Re: [Samba] VFS Recycle
On Fri, 2004-10-29 at 10:29, Tim Hodgkinson wrote: Am using Fedora Core RPM Samba 3.0.7 and am trying to get VFS recycle to work. Here is the relevant smb.conf: [global] workgroup = SSVMTN netbios name = MONARCH security = DOMAIN password server = GOATSEYE encrypt passwords = yes server string = Monarch Server wins server = 172.16.1.100 dns proxy = No name resolve order = wins lmhosts host bcast preferred master = no domain master = no local master = no log file = /var/log/samba/%m log level = 1 syslog = 0 max log size = 0 hosts allow = 172. 127. invalid users = root, bin, daemon, adm, sync, shutdown socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 writable = yes map to guest = bad user obey pam restrictions = yes hide dot files = yes browsable = no printcap name = /etc/printcap winbind separator = + winbind cache time = 30 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind enable local accounts = yes template homedir = /home/users/%U idmap uid = 1-2 idmap gid = 1-2 [test] comment = Test Drive path = /home/depts/test valid users = @SSVMTN+test admin users = @SSVMTN+Domain Admins vfs objects = recycle recycle:repository = /home/depts recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~?? recycle:excludedir = /tmp /temp /cache create mask = 0770 directory mask = 0770 force create mode = 0770 force directory mode = 0770 security mask = 0770 force group = SSVMTN+test Have read the How to and various posts but have not got it going. My understanding is that the .recycle directory is created once the first file is deleted but I am not seen that directory anywhere. Can someone point me in the right direction. --Tim See the link below: http://www.mail-archive.com/[EMAIL PROTECTED]/msg42514.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VFS Recycle
[test] path = /home/depts/test vfs objects = recycle recycle:repository = /home/depts recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~?? recycle:excludedir = /tmp /temp /cache understanding is that the .recycle directory is created once the first file is deleted but I am not seen that directory anywhere. Can someone point me in the right direction. If you want a .recycle dir you have to name it .recycle not depts. recycle:repository = /home/depts/.recycle I don't know if recycle can handle absolute paths, i only used something like recycle:repository = .Papierkorb/%U -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help
Dear samba team: This is the first time I use samba. I want to install it on Solaris but I dont know which release of samba is fit for our workstation. So I hope I can get more and fast information from you. The details of our workstation is following: Workstation Type: SUNW, Ultra-5_10; sparc; sun4u OS: SunOS release 5.8 Generic_108528-01 I have installed Samba-2.2.8a for sol8 but I could not share files of Solaris with windows. I have some questions decribed below: 1. After install samba, I find a file, /etc/init.d/samba.server. I wanna use this file to restart the samba services (nmbd smbd). But the samba daemons dont start up. Why? 2.I ever used swat to comfig smb.conf file. After that I clicked restart button of nmbd and smbd and the page refreshed the informations which showed that smbd was running and nmbd was not running. However, I typed command ps ?aux | grep (s/n)mbd and didnt get the PID of smbd but I could get the ID of nmbd. Why? Because I dont know whether this version is fit for my workstation, I am not sure why the problems came out. Could you please answer me ASAP. Thanks you very much! Winfree 2004-10-22 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Administrator
Hi to the list. Our network = mix of Win98 and XP Pro logging onto Samba3.04 hosted on SuSE9.1 Auth is via passwd and smbpasswd. No Microsoft AD at all - Samba does all the auth, therefore winbind is not required? I would like to logon to some of the XP Pro boxes as a normal network user, but at the same time be 'Administrator' on the machine. Adding myself to the Administrator's group on the pc has no effect when logging on via the network. I've looked and looked and browsed the Samba archives, but so far I've found nothing to help me. Can anyone please point me to a solution? TIA Darryl -- Edgemead High School, Cape Town Tel +27215581132 Fax +27215584407 Cell +27823752081 - Powered by SuSE 9.1 and the OpenWebmail project -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Thanks :)
** Message from InterScan E-Mail VirusWall NT ** ** WARNING! Attached file Price.exe contains: WORM_BAGLE.AT virus Attempted to clean the file but it is not cleanable. It has been deleted. * End of message *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] how to prevent users from modifying access rights
Hi, how can I prevent users from modifying access rights on files and directories on a share (on an ext3 partition with ACLs)? Users must be able to read from arbitrary directories on the share belonging to groups they are not members of, and they must have write access to files belonging to other users in the same group, sometimes to files/directories that are owned by users of other groups. But they must not be able to modify the access rights of files owned by users in the same group; eventually it will be useful to deny modifying access rights to all users. How can that be achieved? GH -- for i in *.txt; do mail -s $i hwilmer $i; done su: $i: ambiguous redirect -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba4 reaches the Susan stage
