lsa_enum_trust_dom functionality
Here's the patch that adds server side of lsa_enum_trust_dom call to
samba. Memory leak causing segfault to smbd in some cases is already
fixed. Major changes include:
1. tdb_search_keys() is the new utility function searching the keys that
match given pattern. (tdbutil.c and tdbutil.h)
2. tdb_search_list_free() is a clean-up function for results returned by
tdb_search_keys (tdbutil.c and tdbutil.h)
3. secrets_get_trusted_domains() is function that returns given range of
trusted domain entries. The result is required list of trusted domains
(unicode name and sid)
4. stored trusted domain entry (struct trusted_dom_pass) now contains
unicode name together with trust password, last change time and domain
sid.
5. init_r_enum_trust_dom() function is modified (as well as
_lsa_enum_trust_dom() ) to return variable-length response
There's yet one more thing to change, but it's important only when samba
returns large number of entries, so this part of code may be commited now.
cheers,
++
|Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] |
|*BSD, GNU/Linux and Samba /
|__/
Index: auth/auth_domain.c
===
RCS file: /cvsroot/samba/source/auth/auth_domain.c,v
retrieving revision 1.33
diff -u -r1.33 auth_domain.c
--- auth/auth_domain.c 27 Mar 2002 00:02:48 - 1.33
+++ auth/auth_domain.c 11 Apr 2002 10:30:59 -
@@ -527,7 +527,7 @@
}
/*
-* Get the machine account password for the trusted domain
+* Get the trusted account password for the trusted domain
* No need to become_root() as secrets_init() is done at startup.
*/
Index: include/includes.h
===
RCS file: /cvsroot/samba/source/include/includes.h,v
retrieving revision 1.261
diff -u -r1.261 includes.h
--- include/includes.h 27 Mar 2002 23:17:50 - 1.261
+++ include/includes.h 11 Apr 2002 10:30:59 -
@@ -696,6 +696,7 @@
#include dlinklist.h
#include ../tdb/tdb.h
#include ../tdb/spinlock.h
+#include ../tdb/tdbutil.h
#include talloc.h
#include ads.h
#include interfaces.h
Index: include/rpc_lsa.h
===
RCS file: /cvsroot/samba/source/include/rpc_lsa.h,v
retrieving revision 1.39
diff -u -r1.39 rpc_lsa.h
--- include/rpc_lsa.h 30 Jan 2002 06:08:15 - 1.39
+++ include/rpc_lsa.h 11 Apr 2002 10:30:59 -
@@ -278,8 +278,8 @@
typedef struct lsa_enum_trust_dom_info
{
POLICY_HND pol; /* policy handle */
-uint32 enum_context; /* enumeration context handle */
-uint32 preferred_len; /* preferred maximum length */
+ uint32 enum_context; /* enumeration context handle */
+ uint32 preferred_len; /* preferred maximum length */
} LSA_Q_ENUM_TRUST_DOM;
Index: include/secrets.h
===
RCS file: /cvsroot/samba/source/include/secrets.h,v
retrieving revision 1.9
diff -u -r1.9 secrets.h
--- include/secrets.h 10 Apr 2002 00:34:59 - 1.9
+++ include/secrets.h 11 Apr 2002 10:30:59 -
@@ -48,12 +48,27 @@
time_t mod_time;
};
-/* structure for storing trusted domain password */
+/*
+ * storage structure for trusted domain
+ */
struct trusted_dom_pass {
- int pass_len;
- fstring pass;
+ size_t uni_name_len;
+ smb_ucs2_t uni_name[32]; /* unicode domain name */
+ size_t pass_len;
+ fstring pass; /* trust relationship's password */
time_t mod_time;
- DOM_SID domain_sid; /* remote domain's sid */
+ DOM_SID domain_sid; /* remote domain's sid */
};
+
+/*
+ * trusted domain entry/entries returned by secrets_get_trusted_domains
+ * (used in _lsa_enum_trust_dom call)
+ */
+typedef struct trustdom {
+ UNISTR2 name;
+ DOM_SID sid;
+ struct trustdom *next;
+} TRUSTDOM;
+
#endif /* _SECRETS_H */
Index: lib/util_unistr.c
===
RCS file: /cvsroot/samba/source/lib/util_unistr.c,v
retrieving revision 1.92
diff -u -r1.92 util_unistr.c
--- lib/util_unistr.c 26 Mar 2002 03:15:29 - 1.92
+++ lib/util_unistr.c 11 Apr 2002 10:30:59 -
@@ -775,3 +775,42 @@
return num_wchars;
}
+
+/**
+ * Samba ucs2 type to UNISTR2 conversion
+ *
+ * @param dst UNISTR2 destination. If equals null, then it's allocated.
