[Announce] Samba 4.3.0rc1 Available for Download
Release Announcements - This is the first release candidate of Samba 4.3. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.3 will be the next version of the Samba suite. UPGRADING = Nothing special. NEW FEATURES Logging --- The logging code now supports logging to multiple backends. In addition to the previously available syslog and file backends, the backends for logging to the systemd-journal, lttng and gpfs have been added. Please consult the section for the 'logging' parameter in the smb.conf manpage for details. Spotlight - Support for Apple's Spotlight has been added by integrating with Gnome Tracker. For detailed instructions how to build and setup Samba for Spotlight, please see the Samba wiki: https://wiki.samba.org/index.php/Spotlight New FileChangeNotify subsystem -- Samba now contains a new subsystem to do FileChangeNotify. The previous system used a central database, notify_index.tdb, to store all notification requests. In particular in a cluster this turned out to be a major bottleneck, because some hot records need to be bounced back and forth between nodes on every change event like a new created file. The new FileChangeNotify subsystem works with a central daemon per node. Every FileChangeNotify request and every event are handled by an asynchronous message from smbd to the notify daemon. The notify daemon maintains a database of all FileChangeNotify requests in memory and will distribute the notify events accordingly. This database is asynchronously distributed in the cluster by the notify daemons. The notify daemon is supposed to scale a lot better than the previous implementation. The functional advantage is cross-node kernel change notify: Files created via NFS will be seen by SMB clients on other nodes per FileChangeNotify, despite the fact that popular cluster file systems do not offer cross-node inotify. Two changes to the configuration were required for this new subsystem: The parameters change notify and kernel change notify are not per-share anymore but must be set globally. So it is no longer possible to enable or disable notify per share, the notify daemon has no notion of a share, it only works on absolute paths. New SMB profiling code -- The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead of sysv IPC shared memory. This avoids performance problems and NUMA effects. The profile stats are a bit more detailed than before. Improved DCERPC man in the middle detection for kerberos The gssapi based kerberos backends for gensec have support for DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY. SMB signing required in winbindd by default --- The effective value for client signing is required by default for winbindd, if the primary domain uses active directory. Experimental NTDB was removed - The experimental NTDB library introduced in Samba 4.0 has been removed again. Improved support for trusted domains (as AD DC) --- The support for trusted domains/forests has improved a lot. samba-tool got domain trust subcommands to manage trusts: create - Create a domain or forest trust. delete - Delete a domain trust. list- List domain trusts. namespaces - Manage forest trust namespaces. show- Show trusted domain details. validate- Validate a domain trust. External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trust. The transitive routing into the other forest is fully functional for kerberos, but not yet supported for NTLMSSP. While a lot of things are working fine, there are currently a few limitations: - Both sides of the trust need to fully trust each other! - No SID filtering rules are applied at all! - This means DCs of domain A can grant domain admin rights in domain B. - It's not possible to add users/groups of a trusted domain into domain groups. SMB 3.1.1 supported --- Both client and server have support for SMB 3.1.1 now. This is the dialect introduced with Windows 10, it improves the secure negotiation of SMB dialects and features. New smbclient subcommands - - Query a directory for change notifications: notify dir name - Server side copy: scopy source filename destination filename New rpcclient subcommands - netshareenumall - Enumerate all shares netsharegetinfo - Get Share Info netsharesetinfo - Set Share Info netsharesetdfsflags - Set DFS flags netfileenum - Enumerate
Re: [SCM] Samba Shared Repository - branch master updated
Hi Andrew, - Log - commit c8c2c850d47a6cdaee5afd84c8ebaa03586c1277 Author: Andrew Bartlett abart...@samba.org Date: Tue Feb 10 12:26:56 2015 +1300 Update mailing list references to point at lists.samba.org The mailing lists are on lists.samba.org, but there are many references that use the shorthand of samba.org Some references to samba@ have been changed to samba-technical@ where this make more sense. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Garming Sam garm...@catalyst.net.nz Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Feb 10 07:08:28 CET 2015 on sn-devel-104 Can you prepare backports of this for our current release branches? v4-{0,1,2}-test? Thanks! metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Am 05.08.2014 um 09:36 schrieb autobuild: The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-08-05-0936/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-08-05-0936/samba.stderr I fear the recent glibc security update causes segfaults... I'll have a look at it tomorrow. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Am 05.08.2014 um 22:06 schrieb Stefan (metze) Metzmacher: Am 05.08.2014 um 09:36 schrieb autobuild: The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-08-05-0936/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-08-05-0936/samba.stderr I fear the recent glibc security update causes segfaults... I'll have a look at it tomorrow. I just found https://bugs.launchpad.net/ubuntu/+bug/1352769 metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Am 05.08.2014 um 22:08 schrieb Stefan (metze) Metzmacher: Am 05.08.2014 um 22:06 schrieb Stefan (metze) Metzmacher: Am 05.08.2014 um 09:36 schrieb autobuild: The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-08-05-0936/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-08-05-0936/samba.stderr I fear the recent glibc security update causes segfaults... I'll have a look at it tomorrow. I just found https://bugs.launchpad.net/ubuntu/+bug/1352769 I did the following on sn and sn-devel-104 root@sn:~# /etc/init.d/nscd stop root@sn:~# update-rc.d -f nscd remove metze signature.asc Description: OpenPGP digital signature
Re: Flakey tests Re: autobuild: intermittent test failure detected
Am 03.01.2014 17:10, schrieb Stefan (metze) Metzmacher: Am 23.12.2013 19:42, schrieb autobuild: The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-12-23-1942/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba3.stderr http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stderr http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stdout The top commit at the time of the failure was: commit 819e1f561df5074ae21db77c6558b34f4b0e1351 Author: Garming Sam garm...@catalyst.net.nz Date: Mon Dec 23 17:12:39 2013 +1300 selftest: add rodc and other env tests for wbinfo This introduced some problems with flakey builds, please find a workaround attached. I'm currently doing manual autobuild with this, lets see if it gets better while build over the weekend. Just 1 failed autobuild (with this patch) and about 13 (without it), it would be nice if someone could give me a review+ and push it master. metze
Flakey tests Re: autobuild: intermittent test failure detected
Am 23.12.2013 19:42, schrieb autobuild: The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-12-23-1942/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba3.stderr http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stderr http://git.samba.org/autobuild.flakey/2013-12-23-1942/samba.stdout The top commit at the time of the failure was: commit 819e1f561df5074ae21db77c6558b34f4b0e1351 Author: Garming Sam garm...@catalyst.net.nz Date: Mon Dec 23 17:12:39 2013 +1300 selftest: add rodc and other env tests for wbinfo This introduced some problems with flakey builds, please find a workaround attached. I'm currently doing manual autobuild with this, lets see if it gets better while build over the weekend. metze
Re: [SCM] Samba Shared Repository - branch master updated
commit 12a2230581b3ff5c7a29819532652d7ddfe61521 Author: Andreas Schneider a...@samba.org Date: Fri Nov 8 16:14:35 2013 +0100 s4-smb_server: Fix a use after free. If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Jeremy Allison j...@samba.org diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index b26c128..4ebc0c4 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -415,6 +415,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se { NTSTATUS status; struct smbsrv_session *smb_sess = NULL; + bool is_smb_sess_new = false; struct sesssetup_spnego_state *s = NULL; uint16_t vuid; struct tevent_req *subreq; @@ -465,6 +466,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = NT_STATUS_INSUFFICIENT_RESOURCES; goto failed; } + is_smb_sess_new = true; } else { smb_sess = smbsrv_session_find_sesssetup(req-smb_conn, vuid); } @@ -510,7 +512,9 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se nomem: status = NT_STATUS_NO_MEMORY; failed: - talloc_free(smb_sess); + if (is_smb_sess_new) { + talloc_free(smb_sess); + } status = nt_status_squash(status); smbsrv_sesssetup_backend_send(req, sess, status); I think we need to talloc_steal(req, smb_sess) here. This is similar to https://git.samba.org/?p=samba.git;a=commitdiff;h=25494628a2e977568de0f634602ebe893d0a5b88 metze
Re: [Samba] [PATCH] Do not close winbind socket during use
Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
Am 09.07.2013 17:33, schrieb Stefan (metze) Metzmacher: Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr Here's the next try, which hopefully don't crash in make test :-) metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
Am 09.07.2013 18:03, schrieb Stefan (metze) Metzmacher: Am 09.07.2013 17:33, schrieb Stefan (metze) Metzmacher: Hi Andrew, Am 03.07.2013 09:44, schrieb Andrew Bartlett: On Thu, 2013-06-27 at 11:42 +1000, Andrew Bartlett wrote: On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. G'Day, The original reporter has confirmed to me that this removes the segfault for him. It changes it to a 105 sec hang, (due to the winbind client trying for 5 second at at a time many times). Can I get a review on it so we can rid master and eventually 4.0 of this nasty crash? I've looked through this patches and have some improvements. The main problem is that we're not sure wbsrv_call_loop() is called again on the terminated connection, when the last pending request is finished. That's why I remember all broken connections and try to clean them up before accepting a new connection or processing any new request on any connection. This way we're sure the connection gets removed eventually. I'm currently running some autobuild with the attached patches, they might also fix the current flakey crashes, e.g. https://git.samba.org/autobuild.flakey/2013-07-08-0055/samba.stderr Here's the next try, which hopefully don't crash in make test :-) Ok, it passed 4 times on master and 4 times on v4-0-test, if you're ok with it I'll squash my changes and the missing Pair-programmed-with:, Signed-off-by:, Reviewed-by: tags and push it... Are you fine with that? metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [SCM] CTDB repository - branch master updated - ctdb-2.1-47-g1c7adbc
Hi Amitay, client: Set the socket non-blocking only after connect succeeds If the socket is set non-blocking before connect, then we should catch EAGAIN errors and retry. Instead of adding a random number of retries, better to wait for connect to succeed and then set the socket to non-blocking. Signed-off-by: Amitay Isaacs ami...@gmail.com Why have you also moved the set_close_on_exec() call? metze signature.asc Description: OpenPGP digital signature
Re: [Samba] About new test cases for Durable handle version 2
Hi Santanu, I am not sure if I am addressing to the correct audience. So apologize for the that. I found in the existing smbtorture test suit do not have much test cases related to durable handle version 2 that is supported for SMB version 3 . I have done some work on that and would like to contribute on that filed. Can anyone let me know the process for that? We have test... v4-0-test$ bin/smbtorture --list |grep durable-v2 smb2.durable-v2-open.open-oplock.open-oplock smb2.durable-v2-open.open-lease.open-lease smb2.durable-v2-open.reopen1.reopen1 smb2.durable-v2-open.reopen2.reopen2 smb2.durable-v2-open.persistent-open-oplock.persistent-open-oplock smb2.durable-v2-open.persistent-open-lease.persistent-open-lease metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] wiki.samba.org (Re: Bugzilla is down at the moment)