Samba4 reached an important milestone tonight, as I installed it for my wife to use as her file server for all of her important documents, email, the book she is working on etc. Those of you who have been around Samba development for a while will know that my wife tends to be the first test user of major new versions of Samba, and she volunteered again this time. Susan played a large part in the original motivation to develop Samba more than 12 years ago, so she knows how useful it is to have a local test user. Reaching this stage does not mean that you should now go and install Samba4 on your production servers. Only a very keen (foolish?) person would do that. The code is quite incomplete, and is missing major features such as no netbios name server, no winbind, no admin tools, and very little documentation. So unless you are a keen C programmer then stay well clear for the moment. What this milestone means is that the code is now fairly robust, and that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc) all work well and that I am quite confident of not losing data. Of course, I also have a very strict automated backup regime setup for my wife, so if I'm wrong about the robustness we can recover without me having to cook dinner for a week as penance. The code isn't available as a alpha quality release yet, as there are just too many missing features, although I do plan on doing a snapshot release shortly (maybe within a week?). So far the only problem on my wifes machine is that Eudora startup is a bit slow. That is caused by Norton Anti-Virus on her WinXP box scanning all the dlls and the exe, along with the fact that Samba4 does not yet have oplocks, so the client cannot cache the files for fast re-scanning. With norton disabled startup is fast. If you want to get involved in Samba4 development then see http://devel.samba.org/, checkout the code, and start reading. Having at look at the (incomplete) prog_guide.txt is a good idea. If you just want to see some slides on the design of Samba4, then there are some links to various talks I've given on my homepage at http://samba.org/~tridge/ I'd like to thank everyone who has worked so hard over the last couple of years to get us this far. It's been a long haul, but the results are well worth it. Samba4 is a great basis for future Samba development. In particular I'd like to thank the members of the Samba Team who have put so much into the development of Samba4. It's been a great team effort, and a lot of fun. Now back to more coding Cheers, Tridge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] trouble to connect to window$ share with netbios name
Hello I got this message : 3614: Connection to XP failed SMB connection failed ___ when i try to mount mount a share with netbios name like that: $mount -t smbfs -o username=test,password=test //Xp/share /mnt/floppy if i mount the same share with ip address that's no problem. if i test this : $smbclient -U=test -L 192.168.4.248 i get that output: Domain=[Xp] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC IPC remote share Disk ADMIN$ Disk C$ Disk Default Share session request to 192.168.4.248 failed (Called name not present) session request to 192 failed (Called name not present) Domain=[XP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] if i do the same with netbios name: $smbclient -U=test -L Xp i have that one : ___ Connection to Xp failed ___ any help could...help chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trusting and trusted domain (home mapping) problem
Hi Igor, Once again, thanks for keeping up with me. I have been migrating my master ldap server to 2.1 version so to keep it the same with the PDCs version of LDAP. Now they are the same. I have rectified such that wbinfo -u on both sides worked now. I am made net rpc trustdom list worked. It was not working before. I had to put stuadmin = root in the student PDC's smbusers file. And I had to put Administrator = root in the staff's PDC's smbusers file to get the net rpc trustdom list to work. I did not have a uid=root you see. Now net use x: /home by the Dom B user (grade2 in this case) on the Domain_A_machine still does not work. The /var/log/samba/Dom_A_machine from the Domain_A_PDC will be sent separately as I don want to post it on the lists. The /var/log/samba/Domain_A_PDC from Domain_B_PDC will be sent to you too. My view on the logs - I believe by reading it, it will hold the key why it did not work. I believe during authentication, Domain_A_PDC got the information of Domain_B_user from Domain_B_PDC properly. But it cannot find Domain_B\Domain_B_user in the Get_Pwnam_internals function. It can only find Domain_B_user in the Get_Pwnam_internals function! Now because it finds Domain_B_user and not Domain_B\Domain_B_user, Domain_A_PDC will NOT use the data that it has gotten from the Domain_B_PDC. Now, I then think that it has something to do with libnssldap.conf, pam_ldap.conf and ldap.conf file. Here is my config:- libnssldap.conf, pam_ldap.conf and ldap.conf is configured to see both domain's data. On the smb.conf, the ldapsam backend is ONLY seeing its own domain data. getent passwd on either PDC will see both domain's users. my nsswitch.conf is doing compat ldap rather than compat winbind. Hence getent passwd will then give user as domain_b_user rather than domain_B\domain_b_user. Is this the right way to do it? If I make sure the getent passwd is ONLY seeing its own domain ,then I cannot login into the other domain !! Hope when I sent you the files, you will be able to help. Thanks for giving that hope that you made it working before. Thanks for not posting up the logs and the conf files. Cheers, adrian Igor Belyi wrote: Adrian Chow wrote: Hi Igor, Here are my smb.conf files for feanor and gloin. They are the PDCs for the staff and student domain. My ldaps in the PDCs are configured to update to the master LDAP which have the lower version of LDAP. Upon update the master, the master will then update the slave ldaps which are the PDCs. Setup looks fine. At least, I don't see any problem with it. The next step then will be to collect 'log level = 5' trace during login and LDAP entries for both users from DomainA and DomainB which you use to test home mounts. But I would recommend to update Samba to 3.0.7 in both PDCs first. I did not post it up to the samba lists cause i wonder would it bleach the security for my servers. Hope you understand. Let me know your concerns in this. I always thought that people avoid posing their config files due to liability problems (don't want their users to know that they have problems) than due to security concerns.. But, I can be wrong and probably this information could be used for mischief. But be warn that smbd logs usually have more information than config files. It's fine with me if you don't want to post your config on the list as long as you post the solution to your problem afterwards. :) Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with smbmount