+ * @param src smb_ucs2_t source.
+ * @param max_len maximum number of unicode characters to copy. If equals
+ *null, then null-termination of src is taken
+ *
+ * @return copied UNISTR2 destination
+ **/
+UNISTR2* ucs2_to_unistr2(UNISTR2* dst,
Problem with current 2.2.4-pre
Hi! Every time a user logs out from the Samba-PDC and the user profile is written to the profile share on the Samba-PDC this error occures on some (5-10) files of the profile in the log. [2002/04/11 09:39:06, 0] smbd/open.c:open_file(179) Error doing fstat on open file schnieders/Recent/Glsynt40.lnk (No such file or directory) Seems as the path would be only relative to the profile share, instead of complete. BTW, I got sometimes [2002/04/11 11:07:08, 0] smbd/service.c:set_current_service(59) chdir (/home/schnieders) failed but the directory should be so far OK, what could it be? Regards Daniel Beschorner
RE: winbindd problem
Yes, it fails at the startup. I've been trying various ideas, stopping and restarting winbindd, and occasionally it works, only to break on the next try. The last time it worked, I had started it without a debug setting. 8-b Paul Orwig Pacific Life 949-219-7082 -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 6:50 AM To: 'Orwig, Paul'; 'Richard Sharpe' Cc: '[EMAIL PROTECTED]' Subject: RE: winbindd problem Hi Paul, Just want to make sure I understand: when this fails, it fails right from startup? And WHAT do you do to get it to finally work again? Don -Original Message- From: Orwig, Paul [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 6:36 PM To: 'Richard Sharpe'; Orwig, Paul Cc: '[EMAIL PROTECTED]' Subject: RE: winbindd problem 1) We have joined the domain. Samba is running fine without winbind. 2) We have only this one copy of winbindd 3) We are using PAM_SMB without a problem. 4) ROOT# wbinfo -t Secret is good More ideas? Paul -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 4:28 PM To: Orwig, Paul Cc: '[EMAIL PROTECTED]' Subject: Re: winbindd problem On Tue, 9 Apr 2002, Orwig, Paul wrote: Question: How does winbindd determine whether to do annonymous or authenticated queries? How does winbindd determine what user to authenticate with? Can winbindd be forced to use a specific user/password to query the PDC? It uses the trust account info from the secrets database. You have to join the domain. Problem: winbindd seems to work intermittantly. wbinfo -u returns Error looking up domain users I have seen a number of reasons for this: 1. You have not joined the domain 2. There are old copies of winbindd or smbd/nmbd from a different domain 3. There is no connectivity to the DC Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
RE: winbindd problem
I originally had the password server = * It is now net to dc1name,dc2name,dc3name,dc4name I did a test monday where I set it to each DC, one-at-a-time and none of them worked. I can try one domain controller at-a-time for multiple tries and see what happens. How long after starting winbindd should I wait before trying the wbinfo -u command? I have been running a tail -f log.winbindd and waiting for it to pause. Just so I understand... The fact that wbinfo -t replies with secret is good says that it is able to talk to the domain controller and should be able to request users/group listing. Right? Paul Orwig Pacific Life -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 11, 2002 8:32 AM To: 'Orwig, Paul'; MCCALL,DON (HP-USA,ex1) Cc: '[EMAIL PROTECTED]' Subject: RE: winbindd problem Well, that's just wierd. I haven't run into anything like this before. in your smb.conf file, have you set password server = * or can you set password server = pdcname and then try it multiple times (with the same pdcname) and finally get it to work? Don -Original Message- From: Orwig, Paul [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 11, 2002 9:40 AM To: 'MCCALL,DON (HP-USA,ex1)'; Orwig, Paul Cc: '[EMAIL PROTECTED]' Subject: RE: winbindd problem Yes, it fails at the startup. I've been trying various ideas, stopping and restarting winbindd, and occasionally it works, only to break on the next try. The last time it worked, I had started it without a debug setting. 