Am 12.12.2012 17:11, schrieb Lars Müller: Hi, bugzilla.samba.org is down and we're working on it at the moment. It's wiki.samba.org ... metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] MMC crashes with rc6
Hi Thomas, On Thu, Dec 06, 2012 at 05:50:59AM -0500, Thomas Simmons wrote: Yes, that helps. MMC no longer crashes. Seeing this one also. It's now tracked in https://bugzilla.samba.org/show_bug.cgi?id=9470. Thanks a lot for reporting! It would also be good to know if it crashes again if you remove 'acl:search=false' again (with plain rc6). I had problems to reproduce the crash once the client worked once, even a reboot wasn't able to retrigger this. Then it would be nice if you could test this patches https://bugzilla.samba.org/attachment.cgi?id=8294 They should fix the problem without the need of 'acl:search=false'. Thanks! metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
FLAKEY: selftest: check that samba-tool gpo works for basic operations
Hi Andrew, can you have a look at this https://git.samba.org/autobuild.flakey/2012-11-06-0314/samba.stdout https://git.samba.org/autobuild.flakey/2012-11-06-0514/samba.stdout https://git.samba.org/autobuild.flakey/2012-11-06-0713/samba.stdout It seems that the samba.tests.samba_tool.gpo(dc:local) test is flakey. metze Am 06.11.2012 00:13, schrieb Andrew Bartlett: The branch, master has been updated via ab30a8b provision: Make dsacl2fsacl() take a security.dom_sid, not str via 0334515 provision: Also walk directories checking ACLs via ab5 wintest: Try harder to recover from apparent failure to dcpromo via 0b7bb77 selftest: check that samba-tool gpo works for basic operations via 26faa8f dsdb: Simplify DsCrackNameOneFilter a bit via ec3cbb6 wafsamba.abi: Fix abi_match with both excludes and includes. via d02c8ba wafsamba.samba_abi: Add basic unit tests. via 97102fa buildtools: Remove extra space from global: line via ea5ef95 wafsamba.samba_abi: Refactor abi_write_vscript to take file argument. from 3d93616 s3:smbd: pass the current time to make_connection[_smb1]() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ab30a8bf0fb9bd4ee3c907183132f3b9abb67c7a Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 20:44:14 2012 +1100 provision: Make dsacl2fsacl() take a security.dom_sid, not str Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104 commit 033451587db21d6e4b829e89a64f894a32682131 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 15:22:02 2012 +1100 provision: Also walk directories checking ACLs The directory walk was missed due to a cut-and-paste error. Andrew Bartlett Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit ab5cdc39b71c0f243ff1e660d1f35a4923e3 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 19:35:51 2012 +1100 wintest: Try harder to recover from apparent failure to dcpromo Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit 0b7bb774ce836722d219d6e466a76b12c1a03de3 Author: Andrew Bartlett abart...@samba.org Date: Mon Nov 5 12:57:17 2012 +1100 selftest: check that samba-tool gpo works for basic operations Reviewed-by: Jelmer Vernooij jel...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org commit 26faa8fe3a42f9d1278d81773c8808b05fcd76f8 Author: Volker Lendecke v...@samba.org Date: Sat Nov 3 09:36:29 2012 +0100 dsdb: Simplify DsCrackNameOneFilter a bit For me else branches clutter my flow reading code. If we do a hard return at the end of an if branch, else is not required. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ec3cbb6c476698523c9b5ac047787df101746891 Author: Jelmer Vernooij jel...@samba.org Date: Mon Nov 5 19:36:30 2012 +0100 wafsamba.abi: Fix abi_match with both excludes and includes. This fixes a regression introduced by 9c3e294400234ebdf9b98031bae583524fd0b0ac which caused internal symbols in libldb to be exposed. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9357 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stephen Gallagher sgall...@redhat.com commit d02c8ba122cef7d8b254e5be3ae757eb3bb14235 Author: Jelmer Vernooij jel...@samba.org Date: Mon Nov 5 19:36:29 2012 +0100 wafsamba.samba_abi: Add basic unit tests. Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stephen Gallagher sgall...@redhat.com commit 97102fa9963ba88f4ab72165a02071990031a73b Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 6 07:48:52 2012 +1100 buildtools: Remove extra space from global: line This makes it easier to put the expected values in a file as we will not have trailing whitespace that is against git style. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit ea5ef95fbebe28cca11f86a9015aab77522f5e18 Author: Jelmer Vernooij jel...@samba.org Date: Mon Nov 5 19:36:28 2012 +0100 wafsamba.samba_abi: Refactor abi_write_vscript to take file argument. Signed-off-by: Andrew Bartlett abart...@samba.org
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jelmer, - Log - commit c2d14747d608d406de6410556807d467cd0b85ef Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 14:45:10 2012 +0200 provision: Always create DNS user. The DNS user is currently only used by the bind9 plugin. This makes it easier to later on switch between the builtin DNS server and bind backend. In addition, ideally the internal DNS server would use that (separate) user too. Why? Isn't that the job of samba_upgradedns? I removed this behavior because I want us to match windows as much as possible. metze signature.asc Description: OpenPGP digital signature
Re: [Samba] Did anybody test smbclient4 against smbd4 using SMB2
Am 25.09.2012 19:43, schrieb Jun Yi: Thanks Andrew, Let's first clarify the version I used. I use the master branch, e.g., version 4.1.0, for both client and server sides. I run smbclient4 at the client side: junyij@junyij] ./smbclient4 -V Version 4.1.0pre1-DEVELOPERBUILD junyij@junyij] ./smbclient4 -m SMB2 -W smb-workgroup -U junyij //localhost/share1 Connection to \\localhost\share1 failed - NT_STATUS_REVISION_MISMATCH smbclient4 is not really supported at all, it might be removed in future. It also doesn't support smb2! smbclient doesn't support smb2/3 neither, but we may add that for Samba-4.1.0, but it won't be in Samba-4.0.0. smbtorture and smbtorture3 both have some smb2/3 tests. While developing new tests we typically verify them against the latest Windows version (the reference implementation). And they run in 'make test' before any commit hits our main git repository (for the master and v4-0-test branches). You can run smbtorture like bin/smbtorture -Uadministrator%A1b2C3d4 //172.31.9.198/torture smb2.durable-open This lists all test-suites: bin/smbtorture --list-suites This all subtests bin/smbtorture --list './smbtorture3 --help' will show all all smbtorture3 tests. It can be used like this: bin/smbtorture3 //172.31.9.198/torture -Uadministrator%A1b2C3d4 SMB2-NEGPROT metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Add mapping using uidNumber and gidNumber like idmap_ad
Hi Andrew, commit 3c65bac0b6fc104f4bdf86beed775d13da00aaab Author: Andrew Bartlett abart...@samba.org Date: Sun Jun 10 15:52:14 2012 +1000 s4-idmap: Add mapping using uidNumber and gidNumber like idmap_ad This is a solution for users who are upgrading from Samba 3.x in particuar, or have clients that will be using idmap_ad. This avoids needing to have duplicate values in idmap.ldb and in the directory. No check for conflicts is made with the idmap.ldb - the AD store always wins. Andrew Bartlett I'm not ok with this patch, I asked you to add an option for this new behavior! This should not be the default behavior, there should be an option for people who want that magic. This just leads to hard to debug installations. We have enough of magic fallbacks to legacy mapping in the s3, which might end up with inconsistent id mappings, if winbindd is not reachable for a short time. metze signature.asc Description: OpenPGP digital signature
Remove unused finddcs_nbt (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Andrew, commit 06c90cb6f55701effa4cbafaf189a4de8471949b Author: Andrew Bartlett abart...@samba.org Date: Thu Jun 7 14:21:25 2012 +1000 s4-libcli: Remove unused finddcs_nbt This would only do the NBT getdc lookup for a single DC (but would find multiple DCs at first stage), but more particular it of course uses Netbios rather than DNS names. In any case it was also unused, as we use CLDAP for reliable DC location these days. Found by callcatcher I think it's a bug that it's not used. Samba3 DCs doesn't support CLDAP. metze signature.asc Description: OpenPGP digital signature
Re: [Samba] How to build Samba4 using static linked libraries
Hi, I am building the torture/smbtorture forsamba-4.0.0alpha17. After build, I am running the test in another environment. I not only need to copy the binary smbtorture, I also need to copy the shared libraries. This is HUGE inconvenient for us. Could somebody tell me how to build the binary using static linked libraries? Take a look at https://gitweb.samba.org/?p=samba.git;a=blob;f=source3/Makefile-smbtorture4; This should build a statically linked smbtorture4: cd source3 ./configure.developer make bin/smbtorture4 metze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to get to git.samba.org?
Hi Charles, Am 12.03.2012 18:49, schrieb Charles Tryon: I'm trying to do a pull from the Samba git repository, and getting errors that it can't get to the host: samba:samba-master? git pull fatal: unable to connect to git.samba.org: git.samba.org[0: 193.175.80.230]: errno=No route to host I've tried from a couple of different test environments on different networks and I'm getting the same error. Possibly a transient problem with DNS? (I did a pull an hour ago and it was fine.) git.samba.org is currently down for maintenance, If you have urgent need to get the samba git tree, please use http://repo.or.cz/w/Samba.git Sorry for any inconvenience! metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to remove security=share in Samba 4.0
Hi Andrew, After feedback from my previous proposal, I am proposing to totally remove security=share from Samba 4.0. security=share has been deprecated since Samba 3.6. The attached patch shows the removal (a lot of complex code is going away, which I think is a very good thing). Naturally, full user-name/password authentication remain available in security=user and above. The rationale is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, I want to close the door on one of the most arcane areas of Samba authentication. If you have any concerns about this, please let me know, Please add a tombstone like we have for NT_STATUS_NOPROBLEMO to SEC_SHARE :-) And wait a few more days for comments... metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to change security=share in Samba 4.0
Am 27.02.2012 13:39, schrieb John H Terpstra: On 02/27/2012 04:58 AM, Andrew Bartlett wrote: I recently proposed on samba-technical that for Samba 4.0, that we change security=share to have the following semantics: - All connections are made as the guest user - No passwords are required, and no other accounts are available. Naturally, full user-name/password authentication remain available in security=user and above. The rationale is that we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. I want to keep these simple configurations working. At the same time, I want to close the door on one of the most arcane areas of Samba authentication. The problem comes from the fact that Samba never implemented security=share properly: instead of having one password per share, we tried to guess the username, and match that to a username/password pair. Not only is this code complex, it begins to fail with modern clients and modern security settings. For example, NTLMv2 relies on the username and workgroup, but clients which send NTLMv2 do not send these in the 'tree connect' request that contains the password. Instead, we must remember the previous unchecked 'session setup', and apply the password from there. If we instead guess the username, then NTLMv2 will not work. Finally, Samba clients only send LM passwords to security=share servers. LM passwords are very insecure, and are now off by default. As such, Samba clients will not connect to any server running security=share by default. If you use security=share, and feel that your particular configuration cannot be handled any other way, please let me know, so we can find the best to handle your particular requirements. Thanks, Andrew Bartlett Is there any reason we can not do away with security = share and get rid of this altogether? Was there not a prior proposal to deprecate this back in the early days of 3.0.x? I only remember a discussion at the 3.6.0preX time. I'd love to remove security=share completely, but I'm also ok with keeping it for anonymous access only. metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Replace smbd_server_connection_loop_once() with tevent_loop_once() directly.
