Re: [SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-622-gb12edbe
On Wed, Apr 02, 2008 at 05:54:27AM -0500, G??nther Deschner wrote: The branch, v3-2-test has been updated via b12edbeffee1f7d1fd971cde9189e5137ddeb35b (commit) via 8a1a9f967db25d3928f19e46d60af249f934f323 (commit) from 4714bae0dbbb2ad010c2929f83de6bca84cfac46 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b12edbeffee1f7d1fd971cde9189e5137ddeb35b Author: GĂźnther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 12:29:24 2008 +0200 Fix net rpc trustdom establish for win2k8 trusts. When establishing trusts to a windows 2008 dc, the NetServerEnum2 RAP call fails with some exotic RAP failure. Let's just try a netlogon getdcname call in that case to convince ourselve we're talking to a proper machine. Rafael, looks ok? Yep, though (as we discussed on #samba-technical) we should probably drop doing RAP call here or provide fallback perhaps. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org Likewise Software http://www.likewisesoftware.com signature.asc Description: Digital signature
Re: [SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-713-g7a911b3
commit 7a911b35713538d82001a3c9f34152e293fe1943 Author: Volker Lendecke [EMAIL PROTECTED] Date: Tue Dec 18 09:41:03 2007 +0100 Add a in-memory cache This is a more general API that caches data with a LRU scheme. See include/cache.h. No comments yet, I'm still working on it. But Jeremy has given me a hint in one of his checkins that he would like to make use of this now. The idea is that we get rid of all our silly little caches and merge them all into one cache I thought gencache was originally implemented for this reason :-) that we can then very easily trim, for example even with a smbcontrol message if someone decides memory is tight. The main user is the stat cache, this patch also converts the getwd cache. More caches to come. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r25674 - in branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba3: .
On Wed, Oct 17, 2007 at 08:26:55AM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2007-10-17 08:26:55 + (Wed, 17 Oct 2007) New Revision: 25674 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25674 [...] I've tested with midl to see how windows handles this situation and also the reverse case where the client sends NULL and the server reposnse with non-NULL. It appears that midl generated code just ignores this and only copies the result if both pointers are non-NULL. Did midl ignore all cases but the one where both pointers were non-NULL at the same time ? I'm not sure right now, but midl shouldn't have problems with [in,out] pointer set to NULL on either in or out direction (as long as it's not ref pointer). cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r24787 - in branches/SAMBA_3_2_0/source: rpc_parse utils
On Wed, Aug 29, 2007 at 05:14:55PM +, [EMAIL PROTECTED] wrote: Author: jra Date: 2007-08-29 17:14:54 + (Wed, 29 Aug 2007) New Revision: 24787 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24787 Log: Janitor for Mimir. Mimir, you checked into SAMBA_3_2 and SAMBA_3_0 - this second branch is defunct. You should be checking into SAMBA_3_2_0 instead - this is what we will be shipping as 3.2.0. Oh, sorry. I thought I have already checked it into 3_2_0 after I found my samba3 tree was SAMBA_3_0. Thanks! cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r24733 - in branches: SAMBA_3_2/source/lib SAMBA_3_2/source/torture SAMBA_3_2_0/source/lib SAMBA_3_2_0/source/torture
On Tue, Aug 28, 2007 at 12:40:03PM +, [EMAIL PROTECTED] wrote:
Author: gd
Date: 2007-08-28 12:40:01 + (Tue, 28 Aug 2007)
New Revision: 24733
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24733
Log:
Add support for storing DATA_BLOBs in gencache.tdb (including torturetest).
Mimir, please have a look. DATA_BLOBs will now just show up as DATA_BLOB
values with net cache list.
Looks fine to me.
One aesthetic note - couldn't this:
+ again:
+ len = 0;
+
+ len += tdb_pack(buf+len, buflen-len, fB,
+ valstr,
+ blob-length, blob-data);
+
+ if (len == -1) {
+ goto out;
+ }
+
+ if (buflen len) {
+ SAFE_FREE(buf);
+ buf = SMB_MALLOC_ARRAY(unsigned char, len);
+ if (!buf) {
+ goto out;
+ }
+ buflen = len;
+ goto again;
+ }
be implemented as a loop ?
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
signature.asc
Description: Digital signature
Re: svn commit: samba r24568 - in branches/SAMBA_4_0/source/torture/libnet: .
On Mon, Aug 20, 2007 at 01:03:51AM +, [EMAIL PROTECTED] wrote: Author: abartlet Date: 2007-08-20 01:03:51 + (Mon, 20 Aug 2007) New Revision: 24568 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24568 Log: Fix the build, caused by a conflict betwen mimir's work and metze's bulk rename. Thanks Andrew! cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r23066 - in branches/SAMBA_4_0/source/torture/libnet: .
Metze,
On Tue, May 22, 2007 at 09:02:17AM +, [EMAIL PROTECTED] wrote:
Author: metze
Date: 2007-05-22 09:02:16 + (Tue, 22 May 2007)
New Revision: 23066
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23066
Log:
don't ignore errors
metze
Modified:
branches/SAMBA_4_0/source/torture/libnet/libnet_user.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_user.c
===
--- branches/SAMBA_4_0/source/torture/libnet/libnet_user.c2007-05-22
06:34:14 UTC (rev 23065)
+++ branches/SAMBA_4_0/source/torture/libnet/libnet_user.c2007-05-22
09:02:16 UTC (rev 23066)
@@ -536,6 +536,7 @@
status = libnet_UserInfo(ctx, mem_ctx, user_req);
if (!NT_STATUS_IS_OK(status)) {
printf(libnet_UserInfo call failed: %s\n,
nt_errstr(status));
+ ret = False;
continue;
}
Thanks for catching that.
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
signature.asc
Description: Digital signature
Re: svn commit: samba r23047 - in branches/SAMBA_4_0/source/scripting/ejs: .
On Tue, May 22, 2007 at 09:17:36AM +1000, [EMAIL PROTECTED] wrote: Mimir, + /* First, try to include file from current working directory. + This allows local includes which is handy sometimes. */ yes, it's very handy if you are a malicious hacker! Imagine the admin has a ftp upload area, and cd's to that directory. He wants to see if anyone is connected to that area with smbstatus. The attacker uploads util.js and hey presto the attacker has just got the admin to run his code inside smbstatus, as root. Well, yes, you're right. I messed the order :) But it should be ok, to reverse the order of inclusion - defined paths first, local dir second. This would allow not to substitue commonly used include files and still be able to include something local. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r23047 - in branches/SAMBA_4_0/source/scripting/ejs: .
On Tue, May 22, 2007 at 04:32:30PM +1000, [EMAIL PROTECTED] wrote: Rafal, Well, yes, you're right. I messed the order :) But it should be ok, to reverse the order of inclusion - defined paths first, local dir second. This would allow not to substitue commonly used include files and still be able to include something local. no, it's not OK. It's _never_ ok. Imagine that Samba is installed in /net/some_nfs/drive/samba and nfs is down. What happens then? smbstatus then goes to '.' and the security hole is back. Please just revert the patch. There is no way we should ever be looking in '.' for scripts or libraries of any kind. ok, you're right. My foolish mistake. It's reverted now. My life is more complicated back again ;-) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r21852 - in branches/SAMBA_4_0/webapps/swat/source/class/swat/module/netmgr: .
On Thu, Mar 15, 2007 at 10:52:34PM -0400, [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] writes:
+ if (typeof(parentNode.credentials) == object)
+ {
+ var creds = parentNode.credentials;
+ var request = _this.callRpc(samba.ejsnet, NetContext, [ creds ]);
+ request.setUserData(requestType, NetContext);
+ }
+ else
+ {
+ // TODO: display a login dialog
+ }
+ }
+
+});
I'm not sure what you're doing here, but login is handled automatically for
all of the modules. Either you don't understand the SWAT framework and its
standard capabilities, or (more likely) I just don't understand what you're
doing here. If I'm off base, just tell me to shut up. :-)
Yes, I know the login is handled by SWAT.
I need to create NetContext for the host node. Since each host I connect
to by means of libnet may require different credentials, I attach them
to the node and create the actual context on the server side. So, this
is creating libnet credentials rather than logging in to SWAT.
There's one thing that might turned useful here. Default credentials could
be created on the basis of SWAT login credentials. However, specifying
different ones needs to be available. Right now, if there's nothing given
yet, I ask (vide TODO).
Don't shut up - thanks for keeping an eye on this code :-)
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
signature.asc
Description: Digital signature
Re: svn commit: samba r20908 - in branches/SAMBA_4_0/source/scripting/ejs/ejsnet: .
On Fri, Jan 19, 2007 at 03:37:20PM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2007-01-19 15:37:20 + (Fri, 19 Jan 2007) New Revision: 20908 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20908 Log: - fix uninitialized usage of 'ctx' - remove unused mem_ctx variable - copy the userman_domain string as child of obj Metze, thank you and please let me finish :) I don't have the whole day for samba coding so I leave something for the next one:) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r20791 - in branches/SAMBA_4_0/source: . scripting/ejs scripting/ejs/ejsnet
On Mon, Jan 15, 2007 at 07:34:04AM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2007-01-15 07:34:04 + (Mon, 15 Jan 2007) New Revision: 20791 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20791 Log: the ejsnet stuff can be a normal smbcalls module... Why is it still called smbcalls ? I realise there are historical reasons, but ejs interface has became much more than just a gateway to smbcalls. mimir: when you want to register more functions please do that in the smb_setup_ejs_net() function ok. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r20225 - in branches/SAMBA_4_0/source/libnet: .
On Sun, Dec 17, 2006 at 01:33:43PM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-12-17 13:33:43 + (Sun, 17 Dec 2006) New Revision: 20225 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20225 Log: we can't use composite_error() in a _recv() function, as that would trigger the caller to call the _recv() function again and will be an endless loop. Doh! You're right. Thanks. this is just a fix the to prevent this, and use a more usefull error code than NT_STATUS_UNSUCCESSFUL I think we should move the checks about valid responses into the function which receives the the response (here continue_name_found()), so that the _recv() function only needs to transfer the output vars to the caller without any logic to analyse the network response. Yes, but on the other hand I'd prefer to leave some of the code in _recv function to be able to perform some checks when transferring the results to given memory context. Alternative approach would be to replace all _recv functions with some generic call, just like dcerpc_ndr_request_recv() cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r20166 - in branches/SAMBA_4_0/source/libnet: .
On Thu, Dec 14, 2006 at 08:23:56AM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-12-14 08:23:55 + (Thu, 14 Dec 2006) New Revision: 20166 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20166 Log: we have a dom_sid_add_rid() function that adds the rid after allocating enough memory for the new sub_auth element. the old version wrote behind the buffer. also make the output sid a pointer. Hey! I was supposed to fix that tonight :) Thanks anyway :) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r20011 - in branches/SAMBA_4_0/source/libnet: .
Metze, Could we implement it as part of libnet_SetRole function ? This way functionality of various roles would be put into respective role_*.c files - role_become_dc.c in this case. With libnet_SetRole we could provide high level of support for complicated tasks like promoting a server do DC, becoming domain member, etc. On Sat, Dec 02, 2006 at 03:35:27PM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-12-02 15:35:27 + (Sat, 02 Dec 2006) New Revision: 20011 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20011 Log: define libnet_BecomeDC_state struct and add some dummy functions cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r19933 - in branches/SAMBA_4_0/source/libnet: .
On Tue, Nov 28, 2006 at 04:05:11PM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-11-28 16:05:10 + (Tue, 28 Nov 2006) New Revision: 19933 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=19933 Log: something is really wrong here... mimir: please take a look! Oh, I forgot to pass the actual data pointer to the message. Other than that, it's just passing pipe connection parameters to synchronous monitor functions (what ensures the validity of the pointers). Thanks for catching that! Is there anything else troubling you ? cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r18614 - in branches/SAMBA_4_0/source/lib/util: .
On Tue, Sep 19, 2006 at 10:14:44PM -0700, [EMAIL PROTECTED] wrote: Mimir, a new function converting NTTIME to struct timeval + tv-tv_usec = t - tv-tv_sec*100; +} Are you sure thats correct? Well, just for a quick check I put a code, in one of my test, getting current time in timeval, converting it to NTTIME, and converting it to timeval back again. It did work correctly, though I didn't do any random tests. Maybe it's equivalent somehow, but I suspect to get the tv_usec value will involve a modulo operation, something like: tv-tv_usec = ((t+5) % 1000) / 10; The idea of doing it was based on nt_time_to_unix function. Maybe we need a LOCAL-TIME unit test for these time functions? Converting from timeval to NTTIME then back again for some random times might be a useful test (with appropriate 0.5usec tolerence levels). Sure, I was also thinking about that. The only thing that stopped me that time was do we really need to test this ?, but it looks like we do. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r18607 - in branches/SAMBA_4_0/source/libnet: .
