unpack_data(module, tdb_data, msg); - free(tdb_data.dptr); + ret = tdb_parse_record(ltdb-tdb, tdb_key, + ltdb_parse_data_unpack, ctx); + talloc_free(tdb_key.dptr); + if (ret == -1) { - struct ldb_context *ldb = ldb_module_get_ctx(module); - ldb_debug(ldb, LDB_DEBUG_ERROR, Invalid data for index %s\n, - ldb_dn_get_linearized(msg-dn)); - return LDB_ERR_OPERATIONS_ERROR; + if (tdb_error(ltdb-tdb) ==