Hello list, I have a problem with my samba shares. I have a server with samba installed on it (3.0.7-Debian). I have workstations under wxp and workstations under linux. I have a common share which looks like this : [Archive] available = yes valid users = user1, user2 comment = Repertoire Archive browseable = yes write list = user1, user2 writable = yes admin users = user1 path = /home/archives user = user1, user2 force user = root I connect my wxp to the share without problem and can read/write. Of course all new files are created under the root user as requested by the force user option. I can connect my linux to this share using mount -t smbfs -o rw,username=user1,password=xxx //server/Archive /mnt/server/archive, (either using smbmount does the same behaviour) I can do all the read I want, but I can't make any write. It looks like my workstation get confused by the rights. If I go in a directory where the user1 have RW access, I can create a file, and it is automaticllay given to root (according to the option force user), but I can't make any write where the user root is the owner of the directory. It works well under Windows XP workstation, it does not works under linux workstation (which is a Kanotix/Knoppix/Debian distribution), that's why I think it's a problem with smbmount/mount -t smbfs Any idea ? Thanks -- Jérôme Tytgat Administrateur Réseau et Sécurité ASTERION - Impasse de la Hache CP 5911 - 44 477 CARQUEFOU CEDEX T: 02 40 300 800 - F: 02 40 25 10 74 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to prevent users from modifying access rights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 . wrote: | | Hi, | | how can I prevent users from modifying access rights on files and | directories on a share (on an ext3 partition with ACLs)? | | Users must be able to read from arbitrary directories on | the share belonging to groups they are not members of, and | they must have write access to files belonging to other users | in the same group, sometimes to files/directories that are | owned by users of other groups. But they must not be able to | modify the access rights of files owned by users in the | same group; eventually it will be useful to deny | modifying access rights to all users. set all files to be owned by root :-) and make sure that 'dos filemode = no' That should do it. (but give the user's the necessary write permissions). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgkDCIR7qMdg1EfYRAvU8AJ9nNeVmO27o7yPZ/TsUcBxssBHuAACdGTzW Nj7dPSEy+GqjXRZdx/i20eQ= =Khy2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible to map root to group via winbind?
Gerald (Jerry) Carter wrote: Graham Dunn wrote: | samba 3.0.7, freebsd 5.2.1 | | My /usr/local/etc/samba-user.map looks like | | root = DEV.grahamd | | I would like to modify the ACLs on a directory that look like so: | | drwxrwx--- 2 root Domain Admins 512 Oct 28 16:41 test2/ | | (if I chown the directory to my DEV.grahamd account, I | can change ACLs to my heart's content) | | I'm operating under the assumption that only root, or | the owner of a file can change it's ACLs through windows | explorer (at least, that way always works in this case). Try setting 'dos filemode = yes' No luck. drwxrwx---+ 2 root Domain Admins 512 Oct 29 09:07 test2/ %getfacl test2/ #file:test2/ #owner:0 #group:10018 user::rwx user:GrahamD:rwx group::rwx mask::rwx other::--- As grahamd, I still get unable to save permission changes on test2. Access is denied. PS. http://www.plainjoe.org/gpg_public.asc results in a 404. cheers, jerry - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Hi
-- Virus Warning Message (on the network) Price.exe is removed from here because it contains a virus. --- Virus Warning Message (on the network) (B (BFound virus WORM_BAGLE.AT in file Price.exe (BThe file is deleted. (B (BTherefore we removed the attachment-file (Bby Mail Server and sent the message to you. (B (B(Japanese) $BK\%a!<%k$KE:IU$5$l$F$$$?%U%!%$%k$K%&%#%k%9$,[EMAIL PROTECTED](B $B$=$N$?$a!"%a!<%k%5!<%P$K$h$C$FE:IU%U%!%$%k$r
[Samba] Samba hanging
On 3 occasions in the last 2 week my samba server has hung up. It has occurred each time when I am trying to do a full backup copy of the file server. It appears to be happening at the same place, I'm guessing based on the number of files which are being transfered.When I look at the rsync which is running I just see a long line of files with I/O errors. When I try to shutdown smb, I can't. #service smb stop Shutting down smb [Failed] Shutting down nmb [Failed] When I look at #ps -aux|grep smbd I get a long list of pid's. Whenever I try to kill one of these pid's with kill x or kill -9 x or kill -15 x killall smbd nothing happens. I then have to reboot. I have been running this system for 2 years and it just started this. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba hangs
On 3 occasions in the last 2 week my samba server has hung up. It has occurred each time when I am trying to do a full backup copy of the file server. It appears to be happening at the same place, I'm guessing based on the number of files which are being transfered.When I look at the rsync which is running I just see a long line of files with I/O errors. When I try to shutdown smb, I can't. #service smb stop Shutting down smb [Failed] Shutting down nmb [Failed] When I look at #ps -aux|grep smbd I get a long list of pid's. Whenever I try to kill one of these pid's with kill x or kill -9 x or kill -15 x killall smbd nothing happens. I then have to reboot. I have been running this system for 2 years and it just started this. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba hangs
nothing happens. I then have to reboot. I have been running this system for 2 years and it just started this. Any ideas? Well you state that both rsync and samba are having problems and that rsync is throwing I/O errors on a system that has been in service a couple of years. Sounds like a hardware/filesystem error. /jabOr it could be the multiple identical posts to listservs in short succession that are causing your system hangs./jab :-P -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Issue with two domains in one LDAP tree