On Mon, Sep 18, 2006 at 09:02:50AM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-09-18 09:02:50 + (Mon, 18 Sep 2006) New Revision: 18607 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18607 Log: remove unused structure element rafal: is there a reason why we don't use libnet_AddShare() in the torture test? Yes, the original code is not mine, but the volunteer (sorry, forgot his name) on the net. He probably did not write the test for it. I'm going to check the share manipulation code and probably reconstruct it a little once I'm done with user account functions. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r18587 - in branches/SAMBA_4_0/source/libnet: .
Tridge,
On Sat, Sep 16, 2006 at 05:59:34PM +, [EMAIL PROTECTED] wrote:
Author: tridge
Date: 2006-09-16 17:59:33 + (Sat, 16 Sep 2006)
New Revision: 18587
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18587
Log:
fixed a potential memory leak in libnet
How did that introduce a memory leak ? Should libnet ctx as a parent not
depend on any other ?
Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet.c
===
--- branches/SAMBA_4_0/source/libnet/libnet.c 2006-09-16 17:57:50 UTC (rev
18586)
+++ branches/SAMBA_4_0/source/libnet/libnet.c 2006-09-16 17:59:33 UTC (rev
18587)
@@ -27,7 +27,7 @@
struct libnet_context *ctx;
/* create brand new libnet context */
- ctx = talloc(NULL, struct libnet_context);
+ ctx = talloc(ev, struct libnet_context);
if (!ctx) {
return NULL;
}
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
signature.asc
Description: Digital signature
Re: svn commit: samba r18529 - in branches/SAMBA_3_0/source/lib: .
On Thu, Sep 14, 2006 at 02:06:35PM -0400, simo wrote: On Thu, 2006-09-14 at 13:56 -0400, [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: + DEBUG(1, (WARNING: your /etc/hosts file may be broken!\n)); + DEBUGADD(1, (specifing the machine hostname for address 127.0.0.1 may lead\n)); + DEBUGADD(1, (to Kerberos authentication probelms as localhost.localdomain\n)); + DEBUGADD(1, (may end up to be used instead of the real machine FQDN.\n)); Verb conjugation in English of to be is really strange. This should say: DEBUGADD(1, (may end up being used instead of the real machine FQDN.\n)); Thanks, will change it. Just for the sake of completeness - in the same shot you could fix a typo: s/probelms/problems/ :-) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r17990 - in branches/SAMBA_4_0/source/librpc/rpc:.
On Fri, Sep 01, 2006 at 01:06:40PM +0200, Stefan (metze) Metzmacher wrote:
Hi Tridge,
/*
+ handle timeouts of a dcerpc connect
+*/
+static void dcerpc_connect_timeout_handler(struct event_context *ev,
struct timed_event *te,
+ struct timeval t, void *private)
+{
+ struct composite_context *c = talloc_get_type(private, struct
composite_context);
+ DEBUG(0,(DCERPC CONNECT TIMEOUT\n));
+ composite_error(c, NT_STATUS_IO_TIMEOUT);
+ composite_done(c);
+}
this is wrong, composite_error() already calls the callback and frees 'c'
and composite_done() would use freed memory
Though I sometimes think it would be more convenient to be able to first
set the status code with composite_error() and then do something more,
before calling the callback and freeing the composite context.
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
signature.asc
Description: Digital signature
Re: svn commit: samba r17717 - in branches/SAMBA_4_0/source/torture/libnet: .
On Tue, Aug 22, 2006 at 07:28:44PM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-08-22 19:28:44 + (Tue, 22 Aug 2006) New Revision: 17717 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17717 Log: this cried for bugs...and they happened... we were passing a struct timeval reference as string, and gcc gives a warning...use C99 style initialisation. is there a special reason why the ACB_NORMAL is passed when the force_password_change is selected? No, this was a quick test of setting this field. This test is about to change, but thank you for fixing this version. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r14172 - in branches/SAMBA_4_0/source/librpc/rpc: .
On Fri, Mar 10, 2006 at 08:08:16PM +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-03-10 20:08:15 + (Fri, 10 Mar 2006) New Revision: 14172 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=14172 Log: composite_is_ok(c) destroys c, when the status isn't ok. so we need to return directly. Thanks for this, Stefan. I need to put those debug messages elsewhere. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r11794 - in branches/SAMBA_4_0/source/libnet: .
On Fri, Nov 18, 2005 at 11:27:58PM +, [EMAIL PROTECTED] wrote: Author: tridge Date: 2005-11-18 23:27:58 + (Fri, 18 Nov 2005) New Revision: 11794 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11794 Log: - fixed a valgrind error in libnet, caused by using a stack variable after the function has returned (the *address variable was assigned into the state). Doh! Thanks for catching that, Andrew. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r8839 - in trunk/source: param registry rpc_server services
On Thu, Jul 28, 2005 at 07:50:09PM +, [EMAIL PROTECTED] wrote: Author: jerry Date: 2005-07-28 19:50:07 + (Thu, 28 Jul 2005) New Revision: 8839 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=8839 Log: adding patches from Marcin. Have to still work on testing and reviewing. Wow! A polish hacker! :) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r7511 - in branches/SAMBA_3_0/source: param utils
On Sun, Jun 12, 2005 at 04:00:31PM +, [EMAIL PROTECTED] wrote: Author: lmuelle Date: 2005-06-12 16:00:29 + (Sun, 12 Jun 2005) New Revision: 7511 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=7511 Log: Add three new command line switches to testparm: --show-all-parameters Enumerates all available parameters, grouped in to sections [local] and [global] by the class of the parameter. Each line is formated name=type[,enum values],flags --parameter-name Display the setting of the named parameter. The global section is assumed if no other is set with --section-name --section-name Limit the view of testparm to the named section. Use 'global' to only view the settings of the global section. This is your first commit - congratulations! :) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r7253 - in branches/SAMBA_4_0/source/include: .
On Sat, Jun 04, 2005 at 12:20:32AM +, [EMAIL PROTECTED] wrote: Author: tpot Date: 2005-06-04 00:20:32 + (Sat, 04 Jun 2005) New Revision: 7253 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=7253 Log: Fix build. Thank you and sorry about the mess. As Andrew noticed it's a part of uncommited code. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r6426 - in branches/SAMBA_4_0/source/torture/libnet: .
On Thu, Apr 21, 2005 at 06:20:34PM -0700, Richard Sharpe wrote:
On Fri, 22 Apr 2005 [EMAIL PROTECTED] wrote:
- if (!NT_STATUS_IS_OK(status)) {
- return False;
- }
+ if (!NT_STATUS_IS_OK(status)) return False;
I don't think this is a big item, but I actually prefer the first one
above that was deleted, because it makes things much easier when you are
inserting debugging statements and so forth, at the cost of a few more
characters.
Certainly, when you add debug statements you use the deleted form.
I changed it to single line because it is smaller. Once I put there
something more it will be just what you prefer.
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
signature.asc
Description: Digital signature
Re: svn commit: samba r6165 - in branches/SAMBA_4_0/source: libnet torture/libnet
On Fri, Apr 01, 2005 at 11:24:52AM +, [EMAIL PROTECTED] wrote: Author: tridge Date: 2005-04-01 11:24:52 + (Fri, 01 Apr 2005) New Revision: 6165 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6165 Log: fixed up the userinfo composite code. Fixes include: [...] Mimir, please look at the diff carefully for more detailed info on the fixes Thanks a lot! I'll study it tonight. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r5372 - in branches/SAMBA_4_0/source/include: .
On Sun, Feb 13, 2005 at 09:33:32AM +, [EMAIL PROTECTED] wrote: Author: tridge Date: 2005-02-13 09:33:31 + (Sun, 13 Feb 2005) New Revision: 5372 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5372 Log: fixed the build Oh, sorry about that, but how could it be ? I did clean and complete build twice and nothing had happened. Modified: branches/SAMBA_4_0/source/include/structs.h Changeset: Modified: branches/SAMBA_4_0/source/include/structs.h === --- branches/SAMBA_4_0/source/include/structs.h 2005-02-13 09:10:33 UTC (rev 5371) +++ branches/SAMBA_4_0/source/include/structs.h 2005-02-13 09:33:31 UTC (rev 5372) @@ -119,6 +119,7 @@ union libnet_rpc_connect; union libnet_RemoteTOD; union libnet_JoinDomain; +union libnet_CreateUser; struct net_functable; struct net_context; cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: lorikeet r59 - in trunk: . samba4-ad-thesis
On Thu, Sep 16, 2004 at 03:38:41AM +, [EMAIL PROTECTED] wrote: Author: abartlet Date: 2004-09-16 03:38:41 + (Thu, 16 Sep 2004) New Revision: 59 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunkrev=59nolog=1 Log: As residents on #samba-technical would be aware, I'm working on Samba4 for University credit - finally! This thesis describes the Samba4 work towards an Active Directory compatible DC. In any case, I figure the best backup procedure for this document is to simply put it in SVN, so I'm doing just that :-) That's perfectly reasonable. I used my cvs server to host my own thesis. There is a long way to go on this, but you have to start somehwere... If you wish to make changes to this, talk to me first, so I can ensure that appropriate credit is given, and my supervisor doesn't kill me ;-) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r2339 - in branches/SAMBA_4_0/source/scripting/swig/torture: .