Hi Jeremy, - Log - commit ed85e9fe6a10d3c34b74788e6f862ea23dce4f2b Author: Jeremy Allison j...@samba.org Date: Thu Feb 16 16:14:14 2012 -0800 Replace smbd_server_connection_loop_once() with tevent_loop_once() directly. We no longer need to call poll() directly inside smbd ! Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Feb 17 02:49:13 CET 2012 on sn-devel-104 Are you sure you want to remove the START_PROFILE(smbd_idle); part? metze signature.asc Description: OpenPGP digital signature
Re: [Samba] The Recycled PIDs Fix
Hi Manoj, This is regarding your fix on recycled PIDs. I am an NCP developer from Novell and we use libsmbsharemodes library from Samba for Cross Protocols Locks between NCP, Samba and others. I have few queries regarding your fix. In your fix, you have added a new field called 'unique_id' in the server_id structure and we need to pass this in our call to samba share mode APIs e.g. create_share_mode_entry(). Also, you have introduced server registration/de-registration which is associated with 'unqiue_id'. If we use these new APIs then in which library from Samba do we need to link to? Or without calling serverid_register() can we directly pass any 'unique_id' while calling to create_share_mode_entry() and in that case whether this and other share mode APIs will work properly? Looking forward to your answer, Maybe we could invent a special value e.g. UINT64_MAX as don't verify this unique id. metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bugzilla.samba.org is down
Hi Linda, it has been fixed on Saturday night. metze Stefan (metze) Metzmacher wrote: Hi, bugzilla.samba.org has problems after an update, we're working on it. metze Still? signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] bugzilla.samba.org is down
Hi, bugzilla.samba.org has problems after an update, we're working on it. metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: s3: Avoid a winbind 100% cpu loop
Hi Volker, - Log - commit fbf17489844a5cfc6d1da8c431ce0194ed4c3f72 Author: Volker Lendecke v...@samba.org Date: Tue Oct 18 21:36:44 2011 +0200 s3: Avoid a winbind 100% cpu loop When a DC goes down hard, winbind can end up in a 100% CPU loop. The next (small) RPC request to the DC ends up as a trans2 request. If the connection goes down, we end up trying to discard the request via the loop in cli_state_notify_pending(). Because this is a trans2 request, cli_smb_req_unset_pending will not kick in. Thus the pending array will always remain at length 1. Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/async_smb.c |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index efeb328..dce1b74 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -287,6 +287,14 @@ static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status) req = cli-conn.pending[0]; state = tevent_req_data(req, struct cli_smb_state); + if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_BROKEN)) { + /* + * We're dead. No point waiting for trans2 + * replies. + */ + state-mid = 0; + } + cli_smb_req_unset_pending(req); Good catch, thanks! Is there a reason why you only use state-mid = 0; on PIPE_BROKEN? As cli_state_notify_pending() calls cli_state_disconnect(), I think we should always use state-mid = 0; without looking at the status. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthieu, diff --git a/source4/ntvfs/posix/python/pyxattr_tdb.c b/source4/ntvfs/posix/python/pyxattr_tdb.c index 2b28aca..a08557e 100644 --- a/source4/ntvfs/posix/python/pyxattr_tdb.c +++ b/source4/ntvfs/posix/python/pyxattr_tdb.c @@ -60,9 +60,8 @@ static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args) status = push_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename, -1, blob); if (!NT_STATUS_IS_OK(status)) { - PyErr_FromNTSTATUS(status); talloc_free(mem_ctx); - return NULL; + PyErr_NTSTATUS_IS_ERR_RAISE(status); } talloc_free(mem_ctx); Py_RETURN_NONE; @@ -91,9 +90,8 @@ static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args) status = pull_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename, -1, 100, blob); if (!NT_STATUS_IS_OK(status) || blob.length 0) { - PyErr_FromNTSTATUS(status); talloc_free(mem_ctx); - return NULL; + PyErr_NTSTATUS_IS_ERR_RAISE(status); Why this changes? What was the problem? NT_STATUS_IS_ERR() is not the same as !NT_STATUS_IS_OK() metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Am 23.09.2011 07:01, schrieb Matthieu Patou: On 22/09/2011 21:14, Stefan (metze) Metzmacher wrote: Hi Matthieu, diff --git a/source4/ntvfs/posix/python/pyxattr_tdb.c b/source4/ntvfs/posix/python/pyxattr_tdb.c index 2b28aca..a08557e 100644 --- a/source4/ntvfs/posix/python/pyxattr_tdb.c +++ b/source4/ntvfs/posix/python/pyxattr_tdb.c @@ -60,9 +60,8 @@ static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args) status = push_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename, -1, blob); if (!NT_STATUS_IS_OK(status)) { -PyErr_FromNTSTATUS(status); talloc_free(mem_ctx); -return NULL; +PyErr_NTSTATUS_IS_ERR_RAISE(status); } talloc_free(mem_ctx); Py_RETURN_NONE; @@ -91,9 +90,8 @@ static PyObject *py_wrap_getxattr(PyObject *self, PyObject *args) status = pull_xattr_blob_tdb_raw(eadb, mem_ctx, attribute, filename, -1, 100,blob); if (!NT_STATUS_IS_OK(status) || blob.length 0) { -PyErr_FromNTSTATUS(status); talloc_free(mem_ctx); -return NULL; +PyErr_NTSTATUS_IS_ERR_RAISE(status); Why this changes? What was the problem? NT_STATUS_IS_ERR() is not the same as !NT_STATUS_IS_OK() Well the problem is that without this if your status was != OK you'll get error like instead of getting the right exception. ERROR(type 'exceptions.SystemError'): uncaught exception - error return without exception set As PyErr_FromNTSTATUS(status) is not the same as PyErr_SetNTSTATUS(status) If _IS_ERR is not the same then we need to have this code: if (!NT_STATUS_IS_OK(status)) { PyErr_SetNTSTATUS(status); talloc_free(mem_ctx); return NULL; } yes, that looks more sane to me. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Hi Tridge, The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-08-12-1305/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-08-12-1305/samba3.stderr http://git.samba.org/autobuild.flakey/2011-08-12-1305/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-08-12-1305/samba4.stderr http://git.samba.org/autobuild.flakey/2011-08-12-1305/samba4.stdout The top commit at the time of the failure was: commit 6b3a12b0f4c38c87a1f1ff4227ab78ac7624289d Author: Andrew Tridgell tri...@samba.org Date: Fri Aug 12 14:37:04 2011 +1000 s4-test: use standard process model for 'dc' server this provides us with both 'standard' and 'single' process models in selftest, ensuring that we test the standard process model in the build farm Pair-Programmed-With: Andrew Bartlett abart...@samba.org I fear this change made autobuild a bit more unstable I saw the following error a few times today: [1064/1145 in 1h2m11s] samba4.nbt.winsreplication(dc) Test if we always get back the same assoc_ctx Setup wrepl connections UNEXPECTED(failure): samba4.nbt.winsreplication.assoc_ctx2 REASON: _StringException: _StringException: ../source4/torture/nbt/winsreplication.c:200: status was NT_STATUS_HOST_UNREACHABLE, expected NT_STATUS_OK: Incorrect status I also noticed that samba4 make test needs over 1h 20 now. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Hi Andrew, The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-08-09-1406/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-08-09-1406/samba3.stderr http://git.samba.org/autobuild.flakey/2011-08-09-1406/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-08-09-1406/samba4.stderr http://git.samba.org/autobuild.flakey/2011-08-09-1406/samba4.stdout Do you have an idea why the samba3.blackbox.smbclient_auth.plain tests are flakey? I tried make test TESTS=secshare SMBD_VALGRIND=valgrind --num-callers=30 --log-file=smbd.vg.log --trace-children=yes, but didn't find anything. UNEXPECTED(error): creating directory /memdisk/autobuild/flakey/b28206/samba4/bin/ab/secserver/ncalrpc: File exists is very strange and I can't find the related code using git grep 'creating directory' metze signature.asc Description: OpenPGP digital signature
nmbd FD_SET change for master/3.6
Hi Jeremy, diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c index a89f49c..0324c9d 100644 --- a/source3/nmbd/nmbd_packets.c +++ b/source3/nmbd/nmbd_packets.c @@ -1698,7 +1698,12 @@ static bool create_listen_pollfds(struct pollfd **pfds, for (subrec = FIRST_SUBNET; subrec != NULL; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { - count += 2; /* nmb_sock and dgram_sock */ + if (subrec-nmb_sock != -1) { + count += 1; + } + if (subrec-dgram_sock != -1) { + count += 1; + } if (subrec-nmb_bcast != -1) { count += 1; } Can you please explain me where this can happen? I think nmb_sock and dgram_sock are always valid. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Hi, I think I've fixed the problems with this flakey test: samba3.posix_s3.winbind.wbclient .wbcListUsers See https://bugzilla.samba.org/show_bug.cgi?id=8215 for more details. metze The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2011-06-16-0225/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2011-06-16-0225/samba3.stderr http://git.samba.org/autobuild.flakey/2011-06-16-0225/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2011-06-16-0225/samba4.stderr http://git.samba.org/autobuild.flakey/2011-06-16-0225/samba4.stdout signature.asc Description: OpenPGP digital signature
quiet enum warnings
Hi Matthias, case RAW_FILEINFO_GETATTR: info-getattr.out.attrib = name-dos.attrib; info-getattr.out.size = name-st.st_size; @@ -333,9 +330,11 @@ static NTSTATUS pvfs_map_fileinfo(struct pvfs_state *pvfs, name-original_name); NT_STATUS_HAVE_NO_MEMORY(info-all_info2.out.fname.s); return NT_STATUS_OK; + + default: + return NT_STATUS_INVALID_LEVEL; } - return NT_STATUS_INVALID_LEVEL; } I think we should better fix this by adding the missing enum values explicit instead of using a default, as that will make sure we'll get a warning again if someone adds a new value. metze signature.asc Description: OpenPGP digital signature
s3-param Remove special case for lp_workgroup()
Hi Andrew, commit 3ccc7609476139bc6a906110a2623605f3802159 introduced a regression in rpcclient, which makes it unusable, as the lp_workgroup() returns uninitialized memory. I have put a fix for this into autobuild, but it would be nice if you could add some blackbox tests for rpcclient, so that we'll detect things like this in future. Thanks! metze signature.asc Description: OpenPGP digital signature
s3-param Remove special case for global_myname(), rename to lp_netbios_name()
Hi Andrew, while I like you changes to use lp_netbios_name(), lp_netbios_scope() and lp_workgroup() directly, I noticed that this changes changed the behavior if someone specifies these parameters on the command line. lp_set_cmdline() doesn't cause the lp_set_cmdline(netbios name, foo); doesn't trigger that lp_netbios_name() will return FOO, which would match the old behavior. I guess we need something similar to handle_realm() and szRealmUpper. metze signature.asc Description: OpenPGP digital signature
s3-testparm Warn more on incorrect use of 'password server'
Hi Andrew, commit 06435acf3b9afa94019f7654cda4ad9386c6384b Author: Andrew Bartlett abart...@samba.org Date: Wed May 18 11:53:34 2011 +1000 s3-testparm Warn more on incorrect use of 'password server' The usage of password server in security = ads setup is very common. We should really only print a warning, so I guess we need to remove the ret = 1 there. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Hi Tridge, http://git.samba.org/autobuild.flakey/2011-04-28-0842/samba4.stderr http://git.samba.org/autobuild.flakey/2011-04-28-0842/samba4.stdout Any idea why UNEXPECTED(error): samba4.nbt.winsreplication.owned is an error know instead of a failure, which would be ignored, because it's marked in knownfail? To me it seems that the knownfail feature doesn't work anymore. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Am 29.04.2011 21:57, schrieb Jelmer Vernooij: On Fri, 2011-04-29 at 21:29 +0200, Stefan (metze) Metzmacher wrote: Hi Tridge, http://git.samba.org/autobuild.flakey/2011-04-28-0842/samba4.stderr http://git.samba.org/autobuild.flakey/2011-04-28-0842/samba4.stdout Any idea why UNEXPECTED(error): samba4.nbt.winsreplication.owned is an error know instead of a failure, which would be ignored, because it's marked in knownfail? To me it seems that the knownfail feature doesn't work anymore. knownfail only works for failures (i.e. we check for a particular error but a different one was returned), not for errors (e.g. segfaults). This is intentional; an error is often a sign of a broken testsuite. I know, but that test used to generate a failure and not an error before. So something seemed to be changed, because it started to be flakey again arround commit 1c5cc4a2d1449296a96e8a137dc177191df00c8d. I'll change _NBT_ASSERT() and _NBT_ASSERT_STRING() to use the torture_assert macros, so that's a failure again, but we need to bisect why it is failing there now, while it didn't fail before with an error. metze signature.asc Description: OpenPGP digital signature