8-b Paul Orwig Pacific Life 949-219-7082 -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 6:50 AM To: 'Orwig, Paul'; 'Richard Sharpe' Cc: '[EMAIL PROTECTED]' Subject: RE: winbindd problem Hi Paul, Just want to make sure I understand: when this fails, it fails right from startup? And WHAT do you do to get it to finally work again? Don -Original Message- From: Orwig, Paul [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 6:36 PM To: 'Richard Sharpe'; Orwig, Paul Cc: '[EMAIL PROTECTED]' Subject: RE: winbindd problem 1) We have joined the domain. Samba is running fine without winbind. 2) We have only this one copy of winbindd 3) We are using PAM_SMB without a problem. 4) ROOT# wbinfo -t Secret is good More ideas? Paul -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 4:28 PM To: Orwig, Paul Cc: '[EMAIL PROTECTED]' Subject: Re: winbindd problem On Tue, 9 Apr 2002, Orwig, Paul wrote: Question: How does winbindd determine whether to do annonymous or authenticated queries? How does winbindd determine what user to authenticate with? Can winbindd be forced to use a specific user/password to query the PDC? It uses the trust account info from the secrets database. You have to join the domain. Problem: winbindd seems to work intermittantly. wbinfo -u returns Error looking up domain users I have seen a number of reasons for this: 1. You have not joined the domain 2. There are old copies of winbindd or smbd/nmbd from a different domain 3. There is no connectivity to the DC Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: RPC major/minor codes ??
On Thu, 11 Apr 2002, D. Jemms wrote: HI, I am using Samba for my startup company.Want to know few important things about the code. If you mean what I think you mean, the implications are staggering. How is RPC mechanism in samba is handled.any guidelines will be really helpful to me.What does it do in RPC ?what it does with getting major ,minor numbers ? If Samba is so important to your business plan, you need to spend lots of time with the code or find someone who has! The base protocol does not need RPC, but to do most things with domain controllers requires it! Major and minor numbers are not important unless you are building a device driver. Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
RE: Win2k joining
Hi Greg, To join a domain from a 2K machine, you need to specify the username and password of a system account that has both: - an entry in smbpasswd with matching password - write access to the smbpasswd file For most systems, the only account that fits this criteria is root. Also make sure you have a $MACHINE system account and entry in smbpasswd, per the documentation. The last I knew, the domain admins=* code was broken when it comes to controlling who can actually join the domain. Regards, Jason -Original Message- From: Greg Benjamin - HSDX [EMAIL PROTECTED] Sent: April 11, 2002, 11:11 AM Subject: Win2k joining Hello all, I'm sure this has probably been talked about in here before but I just joined the group so bare with me. I've read some things on getting my Win2k Pro computer joined to a Samba PDC but I'm still having problems. I've got my Win9x and NT4 to work just fine. It keeps saying that the username or password is invalid. I've tried root, which I knew wouldn't work, my own login which I've added to the domain admin group, the workstation account name (in this case ws003$ and ws003) that I added for that workstation and a few other names but all have failed. Maybe I'm missing something here. First of all, which account name should be used when joining the Samba PDC? With NT4 you don't have to specify a name but with Win2k your force to enter something. I would assume a domain admin account should be used hereunless my account is failing at that as well. Nothing I've read so far indicates this information. Second off, are there any smb.conf options that should/should not be set for this to work properly?? If you hadn't guessed yet I _am_ slightly new to the Samba thing but not a virgin. I'm heavy into M$ but rapidly converting to Linux. Any help would be greatly appreciated. Thanks