On Wed, Sep 15, 2004 at 04:36:13AM +, [EMAIL PROTECTED] wrote: Author: tridge Date: 2004-09-15 04:36:13 + (Wed, 15 Sep 2004) New Revision: 2339 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swig/torturerev=2339nolog=1 Log: my first python commit! How do you like the language ? :) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r1720 - branches/SAMBA_3_0/source/utils trunk/source/utils
On Wed, Aug 11, 2004 at 01:41:14PM +0200, Volker Lendecke wrote: On Wed, Aug 11, 2004 at 09:32:32AM +, [EMAIL PROTECTED] wrote: branches/SAMBA_3_0/source/utils/net_groupmap.c trunk/source/utils/net_groupmap.c Wait a minute -- how did you set up your tree to be able to do a combined commit??? You can easily checkout the whole samba svn tree witch all branches under in subdirectory (as Guenter have pointed out). It's a nice feature compared to cvs. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r1720 - branches/SAMBA_3_0/source/utils trunk/source/utils
On Wed, Aug 11, 2004 at 06:21:00PM +0200, Volker Lendecke wrote: On Wed, Aug 11, 2004 at 01:59:46PM +0200, Guenther Deschner wrote: quite easy: I just checked out $SERVER/samba and below samba I call Ok, I did not do this quite yet as this probably is huge :-) Not so horrible, but growing fast as you've joined the 3.2-merge efforts :-) Besides, we're in US, so take an opportunity to use fast links ;) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r1689 - trunk/source/libsmb
On Tue, Aug 10, 2004 at 11:23:08AM +, [EMAIL PROTECTED] wrote: Author: vlendec Date: 2004-08-10 11:23:08 + (Tue, 10 Aug 2004) New Revision: 1689 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1689nolog=1 Log: Forgot asn1.c in last ldap commit Yes, you've had :) First I wanted to commit turned off code (ifdef-ed) as it broke my build, but then I just left this fix in my local repo. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba-web r105 - trunk/support
On Tue, Jun 22, 2004 at 09:02:48PM +, [EMAIL PROTECTED] wrote: Author: deryck Date: 2004-06-22 21:02:48 + (Tue, 22 Jun 2004) New Revision: 105 Removed: trunk/support/poland.html Absolutely no one replied in Poland ??? cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
Re: svn commit: samba r94 - trunk/source/utils
On Tue, Apr 06, 2004 at 10:23:06PM +, [EMAIL PROTECTED] wrote: Author: jmcd Date: 2004-04-06 22:23:06 + (Tue, 06 Apr 2004) New Revision: 94 Modified: trunk/source/utils/pdbedit.c Log: Fix the build that mimir broke! Function was declared as delete_trustpw, but called as delete_trustpw_entry. Sorry, just tried to fix that when I noticed you commited the fix. The latter was the original function name, and it seems I didn't change it completely... -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: samba/source/utils
On Thu, Mar 18, 2004 at 07:32:15AM +, [EMAIL PROTECTED] wrote: Date: Thu Mar 18 07:32:15 2004 Author: vlendec Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv28359 Modified Files: Tag: SAMBA_3_0 net.c net_rpc.c Log Message: Two little annoyances: net rpc did not inform you if no smbd is running. I never liked the error message (!) Success! when we established a trust. Don't you like error message first and then success ? ;-) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: samba/source/include
On Thu, Mar 18, 2004 at 08:05:00PM +, [EMAIL PROTECTED] wrote: Date: Thu Mar 18 20:05:00 2004 Author: jmcd Update of /home/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv17754/include Modified Files: passdb.h smbldap.h Log Message: merge from 3.0...LDAP password lockout support Can you see any reason why this could not be written to utilise gencache ? As far as I can see there's actually no data that couldn't be represented with gencache entry. If so, I could port it. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: samba/source/include
On Fri, Mar 19, 2004 at 01:40:50PM -0500, Jim McDonough wrote: Can you see any reason why this could not be written to utilise gencache ? As far as I can see there's actually no data that couldn't be represented with gencache entry. If so, I could port it. Yes, the cache entries do not expire based on a timestamp, but rather a timestamp+current password policy setting. Of course and it's still doable. As caches based on gencache have their own specifics they're built on top of it. This mechanism provides a GENeric CACHE :) If you think it is better to leave logon caching with its own mechanism, I am still happy with that. I just thought I had written gencache with using it this way on mind. I'll take a look once more at the code and talk to you. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: samba/source/auth
On Sun, Feb 29, 2004 at 04:48:19PM +, [EMAIL PROTECTED] wrote: Date: Sun Feb 29 16:48:19 2004 Author: vlendec Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv14749/auth Modified Files: auth_util.c Log Message: Apply my experimental aliases support to HEAD. This will be a bit difficult to merge to 3_0, as the pdb interfaces has changed a bit between the two. This has not been tested too severly (which means it's completely broken ;-), but I want it in for review. Feel free to revert it :-) TODO: make 'net groupmap' a bit more friendly for alias members. Put that stuff into pdb_ldap. Getting the information over to winbind. One plan without linking pdb into winbind would be to fill group_mapping.tdb with the membership information and have that as a cache (or use gencache.tdb?). Yes, use it. That's what it's been implemented for :) smbd on a PDC or stand-alone could trigger that itself, the problem is a BDC using LDAP. This needs to do it on a regular basis. The BDC smbd needs to be informed about SAM changes somehow... cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: samba/source/include
On Thu, Jan 08, 2004 at 09:40:20AM +0100, Volker Lendecke wrote: On Wed, Jan 07, 2004 at 09:41:48PM +, [EMAIL PROTECTED] wrote: Prototype version of trust passwords moved to SAM/pdb. This is backend-independent part ie. interface - does build and (it seems) doesn't break anything else. Thanks! We *really* need that in 3_0 as well. Patience, Luke ;-) I'd rather try it out with basic backends (tdb and smbpasswd, namely) in HEAD and then port it to 3_0. We don't want to have passdb backends broken in our production release, I guess. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: samba4/source/ntvfs/cifs
On Thu, Jan 08, 2004 at 06:48:55AM +, Stefan Metzmacher wrote: Date: Thu Jan 8 06:48:55 2004 Author: metze Update of /home/cvs/samba4/source/ntvfs/cifs In directory dp.samba.org:/tmp/cvs-serv5214/ntvfs/cifs Modified Files: vfs_cifs.c Log Message: remove a useless assignment Congratulations on your first commit! :) cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org
Re: CVS update: sambaweb/docs
On Sat, Apr 12, 2003 at 01:57:49PM +, Jelmer Vernooij wrote: Date: Sat Apr 12 13:57:49 2003 Author: jelmer Update of /home/cvs/sambaweb/docs In directory dp.samba.org:/tmp/cvs-serv30831 Modified Files: index.html Log Message: Fix links to the HEAD/3.0 documentation You said you didn't fix it (on #samba-technical) Fixed itself ? :-) cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/lib
On Sat, Mar 22, 2003 at 11:25:09PM +, [EMAIL PROTECTED] wrote: Date: Sat Mar 22 23:25:09 2003 Author: abartlet Update of /data/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv27868/lib Modified Files: gencache.c Log Message: Valgrind found a few memory leaks! Nice! I better start to use it... cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/libsmb
On Tue, Mar 18, 2003 at 09:42:50AM +1100, Andrew Bartlett wrote: On Tue, 2003-03-18 at 09:24, [EMAIL PROTECTED] wrote: On Mon, Mar 17, 2003 at 04:42:57AM +, [EMAIL PROTECTED] wrote: Date: Mon Mar 17 04:42:57 2003 Author: abartlet Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv3421/libsmb Modified Files: trusts_util.c Log Message: Fix a memory leak - 'smbcontrol smbd pool-usage' is your freind! Excuse me, but looking at source code I don't quite understand why to remove this talloc destroy ? If function doesn't return after successful string compare, then initialised talloc should be destroyed before default return. Correct. I *added* it :-) Oh, indeed! I thought I've seen '-' on the left hand side! Well, I was really tired yesterday night and that's my only excuse :) Thank you. cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: cvs updating failure
On Mon, Mar 17, 2003 at 03:01:38PM -0700, David Bear wrote: sorry to be stupid on cvs -- its always worked as documented on the web site.. but now its not. after I do $cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot login $ cvs update -d -P Why don't you checkout the source tree first, before updating ? cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/auth
On Sat, Mar 15, 2003 at 06:10:49AM +, [EMAIL PROTECTED] wrote: Date: Sat Mar 15 06:10:49 2003 Author: abartlet Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv4501/auth Modified Files: auth_util.c Log Message: Now that mimir has done the grunt work, I'll fix up the comment Indeed :) I forgot to remove it. cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/libsmb
On Fri, Mar 14, 2003 at 05:03:43PM +, [EMAIL PROTECTED] wrote: Date: Fri Mar 14 17:03:43 2003 Author: mimir Update of /home/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv12490 Removed Files: trust_passwd.c Log Message: /tmp/newfun.msg Ugh, option mistaken :( cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/passdb
On Sat, Mar 15, 2003 at 09:28:24AM +1100, Andrew Bartlett wrote: On Sat, 2003-03-15 at 04:12, [EMAIL PROTECTED] wrote: Date: Fri Mar 14 17:12:40 2003 Author: mimir Update of /home/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv14137/passdb Modified Files: secrets.c Log Message: We need to extend that struct, to have the account name, old password and the account type. (If we have a interdomain trust account, or a workstation account, we have to specify the right type to NT). Now it *should* always be interdomain trust, but... ;-) In fact, it's likely to appear in two cases: one with any number of trusted domains passwords and another with one password for 'our' trusted account on PDC. Mixtures of above shuoldn't take place in clear installations :) I've found interesting situation when having such a mixture and in domain membership mode. Thanks to that I know we must be prepared for that ...just in case. The old password is needed in case the PDC/BDC we contact isn't up to speed yet, and the account name helps generalize the case and avoids problems when we rename ourselves. Yes, I didn't forget about these things. We've discussed it on irc. Under construction :) cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/libsmb
On Sat, Mar 15, 2003 at 09:24:33AM +1100, Andrew Bartlett wrote: On Sat, 2003-03-15 at 04:07, Rafal Szczesniak wrote: On Fri, Mar 14, 2003 at 05:03:43PM +, [EMAIL PROTECTED] wrote: Date: Fri Mar 14 17:03:43 2003 Author: mimir Update of /home/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv12490 Removed Files: trust_passwd.c Log Message: /tmp/newfun.msg Ugh, option mistaken :( Your new 'trusted domains cache' shuts down the gencache when it's finished. We need to find the 'correct' way to handle that. Agreed. Other than that, this looks very nice! Thank you :) At the moment, :-) cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: CVS update: samba/source/auth
On Sat, Feb 22, 2003 at 08:01:00PM +, [EMAIL PROTECTED] wrote: Date: Sat Feb 22 20:01:00 2003 Author: abartlet Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv27687/auth Modified Files: auth_rhosts.c Log Message: See if I can make this look slightly like C. It compiled locally, honest... So it was you ! :-) I was surprised by a compile time error today and found that part of the source looks a bit like C++. OK, you have fixed it, so I don't have to check in my fix. I was about to do it yet this day (my local time)... I also have some problems with kerberos parts, but I'll see whether it still raises after my Debian upgrade. cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: Fw: About passwd changin
On Mon, Dec 30, 2002 at 10:56:19AM +0800, David wrote: Hi, Thanks for your kindly reply. So, you mean I should add a guest account to my unix system? Such as: pcguest? You probably already have one. It is called 'guest' or 'nobody' in Linux distributions. Commonly, leaving 'guest account' parameter unset is enough to get things working. cheers, -- Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl Samba Team member mimir[at]samba.org +-+ *BSD, GNU/Linux and Samba http://www.samba.org +-+
Re: LSA Privileges
On Mon, Feb 10, 2003 at 05:04:52PM +0100, Jean-Baptiste Marchand wrote:
[EMAIL PROTECTED] wrote:
Sorry for being pedantic about that ;-)
Absolutely not! This explains a few issues I've had (and I am sure we could
find yet more people in the same situation).
--
cheers,
+--+
| Rafal Szczesniak |
| mimir{at}diament.ists[dot]pwr.wroc.pl/
| *BSD, GNU/Linux and Samba /
|/
Re: machine names same as usernames - problems... -- here's arealworld NetBIOS clusterfsck ...
On Thu, Feb 06, 2003 at 04:15:52PM -0800, Richard Sharpe wrote: On Thu, 6 Feb 2003, Richard Sharpe wrote: On Thu, 6 Feb 2003, Bryan J. Smith wrote: No, not really. The \$ in the name of the trust account is an MS thing. Samba requires a machine account be backed up on the server with an account of that name. However, as far as I can see, we could remove that restriction, as we could keep all the needed info in the secrets file or another tdb. OK, I withdraw the last sentence, since when we are operating as a PDC, we should use the same account mechanisms for trust accounts and ordinary user accounts. Actually it depends on direction of trust ie. whether we're dealing with _trusted_ domain or _trusting_ domain. Just my 2 cents... -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: Gencache fails to open gencache.tdb
On Wed, Feb 05, 2003 at 08:01:51PM +0200, Alexander Bokovoy wrote: Hi all! Attached patch can be seen as proposal to discuss behavior of gencache in case when it is used in applications running under non-priviledged accounts so that O_RDWR|O_CREAT always fails against system-wide lock_path(gencache.tdb) (which is usually created by smbd/nmbd). The patch adds error resistence and tries to re-open gencache.tdb in O_RDONLY mode if O_RDWR|O_CREAT failed. This allows the application to use existing entries but forbids cache updates. I understand your idea, but it's useful only when another root-privileged process is able to update the cache contents (like parent process ?). Otherwise, only per-user cache makes sense when it comes to being useful. Simo proposed to have per-account gencache.tdb in such case (~/.smb/gencache.tdb?) but I'm not sure it is good to put such behavior into the level where gencache exists (lib/). Any other thoughts? Look above. The other question is what do we expect non-privileged account to be able to do with samba daemons ? -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: Gencache fails to open gencache.tdb
On Thu, Feb 06, 2003 at 05:46:46PM +1100, Andrew Bartlett wrote: On Thu, 2003-02-06 at 10:10, Tim Potter wrote: On Thu, Feb 06, 2003 at 12:06:04AM +0100, Rafal Szczesniak wrote: Attached patch can be seen as proposal to discuss behavior of gencache in case when it is used in applications running under non-priviledged accounts so that O_RDWR|O_CREAT always fails against system-wide lock_path(gencache.tdb) (which is usually created by smbd/nmbd). The patch adds error resistence and tries to re-open gencache.tdb in O_RDONLY mode if O_RDWR|O_CREAT failed. This allows the application to use existing entries but forbids cache updates. I understand your idea, but it's useful only when another root-privileged process is able to update the cache contents (like parent process ?). Otherwise, only per-user cache makes sense when it comes to being useful. It is actually slightly useful. If you are a user process running on a Samba server, then you can share the up to date cache data that is generated by smbd and nmbd. You're right though in the fact that you can't update it or expire old entries. I still think it's useful though. One of the problems is that gencache can be used to store all sorts of information. For example I want to move netlogon_unigroup.tdb into it, and possibly more sensitive information in future. Exactly. And implementing a sort of access control is far too much for such simple mechanism. My worry is that we could leak information this way. I'm also told that there could be issues with the ability to 'block' smbd with byte-range read-locking on that database. You mean the process that does read from gencache.tdb file could block it and thus prevent from writing to this particular byte-range ? -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: CVS update: samba/source/utils
On Sun, Dec 29, 2002 at 10:01:51AM +0100, Simo Sorce wrote: On Sun, 2002-12-29 at 09:24, Simo Sorce wrote: On Sat, 2002-12-28 at 20:49, [EMAIL PROTECTED] wrote: On Sat, Dec 28, 2002 at 05:30:16PM +0100, Simo Sorce wrote: This is plain wrong pdbedit can be used fine without a username without username it simply fixes all the accounts oops, fixes - works :-) I think I should sleep some more :-) Let's see if I get it right this time :-P fixes - works - show show - shows Sorry, Simo, just couldn't help myself ;-) PS. Sleep is good... generally speaking :) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: something's wrong with CVS server
On Mon, Dec 16, 2002 at 09:46:32AM +1100, Tim Potter wrote: On Sun, Dec 15, 2002 at 09:32:26PM +0100, Rafal Szczesniak wrote: Does anyone know what happened to CVS server ? Neither cvs tree update nor browsing links on samba-cvs work. All started yesterday or day before (more-less). I've restarted xinetd (again). Not sure what's going on - the xinetd process was in the T state so maybe someone else was fooling around with it. Seems to be ok now. Thank you. I can update my source tree before starting to change the code. Don't know how about browsing links yet, but I hope someone will commit new changes soon, so I can test it too :) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: something's wrong with CVS server
On Mon, Dec 16, 2002 at 12:15:59AM +0100, Rafal Szczesniak wrote: On Mon, Dec 16, 2002 at 09:46:32AM +1100, Tim Potter wrote: On Sun, Dec 15, 2002 at 09:32:26PM +0100, Rafal Szczesniak wrote: Does anyone know what happened to CVS server ? Neither cvs tree update nor browsing links on samba-cvs work. All started yesterday or day before (more-less). I've restarted xinetd (again). Not sure what's going on - the xinetd process was in the T state so maybe someone else was fooling around with it. Seems to be ok now. Thank you. I can update my source tree before starting to change the code. Don't know how about browsing links yet, but I hope someone will commit new changes soon, so I can test it too :) That one's fine as well. Thanks to Tim for doing cvs commit so quickly ;) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: 3.0 requires an admin account to join samba to a domain?