s4-dsdb: allow modification of linked attribute targets with relax
Hi Tridge, commit daeb6a02eab5822c557ab167fbc171aebe2ddf05 Author: Andrew Tridgell tri...@samba.org Date: Tue Mar 29 16:14:18 2011 +1100 s4-dsdb: allow modification of linked attribute targets with relax this is used to help recover a corrupt database. Pair-Programmed-With: Andrew Bartlett abart...@samba.org Can we change that, so that's it's only allowed as SYSTEM? metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Andrew, commit b32f155bae384bd3ae1d9ba9f246a0eca18a2511 Author: Andrew Tridgell tri...@samba.org Date: Mon Mar 28 16:44:32 2011 +1100 s4-dsdb: perform FSMO transfers asynchronously this gives the administrator a proper error message on the command line Pair-Programmed-With: Andrew Bartlett abart...@samba.org commit 358892e8365d052d7b9300737a4c1dc92b26cc0c Author: Andrew Tridgell tri...@samba.org Date: Mon Mar 28 16:20:47 2011 +1100 s4-fsmo: make rootDSE modify for FSMO transfer async this gives the ldap client the error code from the transfer Pair-Programmed-With: Andrew Bartlett abart...@samba.org Not really related to your change, but I think we have a real problem in this code, as rootdse_become_master() is called within a transaction. Which may talks to another local process and then to a remove server. metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Hi, commit 4928d66fc2f469b75090c34f8d233026485e4a1e Author: Stefan Metzmacher me...@samba.org Date: Mon Mar 21 11:21:57 2011 +0100 libcli/security: make sure that we don't grant SEC_STD_DELETE to the owner by default In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze I've pushed a fix for this to autobuild... metze signature.asc Description: OpenPGP digital signature
pidl uid_t and gid_t
Hi Andrew, commit 646aefd998c1af366dcaee6cbc2bad9359a71f45 Author: Andrew Bartlett abart...@samba.org Date: Fri Feb 11 18:45:32 2011 +1100 pidl Add support for uid_t and gid_t types These are mapped to uint64_t, which should be big enough. This is proposed to be used for internal Samba representations, where it would be more painful to convert all the callers to an uint64_t calling convention. Andrew Bartlett +/* + push a gid_t +*/ +_PUBLIC_ enum ndr_err_code ndr_push_gid_t(struct ndr_push *ndr, int ndr_flags, gid_t g) +{ + return ndr_push_udlong(ndr, NDR_SCALARS, (uint64_t)g); +} + +/* + pull a gid_t +*/ +_PUBLIC_ enum ndr_err_code ndr_pull_gid_t(struct ndr_pull *ndr, int ndr_flags, gid_t *g) +{ + uint64_t gg; + NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, gg)); + *g = (gid_t)gg; + if (unlikely(gg != *g)) { + DEBUG(0,(__location__ : gid_t pull doesn't fit 0x%016llx\n, + (unsigned long long)gg)); + return NDR_ERR_NDR64; + } + return NDR_ERR_SUCCESS; +} + + +/* pull a ipv4address */ _PUBLIC_ enum ndr_err_code ndr_pull_ipv4address(struct ndr_pull *ndr, int ndr_flags, const char **address) @@ -1050,6 +1100,16 @@ _PUBLIC_ void ndr_print_time_t(struct ndr_print *ndr, const char *name, time_t t } } +_PUBLIC_ void ndr_print_uid_t(struct ndr_print *ndr, const char *name, uid_t u) +{ + ndr_print_dlong(ndr, name, u); +} + +_PUBLIC_ void ndr_print_gid_t(struct ndr_print *ndr, const char *name, gid_t g) +{ + ndr_print_dlong(ndr, name, g); +} + _PUBLIC_ void ndr_print_union(struct ndr_print *ndr, const char *name, int level, const char *type) { if (ndr-flags LIBNDR_PRINT_ARRAY_HEX) { diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm index 3edb9b7..5ade5c1 100644 --- a/pidl/lib/Parse/Pidl/NDR.pm +++ b/pidl/lib/Parse/Pidl/NDR.pm @@ -66,6 +66,8 @@ my $scalar_alignment = { 'string' = 4, 'string_array' = 4, #??? 'time_t' = 4, + 'uid_t' = 8, + 'gid_t' = 8, 'NTTIME' = 4, 'NTTIME_1sec' = 4, 'NTTIME_hyper' = 8, udlong aligns to 4 byte and not to 8 as hyper would do. metze signature.asc Description: OpenPGP digital signature
file_name_hash vs. smb_name_hash
Hi Jeremy, The branch, master has been updated via 3272e16 Missed one debug printf of name_hash. Ensure always use %x. via 4473273 Fix bug #7863 - Unlink may unlink wrong file when hardlinks are involved. via a65bce4 Add uint32_t name_hash argument (currently unused) to get_file_infos(). via b97f1ce Add name_hash into the share mode entry struct (as yet only use for renames to identify a specific path). via 76418e2 Add name_hash to files_struct. Set within fsp_set_smb_fname(). from 6e22637 s4-test/delete_object: Remove global ldb connections http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master +static uint32_t smb_name_hash(const char *sharepath, const char *filename, int *err) +{ + TDB_DATA key; + char *fullpath = NULL; + int ret; + uint32_t name_hash; + + *err = 0; + ret = asprintf(fullpath, %s/%s, sharepath, filename); + if (ret == -1 || fullpath == NULL) { + *err = 1; + return 0; + } + key.dptr = (uint8_t *)fullpath; + key.dsize = strlen(fullpath); + name_hash = tdb_jenkins_hash(key); + free(fullpath); + return name_hash; +} + +NTSTATUS file_name_hash(connection_struct *conn, + const char *name, uint32_t *p_name_hash) +{ + TDB_DATA key; + char *fullpath = NULL; + + /* Set the hash of the full pathname. */ + fullpath = talloc_asprintf(talloc_tos(), + %s/%s, + conn-connectpath, + name); + if (!fullpath) { + return NT_STATUS_NO_MEMORY; + } + key = string_term_tdb_data(fullpath); + *p_name_hash = tdb_jenkins_hash(key); + + DEBUG(10,(file_name_hash: %s hash 0x%x\n, + fullpath, + (unsigned int)*p_name_hash )); + + TALLOC_FREE(fullpath); + return NT_STATUS_OK; +} These function don't calculate the same hash! string_term_tdb_data() uses strlen()+1. metze signature.asc Description: OpenPGP digital signature
s3: Fix an infinite loop
Hi Volker, I think this change is wrong because, selret is a pointer and we already have this check (directly above): if (*selrtn = 0) { /* * No fd ready */ return false; } I've done some more changes to implement the fd fairness in lib/events.c instead of smbd/process.c. Please have a look at: http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-tevent2 metze signature.asc Description: OpenPGP digital signature
Re: s3: Fix an infinite loop
Hi Volker, On Mon, Jan 24, 2011 at 09:14:23AM +0100, Stefan (metze) Metzmacher wrote: I think this change is wrong because, selret is a pointer and we already have this check (directly above): Gna. I have first done this in 3.5, where selrtn is not a pointer. I have then just taken the same patch and applied it to master, wrongly assuming that this is the same piece of code. The patch applied cleanly, so I did not check. Apologies for this false assumption. No problem, I assumed something like that:-) By the way, where does 3.5 handle the selrtn==-1 case? I think we need something like this there: http://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=22f0e9bf00fb8a3dc02b8c4e13d05b9f7a9adb6b http://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=d935696bc4559fe66f3420b8bbe0d9a595b41116 I have just pushed the revert to autobuild. Does my other changes make sense for you? metze signature.asc Description: OpenPGP digital signature
Re: autobuild failure for task source4 during make
I've pushed a change that marks samba4.tokengroups.python as knownfail. metze Am 19.01.2011 16:44, schrieb autobu...@samba.org: Dear Developer, Your autobuild failed when trying to test source4 with the following error: source4: [make] failed 'make -j' with status 2 the autobuild has been abandoned. Please fix the error and resubmit. A summary of the autobuild process is here: http://git.samba.org/metze/samba-autobuild/autobuild.log You can see logs of the failed task here: http://git.samba.org/metze/samba-autobuild/source4.stdout http://git.samba.org/metze/samba-autobuild/source4.stderr or you can get full logs of all tasks in this job here: http://git.samba.org/metze/samba-autobuild/logs.tar.gz The top commit for the tree that was built was: commit 3494e6b52d83a370b06b7cfa8857c06a6b9be6b4 Author: Stefan Metzmacher me...@samba.org Date: Sat Oct 30 16:23:49 2010 +0200 socket_wrapper: use swrap_sendmsg_before()/after() in swrap_writev() metze signature.asc Description: OpenPGP digital signature
Re: autobuild: intermittent test failure detected
Am 11.12.2010 06:44, schrieb Andrew Tridgell: The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2010-12-11-0644/flakey.log The source3 build logs are available here: http://git.samba.org/autobuild.flakey/2010-12-11-0644/source3.stderr http://git.samba.org/autobuild.flakey/2010-12-11-0644/source3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2010-12-11-0644/source4.stderr http://git.samba.org/autobuild.flakey/2010-12-11-0644/source4.stdout The top commit at the time of the failure was: commit 35fbc7bbda5851f7172538f79fc79be201f1d521 Author: Jelmer Vernooij jel...@samba.org Date: Sat Dec 11 03:26:31 2010 +0100 s4-smbtorture: Make test names lowercase and dot-separated. This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104 I wonder how this passed autobuild, as the ECHO-UDP test can never be found... I'm pushing fixes for it to autobuild now. metze metze signature.asc Description: OpenPGP digital signature
s4-param: +foo syntax
Hi Andrew, s4-param Allow +foo syntax in smb.conf list parsing The idea here is to allow an smb.conf file to work from the defaults, rather than override them. For example, 'server services = +openchange'. Wouldn't it be clearer to use 'server services += openchange'? '+' might be a valid character in the list items. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthias, The branch, master has been updated via 7a5e47b s4:auth/sam.c-authsam_expand_nested_groups - don't fail if we've memberships on non-SAM objects diff --git a/source4/auth/sam.c b/source4/auth/sam.c index b98830a..6203b96 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -326,11 +326,11 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, status = dsdb_get_extended_dn_sid(dn, sid, SID); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (__location__ : when parsing DN %s we failed to find our SID component, so we cannot calculate the group token: %s\n, - ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), - nt_errstr(status))); + /* If we fail finding a SID then this is no error since it could + * be a non SAM object - e.g. a group with object class + * groupOfNames */ talloc_free(tmp_ctx); - return NT_STATUS_INTERNAL_DB_CORRUPTION; + return NT_STATUS_OK; } Wouldn't it be better to just catch a specific error code (NT_STATUS_OBJECT_NAME_NOT_FOUND) rather than all failures? metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthias, commit b028a6001ad7e440fbd71faa45cad8b5966fac1c Author: Matthias Dieter Wallnöfer m...@samba.org Date: Sun Nov 28 12:28:03 2010 +0100 replace:wscript - change the bool checks to be compatible with more platforms - If the type was found then we are fine and define HAVE_BOOL - Othewise we substitute it in replace.h as _Bool or if not possible as int - This prevents lot of warnings on platforms where we don't have a bool type as Tru64 - The length check for bool is not really useful and therefore removed That check is useful and I added a few weeks ago, please readd it. It showed that sizeof(bool) is 1, that means that we might think about changing the fallback to define 'bool' as 'unsigned char' instead of 'int'. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tridge, commit a162b1a2d865c90441789640104adcd982e2bb75 Author: Andrew Tridgell tri...@samba.org Date: Fri Nov 5 18:57:36 2010 +1100 s4-join: switch over to the new DC join in make test commit 724599de635608f13e0f2d500a59b8830ceede84 Author: Andrew Tridgell tri...@samba.org Date: Fri Nov 5 14:16:49 2010 +1100 samba-tool: deprecate samba-tool vampire command Does the python join code, use the same network operations as the C code (and as Windows servers)? I mean first join as workstation and then promote as dc and all other details like using dcerpc assoc groups id's across multiple drsuapi connections. I think we should make sure a network capture of a samba dc join and a windows dc join look exactly the same. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthias, commit 4902b71a607a0899d1a2d65b80eebdc121f4ef1d Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Nov 3 09:23:33 2010 +0100 s4:RPC server - always set the response pad data in base of the request one Otherwise it could remain uninitialised - should fix bug #7769. ... @@ -220,6 +221,8 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call) pkt.u.response.alloc_hint = stub.length; pkt.u.response.context_id = call-pkt.u.request.context_id; pkt.u.response.cancel_count = 0; + pkt.u.response._pad.data = call-pkt.u.request._pad.data; + pkt.u.response._pad.length = call-pkt.u.request._pad.length; pkt.u.response.stub_and_verifier.data = stub.data; pkt.u.response.stub_and_verifier.length = length; I'm not sure this is the correct fix. ndr_push_DATA_BLOB() called with NDR_ALIGN8, should never look at this values at all. And if we need to initialize them we should initialize them to zero. metze signature.asc Description: OpenPGP digital signature