Hi, I've just moved a second Samba domain to LDAP -- it works great! However, the first domain is now dead in the water. It refuses to autenticate, and from the logs it looks like it's not find the SambaDomainName entry in the LDAP tree. Here is a diagram of how my LDAP tree is set up. dc=mycompany,dc=com |___ ou=computers |___ ou=people |___ ou=groups |___ sambaDomain=domain1 |___ ou=domain2 |___ ou=computers |___ ou=people |___ ou=groups |___ sambaDomain=domain2 In domain1's smb.conf, I have: ldap suffix = dc=mydomain,dc=com In domain2's smb.conf, I have: ldap suffix = ou=domain2,dc=mydomain,dc=com Domain2 is working flawlessly. Domain1, however, is not. When I do a simple 'smbclient -L localhost' as root, I get the following log from slapd at loglevel 256: Oct 29 09:03:23 oink slapd[5290]: conn=88 fd=16 ACCEPT from IP=127.0.0.1:32841 (IP=0.0.0.0:389) Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND dn=cn=Manager,dc=borkholder,dc=com method=128 Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND dn=cn=Manager,dc=borkholder,dc=com mech=SIMPLE ssf=0 Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 RESULT tag=97 err=0 text= Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH base=dc=borkholder,dc=com scope=2 deref=0 filter=((objectClass=sambaDomain)(sambaDomainName=corp1)) Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Oct 29 09:03:23 oink slapd[5290]: = bdb_equality_candidates: (sambaDomainName) index_param failed (18) Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH base=dc=borkholder,dc=com scope=2 deref=0 filter=((uid=root) (objectClass=sambaSamAccount)) Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Oct 29 09:03:26 oink slapd[5290]: = bdb_equality_candidates: (uid) index_param failed(18) Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SEARCH RESULT tag=101 err=0 nentries=2 text= Oct 29 09:03:26 oink slapd[5290]: conn=88 fd=16 closed Oct 29 09:03:27 oink slapd[5290]: conn=24 fd=18 closed I also want to say that the reason I have domain2 off in its own subtree is that it is going to eventually control its portion of the tree and take referrals from the main LDAP tree. It's over a T1 from the main office and I want to keep bandwidth down. I could put domain1 in its own subtree as well, but it seems a little overkill if I can avoid it since there will be about 50 users of domain1 and only about 10 of domain2. Thanks for any help you can give, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba4 reaches the Susan stage
Hi, perhaps we should spend some roses to Susan to be the first Lady of Samba !!! Thx to both of you for hard coding times Regards Robert [EMAIL PROTECTED] schrieb: Samba4 reached an important milestone tonight, as I installed it for my wife to use as her file server for all of her important documents, email, the book she is working on etc. Those of you who have been around Samba development for a while will know that my wife tends to be the first test user of major new versions of Samba, and she volunteered again this time. Susan played a large part in the original motivation to develop Samba more than 12 years ago, so she knows how useful it is to have a local test user. Reaching this stage does not mean that you should now go and install Samba4 on your production servers. Only a very keen (foolish?) person would do that. The code is quite incomplete, and is missing major features such as no netbios name server, no winbind, no admin tools, and very little documentation. So unless you are a keen C programmer then stay well clear for the moment. What this milestone means is that the code is now fairly robust, and that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc) all work well and that I am quite confident of not losing data. Of course, I also have a very strict automated backup regime setup for my wife, so if I'm wrong about the robustness we can recover without me having to cook dinner for a week as penance. The code isn't available as a alpha quality release yet, as there are just too many missing features, although I do plan on doing a snapshot release shortly (maybe within a week?). So far the only problem on my wifes machine is that Eudora startup is a bit slow. That is caused by Norton Anti-Virus on her WinXP box scanning all the dlls and the exe, along with the fact that Samba4 does not yet have oplocks, so the client cannot cache the files for fast re-scanning. With norton disabled startup is fast. If you want to get involved in Samba4 development then see http://devel.samba.org/, checkout the code, and start reading. Having at look at the (incomplete) prog_guide.txt is a good idea. If you just want to see some slides on the design of Samba4, then there are some links to various talks I've given on my homepage at http://samba.org/~tridge/ I'd like to thank everyone who has worked so hard over the last couple of years to get us this far. It's been a long haul, but the results are well worth it. Samba4 is a great basis for future Samba development. In particular I'd like to thank the members of the Samba Team who have put so much into the development of Samba4. It's been a great team effort, and a lot of fun. Now back to more coding Cheers, Tridge -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to prevent users from modifying access rights