On Wed, Dec 04, 2002 at 06:38:49PM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 5 Dec 2002, Rafal Szczesniak wrote: I found it. Who came up with the function names? They're horrible! Originally it was an attempt to follow underlying mechanism name. As 'net' gets general and therefore complicated tool, we getting farther from this intend. Perhaps synonyms could help, but only for a while. After that it would be a straight way to horrible mess. Maybe it's time to start 'net search key=...' ? ;-) I meant things like just_change_the_password() Oh, it's being changed now, by me. I recently renamed the file and put another trust-related function there. I'm also going to rename the just_change_the_password() and (possibly) give it more general shape to use it with domain trusts, as well. In summary: I'm working there, right now :) ... and agree -- the names have been horrible, so far. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: 3.0 requires an admin account to join samba to a domain?
On Thu, Dec 05, 2002 at 08:24:17AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 5 Dec 2002, Rafal Szczesniak wrote: Oh, it's being changed now, by me. I recently renamed the file and put another trust-related function there. I'm also going to rename the just_change_the_password() and (possibly) give it more general shape to use it with domain trusts, as well. In summary: I'm working there, right now :) ... and agree -- the names have been horrible, so far. It would be nice to settle on function names and change them as little as possible since people get used to grepping for certain strings to locate functionality. Maybe. I don't know yet how far it is possible. Perhaps putting former xyz() function in comments could be of some help for grepping the code ? I don't assume, I'll change the function names, for sure. It's just that they're quite specific. And why did I get 4 copies of this mail? I understand why I got 2, but 4? Huh ? That's a surprise. AFAIR it was addressed to you, Jim and the mailing list. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: 3.0 requires an admin account to join samba to a domain?
On Wed, Dec 04, 2002 at 02:09:45PM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 4 Dec 2002, Jim McDonough wrote: Can someone confirm or deny that there is not net equivalent of smbpasswd -j DOMAIN -R PDC in HEAD? All I see requires an admin username/pw Just net rpc join should do it. Try net help rpc join I found it. Who came up with the function names? They're horrible! Originally it was an attempt to follow underlying mechanism name. As 'net' gets general and therefore complicated tool, we getting farther from this intend. Perhaps synonyms could help, but only for a while. After that it would be a straight way to horrible mess. Maybe it's time to start 'net search key=...' ? ;-) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: 3.0 requires an admin account to join samba to a domain?
On Wed, Dec 04, 2002 at 03:20:58PM -0500, Jim McDonough wrote: And why are there two functions for changing a machine trust account? Dunno. Perhaps Rafal knows? Rafal know only what he read in the code. Are we talking about net_rpc_join_oldstyle() and net_rpc_join_newstyle() functions ? Just want to make sure... -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: unsubscribe me please
On Thu, Nov 28, 2002 at 05:44:21PM +0100, [EMAIL PROTECTED] wrote: unsubscribe me please You can easily do it yourself using web interface at http://lists.samba.org if you don't like doing it via email. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: DOMAIN SID
On Thu, Nov 28, 2002 at 01:23:31PM -0500, Bradley W. Langhorst wrote: On Thu, 2002-11-28 at 11:38, [EMAIL PROTECTED] wrote: Hi ! Where the DOMAIN SID is stored when the LDAP backend is used ? it's in one of the tdb files... secrets.tdb, namely. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: CVS update: samba/source/libsmb
On Tue, Nov 26, 2002 at 05:40:59PM +, [EMAIL PROTECTED] wrote: On Tue, Nov 26, 2002 at 06:35:42PM +0100, Rafal Szczesniak wrote: Perhaps it would be good thing to merge latest changes in namecache from HEAD to SAMBA_3_0 ? I agree, but the person who added it to HEAD should have done that. I'm ensuring what is there is as bug free as I can make it Sure. Then I should catch Andrew and force him to apply my last patch. You hear me, Andrew ? There's no way to hide :-) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: CVS update: samba/source/libsmb
On Sun, Nov 24, 2002 at 07:17:49PM -0500, [EMAIL PROTECTED] wrote: Date: Mon Nov 25 00:17:49 2002 Author: tpot Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv11977 Modified Files: Tag: APPLIANCE_HEAD namecache.c Log Message: Fix bug in name timeout code found by mimir. Actually, abartlet was the one who said something's wrong here. So, Andrew caught this and I just placed it in my patch. Changed 0x1b and 0x1c name timeout to 15 seconds (observed from nbtstat on Windows). No CR # Revisions: namecache.c 1.1.2.5 = 1.1.2.6 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/namecache.c?r1=1.1.2.5r2=1.1.2.6 -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: trusted domains n+4 and related stuff
On Thu, Nov 21, 2002 at 07:48:48PM -0500, [EMAIL PROTECTED] wrote:
Mimir,
Thanks for the patch!
A few comments:
- in ipstr_list_add you try to be too fancy. I suspect the chunking
stuff is to try to second guess the malloc implementation and
allocate in bigger lumps? Don't do that unless there is good
profiling evidence to suggest that it is needed. It is too easy to
get wrong and just complicates the code.
hmm. ok.
- in ipstr_list_add you do this:
if (ipstr)
safe_strcat(ipstr, :, sizeof(ipstr));
else
return NULL;
but ipstr is a fstring, so it can never be null. Only pointers can be
NULL, and ipstr is an array (arrays can never be NULL in C).
Yes! Thank you for this catch. That was a legacy after the previous
version of this code (which had char* ipstr in it). It's good to get
someone other's pair of eyes over it...
A simpler varient of that function would be something like this
(untested code warning ...)
char* ipstr_list_add(char **ipstr_list, const struct in_addr *ip)
{
char *new_str = NULL;
if (*ipstr_list) {
asprintf(new_str, %s:%s, *ipstr_list, inet_ntoa(*ip));
free(*ipstr_list);
} else {
new_str = strdup(inet_ntoa(*ip));
}
*ipstr_list = new_str;
return new_str;
}
Believe it or not, but that was my initial design :-)
The reason why I gave it up was too frequent allocation (with asprintf)
and freeing. Anyway if you think it has more advantages, then, sure,
let it be.
and yes, I know its not terribly allocator efficient, but it has the
big advantage of being simple. I doubt allocator efficiency matters in
this function as the lists will typically be very short. Also note
that I removed the redundent ipstr_size argument. As the strings are
null terminated it isn't needed (unless you're playing allocator
efficiency games).
I basically assumed it's better to avoid to frequent use of allocation
operations.
Similarly, ipstr_list_make() can be made much simpler.
- I think it might be better to use ',' instead of ':' for IP list
separation. It doesn't matter now, but when we come to do IPv6 then
it might matter, as iirc IPv6 uses ':' inside the string
representation of addresses.
Good point. You're right.
The parse function also tries to play allocation games.
For the same reason (look above).
A simpler
function might be something like this:
int ipstr_list_parse(const char* ipstr_list, struct in_addr** ip_list)
{
int count;
for (ip_list=NULL, count=0; ipstr_list; count++) {
struct in_addr a;
if (inet_aton(ipstr_list, a) == -1) break;
*ip_list = Realloc(*ip_list, (count+1) * sizeof(struct in_addr));
if (!ip_list) {
return -1;
}
(*ip_list)[count] = a;
ipstr_list = strchr(ipstr_list, ':');
if (ipstr_list) ipstr_list++;
}
return count;
}
Looks clear. I've modified the code and I'm starting to make a few tests.
The rest of the patch looks good!
Nice to hear :)
--
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
trusted domains n+4 and related stuff
/CIFS implementation.
- NetBIOS name cache module.
-
- Copyright (C) Tim Potter, 2002
+ NetBIOS name cache module on top of gencache mechanism.
+
+ Copyright (C) Tim Potter 2002
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,242 +23,232 @@
#include includes.h
-static BOOL done_namecache_init;
-static BOOL enable_namecache;
-static TDB_CONTEXT *namecache_tdb;
-
-struct nc_value {
- time_t expiry; /* When entry expires */
- int count; /* Number of addresses */
- struct in_addr ip_list[1]; /* Address list */
-};
+#define NBTKEY_FMT NBT/%s#%02X
+
-/* Initialise namecache system */
+/**
+ * Initialise namecache system. Function calls gencache
+ * initialisation function to perform necessary actions
+ *
+ * @return true upon successful initialisation of the cache or
+ * false on failure
+ **/
BOOL namecache_enable(void)
{
- /* Check if we have been here before, or name caching disabled
- by setting the name cache timeout to zero. */
-
- if (done_namecache_init)
- return False;
-
- done_namecache_init = True;
+ /*
+* Check if name caching disabled by setting the name cache
+* timeout to zero.
+*/
if (lp_name_cache_timeout() == 0) {
- DEBUG(5, (namecache_init: disabling netbios name cache\n));
+ DEBUG(5, (namecache_enable: disabling netbios name cache\n));
return False;
}
- /* Open namecache tdb in read/write or readonly mode */
+ /* Init namecache by calling gencache initialisation */
- namecache_tdb = tdb_open_log(
- lock_path(namecache.tdb), 0,
- TDB_DEFAULT, O_RDWR | O_CREAT, 0644);
-
- if (!namecache_tdb) {
- DEBUG(5, (namecache_init: could not open %s\n,
- lock_path(namecache.tdb)));
+ if (!gencache_init()) {
+ DEBUG(2, (namecache_enable: Couldn't initialise namecache on top of
+gencache.\n));
return False;
}
- DEBUG(5, (namecache_init: enabling netbios namecache, timeout %d
+ /* I leave it for now, though I don't think we really need this (mimir,
+27.09.2002) */
+ DEBUG(5, (namecache_enable: enabling netbios namecache, timeout %d
seconds\n, lp_name_cache_timeout()));
- enable_namecache = True;
-
return True;
}
-/* Return a key for a name and name type. The caller must free
- retval.dptr when finished. */
-static TDB_DATA namecache_key(const char *name, int name_type)
+/**
+ * Shutdown namecache. Routine calls gencache close function
+ * to safely close gencache file.