Invalid Netbios Names? Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthieu, Author: Matthieu Patou m...@matws.net Date: Thu Oct 28 13:09:51 2010 +0400 provision: when deriving netbiosname from hostname force the netbiosname to be compliant It means no space/_/-/@ and less than 16 chars. What's wrong with '-'? It's allowed in netbios and dns names. See http://support.microsoft.com/kb/909264 metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthieu, commit 04d63e973efb5b3e1bf677688f5d61ddf13cee42 Author: Matthieu Patou m...@matws.net Date: Wed Oct 27 00:50:41 2010 +0400 unit tests: remove smb2.dir Tridge says that it's a hard to fix pb and that it's not the priority for 4.0.0 ... diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 3d3ac34..5877f4f 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -314,7 +314,7 @@ plantestsuite_loadlist(samba4.ntp.signd, dc:local, [smb4torture, 'ncacn_np:$ # Tests against the NTVFS POSIX backend ntvfsargs = [--option=torture:sharedelay=1, --option=torture:oplocktimeout=3, --option=torture:writetimeupdatedelay=5] -smb2 = smb4torture_testsuites(SMB2-) +smb2 = filter(lambda x: SMB2-DIR not in x, smb4torture_testsuites(SMB2-)) Shouldn't this be done, but just adding the test to the skip file? metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthieu, -- commit c74ef7acf49f5e447373643c2e28c1dad56f451d Author: Matthieu Patoum...@matws.net Date: Fri Oct 22 01:01:53 2010 +0400 waf: Mark the replacement zlib private so that it can build on machine without a system zlib Autobuild-User: Matthieu Patoum...@samba.org Autobuild-Date: Thu Oct 21 21:47:46 UTC 2010 on sn-devel-104 commit 4ea7d4694a8353fc55ecd12cb09b9c91ffde7b3f Author: Matthieu Patoum...@matws.net Date: Thu Oct 21 02:14:39 2010 +0400 replace: use replace for non 'samba' compliant strptime commit 2d0ac59fcc490517b202180f49b178ab80c2534e Author: Matthieu Patoum...@matws.net Date: Thu Oct 21 00:13:54 2010 +0400 replace: use a wrapper around strtoll if it didn't behave as expected We also need this wscript changes also for the autoconf build in libreplace.m4. Is it required for the s3 build ? Yes and the standalone build in the build-farm also needs it. See http://build.samba.org/?tree=libreplace;function=Recent+Builds;sortby=status It would be also good if we would backport the fixes to the release branches. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthieu, -- commit c74ef7acf49f5e447373643c2e28c1dad56f451d Author: Matthieu Patou m...@matws.net Date: Fri Oct 22 01:01:53 2010 +0400 waf: Mark the replacement zlib private so that it can build on machine without a system zlib Autobuild-User: Matthieu Patou m...@samba.org Autobuild-Date: Thu Oct 21 21:47:46 UTC 2010 on sn-devel-104 commit 4ea7d4694a8353fc55ecd12cb09b9c91ffde7b3f Author: Matthieu Patou m...@matws.net Date: Thu Oct 21 02:14:39 2010 +0400 replace: use replace for non 'samba' compliant strptime commit 2d0ac59fcc490517b202180f49b178ab80c2534e Author: Matthieu Patou m...@matws.net Date: Thu Oct 21 00:13:54 2010 +0400 replace: use a wrapper around strtoll if it didn't behave as expected We also need this wscript changes also for the autoconf build in libreplace.m4. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthias, - Log - commit 8044a20d8d84e740ca5c6d76bacaa977d691f3d0 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Oct 21 08:51:46 2010 +0200 ldb:ldb_modules.c - if we don't find the associated dynamic object then please close the handle Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Thu Oct 21 07:52:44 UTC 2010 on sn-devel-104 diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index ec71c8d..b8f155d 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -320,6 +320,7 @@ static void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, sym = dlsym(handle, symbol); if (sym == NULL) { + dlclose(handle); ldb_debug(ldb, LDB_DEBUG_ERROR, no symbol `%s' found in %s: %s, symbol, path, dlerror()); return NULL; I think we should call dlclose() after ldb_debug() otherwise dlerror() may not return the desired result. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jelmer, - Log - commit c529317fe2b48e045b35a613cfd1ad3f03b68435 Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 21 21:43:13 2010 +0200 Lowercase socket_wrapper name. Avoid linking against socket_wrapper outside of developer mode. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Thu Oct 21 20:26:11 UTC 2010 on sn-devel-104 --- Summary of changes: lib/socket_wrapper/wscript |2 +- lib/socket_wrapper/wscript_build|2 +- lib/tdb/include/tdb.h |1 + lib/tdb/tdb.exports |1 + lib/tdb/tdb.signatures |1 + diff --git a/lib/tdb/include/tdb.h b/lib/tdb/include/tdb.h index 115c6fa..38d8197 100644 --- a/lib/tdb/include/tdb.h +++ b/lib/tdb/include/tdb.h @@ -101,6 +101,7 @@ void tdb_set_max_dead(struct tdb_context *tdb, int max_dead); int tdb_reopen(struct tdb_context *tdb); int tdb_reopen_all(int parent_longlived); +__attribute__((deprecated)) void tdb_logging_function(struct tdb_context *tdb, tdb_log_func); void tdb_set_logging_function(struct tdb_context *tdb, const struct tdb_logging_context *log_ctx); enum TDB_ERROR tdb_error(struct tdb_context *tdb); const char *tdb_errorstr(struct tdb_context *tdb); diff --git a/lib/tdb/tdb.exports b/lib/tdb/tdb.exports index 73b8fd6..09b9a96 100644 --- a/lib/tdb/tdb.exports +++ b/lib/tdb/tdb.exports @@ -23,6 +23,7 @@ tdb_freelist_size; tdb_get_flags; tdb_get_logging_private; + tdb_logging_function; tdb_get_seqnum; tdb_hash_size; tdb_increment_seqnum_nonblock; diff --git a/lib/tdb/tdb.signatures b/lib/tdb/tdb.signatures index 7706d18..1201077 100644 --- a/lib/tdb/tdb.signatures +++ b/lib/tdb/tdb.signatures @@ -56,6 +56,7 @@ void tdb_increment_seqnum_nonblock (struct tdb_context *); void tdb_remove_flags (struct tdb_context *, unsigned int); void tdb_setalarm_sigptr (struct tdb_context *, volatile sig_atomic_t *); void tdb_set_logging_function (struct tdb_context *, const struct tdb_logging_context *); +void tdb_logging_function(struct tdb_context *tdb, tdb_log_func); void tdb_set_max_dead (struct tdb_context *, int); int tdb_check (struct tdb_context *, int (*) (TDB_DATA, TDB_DATA, void *), void *); TDB_DATA tdb_null; What have this tdb changes todo with the rest? metze signature.asc Description: OpenPGP digital signature
ctdb_hash() = jenkins
Hi Ronnie, @@ -99,14 +99,7 @@ bool ctdb_same_address(struct ctdb_address *a1, struct ctdb_address *a2) */ uint32_t ctdb_hash(const TDB_DATA *key) { - uint32_t value; /* Used to compute the hash value. */ - uint32_t i; /* Used to cycle through random values. */ - - /* Set the initial value from the key size. */ - for (value = 0x238F13AF * key-dsize, i=0; i key-dsize; i++) - value = (value + (key-dptr[i] (i*5 % 24))); - - return (1103515243 * value + 12345); + return tdb_jenkins_hash(discard_const(key)); } Don't we need to change the protocol version for this change? See http://gitweb.samba.org/?p=metze/ctdb/wip.git;a=shortlog;h=refs/heads/master-tdb Here're also a few other ctdb/tdb related changes... metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Volker, - Log - commit 342c79e26544ee5345a9d54f68f774d7ce07e530 Author: Volker Lendecke v...@samba.org Date: Wed Oct 6 15:05:59 2010 +0200 s3: Make the write end of the echo responder pipe non-blocking Without this, we can get a writable pipe end, but the writev call on the pipe will block. Don't we need to add some EAGAIN logic to writev_handler() ? Currently it only handles EINTR. metze signature.asc Description: OpenPGP digital signature
Re: How this update has slipped in my batch was Re: [SCM] Samba Shared Repository - branch master updated
Hi Matthieu, On 05/10/2010 00:24, Matthieu Patou wrote: The branch, master has been updated via d09cfc0 unittests: add a test to avoid regression on previous fix via 19f835d unittests: makes the unit tests for ldb.python back in order via 9dcad79 pyldb: test return code before trying to talloc_steal via b53fbc7 s4:ldap_server: rewrite to socket layer to use tstream I'm wondering how this has arrived in the tree given the fact that on my private repo git rebase -i master gives me: 1 pick ed2f6aa pyldb: test return code before trying to talloc_steal 2 pick dd6c604 unittests: makes the unit tests for ldb.python back in order 3 pick 6f95fec unittests: add a test to avoid regression on previous fix Should the latest patch be removed ? gensec_tls only work with some gnutls version (others have bugs), that means TLS/SSL support is broken, but we still offer it. We should add configure checks to only allow TLS/SSL support if the used gnutls version don't has the handshake bug. See https://bugzilla.samba.org/show_bug.cgi?id=7218 metze signature.asc Description: OpenPGP digital signature
Re: [Samba] Import samba 3 to samba 4
Am 10.08.2010 11:39, schrieb Lukasz Zalewski: On 08/08/2010 12:44 AM, Michael Wood wrote: On 7 August 2010 19:11, Nico Kadel-Garcianka...@gmail.com wrote: On Mon, Aug 2, 2010 at 10:06 AM, Dave Thurstondthurs...@comcast.net wrote: I have searched but I have yet to find a method to import users and passwords from a samba3/ldap system to samba4. Is there available a method of doing this? Why do you need to import? Isn't the backend Kerberos and the account informat sufficiently similar that you can simply switch over? (I ask as someone using Samba 3, eyeing Samba 4 with interest to get LDAP out of the hands of Active Directory.) By default Samba 4 uses its own built in LDAP server and the OpenLDAP backend is currently not working properly. I have managed to migrate users from an Apple Open Directory server (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was only using Open Directory for authentication of one service. No machines joined to OD or anything like that. All I needed to do was dump the kerberos database, import it to Heimdal, dump it from Heimdal again and then use the password hashes from the Heimdal dump to create the necessary unicodePwd attributes in Samba's directory. After that I used ldapsearch to get hold of the groups each user was a member of and then used ldbmodify (or perhaps ldapmodify. I can't remember now) to migrate them to Samba. I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema looks like and how it differs from what Samba 4 uses, but as long as the password hashes are in a compatible format, I imagine it's just a matter of slapcat or ldapsearch, munging the results and then ldbmodify to add the users to Samba 4. I don't know of an existing script to do this. I have started writing a script that will pull account information (Users, Groups and Computers) from s3's ldap backend and import it to s4. its still early days though. I'm pretty sure that there will be loads of hurdles to jump before is in any usable state I've something that's is almost done for users, groups and computers. It needs a lot of cleanup, then I'll commit it to master/example/*. Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later we can also support ldap urls) metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Disabling test for ktpass
Hi Matthieu, commit 0b4247ef7a60e7fe419681919daa3b31cae7bc48 Author: Stefan Metzmacherme...@samba.org Date: Sat Jul 31 11:31:43 2010 +0200 s4:selftest: skip samba4.blackbox.ktpass for now as it's not portable ktutil might not be installed or from MIT. We should build a samba4ktutil and use that instead, until then we need to skip this test. metze Would it be acceptable if the tests checks if ktutil (and any other programs that ktpass depends on ) is present ? Matthieu I'd prefer to build a samba4ktutil as we do for samba4kinit, this would be useful on its own. As heimdal ktutil is much more useful than the MIT ktutil, which is installed on most systems. And they don't have the same user interface. I'll try to look at this next week. And we could run the test on all system then. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Volker, Am 04.07.2010 14:59, schrieb Volker Lendecke: The branch, master has been updated via ba57d23... s3: ALWAYS run make test before checkin from 34558ae... s3: Slight reshaping of server_exists_parse http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ba57d23c1ce5ef3b6c4b2e5e100a0457b8abdcbf Author: Volker Lendecke v...@samba.org Date: Sun Jul 4 14:59:23 2010 +0200 s3: ALWAYS run make test before checkin --- Summary of changes: source3/lib/serverid.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c index e9c7296..dc4834b 100644 --- a/source3/lib/serverid.c +++ b/source3/lib/serverid.c @@ -187,8 +187,8 @@ static int server_exists_parse(TDB_DATA key, TDB_DATA data, void *priv) * Use memcmp, not direct compare. data.dptr might not be * aligned. */ - state-exists = - (memcmp(unique_id, data.dptr, sizeof(unique_id)) == 0); + state-exists = (memcmp(state-id-unique_id, data.dptr, + sizeof(unique_id)) == 0); return 0; isn't the unique_id variable unused, if we use sizeof(state-id-unique_id)? metze signature.asc Description: OpenPGP digital signature