Gerald (Jerry) Carter schrieb: . wrote: | | Hi, | | how can I prevent users from modifying access rights on files and | directories on a share (on an ext3 partition with ACLs)? | | Users must be able to read from arbitrary directories on | the share belonging to groups they are not members of, and | they must have write access to files belonging to other users | in the same group, sometimes to files/directories that are | owned by users of other groups. But they must not be able to | modify the access rights of files owned by users in the | same group; eventually it will be useful to deny | modifying access rights to all users. set all files to be owned by root :-) and make sure that 'dos filemode = no' That should do it. (but give the user's the necessary write permissions). Hm, the manpage says on ´dos filemode´: The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. [...] Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. There will be files like that: directory-1 peter:staff | |-- file-1peter:staff |-- file-2hubba:staff |-- file-3elisa:users |-- file-4laura:birds |-- subdirelisa:users |-- file-A elisa:users |-- file-B hubba:staff directory-2 hubba:staff | |-- file-1peter:staff |-- file-2hubba:staff |-- file-3elisa:users |-- file-4laura:birds |-- subdirelisa:users |-- file-A elisa:users |-- file-B hubba:staff ... and so on. Members of group ´staff´ must have RW access on _all_ files in directory-1, and some users of other groups must have that also. Other users must have read access to the directories, eventually excluding some of their contents. Most of the directories (and groups) will represent departments of the organisation (if there isn´t a better solution). The problem is that I cannot get the users to stick to their designated directories :( They definitely want what I call ´chaotical access rights´ --- and I cannot figure how I could provide that, even with ACLs. For ´peter´ of ´staff´ is the chief of the department directory-1 represents/belongs to, I could (want) reasonably give ´peter´ of ´staff´ the right to modify access rights on directory-1 and anything it contains. But other users must not be able to modify the rights. An alternative is to maintain the access rights myself, but I´d rather like to avoid that --- and it won´t work anyway because users creating files within the directories will thereby be able to set the rights on their files (unless I could somehow prohibit that). That is even the default behaviour (i. e. ´dos filemode = no´). I´ve tried to use ´directory security mask´ and ´security mask´, but setting them to allows a user to change the rights exactly once (instead of denying any changes what was what I expected): When attempting to set any rights, the rights just get masked to and then are set on the file/directory --- thereby, any further access is effectively denied. With ´dos filemode = yes´, any other users having write access to files in directories would be able to modify the access rights, but I do not want them to be able to. Even our rather over-aged Netware server we´re going to migrate from, running Netware 3.2(!), can handle the demand of chaotical access rights without having to thing about it. I need that same capability on the new Linux server ... It´s not that I would like such a thing, but I´m facing the demand. The answer to questions like ´Which users can access this directory?´ is always ´I don´t know, and that would be very difficult to find out ...´ But at least, users cannot modify the access rights unless I allow them to. Having users modifying the rights would mean having no more control at all: ´Which users can access that directory?´ --- ´I don´t know, and that cannot be found out because users can grant access to anything theirselves whenever they want ...´, that´s somewhat fatal :) --- And my tests showed that users can even delete whole directories though I took off all their rights from them. This is very intricated ... GH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MAC OS X and Samba Shares 2 TB
Does somebody know if the Samba Client in MAC OS X (10.3.4 and 10.3.5) has problems looking at Linux-based Samba shares that are larger than 2 TB? I have Samba 3.0.2 running on my Linux box. I have never had any difficulty with the Mac seeing a 2 TB RAID array on the Linux box, but when the Mac looks at the 4 TB array, it can see all the contents and create folders but it can't create any new files. And in the Get Info for the 4 TB Samba share, the Mac tells me that there is zero K of space left on the drive. My Windows XP machines don't have a problem looking at the same share, or in creates files on the share. I don't think it's a permission thing because: a) I have made the share Read/Write for all users b) I am logging on with the same username and password from both the Windows and Mac machines Any ideas? Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Again Linux, Mac OS etc...
Hi there Again with the same question, but with a little more information technically. Config: 1 Samba File Server (Suse Linux) 40+ M$ Clients (NT, W2K, XP) 4 Mac OS X clients (10.2,10.3) Authentication throug NT PDC Everything works fine for the M$ part of it. Problem: when someone from the OS X side log onto the share it looks nice by first sight, but the file permissions, owner and group of the files and directory are not correct. The users log on through PDC but gets the user id 'nobody'... On the client side the file permissions, owner and group look totally different FOR THE SAME FILE. Example (two views on the same file): share side: -rwxrwxr-x domain-ID, domain-GID (this is ls -l on the Linux side) client side:-rwx-r-x-r-x osx-id, wheel (this is ls -l on the OS X side) Therefore it is not possible for the client user to change a file and save it on the share again, because from the viewpoint of OS X, he has no group write permission. New files are possible, but get the settings: -rwx-r-xr-x 'nobody', domain-GID The relevant settings in the smb.conf are all 775. What can I do to get rid of this? Any ideas outthere? All Apple related descriptions assume to use the MAC as SMB Server. No one talks about a MAC as SMB client. Thanks for even thinking about that:o( Sascha Guido Zumbusch -- Sascha Zumbusch Tel:+49.3381.889898 Hauptstr. 43, D-14776 Brandenburg an der Havel Fax:+49.3381.410065 mailto:[EMAIL PROTECTED]ICQ:30-505-053 GSM:+49.179.1793259875 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Add Machine Script
Can you send that peace of smb.conf which contains that: Corral, Randy wrote: All, Currently we are running Samba 3.0.7 on Solaris 8 and we are experiencing a problem that the user system are not being added automatically with the add machine script: /usr/sbin/useradd -g machines -d /dev/null -s /bin/false %m If we run it manually it works. Any ideas? Thanks, Randy Corral Information Systems Brooks Automation Phoenix, Arizona 602-861-9395 ext. 228 Fax: 602-861-1442 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Allow users to delete from read-only share?