+ *
+ * @return true upon successful shutdown of the cache or
+ * false on failure
+ **/
+
+BOOL namecache_shutdown(void)
{
- TDB_DATA retval;
- char *keystr;
-
- asprintf(keystr, %s#%02X, strupper_static(name), name_type);
-
- retval.dsize = strlen(keystr) + 1;
- retval.dptr = keystr;
-
- return retval;
+ if (!gencache_shutdown()) {
+ DEBUG(2, (namecache_shutdown: Couldn't close namecache on top of
+gencache.\n));
+ return False;
+ }
+
+ DEBUG(5, (namecache_shutdown: netbios namecache closed successfully.\n));
+ return True;
}
-/* Return a data value for an IP list. The caller must free
- retval.dptr when finished. */
-
-static TDB_DATA namecache_value(struct in_addr *ip_list, int num_names,
- time_t expiry)
-{
- TDB_DATA retval;
- struct nc_value *value;
- int size = sizeof(struct nc_value);
-
- if (num_names 0)
- size += sizeof(struct in_addr) * (num_names-1);
-
- value = (struct nc_value *)malloc(size);
-
- memset(value, 0, size);
- value-expiry = expiry;
- value-count = num_names;
+/**
+ * Generates a key for netbios name lookups on basis of
+ * netbios name and type.
+ * The caller must free returned key string when finished.
+ *
+ * @param name netbios name string (case insensitive)
+ * @param name_type netbios type of the name being looked up
+ *
+ * @return string consisted of uppercased name and appended
+ * type number
+ */
- if (ip_list)
- memcpy(value-ip_list, ip_list, sizeof(struct in_addr) * num_names);
-
- retval.dptr = (char *)value;
- retval.dsize = size;
+static char* namecache_key(const char *name, int name_type)
+{
+ char *keystr;
+ asprintf(keystr, NBTKEY_FMT, strupper_static(name), name_type);
- return retval;
+ return keystr;
}
-/* Store a name in the name cache */
-void namecache_store(const char *name, int name_type,
-int num_names, struct in_addr
Re: CVS update: samba/source/nsswitch
On Thu, Nov 07, 2002 at 03:36:44AM +, Andrew Bartlett wrote: On Wed, Nov 06, 2002 at 08:06:38PM -0500, [EMAIL PROTECTED] wrote: Date: Thu Nov 7 01:06:38 2002 Author: tpot Update of /data/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv17865/nsswitch Modified Files: winbindd.c winbindd_util.c Log Message: Call winbindd_param_init() earlier on in the piece so we don't get stuck in the holding pattern when started up when security = user or security = ads. A PDC can run winbindd - it is often used for PAM, and for squid. Also, this is how we intend to support trusted domains. Exactly. I was about to say this. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: _net_trust_dom_list() needs actual trustdom implementation.
On Mon, Nov 04, 2002 at 01:06:49AM +1100, Andrew Bartlett wrote: Mimir: When you get your trustdom patch together, don't forget that: srv_netlog_nt.c:_net_trust_dom_list() also needs to be picked up for the DC side. - so far we are only getting it right in the SAMR call. Now that seems to be the one that's actually called, but anyway... Indeed. Thanks for point. I missed that one and it certainly needs updating to our new trustdom code. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
namecache updates and trustdom patch n+4
revision 1.65
diff -u -r1.65 util_str.c
--- lib/util_str.c 2 Oct 2002 19:11:59 - 1.65
+++ lib/util_str.c 3 Nov 2002 19:04:06 -
@@ -1365,3 +1365,129 @@
return True;
}
+
+
+/**
+ * Add ip string representation to ipstr list. Used also
+ * as part of @function ipstr_list_make
+ *
+ * @param ipstr_list pointer to string containing ip list;
+ *MUST BE already allocated and WILL BE reallocated if necessary
+ * @param ip pointer to in_addr structure
+ * @return pointer to string appended with new ip and possibly
+ * reallocated to new length
+ **/
+
+char* ipstr_list_add(char** ipstr_list, int *ipstr_size, struct in_addr *ip)
+{
+ int ipstr_len, ipstr_chunk;
+ char* ipstr;
+
+ /* arguments checking */
+ if (!ipstr_list || !ip) return NULL;
+
+ /* set initial values */
+ ipstr_chunk = *ipstr_size / (FSTRING_LEN / 8);
+ ipstr_len = strlen(*ipstr_list);
+
+ /* attempt to convert ip to a string and append colon separator to it */
+ ipstr = inet_ntoa(*ip);
+ if (ipstr)
+ ipstr = safe_strcat(ipstr, :, strlen(ipstr) + 1);
+ else
+ return NULL;
+
+ /* calculate new size of the string and reallocate it if needed */
+ ipstr_len += strlen(ipstr);
+ if (ipstr_len = *ipstr_size) {
+ *ipstr_size = ++ipstr_chunk * (FSTRING_LEN / 8);
+ *ipstr_list = (char*)realloc((void*)(*ipstr_list),
+sizeof(char) * (*ipstr_size));
+ }
+
+ /* append new ip string to the list */
+ safe_strcat(*ipstr_list, ipstr, *ipstr_size);
+
+ return *ipstr_list;
+}
+
+
+/**
+ * Allocate and initialise an ipstr list using ip adresses
+ * passed as arguments.
+ *
+ * @param ipstr_list pointer to string to be allcated and set
+ * @param ip_list array of ip addresses to place in the list
+ * @param ip_count number of addresses stored in ip_list
+ * @return length of allocated ip string
+ **/
+
+int ipstr_list_make(char** ipstr_list, struct in_addr** ip_list, int ip_count)
+{
+ int i, alloc_size;
+
+ /* arguments checking */
+ if (!ip_list !ipstr_list) return 0;
+
+ alloc_size = FSTRING_LEN / 8; /* chosen empirically */
+ *ipstr_list = NULL;
+
+ /* allocate initial list string and clear it if allocated correctly */
+ *ipstr_list = (char*)malloc(sizeof(char) * alloc_size);
+ if (! *ipstr_list) return 0;
+ memset((void*)(*ipstr_list), 0, alloc_size);
+
+ /* process ip addresses given as arguments */
+ for (i = 0; i ip_count; i++)
+ *ipstr_list = ipstr_list_add(ipstr_list, alloc_size, ip_list[i]);
+
+ return alloc_size;
+}
+
+
+/**
+ * Parse given ip string list into array of ip addresses
+ * (as in_addr structures)
+ *
+ * @param ipstr ip string list to be parsed
+ * @param ip_list pointer to array of ip addresses
+ *which is allocated by this function and must be
+ *freed by caller
+ * @return number of succesfully parsed addresses
+ **/
+
+int ipstr_list_parse(char* ipstr_list, struct in_addr** ip_list)
+{
+ fstring ip_str;
+ char *ipstr;
+ int value_len;
+ int i = 0;
+
+ if (!ipstr_list || !ip_list) return 0;
+
+ /* ip_str must be empty at the begin */
+ ip_str[i] = 0;
+ ipstr = ipstr_list;
+
+ value_len = strlen(ipstr);
+ while (next_token(ipstr, ip_str, :, value_len)) {
+ ip_list[i] = (struct in_addr*)malloc(sizeof(struct in_addr));
+ if (!ip_list[i]) return 0;
+ inet_aton(ip_str, ip_list[i++]);
+ }
+
+ return i;
+}
+
+
+/**
+ * Safely free ip string list
+ *
+ * @param ipstr_list ip string list to be freed
+ **/
+
+void ipstr_list_free(char* ipstr_list)
+{
+ string_free(ipstr_list);
+}
+
Index: libsmb/namecache.c
===
RCS file: /cvsroot/samba/source/libsmb/namecache.c,v
retrieving revision 1.8
diff -u -r1.8 namecache.c
--- libsmb/namecache.c 28 Aug 2002 00:17:11 - 1.8
+++ libsmb/namecache.c 3 Nov 2002 19:04:10 -
@@ -1,9 +1,10 @@
/*
Unix SMB/CIFS implementation.
- NetBIOS name cache module.
-
- Copyright (C) Tim Potter, 2002
+ NetBIOS name cache module on top of gencache mechanism.
+
+ Copyright (C) Tim Potter 2002
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,242 +23,208 @@
#include includes.h
-static BOOL done_namecache_init;
-static BOOL enable_namecache;
-static TDB_CONTEXT *namecache_tdb;
-
-struct nc_value {
- time_t expiry; /* When entry expires */
- int count
Re: net user add name [-F user flags] ...
On Mon, Oct 07, 2002 at 01:22:26PM +0930, Richard Sharpe wrote: Hi, net help user suggests that net user add accepts optional -F user_flags, but in scanning the code, I don't see any flags being processed. Does the code actually accept flags? Can you use the above command to create a domain trust account, or must you use the smbpasswd command? Yes, but not against samba dc. Samba doesn't implement SAMR call which creates an account. Thus, it works only against native WinNT server. Or at least worked when I checked this last time. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: net user add name [-F user flags] ...
On Mon, Oct 07, 2002 at 05:15:24PM +1000, Andrew Bartlett wrote: Rafal Szczesniak wrote: On Mon, Oct 07, 2002 at 01:22:26PM +0930, Richard Sharpe wrote: Hi, net help user suggests that net user add accepts optional -F user_flags, but in scanning the code, I don't see any flags being processed. Does the code actually accept flags? Can you use the above command to create a domain trust account, or must you use the smbpasswd command? Yes, but not against samba dc. Samba doesn't implement SAMR call which creates an account. Thus, it works only against native WinNT server. Or at least worked when I checked this last time. Samba *does* implement the createuser SAMR call, so this should work... (Both 2.2 and HEAD) I'll be very interested to see why it doesn't. ok, then I'll see if it was my mistake and it really works. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: net user add name [-F user flags] ...