s4: rid pool and other provision fixes
Hi Tridge, The local dc account get the value of nextRid and the intial rIDAvailablePool starts with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter of 50. I'll test more combinations... I'm wondering why x is 1 in some cases and the rIDAvailablePool starts at 1101 when nextRid was 1000, instead of starting with 1100. Maybe it depends on the functional level. I've done some testing with a w2k8r2 server and commpared dcpromo with function levels (forest/domain) 4/4, 3/3, 2/2 and 0/0. And x is always 0, but I found that we need to create the RID Set for the local dc in provision, instead of runtime (when the first account is created). dcpromo sets the rIDNextRID to lowest value of rIDPreviousAllocationPool. And as rIDNextRID is not the rid of the next user, but the rid of the last user, the first user gets rIDNextRID + 1, which is 1101 in most cases. I also noticed that rIDUsedPool is never updated on a w2k8r2 server (at least if it's the rid master itself). The changes can be found here: http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-s3upgrade-review If they're no objections I've planed to push this changes tomorrow if make test doesn't show any additional errors. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Am 24.06.2010 10:05, schrieb Matthias Dieter Wallnöfer: The branch, master has been updated via 41cdcd5... s4:provision.ldif - fix the number of available RIDs via fec489b... s4:provision.ldif - this Win2003 revision level seems always to be 9 on Windows Server 2008 machines via 64e19ef... s4:provision_users.ldif - change a group description to be correct via 560620a... s4:upgradeprovision - fix include order for ldb via e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the remote attribute names into local names as defined in simple_ldap_map.c. via e88f37d... s4:setup/provision.reg - raise version to Windows Server 2008 R2 via b172b7f... s4:libnet_join.c - always use LDB constants from f34db12... Add parse_setjob_command() to make setting job state easier for users. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 09:35:58 2010 +0200 s4:provision.ldif - fix the number of available RIDs There should be 4611686014132422209 and not 4611686014132422109. --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -809,7 +809,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -rIDAvailablePool: 1001-1073741823 +rIDAvailablePool: 1601-1073741823 isCriticalSystemObject: TRUE I don't think that's correct. me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422209 4611686014132422209 0x3FFF0641 0374003101 0b1101100101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x641 1601 0x641 03101 0b1100101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422109 4611686014132422109 0x3FFF05DD 0374002735 0b11010111011101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x5DD 1501 0x5DD 02735 0b10111011101 changing it from 1501 to 1601 on a running system (the first dc already allocated its own rid pool with 500 entries) means changing the lower value by 100 and not by 600. The available pool also depends on the nextRid counter of the local sam, before the dcpromo. (which is copied into the 'nextRid' field on the domain object. The local dc account get the value of nextRid and the intial rIDAvailablePool starts with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter of 50. I'll test more combinations... I'm wondering why x is 1 in some cases and the rIDAvailablePool starts at 1101 when nextRid was 1000, instead of starting with 1100. Maybe it depends on the functional level. It also seems that the special dns accounts doesn't get hard coded rids, they're getting rids from the first pool the local dc allocates. metze metze signature.asc Description: OpenPGP digital signature
lanman pwd hash (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Matthias, commit 0e637be43b584aef9f5101d15ae5bdc1172c5502 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Mon Jun 21 19:40:50 2010 +0200 s4:password_hash LDB module - fix another problem regarding the lanman hash When a user only provides only the lanman hash (and nothing else) and the lanman authentication is deactivated then we end in an account with no password attribute at all! Lock this down. I think the correct behavior is to reject the password change in that case. metze signature.asc Description: OpenPGP digital signature
Re: lanman pwd hash (Re: [SCM] Samba Shared Repository - branch master updated)
Am 23.06.2010 09:08, schrieb Matthias Dieter Wallnöfer: Hi metze, I reject it when the lanman auth is deactivated. But otherwise it should be enabled (think at dcesrv_samr_ChangeOemPassword2 which manipulates only the lanman hash - tested using the passwords torture test). Therefore it should also be valid to have only a dBCSPwd attribute in the DB (I read also the MS-SAMR documentation and this seems possible). But this patch prevents a change which would delete all password attributes - which is fatal. I just noticed this: - if (!lp_lanman_auth(lp_ctx)) { - ldb_asprintf_errstring(ldb, - check_password_restrictions: - The password change through the LM hash is deactivated!); - return LDB_ERR_UNWILLING_TO_PERFORM; - } and didn't realized that this check was implicitly readded by this: + /* refuse the change if someone tries to set/change the password by +* the lanman hash alone and we've deactivated that mechanism. This +* would end in an account without any password! */ + if ((!io-n.cleartext_utf8) (!io-n.cleartext_utf16) +(!io-n.nt_hash) (!io-n.lm_hash)) { + ldb_asprintf_errstring(ldb, + setup_io: + The password change/set operations performed using the LAN Manager hash alone are deactivated!); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Björn, - Log - commit ec94efb79d4516b09c7d1d93a4ff8ce0f7046f41 Author: Björn Jacke b...@sernet.de Date: Thu Jun 10 17:19:16 2010 +0200 s3: fix build on HP-UX this struct member h_errno is not used in the HP-UX code paths, it was just there because Solaris has it, too. As h_errno is a function call macro on HP-UX when thread support is enabled we run into trouble here. Just commenting it out should be okay as we don't use it anyway. --- Summary of changes: nsswitch/winbind_nss_hpux.h |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_nss_hpux.h b/nsswitch/winbind_nss_hpux.h index 40a352d..393c0a3 100644 --- a/nsswitch/winbind_nss_hpux.h +++ b/nsswitch/winbind_nss_hpux.h @@ -130,7 +130,12 @@ typedef struct nss_XbyY_args { void *returnval; int erange; - int h_errno; + /* + * h_errno is defined as function call macro for multithreaded applications + * in HP-UX. *this* h_errno is not used in the HP-UX codepath of our nss + * modules, so let's simply comment it out here: + * int h_errno; + */ nss_status_t status; } nss_XbyY_args_t; Aren't this structures of fixed predefined size? Don't we use this to cast a given buffer into something we use? If so args-status is wrong now and we better keep an 'int _not_used'. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jelmer, diff --git a/lib/talloc/wscript b/lib/talloc/wscript index 3a87506..61930f6 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -60,14 +60,14 @@ def build(bld): abi_file='ABI/talloc-%s.sigs' % VERSION, abi_match='talloc* _talloc*', hide_symbols=True, - vnum=VERSION) + vnum=VERSION, is_bundled=True) # should we also install the symlink to libtalloc1.so here? bld.SAMBA_LIBRARY('talloc-compat1', 'compat/talloc_compat1.c', deps='talloc', enabled = bld.env.TALLOC_COMPAT1, - vnum=VERSION) + vnum=VERSION, is_bundled=True) shouldn't we use 'not bld.env.standalone_talloc' instead of 'True' here too? metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jelmer, - Log - commit 8c017022dbb78966589fa98e03dea01d91d003b0 Author: Jelmer Vernooij jel...@samba.org Date: Mon May 31 13:55:17 2010 +0200 talloc: Don't set is_bundled for standalone build. commit 151e239bcf2860411527a953d627b2d724c0a57e Author: Jelmer Vernooij jel...@samba.org Date: Mon May 31 13:51:49 2010 +0200 ldb/waf: Fix build with system and bundled ldb. Please test your changes without system libraries, and make sure it still works. Currently make bin/smbtorture4 in the merged build gets this: http://pastie.org/985637 (I assume the s4 build will have the same problem) metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Am 31.05.2010 19:23, schrieb Jelmer Vernooij: The branch, master has been updated via 7f75ee0... ldb: Install ldb_handlers.h header. via fe8302b... ldb: Remove Samba-specific symbols. via 1bc53f0... ldb: Move utility functions to separate file. via 82d56b9... ldb: Fix dependencies when building with system ldb. from 471ed70... s3:smbd map_username() doesn't need sconn anymore http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7f75ee025ff9c02763fb9201d94af4b2739c8e03 Author: Jelmer Vernooij jel...@samba.org Date: Mon May 31 18:29:11 2010 +0200 ldb: Install ldb_handlers.h header. commit fe8302b235197e359a20ba0489eb72b54793963e Author: Jelmer Vernooij jel...@samba.org Date: Mon May 31 18:28:09 2010 +0200 ldb: Remove Samba-specific symbols. commit 1bc53f0213b04e30ebf2ac60695c84c5781e4e72 Author: Jelmer Vernooij jel...@samba.org Date: Mon May 31 18:12:05 2010 +0200 ldb: Move utility functions to separate file. commit 82d56b937445585b9e60451daf660aee5ace0523 Author: Jelmer Vernooij jel...@samba.org Date: Mon May 31 16:05:41 2010 +0200 ldb: Fix dependencies when building with system ldb. I'm getting this again: [1862/1965] abi_check: source4/bin/default/source4/lib/ldb/libldb-samba4.so libldb-samba4.so: symbol ldb_wrap_connect has been added - please mark it _PRIVATE_ or update minor version signature: struct ldb_context *(TALLOC_CTX *, struct tevent_context *, struct loadparm_context *, const char *, struct auth_session_info *, struct cli_credentials *, unsigned int) libldb-samba4.so: symbol ldb_register_samba_handlers has been added - please mark it _PRIVATE_ or update minor version signature: int (struct ldb_context *) libldb-samba4.so: symbol ldb_wrap_fork_hook has been added - please mark it _PRIVATE_ or update minor version signature: void (void) libldb-samba4.so: symbol ldb_samba_syntax_by_lDAPDisplayName has been added - please mark it _PRIVATE_ or update minor version signature: const struct ldb_schema_syntax *(struct ldb_context *, const char *) libldb-samba4.so: symbol ldb_samba_syntax_by_name has been added - please mark it _PRIVATE_ or update minor version signature: const struct ldb_schema_syntax *(struct ldb_context *, const char *) Waf: Leaving directory `/home/metze/master4/source4/bin' Build failed: ABI for libldb-samba4.so has changed - please fix library version then build with --abi-update See http://wiki.samba.org/index.php/Waf#ABI_Checking for more information make: *** [all] Fehler 1 metze --- Summary of changes: source4/auth/wscript_build |2 +- source4/dsdb/wscript_build |2 +- source4/lib/ldb/ABI/ldb-samba4-0.9.11.sigs |5 -- source4/lib/ldb/pyldb_util.c | 81 source4/lib/ldb/tools/cmdline.c| 10 ++-- source4/lib/ldb/tools/ldbedit.c|7 +++ source4/lib/ldb/tools/ldbsearch.c |6 ++ source4/lib/ldb/tools/ldbtest.c|5 ++ source4/lib/ldb/wscript| 25 ++--- source4/scripting/python/wscript_build |2 +- 10 files changed, 124 insertions(+), 21 deletions(-) create mode 100644 source4/lib/ldb/pyldb_util.c Changeset truncated at 500 lines: diff --git a/source4/auth/wscript_build b/source4/auth/wscript_build index 349171e..db8fdf8 100644 --- a/source4/auth/wscript_build +++ b/source4/auth/wscript_build @@ -12,7 +12,7 @@ bld.SAMBA_SUBSYSTEM('auth_session', public_deps='CREDENTIALS', public_headers='session.h', header_path='samba', - deps='SAMDB' + deps='SAMDB auth_sam' ) diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build index 1bf8413..0a1ea1c 100644 --- a/source4/dsdb/wscript_build +++ b/source4/dsdb/wscript_build @@ -51,6 +51,6 @@ bld.SAMBA_MODULE('DNS_UPDATE_SRV', bld.SAMBA_PYTHON('python_dsdb', source='pydsdb.c', - deps='SAMDB pyldb', + deps='SAMDB pyldb_util', realname='samba/dsdb.so' ) diff --git a/source4/lib/ldb/ABI/ldb-samba4-0.9.11.sigs b/source4/lib/ldb/ABI/ldb-samba4-0.9.11.sigs index 4639220..2206e79 100644 --- a/source4/lib/ldb/ABI/ldb-samba4-0.9.11.sigs +++ b/source4/lib/ldb/ABI/ldb-samba4-0.9.11.sigs @@ -166,7 +166,6 @@ ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) ldb_register_backend: int (const char *, ldb_connect_fn) ldb_register_module: int (const struct ldb_module_ops *) -ldb_register_samba_handlers: int (struct ldb_context *) ldb_rename: int (struct ldb_context *, struct ldb_dn *,