When using Netware I had two directories set up as follows... 1. /data/cad/current 2. /data/cad/hold I had three groups that controlled access to these directories. Group A had read-only access to 1. Group B had read-only and delete access on 1 and read-write on 2. Group C had read-write on both 1 and 2. Group A was typically shop floor employees who needed to view cad drawings. The reason for group B was so that an engineer could take a cad drawing file and remove it from 1. and place it in 2. so that no one could access it while it was being modified. When the modifications were complete and approved a user from group C could put it back. I cannot figure out any way to do this with Samba. Any tips? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group name length limit?
I am using samba 3.07 with winbind in AD. I have some long group names (30 char or more, includes spaces). And I noticed users get access denied for those groups. Is there a limit on group name length? Thanks. --Sharif -- Sharif Islamhttp://www.sharifislam.com Research Programmer Library Systems Office217-244-4688 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba.schema question
I see in samba.schema that it is possible to have multiple SambaDomainName entries for a dn. However I don't see how this does any good because you must only have one sambaSID entry per user. Is there any way to associate more than one sambaSID with a dn, so that a user would be authorized to log into more than one domain without a trust relationship? If it's not possible now, is it in the works for the future? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Symantec AntiVirus/Filtering for Domino detected a virus in a document you authored.
Please contact your system administrator. The scanned document was QUARANTINED. Virus Information: The attachment document09.scr contained the virus [EMAIL PROTECTED] and could NOT be repaired. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind name service required for active directory (ADS) authentication and group-based authorization?
On Fri, Oct 29, 2004 at 09:16:02AM -0700, DeStefano, Paul wrote: | Solution: ADS, perhaps? | | I've read lots of documents and they seem to indicated | that, when using ADS authentication (by which I mean | security=ADS and the proper relm, etc.) winbind is NOT | involved in the authentication process. It says smbd | participates in Kerberos ticketing, like a normal Domain | Member, to authorize samba clients. (Details found here: | http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-me | mber.html) I think means it gets the client user authorization | directly from ADS; winbind is not involved. | | Well, if that's true, then samba has everything it needs to | authorize clients by group membership, not just authenticate users, | without consulting winbind. The Kerberos ticket that it receives | during authentication includes all sorts of information about the | user...including the users group memberships. Is that right? | | This isn't particular to ADS, I suppose, now that I think about it; | probably the same as before ADS. But, I couldn't find any examples | of samba using windows authentication without winbind. | | You're probably wondering what is going to happen after | authentication and authorization without winbind to map users to | UNIX UIDs. Me too. That's my follow up question. I hope that samba | can use the unqualified username (without the 'DOMAIN\' prefix) | to find a match using the normal resolution so that we can just | populate /etc/passwd. Think that will work? Actually, we intend to | use force user =, as in the past, so it really doesn't matter what | happens with the UID mappings, but samba might not be that clever. | It may insist on successfully resolving usernames before checking | options like force user. If you have a mapping in the passwd(5) file between the username (without 'DOMAIN\' prefix) and a UID, things should work without needing winbind in nsswitch.conf; the user's password is checked against ADS and the passwd(5) entry is used to provide a UID. If there is not a matching entry in passwd(5) for the ADS user, they will not be able to connect. Cheers, Luke. pgpDJj8YVlSmr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Directory perms not visible from Properties|Security on clients
Samba 3.0.7, XP Pro SP1 clients When I view the Properties|Security tab on a folder from my XP SP1 clients, the checkboxes indicating the various permission settings are all empty. The share is functioning fine otherwise, permissions are OK when inspected from the Unix side. Does anyone know a work around (or fix!)? This came up back in 2003, without resolution: http://marc.theaimsgroup.com/?l=sambam=105404730810537w=2 It also came up earlier this month, again without resolution: http://marc.theaimsgroup.com/?l=sambam=109659106919277w=2 There is a open bug (with a fair degree of reproducibility it seems): https://bugzilla.samba.org/show_bug.cgi?id=1865 A level 4 debug log reveals that unix_mode (in dosmode.c) is properly determining the mode (in this case, 0744). Shortly after that, it appears that the security descriptor is queried and the SIDs are fetched from the cache, but just after all that takes place, it reports a Function not implemented error followed by a NT_STATUS_BUFFER_TOO_SMALL error. I surmise from the archives that the ...TOO_SMALL error is just RPC reply fragmentation across multiple smbd processes. (Does that mean it isn't really a problem? Is fragmentation of this type