On Mon, Oct 07, 2002 at 06:12:00PM +0930, Richard Sharpe wrote: On Mon, 7 Oct 2002, Andrew Bartlett wrote: Rafal Szczesniak wrote: On Mon, Oct 07, 2002 at 01:22:26PM +0930, Richard Sharpe wrote: Hi, net help user suggests that net user add accepts optional -F user_flags, but in scanning the code, I don't see any flags being processed. Does the code actually accept flags? Can you use the above command to create a domain trust account, or must you use the smbpasswd command? Yes, but not against samba dc. Samba doesn't implement SAMR call which creates an account. Thus, it works only against native WinNT server. Or at least worked when I checked this last time. Samba *does* implement the createuser SAMR call, so this should work... (Both 2.2 and HEAD) However, there seems to be no way to specify that you want a workstation trust account or a domain trust account rather than an ordinary user. At least, not in the net user add command. See 'net rpc trustdom add' -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: Setting the time through a logon script
On Thu, Sep 26, 2002 at 09:45:03AM +0200, Olaf Frączyk wrote: On Wed, 2002-09-25 at 22:05, Shane Tapper wrote: How do I set the clock through a logon script if I wish to keep the user a standard user line of logon script net time \\viagra /set /yes You have to add this right to standard users group on Windows. This is something like: Permit users to set local time, or something similar. It works for NT. For Win2k haven't tried - on Win2k I have only set advanced users. For WinNT running such command requires 'Power Users' membership or 'Change system time' privilege. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: (no subject)
On Thu, Sep 26, 2002 at 12:02:51PM -0700, James Bowes wrote: Hi. I am not a developer but I'd like to help with testing if needed. The roadmap indicates some areas of interest for me personally and if you could use the help. Trust relationships and the migration script would be some of the areas where I could help. If you're able to test some parts of samba trusted domains capability, then it's good to know. This area may need a lots of testing soon. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: approaching release of 3.0alpha20
On Mon, Sep 23, 2002 at 10:01:53AM -0500, Gerald Carter wrote: Everyone, I would like to do another alpha snapshot release of the 3.0 code base later this week. Does anyone know of any code that is too unstable for a release (seg faults, etc...)? I've noticed just a few segfaults in utils like smbpasswd or net. I don't remember now, where exactly, but I can look for it. Other than that, I see no serious issues. My plans are to begin actively maintaining the SAMBA_3_0 branch following this release. Nice :) Is it somehow connected to your recently published 3.0 roadmap/todo list ? ;-) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: approaching release of 3.0alpha20
On Tue, Sep 24, 2002 at 04:15:21AM +0930, Richard Sharpe wrote: On Mon, 23 Sep 2002, Rafal Szczesniak wrote: On Mon, Sep 23, 2002 at 10:01:53AM -0500, Gerald Carter wrote: Everyone, I would like to do another alpha snapshot release of the 3.0 code base later this week. Does anyone know of any code that is too unstable for a release (seg faults, etc...)? I've noticed just a few segfaults in utils like smbpasswd or net. I don't remember now, where exactly, but I can look for it. Other than that, I see no serious issues. Isn't smbpasswd obsolete for 3.0.x? Theoretically yes, but there are still some areas where smbpasswd is essential. For example, to create trusting domain account on samba you have no choice but this utility. There is 'net' functionality that allows to do it, but only against NT servers, as Samba doesn't yet support required rpc call. Mainly because I have no time to implement it now, because I want to complete interdomain trust auth code and namecache on top of gencache. I wish the day was 48 hours long ... :) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: Username nobody is invalid on this system in log files
On Mon, Sep 23, 2002 at 02:01:26PM -0700, Josh Brown wrote: Anyone know what is causing this, and how I can keep it from cluttering up my log files? Username nobody is invalid on this system You seem not to have such user in /etc/passwd. It is account used in anonymous connections. Either create such user account or change guest user name by setting guest account = your anonymous username -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: initial gencache implementation
On Fri, Sep 06, 2002 at 10:17:19AM +1000, Tim Potter wrote: On Thu, Sep 05, 2002 at 12:15:36PM +0200, Rafal Szczesniak wrote: This is first implementation of caching mechanism. It includes both lib/gencache.c code and utils/net_cache.c as command-line control/testing tool. comments are welcome Rafal, that looks pretty good. Since you ask, I do have a few comments. (-: I'm glad to hear that :) You assume that any cached data will be in null terminated string format which is not always the case. I assume that on gencache base we can implement any higher-level caching function like namecache. Then, it's up to such implementation how to 'pack' the structures into string form. Null terminated string format is much easier to watch with 'net cache list' command. Thus we have comfortable and easy mean to watch what's in the cache file. This is just my personal opinion but I would prefer for gencache_set to crash To avoid mistake, I should ask what exactly do you mean by 'crash' ? if you pass it a NULL pointer for the key or value parameter. Returning false in this case only hides the error until further along in the execution path by which time it will be more difficult to track down the original error. Good point. Just explain me this 'crash' thing. Some other minor things: - memleak of cache_fname in gencache_init - memleak of keybuf.dptr in gencache_set Thank you. The latter was already fixed - I just forgot to send fixed version :) I don't think you need to strdup the key before passing it to tdb_fetch in gencache_set. You can just use the passed in parameter. I thought about that but unfortunatelly tdb_store doesn't have const args, so compiler complains about passing pointers to non-const args. I think tdb_store should have const-ed args (since it copies them anyway), but it's quite other topic. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: trusted domains patch n+3
On Fri, Sep 06, 2002 at 11:39:52PM +1000, Andrew Bartlett wrote: Rafal Szczesniak wrote: This is a patch consisting of various fixes. Short list includes: - using user_info.client_domain structure (from user supplied auth info) instead of user_info.domain This just is not correct. Current behaviour is by design Then I need to talk to you about this on purpose of various parts of auth structures. It's gonna be interesting discussion... - new (and soon completely rewritten when generic cache comes up) make_user_info_map function I'll just wait for the final rewrite Sure. I assume it will be done right after implementing trusted domains cache on top of gencache. - return type NTSTATUS instead of BOOL for make_user_info_map make_user_info and make_user_info_for_reply_encI (the rest of these routines should do the same, imho) Thankyou, applied And stay tuned for the rest of make_user_* functions... - occasional segfault fix in local groups fetching code when no uid to unix name can be found by winbind Nice one. Oh yes, catching this was also nice :-) - additional degug lines for soon-to-be-changed namecache I'll apply this with the rest of your cache changes ok. - samr_r_enum_dom_users parsing fix I would like an explaination on this one no problem. I just gather some packet traces. - a bit more aesthetics for 'net rpc trustdom list' good Some changes are quite radical, so I expect criticism, especially from some of the Team members ;-) Who me? ;-) Of course not... ;-) Part of this patch is a draft rather than completed proposition and as such, much of the code may yet be changed. The 'easy' bits have been commited - the rest need a bit of work, or at least a bit more explaination. Ok. At least it's some move forward. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: trusted domains patch n+3
On Fri, Sep 06, 2002 at 11:56:46PM +1000, Andrew Bartlett wrote: Rafal Szczesniak wrote: On Fri, Sep 06, 2002 at 11:39:52PM +1000, Andrew Bartlett wrote: Rafal Szczesniak wrote: This is a patch consisting of various fixes. Short list includes: - using user_info.client_domain structure (from user supplied auth info) instead of user_info.domain This just is not correct. Current behaviour is by design Then I need to talk to you about this on purpose of various parts of auth structures. It's gonna be interesting discussion... The basic idea is like the two usernames in the struct: One is the username they wanted, the other is the username they got (after the username map file). Similarly for domains - if the domain they wanted is trusted, and we are not allowing trusted domains, or if the domain doesn't exist, then we replace it with our own domain. We may still need their original username/domain for authenticaion (NTLMv2 comes to mind in particular), hence why we keep both. Ok. This clears some of my ideas about this. Indeed, this code should look different. - return type NTSTATUS instead of BOOL for make_user_info_map make_user_info and make_user_info_for_reply_encI (the rest of these routines should do the same, imho) Thankyou, applied And stay tuned for the rest of make_user_* functions... I like it when sombody else cleans up the mess I leave behind ;-) But don't get use to it ;-) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: trusted domains patch n+3
On Fri, Sep 06, 2002 at 04:42:53PM +0200, Simo Sorce wrote: On Fri, 2002-09-06 at 15:56, Andrew Bartlett wrote: One is the username they wanted, the other is the username they got (after the username map file). Similarly for domains - if the domain they wanted is trusted, and we are not allowing trusted domains, or if the domain doesn't exist, then we replace it with our own domain. We may still need their original username/domain for authenticaion (NTLMv2 comes to mind in particular), hence why we keep both. What are you trying to do there? Why should we replace a domain name with another??? For instance, when lp_allow_trusted_domains() is set to false, then user's domain name should is replaced with our domain name. Authentication modules will then look for username in our domain's SAM instead querying trusted domains. I hope I understood your question well... -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: trusted domains patch n+3
On Fri, Sep 06, 2002 at 05:01:25PM +0200, Simo Sorce wrote: On Fri, 2002-09-06 at 16:37, Rafal Szczesniak wrote: On Fri, Sep 06, 2002 at 04:42:53PM +0200, Simo Sorce wrote: What are you trying to do there? Why should we replace a domain name with another??? For instance, when lp_allow_trusted_domains() is set to false, then user's domain name should is replaced with our domain name. Authentication modules will then look for username in our domain's SAM instead querying trusted domains. Can you explain me why we should not simply fail? In case of ? -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Updated utils/net_cache.c
Updated version has two implementations of parse_timeout()
function: for systems supporting POSIX regular expressions and
for system lacking this. This takes portability issue off our
heads. Non-regex version doesn't look very pretty, but it works
(at least in my tests). I'll send patch adding short help on
how to use timeout parsing, as soon as I cope with other problems.
Tim, you don't mind if I start to modify namecache code to make
it use gencache ?
--
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
/*
Samba Unix/Linux SMB client library
Distributed SMB/CIFS Server Management Utility
Copyright (C) Rafal Szczesniak2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
#include includes.h
#include net.h
/**
* @file net_cache.c
* @brief This is part of the net tool which is basically command
*line wrapper for gencache.c functions (mainly for testing)
*
**/
/*
* These routines are used via gencache_iterate() to display the cache's contents
* (print_cache_entry) and to flush it (delete_cache_entry).
* Both of them are defined by first arg of gencache_iterate() routine.
*/
static void print_cache_entry(const char* keystr, const char* datastr, const time_t timeout)
{
char* timeout_str = ctime(timeout);
timeout_str[strlen(timeout_str) - 1] = '\0';
d_printf(Key: %s\t\t Value: %s\t\t Timeout: %s %s\n, keystr, datastr,
timeout_str, timeout time(NULL) ? : (expired));
}
static void delete_cache_entry(const char* keystr, const char* datastr, const time_t timeout)
{
if (!gencache_del(keystr))
d_printf(Couldn't delete entry! key = %s, keystr);
}
/**
* Parse text representation of timeout value
*
* @param timeout_str string containing text representation of the timeout
* @return numeric timeout of time_t type
**/
#ifdef HAVE_REGEX_H
static time_t parse_timeout(const char* timeout_str)
{
regex_t timeout_rx;
const size_t timeout_partsn = 4;
regmatch_t timeout_parts[timeout_partsn - 1];
char *sign = NULL, *number = NULL, *unit = NULL;
time_t timeout;
/* compile and match regular expression to parse timeout argument */
if (regcomp(timeout_rx, ([!\\+]?)([0-9]+)([smhdw]?), REG_EXTENDED)) {
d_printf(Failed to compile regular expression.\n);
return -1;
}
if (regexec(timeout_rx, timeout_str, timeout_partsn, timeout_parts,
REG_NOTBOL | REG_NOTEOL)) {
d_printf(Failed to parse timeout argument);
return -1;
}
/* split up the timeout string into parts */
sign = strndup(timeout_str[timeout_parts[1].rm_so],
timeout_parts[1].rm_eo - timeout_parts[1].rm_so);
number = strndup(timeout_str[timeout_parts[2].rm_so],
timeout_parts[2].rm_eo - timeout_parts[2].rm_so);
unit = strndup(timeout_str[timeout_parts[3].rm_so],
timeout_parts[3].rm_eo - timeout_parts[3].rm_so);
if (!(sign || number || unit)) return 0;
/* calculate actual timeout value */
timeout = (time_t)atoi(number);
switch (*unit) {
case 'm': timeout *= 60; break;
case 'h': timeout *= 60*60; break;
case 'd': timeout *= 60*60*24; break;
case 'w': timeout *= 60*60*24*7; break; /* that's fair enough, I think :) */
};
switch (*sign) {
case '!': timeout = time(NULL) - timeout; break;
case '+':
default: timeout += time(NULL); break;
}
return timeout;
}
#else
static time_t parse_timeout(const char* timeout_str)
{
char sign = '\0', *number = NULL, unit = '\0';
int len, number_begin, number_end;
time_t timeout;
/* sign detection */
if (timeout_str[0] == '!' || timeout_str[0] == '+') {
sign = timeout_str[0];
number_begin = 1;
} else {
number_begin = 0;
}
/* unit detection */
len = strlen(timeout_str);
switch (timeout_str[len - 1]) {
case 's':
case 'm':
case 'h':
case 'd':
case 'w': unit = timeout_str[len - 1];
}
/* number detection */
len = (sign) ? strlen(timeout_str[number_begin]) : len;
number_end = (unit) ? len - 1 : len;
number = strndup(timeout_str[number_begin], number_end);
/* calculate actual timeout value */
timeout = (time_t)atoi(number);
switch (unit) {
case 'm': timeout *= 60; break;
case 'h': timeout *= 60*60; break
initial gencache implementation
This is first implementation of caching mechanism. It includes
both lib/gencache.c code and utils/net_cache.c as command-line
control/testing tool.
comments are welcome
--
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
Index: Makefile.in
===
RCS file: /cvsroot/samba/source/Makefile.in,v
retrieving revision 1.527
diff -u -r1.527 Makefile.in
--- Makefile.in 30 Aug 2002 12:46:54 - 1.527
+++ Makefile.in 5 Sep 2002 10:08:12 -
@@ -139,7 +139,7 @@
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
- lib/adt_tree.o lib/popt_common.o $(TDB_OBJ)
+ lib/adt_tree.o lib/popt_common.o lib/gencache.o $(TDB_OBJ)
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
@@ -242,7 +242,8 @@
AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \
- auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
+ auth/auth_builtin.o auth/auth_compat.o \
+ $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
@@ -381,7 +382,8 @@
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
- utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o
+ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
+ utils/net_cache.o
NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
/*
Unix SMB/CIFS implementation.
Generic, persistent and shared between processes cache mechanism for use
by various parts of the Samba code
Copyright (C) Rafal Szczesniak2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include includes.h
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_TDB
#define TIMEOUT_LEN 12
#define CACHE_DATA_FMT %12d; %s
static TDB_CONTEXT *cache;
/**
* @file gencache.c
* @brief Generic, persistent and shared between processes cache mechanism
*for use by various parts of the Samba code
*
**/
/**
* Cache initialisation function. Opens cache tdb file or creates
* it if does not exist.