Re: [SCM] Samba Shared Repository - branch master updated
Hi Björn, -dnl Check if the C compiler understands -Werror +dnl Check if the C compiler understands -Werror (GNU) AC_CACHE_CHECK([that the C compiler understands -Werror],samba_cv_HAVE_Werror, [ AC_TRY_RUN_STRICT([ int main(void) @@ -286,7 +286,7 @@ AC_CACHE_CHECK([that the C compiler understands -w2],samba_cv_HAVE_w2, [ if test x$samba_cv_HAVE_w2 = xyes; then Werror_FLAGS=-w2 else -dnl Check if the C compiler understands -errwarn +dnl Check if the C compiler understands -errwarn (Sun) AC_CACHE_CHECK([that the C compiler understands -errwarn],samba_cv_HAVE_errwarn, [ AC_TRY_RUN_STRICT([ int main(void) @@ -297,6 +297,18 @@ AC_CACHE_CHECK([that the C compiler understands -errwarn],samba_cv_HAVE_errwarn, if test x$samba_cv_HAVE_errwarn = xyes; then Werror_FLAGS=-errwarn=%all fi +else +dnl Check if the C compiler understands -qhalt (IBM) +AC_CACHE_CHECK([that the C compiler understands -qhalt],samba_cv_HAVE_errwarn, [ + AC_TRY_RUN_STRICT([ + int main(void) + { + return 0; + }],[$CFLAGS -qhalt=w],[$CPPFLAGS],[$LDFLAGS], + samba_cv_HAVE_qhalt=yes,samba_cv_HAVE_qhalt=no,samba_cv_HAVE_qhalt=cross)]) +if test x$samba_cv_HAVE_qhalt = xyes; then + Werror_FLAGS=-qhalt=w +fi I think we also need -qhalt=e here, to match -Werror. I'm wondering if --errwarn is the correct thing for the sun case... metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Am 21.05.2010 21:09, schrieb Jeremy Allison: The branch, master has been updated via efb2922... Make krb5 over SMB2 identical to the way we handle it in SMB1. from f576cc5... Doh! If you're going to give advice in useage, make sure it's correct. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit efb29227fa46e2c9420b3158ef7422aea4f5846e Author: Jeremy Allison j...@samba.org Date: Fri May 21 12:08:18 2010 -0700 Make krb5 over SMB2 identical to the way we handle it in SMB1. Jeremy. I guess we still need the chunked message support, it's less likely to happen with the smb2 buffer sizes and a really large krb5 PAC should not cause problems in production environments later... metze
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jeremy, - Log - commit 6beba782f1bf951236813e0b46115b8102212c03 Author: Jeremy Allison j...@samba.org Date: Mon Apr 26 10:54:33 2010 -0700 Fix crash when rescheduling oplock open. + /* + * This is subtle. We must null out the callback + * before resheduling, else the first call to + * tevent_req_nterror() causes the _receive() + * function to be called, this causing tevent_req_post() + * to crash. + */ + tevent_req_set_callback(smb2req-subreq, NULL, NULL); + im = tevent_create_immediate(smb2req); if (!im) { smbd_server_connection_terminate(smb2req-sconn, I'm not sure this is correct. I haven't looked in detail, but this looks like just hiding the real problem. The real problem is likely that we're abusing the tevent_req guidelines. I think 8f67f873ace91964da066c421986e260aceba75b is maybe ok, for getting stuff working, but I'd like to see the design changed. smb2_deferred_open_timer() should not call smbd_smb2_request_dispatch(). The re-entrant should happen inside the smbd_smb2_create_* code, the place were it decides to go async, instead of two layers above. I think the smbd_smb2_create_* should setup a smb2req-retry_callback(struct tevent_req *) function pointer. smb2_deferred_open_timer() would then just call it should just call it. I'd like to have something similar for smb1 (I know it would be a lot of work), but the layer violation is really confusing. The top level smb1/2 server code should not see any of this retry logic, it should just do a foo_send() call set it's callback on the returned tevent_req and get the final result with foo_recv(). All magic should be in one spot in the lower level. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tridge, commit c375b90f5d1b1cbef2896f9a9d5964126ce82022 Author: Andrew Tridgell tri...@samba.org Date: Mon Apr 26 21:49:37 2010 +1000 s4-getncchanges: honor DRSUAPI_DRS_REF_GCSPN this is an alternative way of establishing repsTo I think we should use that when we act as client... metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jeremy, - Log - commit a94a4b788c3056068d0c8e42c55e990f418db666 Author: Jeremy Allison j...@samba.org Date: Mon Apr 26 20:11:59 2010 -0700 Plumb in get_nt_acl into SMB2. Jeremy. /* the levels directly map to the passthru levels */ file_info_level = in_file_info_class + 1000; @@ -392,7 +408,59 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, break; } + case 0x03:/* SMB2_GETINFO_SEC */ + { + uint8_t *p_marshalled_sd = NULL; + size_t sd_size = 0; I think we should check in_file_info_class for the correct value here and maybe return an error instead of ignoring it. + status = smbd_do_query_security_desc(conn, + state, + fsp, + /* Security info wanted. */ + in_additional_information, + in_output_buffer_length, + p_marshalled_sd, + sd_size); + + if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { + /* Return needed size. */ + state-out_output_buffer = data_blob_talloc(state, + NULL, + 4); + if (tevent_req_nomem(state-out_output_buffer.data, req)) { + return tevent_req_post(req, ev); + } + SIVAL(state-out_output_buffer.data,0,(uint32_t)sd_size); + state-status = NT_STATUS_BUFFER_TOO_SMALL; + break; don't we need to make sure that in_output_buffer_length is at least 4? + } + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,(smbd_smb2_getinfo_send: + smbd_do_query_security_desc of %s failed + (%s)\n, fsp_str_dbg(fsp), + nt_errstr(status))); + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } + + if (sd_size 0) { + state-out_output_buffer = data_blob_talloc(state, + p_marshalled_sd, + sd_size); + if (tevent_req_nomem(state-out_output_buffer.data, req)) { + return tevent_req_post(req, ev); + } + } can't we use talloc_move here and avoid a memdup? metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Volker, - Log - commit dbb7db6c2532bb18674c6acea27688f22c41efb8 Author: Volker Lendecke v...@samba.org Date: Sat Apr 24 11:11:45 2010 +0200 s3: sendto_domain() is lo longer used That's great and simplifies winbind a lot, thanks for the good work! metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer schrieb: Sorry Jelmer, this wasn't clear (to prevent the use of TALLOC_FREE). But a real issue is the fact that we have already approximately 150-200 occourences of it under source4 (checked with cscope). And we merge more and more with the s3 codebase so we get more and more occourences. Therefore I would simply propose to allow it for s4 as well. I think it's fine to use it also in source4. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
tri...@samba.org schrieb: Author: Andrew Tridgell tri...@samba.org Date: Wed Apr 14 23:38:05 2010 +1000 Merge branch 'master' of ssh://git.samba.org/data/git/samba sorry, I forgot a --rebase on a git pull git config --help tells you how to make that the default for a branch...:-) metze signature.asc Description: OpenPGP digital signature
SMB2 oplocks
Hi Jeremy, - Log - commit 3413cf7a6bd992fa722cc9674176beb15446502b Author: Jeremy Allison j...@samba.org Date: Wed Apr 7 19:00:44 2010 -0700 Start to plumb smb2 into the oplock system. Calls dummy functions for now. Do you noticed that smbd_smb2_send_oplock_break() already exists and you just have to call it from send_smb2_break_message()? metze signature.asc Description: OpenPGP digital signature
Make smbd_lock_socket/smbd_unlock_socket recursive with a ref_count.
Hi Jeremy, - Log - commit 6800fdbb81130b79c2e077e9a7fcbe2d5e0813cb Author: Jeremy Allison j...@samba.org Date: Wed Mar 31 17:40:30 2010 -0700 Make smbd_lock_socket/smbd_unlock_socket recursive with a ref_count. As these always call exit_server, make that part of the function. Use _internal functions for the echo client. Metze please check ! The changes look ok... Summary of changes: source3/smbd/globals.h | 10 - source3/smbd/process.c | 78 +-- source3/smbd/reply.c | 17 ++--- source3/smbd/smb2_read.c |8 source3/smbd/smb2_server.c |2 +- source3/smbd/smb2_write.c |9 + 6 files changed, 68 insertions(+), 56 deletions(-) But please make use of 'git add -i', 'git diff --cached', 'git commit' to select only the related changes into the commit and then use 'git show' to see what's in the commit. metze signature.asc Description: OpenPGP digital signature
getting rid of utf8string2
Hi Simo, diff --git a/librpc/idl/idl_types.h b/librpc/idl/idl_types.h index e8b3da5..d763a8b 100644 --- a/librpc/idl/idl_types.h +++ b/librpc/idl/idl_types.h @@ -48,9 +48,10 @@ #define utf8string [flag(STR_UTF8|STR_NULLTERM)] string /* - an utf8 string prefixed with [size], 32 bits + an utf8 string prefixed with [length], 32 bits This should be [size] when you use STR_SIZE4... + not null terminated */ -#define utf8string2 [flag(STR_UTF8|STR_SIZE4)] string +#define utf8string2 [flag(STR_SIZE4|STR_UTF8|STR_NOTERM)] string I'd like to get rid of this as you can express the same with valid NDR. Something like: [value(strlen(dns_name))] uint32 dns_name_size; [charset(UTF8)] uint8 dns_name[dns_name_size]; should do the same. Can you send me a file I can pass to ndrdump to test it? metze PS: It would be nice if you wouldn't introduce leading whitespaces in the idl file...:-) signature.asc Description: OpenPGP digital signature
tdb recovery fixes
Hi Rusty, does it make sense to create a new tdb version, or do you have some more changes pending? metze The branch, master has been updated via ec96ea6... tdb: handle processes dying during transaction commit. via 1bf482b... patch tdb-refactor-tdb_lock-and-tdb_lock_nonblock.patch via ececeff... tdb: add -k option to tdbtorture via 8c3fda4... tdb: don't truncate tdb on recovery via 9f295ee... tdb: remove lock ops via a84222b... tdb: rename tdb_release_extra_locks() to tdb_release_transaction_locks() via dd1b508... tdb: cleanup: remove ltype argument from _tdb_transaction_cancel. via fca1621... tdb: tdb_allrecord_lock/tdb_allrecord_unlock/tdb_allrecord_upgrade via caaf5c6... tdb: suppress record write locks when allrecord lock is taken. via 9341f23... tdb: cleanup: always grab allrecord lock to infinity. via 1ab8776... tdb: remove num_locks via d48c3e4... tdb: use tdb_nest_lock() for seqnum lock. via 4738d47... tdb: use tdb_nest_lock() for active lock. via 9136818... tdb: use tdb_nest_lock() for open lock. via e8fa70a... tdb: use tdb_nest_lock() for transaction lock. via ce41411... tdb: cleanup: find_nestlock() helper. via db27073... tdb: cleanup: tdb_release_extra_locks() helper via fba42f1... tdb: cleanup: tdb_have_extra_locks() helper via b754f61... tdb: don't suppress the transaction lock because of the allrecord lock. via 5d9de60... tdb: cleanup: tdb_nest_lock/tdb_nest_unlock via e9114a7... tdb: cleanup: rename global_lock to allrecord_lock. via 7ab422d... tdb: cleanup: rename GLOBAL_LOCK to OPEN_LOCK. via a6e0ef8... tdb: make _tdb_transaction_cancel static. via 452b4a5... tdb: cleanup: split brlock and brunlock methods. from fffdce6... s4/schema: Move msDS-IntId implementation to samldb.c module signature.asc Description: OpenPGP digital signature
tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD
Hi Jeremy, - Log - commit 936828de71023d90aaec6c1dba84052246bbad11 Author: Jeremy Allison j...@samba.org Date: Wed Feb 17 09:24:34 2010 -0800 Fix commit d07cd37b993d3c9beded20323174633b806196b5 Which was: tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD Metze, this has to have been wrong - you are throwing away the talloc_realloc pointer returned. Also no error checking. Please review. Thank goodness for gcc warnings :-). talloc_realloc would only shrink the size and can't fail, but it's good to remove the warnings (you were faster with your commit because I had no internet link...) metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Tim Prouty schrieb: On Dec 4, 2009, at 2:47 AM, Stefan (metze) Metzmacher wrote: Hi Tim, diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index e2ae2cf..37c9f6a 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -10,9 +10,7 @@ base.delete.*.deltest20a base.delete.*.deltest20b raw.rename.*.osxrename raw.rename.*.directory rename +raw.sfileinfo.*.END_OF_FILE rpc.winreg.*security samba4.local.registry.(dir|ldb).check hive security samba4.local.registry.local.security Unfortunately, I'm still seeing failures in source4 'make test'. Am I missing something simple? yes, it's END-OF-FILE not END_OF_FILE:-) Thanks for the followup. This should be fixed now as of: 5c857768d1415c4e70a9b7a96b8a9de1ec8efdee Yes, thanks! metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tim, diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index e2ae2cf..37c9f6a 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -10,9 +10,7 @@ base.delete.*.deltest20a base.delete.*.deltest20b raw.rename.*.osxrename raw.rename.*.directory rename +raw.sfileinfo.*.END_OF_FILE rpc.winreg.*security samba4.local.registry.(dir|ldb).check hive security samba4.local.registry.local.security Unfortunately, I'm still seeing failures in source4 'make test'. Am I missing something simple? yes, it's END-OF-FILE not END_OF_FILE:-) metze