OK?) Regards, Richard - [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834) reduce_name [Computer Administration/Test] [/data/samba/shared-documents] [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939) reduce_name: Computer Administration/Test reduced to (null) [2004/10/29 18:25:38, 3] smbd/dosmode.c:unix_mode(111) unix_mode(Computer Administration/Test) returning 0744 [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834) reduce_name [Computer Administration/Test] [/data/samba/shared-documents] [2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939) reduce_name: Computer Administration/Test reduced to (null) [2004/10/29 18:25:38, 4] smbd/open.c:open_file_shared1(1244) calling open_file with flags=0x0 flags2=0x0 mode=0744 [2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092) Transaction 19677 of length 88 [2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887) switch message SMBnttrans (pid 13461) conn 0x837c740 [2004/10/29 18:25:38, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2004/10/29 18:25:38, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1903) call_nt_transact_query_security_desc: file = Computer Administration/Test [2004/10/29 18:25:38, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(152) fetch sid from uid cache 500 - SNIP SID REMOVED [2004/10/29 18:25:38, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(226) fetch sid from gid cache 500 - SNIP: SID REMOVED [2004/10/29 18:25:38, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1928) call_nt_transact_query_security_desc: sd_size = 120. [2004/10/29 18:25:38, 3] smbd/error.c:error_packet(105) error string = Function not implemented [2004/10/29 18:25:38, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(101) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL [2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092) Transaction 19678 of length 88 [2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887) switch message SMBnttrans (pid 13461) conn 0x837c740 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Shared folder windows clients
Hi I tried googling and searching the archives, but I guess I don't know how to choose the best keywords to describe my problem. So, I'll ask here. I have a samba box (3.0.5) sharing 1 folder. This folder contains 2 subfolders; both have around 900 files on each. On my linux box (kde), I can use the smb kio slave and everything is as expected, I can see all the files on both folders. Now on two windows 2000 clients (sp3 sp4) I use, they can only see, say, around 200 files on the 1st subfolder, and around 100 on the 2nd subfolder. The numbers aren't always the same, although both machines always return identical reports on file listings. What could possibly be wrong? Here are the relevant parts of smb.conf, all the rest is default: - [global] workgroup = COLORTECH guest account = vendas security = share [Documentos] path = /home/vendas/Documentos writable = yes guest ok = yes public = yes - Of course, vendas is a valid user account and file permissions are ok. I had this in the past, where the two subfolders were once one with around 1600 files. I thought it could be the large number of files so I split them into two folders and the problem was gone. All of a sudden, it reappeared, even though there are far fewer files than before. Any ideas? Thanks Gustavo PS: please cc me as I am not subscribed to the list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Undeliverable message returned to sender
This message was created automatically by mail delivery software. Delivery failed for the following recipient(s): [EMAIL PROTECTED] The message you sent contained an attachment which the recipient has chosen to block. Usually these sort of attachments are blocked to prevent malicious software from being sent to the recipient in question. The name(s) of the blocked file(s) follow: document.zip To send this file, please place it in a compressed archive using WinZip (http://www.winzip.com) or the archive software of your choice. - Original Message Header - Received: by mail44-ash (MessageSwitch) id 1099114655949580_11269; Sat, 30 Oct 2004 05:37:35 + (UCT) Received: from samba.org (unknown [210.5.9.252]) by mail44-ash.bigfish.com (Postfix) with ESMTP id 5C46E801538 for [EMAIL PROTECTED]; Sat, 30 Oct 2004 05:36:56 + (UCT) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Error Date: Sat, 30 Oct 2004 13:44:27 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0007_42E184A0.B4E93CD3 X-Priority: 3 X-MSMail-Priority: Normal Message-Id: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r3354 - in branches/SAMBA_4_0/source: include libcli/raw
Author: tridge Date: 2004-10-29 06:01:00 + (Fri, 29 Oct 2004) New Revision: 3354 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3354 Log: honor max xmit and max mux from smb.conf in our client code. This is important as it allows the test suite to exercise the multiple reply logic in smbd for trans2 search replies. Modified: branches/SAMBA_4_0/source/include/cli_context.h branches/SAMBA_4_0/source/libcli/raw/clisession.c branches/SAMBA_4_0/source/libcli/raw/clitransport.c branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c Changeset: Modified: branches/SAMBA_4_0/source/include/cli_context.h === --- branches/SAMBA_4_0/source/include/cli_context.h 2004-10-29 05:58:22 UTC (rev 3353) +++ branches/SAMBA_4_0/source/include/cli_context.h 2004-10-29 06:01:00 UTC (rev 3354) @@ -91,6 +91,8 @@ uint_t use_oplocks:1; uint_t use_level2_oplocks:1; uint_t use_spnego:1; + uint32_t