*
* @return true on successful initialisation of the cache or
* false on failure
**/
BOOL gencache_init(void)
{
char* cache_fname;
/* skip file open if it's already opened */
if (cache) return True;
asprintf(cache_fname, %s/%s, lp_lockdir(), gencache.tdb);
DEBUG(5, (Opening cache file at %s\n, cache_fname));
cache = tdb_open_log(cache_fname, 0, TDB_DEFAULT,
O_RDWR|O_CREAT, 0644);
if (!cache) {
DEBUG(0, (Attempt to open the cache file has failed.\n));
return False;
}
return True;
}
/**
* Cache shutdown function. Closes opened cache tdb file.
*
* @return true on successful closing the cache or
* false on failure during cache shutdown
**/
BOOL gencache_shutdown(void)
{
/* tdb_close routine returns 0 on successful close */
if (!cache) return False;
DEBUG(5, (Closing cache file\n));
return tdb_close(cache) ? False : True;
}
/**
* Add one entry to the cache file.
* (it part of tridge's proposed API)
*
* @param key string that represents a key of this entry
* @param value text representation value being cached
* @param timeout time when the value is expired
*
* @return true when entry is successfuly stored or
* false on the attempt's failure
**/
BOOL gencache_add(const char *keystr, const char *value, time_t timeout)
{
int ret;
TDB_DATA keybuf, databuf;
char* valstr = NULL;
if (!gencache_init()) return False;
asprintf(valstr, CACHE_DATA_FMT, (int)timeout, value);
keybuf.dptr = strdup(keystr);
keybuf.dsize = strlen(keystr);
databuf.dptr = strdup(valstr);
databuf.dsize = strlen(valstr);
DEBUG(10, (Adding cache entry with key = %s; value = %s and timeout
gencache implementation
I forgot to send patch with net_cache's entrypoint.
--
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
Index: utils/net.c
===
RCS file: /cvsroot/samba/source/utils/net.c,v
retrieving revision 1.56
diff -u -r1.56 net.c
--- utils/net.c 21 Aug 2002 19:39:38 - 1.56
+++ utils/net.c 5 Sep 2002 14:14:28 -
@@ -352,6 +352,7 @@
{TIME, net_time},
{LOOKUP, net_lookup},
{JOIN, net_join},
+ {CACHE, net_cache},
{HELP, net_help},
{NULL, NULL}
Index: utils/net_help.c
===
RCS file: /cvsroot/samba/source/utils/net_help.c,v
retrieving revision 1.7
diff -u -r1.7 net_help.c
--- utils/net_help.c25 Jun 2002 02:29:09 - 1.7
+++ utils/net_help.c5 Sep 2002 14:14:29 -
@@ -135,6 +135,7 @@
net user\t\tto manage users\n\
net group\t\tto manage groups\n\
net join\t\tto join a domain\n\
+ net cache\t\tto operate on cache tdb file\n\
\n\
net ads command\tto run ADS commands\n\
net rap command\tto run RAP (pre-RPC) commands\n\
trusted domains patch n+3
.
*/
- if (!secrets_fetch_trusted_domain_password(user_info-domain.str,
trust_password, sid, last_change_time))
+ if (!secrets_fetch_trusted_domain_password(user_info-client_domain.str,
+trust_password, sid, last_change_time))
{
DEBUG(0, (check_trustdomain_security: could not fetch trust account
password for domain %s\n, user_info-domain.str));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
#ifdef DEBUG_PASSWORD
- DEBUG(100, (Trust password for domain %s is %s\n, user_info-domain.str,
trust_password));
+ DEBUG(100, (Trust password for domain %s is: %s\n,
+user_info-client_domain.str, trust_password));
#endif
E_md4hash(trust_password, trust_md4_password);
SAFE_FREE(trust_password);
@@ -582,7 +582,7 @@
}
#endif
- nt_status = domain_client_validate(mem_ctx, user_info, user_info-domain.str,
+ nt_status = domain_client_validate(mem_ctx, user_info,
+user_info-client_domain.str,
(uchar *)auth_context-challenge.data,
server_info, * /* Do a lookup */,
lp_workgroup(), SEC_CHAN_DOMAIN,
trust_md4_password, last_change_time);
Index: auth/auth_sam.c
===
RCS file: /cvsroot/samba/source/auth/auth_sam.c,v
retrieving revision 1.44
diff -u -r1.44 auth_sam.c
--- auth/auth_sam.c 26 Aug 2002 03:08:37 - 1.44
+++ auth/auth_sam.c 2 Sep 2002 10:37:28 -
@@ -368,7 +368,7 @@
NTSTATUS nt_status;
uint8 user_sess_key[16];
const uint8* lm_hash;
-
+
if (!user_info || !auth_context) {
return NT_STATUS_UNSUCCESSFUL;
}
Index: auth/auth_util.c
===
RCS file: /cvsroot/samba/source/auth/auth_util.c,v
retrieving revision 1.50
diff -u -r1.50 auth_util.c
--- auth/auth_util.c30 Aug 2002 18:56:46 - 1.50
+++ auth/auth_util.c2 Sep 2002 10:37:30 -
@@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Andrew Bartlett 2001
Copyright (C) Jeremy Allison 2000-2001
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -56,7 +57,7 @@
Add and Delete UNIX users on demand, based on NTSTATUS codes.
/
-void smb_user_control(const auth_usersupplied_info *user_info,
auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void smb_user_control(const auth_usersupplied_info *user_info,
+auth_serversupplied_info *server_info, NTSTATUS nt_status)
{
struct passwd *pwd=NULL;
@@ -81,15 +82,15 @@
Create an auth_usersupplied_data structure
/
-static BOOL make_user_info(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *internal_username,
- const char *client_domain,
- const char *domain,
- const char *wksta_name,
- DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
- DATA_BLOB plaintext,
- uint32 auth_flags, BOOL encrypted)
+static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *internal_username,
+ const char *client_domain,
+ const char *domain,
+ const char *wksta_name,
+ DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+ DATA_BLOB plaintext,
+ uint32 auth_flags, BOOL encrypted)
{
DEBUG(5,(attempting to make a user_info for %s (%s)\n, internal_username,
smb_name));
@@ -97,7 +98,7 @@
*user_info = malloc(sizeof(**user_info));
if (!user_info) {
DEBUG(0,(malloc failed for user_info (size %d)\n,
sizeof(*user_info)));
- return False;
+ return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*user_info);
@@ -109,7 +110,7 @@
(*user_info)-smb_name.len = strlen(smb_name);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)-internal_username.str = strdup(internal_username);
@@ -117,7 +118,7 @@
(*user_info)-internal_username.len = strlen(internal_username);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY
Re: namecache redesign
On Sat, Aug 31, 2002 at 02:15:26PM -0500, Christopher R. Hertel wrote: I'll just mention that the caching code in the ubiqx subdirectory is fully capable of handling all of this stuff. Yes, I've seen ubi_cache. Though despite that it has very nice features and looks good, it is more difficult when it comes to implementing its tdb backend. This kind of cache is most effective if it resides in memory (as you've written in comments). -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
winbind patch
This is proposed fix to have completed trusted domains enumeration
in winbind. This implementation checks returned code and depending
on it does another call (STATUS_MORE_ENTRIES) or exits.
As stored domain names and sids needs potential reallocation,
I expect comments on this matter.
of course, comments/feedbacks are welcome
--
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
Index: winbindd.c
===
RCS file: /cvsroot/samba/source/nsswitch/winbindd.c,v
retrieving revision 1.65
diff -u -r1.65 winbindd.c
--- winbindd.c 27 Aug 2002 19:43:19 - 1.65
+++ winbindd.c 1 Sep 2002 09:16:32 -
@@ -750,7 +750,7 @@
printf(\t-hshow this help message\n);
}
- int main(int argc, char **argv)
+int main(int argc, char **argv)
{
extern BOOL AllowDebugChange;
extern pstring global_myname;
Index: winbindd_cm.c
===
RCS file: /cvsroot/samba/source/nsswitch/winbindd_cm.c,v
retrieving revision 1.44
diff -u -r1.44 winbindd_cm.c
--- winbindd_cm.c 30 Aug 2002 10:46:59 - 1.44
+++ winbindd_cm.c 1 Sep 2002 09:16:34 -
@@ -433,7 +433,7 @@
result = cli_full_connection((new_conn-cli), global_myname,
new_conn-controller,
dc_ip, 0, IPC$,
IPC, ipc_username, ipc_domain,
-ipc_password, 0);
+ipc_password, lp_use_spnego() ? 0 :
+CLI_FULL_CONNECTION_DONT_SPNEGO);
SAFE_FREE(ipc_username);
SAFE_FREE(ipc_domain);
Index: winbindd_rpc.c
===
RCS file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,v
retrieving revision 1.31
diff -u -r1.31 winbindd_rpc.c
--- winbindd_rpc.c 5 Aug 2002 02:47:16 - 1.31
+++ winbindd_rpc.c 1 Sep 2002 09:16:35 -
@@ -3,8 +3,9 @@
Winbind rpc backend functions
- Copyright (C) Tim Potter 2000-2001
- Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Tim Potter 2000-2001
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -581,19 +582,83 @@
CLI_POLICY_HND *hnd;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 enum_ctx = 0;
+
+ /* this gives us 'quantized' allocation of names/sids arrays */
+ const int chunk_size = 4;
+ int chunk_num = 1;
DEBUG(3,(rpc: trusted_domains\n));
*num_domains = 0;
*alt_names = NULL;
-
+
+ *names = talloc(mem_ctx, sizeof(char*) * chunk_size);
+ if (!*names) {
+ DEBUG(0, (Trusted domain names array couldn't be allocated: out of
+memory\n));
+ return NT_STATUS_NO_MEMORY;
+ };
+
+ *dom_sids = talloc(mem_ctx, sizeof(DOM_SID) * chunk_size);
+ if (!*dom_sids) {
+ DEBUG(0, (Trusted domain sids array couldn't be allocated: out of
+memory\n));
+ return NT_STATUS_NO_MEMORY;
+ };
+
if (!(hnd = cm_get_lsa_handle(lp_workgroup(
- goto done;
+ return result;
+
+ DEBUG(5, (Starting trusted domains enumeration.\n));
- result = cli_lsa_enum_trust_dom(hnd-cli, mem_ctx,
- hnd-pol, enum_ctx,
- num_domains, names, dom_sids);
-done:
+ do {
+ /* data returned in a single cli_lsa_enum_trust_dom call */
+ uint32 num_dom = 0;
+ char** domain_names;
+ DOM_SID* domain_sids;
+
+ result = cli_lsa_enum_trust_dom(hnd-cli, mem_ctx,
+ hnd-pol, enum_ctx,
+ num_dom, domain_names, domain_sids);
+
+ DEBUG(10, (Returned %d trusted domain entries. Current enum_ctx = %d,
+nt_status = %s\n,
+ num_dom, enum_ctx, nt_errstr(result)));
+
+ /* collect returned entries */
+ while ((enum_ctx - *num_domains = num_dom) (enum_ctx -
+*num_domains 0)) {
+ if (!domain_names[enum_ctx - *num_domains - 1]) continue;
+
+ (*names)[*num_domains] = domain_names[enum_ctx - *num_domains
+- 1];
+ sid_copy((*dom_sids)[*num_domains], (domain_sids[enum_ctx -
+*num_domains - 1
Re: namecache redesign
On Fri, Aug 30, 2002 at 04:59:01PM -0400, [EMAIL PROTECTED] wrote: Tim, How about keeping basically the same API in namecache.c (i.e expiry based on time_t) but with an appropriate key prefix as you suggest? What I'd like to see is a lib/gencache.c module that provides a string based cache. So all cache entries would have string keys and string values. key: NBT/name#1c value: 192.168.2.10 192.168.3.21 then namecache.c would just call routines in gencache.c to provide convenient wrapper routines that convert to/from struct in_addr Yes, that's close to what I have on my mind. I also think we need management tools in net. eg: net cache list net cache delete NBT/name#1c net cache flush That's correct, but Jean Francois mentioned something about rewriting some tools. According to his concepts this would go to smbcontrol ie. 'local control' tool. even better if 'net cache delete' could take wildcards (using fnmatch()). So you can do: net cache delete NBT/* Sure, that's possible. That's why I implemented (with your help) tdb pattern searching function for. the C API in gencache.c could be: BOOL gencache_add(const char *key, const char *value, time_t timeout); BOOL gencache_del(const char *key); BOOL gencache_get(const char *key, char **value, time_t *timeout); void gencache_iterate(void (*fn)(const char *key, const char *value, time_t timeout)); plus startup/shutdown functions: BOOL gencache_startup(void); BOOL gencache_shutdown(void); sound ok? Yes. As for me and for now, it sounds ok. mimir, do you feel like taking this on? I need it probably the most of you, right now :) The more, because this is solution of two issues of mine (waiting to be solved). I'll save the copy of this API draft, then, and just start working :) -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: Printer Problems
On Wed, Aug 14, 2002 at 12:22:10PM -0700, [EMAIL PROTECTED] wrote: I am tring to use the new method available for printing (MS-RPC) from my Win NT 4.0 Clients to my Samba Box (FreeBSD) I have two problems: 1. The Printers Share that shows up under the server takes a long time to show up. 2. My workstations will randomly appear to be stuck - caused by the server not responding. An excerpt from the logfile (log level ~ 3) could be useful to just try to help you. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: recent vfs patches
On Tue, Jul 30, 2002 at 09:29:44PM +0200, Simo Sorce wrote: can you tell me which lines of proto do give you that error? just cutpaste the line with error thanks. Never mind about that one. After one big make clean, configure and make went fine. Sorry for false alarm. Makefiles creation still returns errors in those 2 points. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: recent vfs patches
On Wed, Jul 31, 2002 at 12:20:27PM +0300, Alexander Bokovoy wrote:
On Wed, Jul 31, 2002 at 11:15:50AM +0200, Rafal Szczesniak wrote:
On Tue, Jul 30, 2002 at 09:29:44PM +0200, Simo Sorce wrote:
can you tell me which lines of proto do give you that error?