s4-drs: cope with bogus empty attributes from w2k8-r2 (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Tridge, The branch, master has been updated via 1287c1d... s4-drs: cope with bogus empty attributes from w2k8-r2 from db41a0a... s4: fix SD update and password change in upgrade script http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1287c1d115fb7e8f3954bc05ff65007968403a9c Author: Andrew Tridgell tri...@samba.org Date: Sat Nov 28 13:27:06 2009 +1100 s4-drs: cope with bogus empty attributes from w2k8-r2 w2k8-r2 sometimes sends empty attributes with completely bogus attrid values in a DRS replication response. This allows us to continue with the vampire operation despite these broken elements. --- Summary of changes: source4/dsdb/repl/replicated_objects.c | 17 + 1 files changed, 17 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c index 020d5f1..a8a93e4 100644 --- a/source4/dsdb/repl/replicated_objects.c +++ b/source4/dsdb/repl/replicated_objects.c @@ -129,6 +129,15 @@ static WERROR dsdb_convert_object_ex(struct ldb_context *ldb, } status = dsdb_attribute_drsuapi_to_ldb(ldb, schema, a, msg-elements, e); + if (!NT_STATUS_IS_OK(status) a-value_ctr.num_values == 0) { + /* w2k8-r2 occasionally sends bogus empty +attributes with rubbish attribute IDs. The +only think we can do is discard these */ + DEBUG(0,(__location__ : Discarding bogus empty DsReplicaAttribute with attid 0x%x\n, + a-attid)); + ZERO_STRUCTP(e); + continue; + } W_ERROR_NOT_OK_RETURN(status); m-attid= a-attid; @@ -149,6 +158,14 @@ static WERROR dsdb_convert_object_ex(struct ldb_context *ldb, } } + /* delete any empty elements */ + for (i=0; i msg-num_elements; i++) { + if (msg-elements[i].name == NULL) { + ldb_msg_remove_element(msg, msg-elements[i]); + i--; + } + } + We need to be careful about this, an empty element means we should remove existing values. If remove the empty ones here, we need to let the repl_meta_data module remove them based on the received meta_data array. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tim, The branch, master has been updated via 17caf63... s3 selftest: Add RAW-SFILEINFO-END-OF-FILE to selftest via af610a6... s3 setfileinfo: Open with FILE_WRITE_DATA when setting the file size via b6f9722... s4 torture: Change RAW-OPLOCK to use the documented version of SET_END_OF_FILE_INFO via 98f5950... s4 torture: Allow onefs to be checked like samba3 and samba4 via 6074a05... s4 torture: Add two new setfileinfo tests via ce9ac3a... s4 torture: Split up the torture suite setup for RAW-SFILEINFO from 56eca75... The start of a WHATSNEW for Samba4 alpha9 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master commit ce9ac3a685e2a23b30952bf20dbe3f9bf24dfaaa Author: Tim Prouty tpro...@samba.org Date: Tue Nov 24 16:25:02 2009 -0800 s4 torture: Split up the torture suite setup for RAW-SFILEINFO A side effect of this change is that RAW-SFILEINFO now runs the whole suite instead of just the first test. I changed the name of the first test to RAW-SFILEINFO-BASE and changed all of the selftest scripts that call it. I would like to solicit some help from a selftest/samba 4 expert on how to get selftest working with this recent commit. RAW-SFILEINFO was explcitly defined in raw.c along with subtests such as RAW-SFILEINFO-BUG. I modified RAW-SFILEINFO to reference the suite of tests which now includes subtests such as RAW-SFILEINFO-BUG. Since it is no longer possible to have a specific test called RAW-SFILEINFO, I modified it to be called RAW-SFILEINFO-BASE. I changed all of the samba3 make test references from RAW-SFILEINFO to RAW-SFILEINFO-BASE, but I'm having trouble doing the same in samba4. I tried changing source4/selftest/quick to include a line raw.sfileinfo.base rather than raw.sfileinfo, but it doesn't seem to parse correctly and just skips the test. I could just remove it from quicktest, but that seems like a last resort. Additionally, the full 'make test' far samba4 needs a similar adjustment. I've been looking at this now for a few hours and need some guidance from someone who knows how this all fits together a little better than me :). The reason is that we use smbtorture --list in source4/selftest/tests.sh and --list only outputs the first 2 levels of torture suites nesting. So we just pass RAW-SFILEINFO to smbtorture, which means it runs all subtests. me...@sam[sernet]:~/master4/source4 bin/smbtorture --list |grep SFIL RAW-SFILEINFO me...@sam[sernet]:~/master4/source4 bin/smbtorture //127.0.0.45/bla RAW-SFILEINFO Using seed 1259237626 test: BASE Failed to open connection - NT_STATUS_CONNECTION_REFUSED error: BASE [ Unknown error/failure ] test: RENAME Failed to open connection - NT_STATUS_CONNECTION_REFUSED error: RENAME [ Unknown error/failure ] test: BUG Failed to open connection - NT_STATUS_CONNECTION_REFUSED error: BUG [ Unknown error/failure ] test: END-OF-FILE Failed to open connection - NT_STATUS_CONNECTION_REFUSED error: END-OF-FILE [ Unknown error/failure ] test: END-OF-FILE-ACCESS Failed to open connection - NT_STATUS_CONNECTION_REFUSED error: END-OF-FILE-ACCESS [ Unknown error/failure ] me...@sam[sernet]:~/master4/source4 bin/smbtorture //127.0.0.45/bla RAW-SFILEINFO-BUG Using seed 1259237640 test: BUG Failed to open connection - NT_STATUS_CONNECTION_REFUSED error: BUG [ Unknown error/failure ] As we're getting this in make test now: UNEXPECTED(failure): samba4.raw.sfileinfo (dc).END-OF-FILE command: ./bin/smbtorture --configfile=$SMB_CONF_PATH --maximum-runtime=1200 --target=samba4 --basedir=/home/metze/tmp/st-master4/s4client --option=torture:progress=no --format=subunit //$SERVER/tmp -U$USERNAME%$PASSWORD --option=torture:sharedelay=1 --option=torture:oplocktimeout=3 --option=torture:writetimeupdatedelay=5 RAW-SFILEINFO ERROR: Testsuite[samba4.raw.sfileinfo (dc)] REASON: Exit code was 1 we should add something like raw.sfileinfo.*.END-OF-FILE to source4/selftest/knownfail metze signature.asc Description: OpenPGP digital signature
LIBREPLACE_LIBS in s3 (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Björn. - Log - commit a80a0b7728de21e992f8f0b3e31b600441a6535d Author: Björn Jacke b...@sernet.de Date: Sat Oct 31 10:37:44 2009 +0100 s3:Makefile: add LIBREPLACE_LIBS for talloc, tdb and wbclient I think talloc and tdb should not get LIBREPLACE_NETWORK_LIBS linked in... they don't include system/network.h from libreplace. And the standalone builds also doesn't use LIBREPLACE_NETWORK at all. I think it's a bit confusing to have LIBREPLACE_LIBS as the same as LIBREPLACE_NETWORK_LIBS. signature.asc Description: OpenPGP digital signature
Linking Shared Libraries and Modules (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Björn, - Log - commit 4243e6e3a904d2f3deb72a6ba456c49233d9af51 Author: Björn Jacke b...@sernet.de Date: Tue Oct 20 08:01:52 2009 +0200 s3:configure: add support for Solaris' ld -z ignore try linker flags for ignoring unused libs in this order: -Wl,--as-needed (gcc like + binutils) -Wl,-z,ignore (gcc like + Solaris linker) -z ignore (old Sun C) -# Linker command to link a RPC, VFS, AUTH, CHARSET or PASSDB module. +# Linker command to link our shared libraries: SHLD_MODULE = $(SHLD) $(LDSHFLAGS) $(MODULE_EXPORTS) \ -o $@ @sonamef...@`basename $...@` +# Linker command to link samba internal plugin modules: +SHLD_PLUGIN = $(SHLD) $(LDPLUGINFLAGS) $(MODULE_EXPORTS) \ + -o $@ @sonamef...@`basename $...@` Instead of using SHLD_PLUGIN for modules, we should keep SHLD_MODULE, but use a new SHLD_LIBRARY for shared libraries. It would also be nice to use AC_LIBREPLACE_SHLD AC_LIBREPLACE_SHLD_FLAGS and AC_LIBREPLACE_MDLD AC_LIBREPLACE_MDLD_FLAGS from libreplace. There we could also add the sun specifc flags genericly for source3 and source4. metze signature.asc Description: OpenPGP digital signature
root_fid changes...
Hi Tridge, diff --git a/source4/smb_server/smb/nttrans.c b/source4/smb_server/smb/nttrans.c index 23eb04b..316305a 100644 --- a/source4/smb_server/smb/nttrans.c +++ b/source4/smb_server/smb/nttrans.c @@ -119,7 +119,8 @@ static NTSTATUS nttrans_create(struct smbsrv_request *req, params = trans-in.params.data; io-ntcreatex.in.flags= IVAL(params, 0); - io-ntcreatex.in.root_fid.ntvfs = smbsrv_pull_fnum(req, req-in.vwv, 4); + io-ntcreatex.in.root_fid.fnum= IVAL(params, 4); + io-ntcreatex.in.root_fid.ntvfs = smbsrv_pull_fnum(req, params, 4); root_fid is a union, you can't set two union arms at the same time. It's really confusing to read this code... metze
changes to wbclient.h (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Matthias, diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 4dc6d23..ced82d8 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -427,10 +427,15 @@ struct wbcUserPasswordPolicyInfo { **/ enum wbcPasswordChangeRejectReason { - WBC_PWD_CHANGE_REJECT_OTHER=0, - WBC_PWD_CHANGE_REJECT_TOO_SHORT=1, - WBC_PWD_CHANGE_REJECT_IN_HISTORY=2, - WBC_PWD_CHANGE_REJECT_COMPLEXITY=5 + WBC_PWD_CHANGE_NO_ERROR=0, + WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1, + WBC_PWD_CHANGE_PWD_IN_HISTORY=2, + WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3, + WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4, + WBC_PWD_CHANGE_NOT_COMPLEX=5, + WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6, + WBC_PWD_CHANGE_FAILED_BY_FILTER=7, + WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8 }; wbclient.h is a public interface, where we can't change existing code! At least we need to add the old enum values as defines to the new ones. metze
Re: AW: changes to wbclient.h (Re: [SCM] Samba Shared Repository - branch master updated)
Hi Matthias, yeah I know that my change is problematic. But I got a request from Günther to adapt the values as they're specified in samr.idl to allow further error case additions in winbind. In particular consider the value 0: previous it was an other error but a lookup in the MS-SAMR documentation pointed out that it should mean no error at all. So I'd strongly prefer to keep the patch in this form to have it right - from now on . I know it is cumbersome to break the API and external code has to be adapted - but personally I don't see a better solution. I think we just need this, then it's fine: #define WBC_PWD_CHANGE_REJECT_OTHER \ WBC_PWD_CHANGE_NO_ERROR #define WBC_PWD_CHANGE_REJECT_TOO_SHORT \ WBC_PWD_CHANGE_PASSWORD_TOO_SHORT #define WBC_PWD_CHANGE_REJECT_IN_HISTORY \ WBC_PWD_CHANGE_PWD_IN_HISTORY #define WBC_PWD_CHANGE_REJECT_COMPLEXITY \ WBC_PWD_CHANGE_NOT_COMPLEX metze
Re: [SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-156-g7669bc3
Hi Matthias, - Log - commit 7669bc3c89898c585a65547b246981ddcd0f49dc Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Thu Sep 10 07:17:40 2009 +0200 util_strlist: Add some more consts Why this changes? I think they're wrong, functions which allocate memory should not return const pointers, otherwise we'll get warnings when calling talloc_free() on them. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-136-ga08d173
Hi Tridge, - Log - commit a08d17342d0affa3769875ad87dadbb1f4161a06 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 14:27:47 2009 +1000 s4/drs: changed the UpdateRefs server to use the dn instead of the GUID Our vampire code sends a zero GUID in the updaterefs calls. Windows seems to ignore the GUID and use the DN in the naming context instead, so I have changed our UpdateRefs server implementation to do the same. With this change we can now vampire from s4-s4 successfully! Now to see if all the attributes came across correctly. I think we need to use the GUID if it's valid and fallback to SID and finality to the dn, if the sid is also zero. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1414-g43c766a
Hi Jeremy, - Log - commit 43c766a14a5eeed80e57bae9fde21eb2b542c209 Author: Jeremy Allison j...@samba.org Date: Sun Sep 6 21:38:50 2009 -0700 Fix bug 6673 - smbpasswd does not work with unix password sync = yes. Revert change from 3.3 - 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. I think we should have 2 functions then. We need to use sys_recv() on sockets, otherwise our socket_wrapper pcap support doesn't work. metze signature.asc Description: OpenPGP digital signature