just cutpaste the line with error thanks.
Never mind about that one. After one big make clean, configure
and make went fine. Sorry for false alarm.
Makefiles creation still returns errors in those 2 points.
This is not a false alarm!!! Simo, you forgot to add Makefile.in files in
examples/VFS/{,block/}.
No, no :)
False alarm = problems with include/proto.h file
True alarm (still) = problems with Makefiles in examples/VFS/
--
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
Re: Can we remove the postscript parameter in 3.0?
On Wed, 24 Apr 2002, Gerald Carter wrote: Any objections? Does anyone use this? Not me. I agree. It's a hacky solution which seems to be better accomplished with good print filters. Yes, I also think Samba should not alter (in any way) the data to be printed. cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
Re: lsa_enum_trust_dom functionality
On Wed, 17 Apr 2002, Tim Potter wrote: On Tue, Apr 16, 2002 at 02:52:01PM +0200, Rafal Szczesniak wrote: proper args to continue or finish the enumeration. It may be annoying to write such code in each place we use client side of enumeration, so I propose to write a higher level function which could take care of doing it properly so that we don't have to worry about details of this process. Such function could be cli_lsa_enum_trust_domain or cli_enum_trust_dom_2 or whatever. Doesn't really matter. What do you think ? All the rpc client routines send the request and receive the reply, returning any useful data to the caller. If any subsequent calls are required it's up to the caller to do this. Hmmm, you're right, but subsequent calls will be needed in 90% of cases. Enumeration of trusted domains is performed to get _full_ list of entries, mostly. For example the spoolss commands require a buffer size for the return data. The routines in cmd_spoolss.c re-call the cli_spoolss_* routines as needed to complete the call. Is it the case when all the data is usually needed or you can be selective since it's enough to get just a fragment of all ? cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
trusted domains enumeration v3
Here it comes. This version doesn't introduce renaming of the status code.
Looks better ? :)
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
? intl/update-po
Index: Makefile.in
===
RCS file: /cvsroot/samba/source/Makefile.in,v
retrieving revision 1.470
diff -u -r1.470 Makefile.in
--- Makefile.in 13 Apr 2002 11:45:33 - 1.470
+++ Makefile.in 16 Apr 2002 13:05:48 -
@@ -210,7 +210,8 @@
AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \
- auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
+ auth/auth_builtin.o auth/auth_compat.o \
+ $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
Index: include/nterr.h
===
RCS file: /cvsroot/samba/source/include/nterr.h,v
retrieving revision 1.22
diff -u -r1.22 nterr.h
--- include/nterr.h 14 Apr 2002 10:50:32 - 1.22
+++ include/nterr.h 16 Apr 2002 13:05:48 -
@@ -29,7 +29,7 @@
#define STATUS_BUFFER_OVERFLOWNT_STATUS(0x8005)
#define NT_STATUS_NO_MORE_ENTRIES NT_STATUS(0x801a)
-#define STATUS_MORE_ENTRIES NT_STATUS(0x0105)
+#define STATUS_MORE_ENTRIESNT_STATUS(0x0105)
#define STATUS_SOME_UNMAPPED NT_STATUS(0x0107)
#define ERROR_INVALID_PARAMETER NT_STATUS(0x0057)
#define ERROR_INSUFFICIENT_BUFFERNT_STATUS(0x007a)
Index: libsmb/cli_lsarpc.c
===
RCS file: /cvsroot/samba/source/libsmb/cli_lsarpc.c,v
retrieving revision 1.43
diff -u -r1.43 cli_lsarpc.c
--- libsmb/cli_lsarpc.c 14 Apr 2002 11:21:25 - 1.43
+++ libsmb/cli_lsarpc.c 16 Apr 2002 13:05:49 -
@@ -5,7 +5,8 @@
Copyright (C) Andrew Tridgell 1992-1997,2000,
Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
Copyright (C) Paul Ashton 1997,2000,
- Copyright (C) Elrond 2000.
+ Copyright (C) Elrond 2000,
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -537,12 +538,25 @@
return result;
}
-/** Enumerate list of trusted domains */
+/**
+ * Enumerate list of trusted domains
+ *
+ * @param cli client state (cli_state) structure of the connection
+ * @param mem_ctx memory context
+ * @param pol opened lsa policy handle
+ * @param enum_ctx enumeration context ie. index of first returned domain entry
+ * @param pref_num_domains preferred max number of entries returned in one response
+ * @param num_domains total number of trusted domains returned by response
+ * @param domain_names returned trusted domain names
+ * @param domain_sids returned trusted domain sids
+ *
+ * @return nt status code of response
+ **/
NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *pol, uint32 *enum_ctx,
-uint32 *num_domains, char ***domain_names,
-DOM_SID **domain_sids)
+uint32 *pref_num_domains, uint32 *num_domains,
+ char ***domain_names, DOM_SID **domain_sids)
{
prs_struct qbuf, rbuf;
LSA_Q_ENUM_TRUST_DOM q;
@@ -560,7 +574,7 @@
/* Marshall data and send request */
-init_q_enum_trust_dom(q, pol, *enum_ctx, 0x);
+init_q_enum_trust_dom(q, pol, *enum_ctx, *pref_num_domains);
if (!lsa_io_q_enum_trust_dom(, q, qbuf, 0) ||
!rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, qbuf, rbuf)) {
@@ -577,15 +591,14 @@
result = r.status;
- if (!NT_STATUS_IS_OK(result)
- NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES)) {
+ if (!NT_STATUS_IS_OK(result)
+ !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES)
+ !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
/* An actual error ocured */
goto done;
}
-
- result = NT_STATUS_OK;
/* Return output parameters */
Index: libsmb/nterr.c
===
RCS file: /cvsroot/samba/source/libsmb/nterr.c,v
retrieving revision 1.24
lsa_enum_trust_dom functionality
Here's the patch that adds server side of lsa_enum_trust_dom call to
samba. Memory leak causing segfault to smbd in some cases is already
fixed. Major changes include:
1. tdb_search_keys() is the new utility function searching the keys that
match given pattern. (tdbutil.c and tdbutil.h)
2. tdb_search_list_free() is a clean-up function for results returned by
tdb_search_keys (tdbutil.c and tdbutil.h)
3. secrets_get_trusted_domains() is function that returns given range of
trusted domain entries. The result is required list of trusted domains
(unicode name and sid)
4. stored trusted domain entry (struct trusted_dom_pass) now contains
unicode name together with trust password, last change time and domain
sid.
5. init_r_enum_trust_dom() function is modified (as well as
_lsa_enum_trust_dom() ) to return variable-length response
There's yet one more thing to change, but it's important only when samba
returns large number of entries, so this part of code may be commited now.
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
Index: auth/auth_domain.c
===
RCS file: /cvsroot/samba/source/auth/auth_domain.c,v
retrieving revision 1.33
diff -u -r1.33 auth_domain.c
--- auth/auth_domain.c 27 Mar 2002 00:02:48 - 1.33
+++ auth/auth_domain.c 11 Apr 2002 10:30:59 -
@@ -527,7 +527,7 @@
}
/*
-* Get the machine account password for the trusted domain
+* Get the trusted account password for the trusted domain
* No need to become_root() as secrets_init() is done at startup.
*/
Index: include/includes.h
===
RCS file: /cvsroot/samba/source/include/includes.h,v
retrieving revision 1.261
diff -u -r1.261 includes.h
--- include/includes.h 27 Mar 2002 23:17:50 - 1.261
+++ include/includes.h 11 Apr 2002 10:30:59 -
@@ -696,6 +696,7 @@
#include dlinklist.h
#include ../tdb/tdb.h
#include ../tdb/spinlock.h
+#include ../tdb/tdbutil.h
#include talloc.h
#include ads.h
#include interfaces.h
Index: include/rpc_lsa.h
===
RCS file: /cvsroot/samba/source/include/rpc_lsa.h,v
retrieving revision 1.39
diff -u -r1.39 rpc_lsa.h
--- include/rpc_lsa.h 30 Jan 2002 06:08:15 - 1.39
+++ include/rpc_lsa.h 11 Apr 2002 10:30:59 -
@@ -278,8 +278,8 @@
typedef struct lsa_enum_trust_dom_info
{
POLICY_HND pol; /* policy handle */
-uint32 enum_context; /* enumeration context handle */
-uint32 preferred_len; /* preferred maximum length */
+ uint32 enum_context; /* enumeration context handle */
+ uint32 preferred_len; /* preferred maximum length */
} LSA_Q_ENUM_TRUST_DOM;
Index: include/secrets.h
===
RCS file: /cvsroot/samba/source/include/secrets.h,v
retrieving revision 1.9
diff -u -r1.9 secrets.h
--- include/secrets.h 10 Apr 2002 00:34:59 - 1.9
+++ include/secrets.h 11 Apr 2002 10:30:59 -
@@ -48,12 +48,27 @@
time_t mod_time;
};
-/* structure for storing trusted domain password */
+/*
+ * storage structure for trusted domain
+ */
struct trusted_dom_pass {
- int pass_len;
- fstring pass;
+ size_t uni_name_len;
+ smb_ucs2_t uni_name[32]; /* unicode domain name */
+ size_t pass_len;
+ fstring pass; /* trust relationship's password */
time_t mod_time;
- DOM_SID domain_sid; /* remote domain's sid */
+ DOM_SID domain_sid; /* remote domain's sid */
};
+
+/*
+ * trusted domain entry/entries returned by secrets_get_trusted_domains
+ * (used in _lsa_enum_trust_dom call)
+ */
+typedef struct trustdom {
+ UNISTR2 name;
+ DOM_SID sid;
+ struct trustdom *next;
+} TRUSTDOM;
+
#endif /* _SECRETS_H */
Index: lib/util_unistr.c
===
RCS file: /cvsroot/samba/source/lib/util_unistr.c,v
retrieving revision 1.92
diff -u -r1.92 util_unistr.c
--- lib/util_unistr.c 26 Mar 2002 03:15:29 - 1.92
+++ lib/util_unistr.c 11 Apr 2002 10:30:59 -
@@ -775,3 +775,42 @@
return num_wchars;
}
+
+/**
+ * Samba ucs2 type to UNISTR2 conversion
+ *
+ * @param dst UNISTR2 destination. If equals null, then it's allocated.
+ * @param src smb_ucs2_t source.
+ * @param max_len maximum number of unicode characters to copy. If equals
+ *null, then null-termination of src is taken
+ *
+ * @return copied UNISTR2 destination
+ **/
+UNISTR2* ucs2_to_unistr2(UNISTR2* dst,