max_xmit; + uint16_t max_mux; }; /* this is the context for the client transport layer */ Modified: branches/SAMBA_4_0/source/libcli/raw/clisession.c === --- branches/SAMBA_4_0/source/libcli/raw/clisession.c 2004-10-29 05:58:22 UTC (rev 3353) +++ branches/SAMBA_4_0/source/libcli/raw/clisession.c 2004-10-29 06:01:00 UTC (rev 3354) @@ -263,8 +263,8 @@ /* use the old interface */ s2.generic.level = RAW_SESSSETUP_OLD; - s2.old.in.bufsize = ~0; - s2.old.in.mpx_max = 50; + s2.old.in.bufsize = session-transport-options.max_xmit; + s2.old.in.mpx_max = session-transport-options.max_mux; s2.old.in.vc_num = 1; s2.old.in.sesskey = parms-generic.in.sesskey; s2.old.in.domain = parms-generic.in.domain; @@ -311,8 +311,8 @@ union smb_sesssetup s2; s2.generic.level = RAW_SESSSETUP_NT1; - s2.nt1.in.bufsize = ~0; - s2.nt1.in.mpx_max = 50; + s2.nt1.in.bufsize = session-transport-options.max_xmit; + s2.nt1.in.mpx_max = session-transport-options.max_mux; s2.nt1.in.vc_num = 1; s2.nt1.in.sesskey = parms-generic.in.sesskey; s2.nt1.in.capabilities = parms-generic.in.capabilities; @@ -371,8 +371,8 @@ const char *chosen_oid; s2.generic.level = RAW_SESSSETUP_SPNEGO; - s2.spnego.in.bufsize = ~0; - s2.spnego.in.mpx_max = 50; + s2.spnego.in.bufsize = session-transport-options.max_xmit; + s2.spnego.in.mpx_max = session-transport-options.max_mux; s2.spnego.in.vc_num = 1; s2.spnego.in.sesskey = parms-generic.in.sesskey; s2.spnego.in.capabilities = parms-generic.in.capabilities; Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c === --- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-29 05:58:22 UTC (rev 3353) +++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-29 06:01:00 UTC (rev 3354) @@ -76,7 +76,10 @@ transport-socket = talloc_reference(transport, sock); transport-negotiate.protocol = PROTOCOL_NT1; transport-options.use_spnego = lp_use_spnego(); - transport-negotiate.max_xmit = ~0; + transport-options.max_xmit = lp_max_xmit(); + transport-options.max_mux = lp_maxmux(); + + transport-negotiate.max_xmit = transport-options.max_xmit; smbcli_init_signing(transport); Modified: branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c === --- branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c 2004-10-29 05:58:22 UTC (rev 3353) +++ branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c 2004-10-29 06:01:00 UTC (rev 3354) @@ -169,7 +169,7 @@ /* the old core protocol */ transport-negotiate.sec_mode = 0; transport-negotiate.server_time = time(NULL); - transport-negotiate.max_xmit = ~0; + transport-negotiate.max_xmit = transport-options.max_xmit; transport-negotiate.server_zone = get_time_zone(transport-negotiate.server_time); }
svn commit: samba r3356 - in branches/SAMBA_4_0/source: lib/socket smbd
Author: tridge Date: 2004-10-29 07:00:14 + (Fri, 29 Oct 2004) New Revision: 3356 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3356 Log: in the standard process model we need to make sure we close all listening sockets after the fork to prevent the child still listening on incoming requests. I have also added an optimisation where we use dup()/close() to lower the file descriptor number of the new socket to the lowest possible after closing our listening sockets. This keeps the max fd num passed to select() low, which makes a difference to the speed of select(). Modified: branches/SAMBA_4_0/source/lib/socket/socket.c branches/SAMBA_4_0/source/smbd/process_standard.c branches/SAMBA_4_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_4_0/source/lib/socket/socket.c === --- branches/SAMBA_4_0/source/lib/socket/socket.c 2004-10-29 06:01:51 UTC (rev 3355) +++ branches/SAMBA_4_0/source/lib/socket/socket.c 2004-10-29 07:00:14 UTC (rev 3356) @@ -260,6 +260,28 @@ return sock-ops-get_fd(sock); } +/* + call dup() on a socket, and close the old fd. This is used to change + the fd to the lowest available number, to make select() more + efficient (select speed depends on the maxiumum fd number passed to + it) +*/ +NTSTATUS socket_dup(struct socket_context *sock) +{ + int fd; + if (sock-fd == -1) { + return NT_STATUS_INVALID_HANDLE; + } + fd = dup(sock-fd); + if (fd == -1) { + return map_nt_error_from_unix(errno); + } + close(sock-fd); + sock-fd = fd; + return NT_STATUS_OK; + +} + const struct socket_ops *socket_getops_byname(const char *name, enum socket_type type) { if (strcmp(ip, name) == 0 || Modified: branches/SAMBA_4_0/source/smbd/process_standard.c === --- branches/SAMBA_4_0/source/smbd/process_standard.c 2004-10-29 06:01:51 UTC (rev 3355) +++ branches/SAMBA_4_0/source/smbd/process_standard.c 2004-10-29 07:00:14 UTC (rev 3356) @@ -34,7 +34,8 @@ /* called when a listening socket becomes readable */ -static void standard_accept_connection(struct event_context *ev, struct fd_event *srv_fde, time_t t, uint16_t flags) +static void standard_accept_connection(struct event_context *ev, struct fd_event *srv_fde, + time_t t, uint16_t flags) { NTSTATUS status; struct socket_context *sock; @@ -63,7 +64,11 @@ /* Child code ... */ /* close all the listening sockets */ - event_remove_fd_all_handler(ev, standard_accept_connection); + service_close_listening_sockets(server_socket-service-srv_ctx); + + /* we don't care if the dup fails, as its only a select() + speed optimisation */ + socket_dup(sock); /* tdb needs special fork handling */ if (tdb_reopen_all() == -1) { Modified: branches/SAMBA_4_0/source/smbd/service.c === --- branches/SAMBA_4_0/source/smbd/service.c2004-10-29 06:01:51 UTC (rev 3355) +++ branches/SAMBA_4_0/source/smbd/service.c2004-10-29 07:00:14 UTC (rev 3356) @@ -77,6 +77,8 @@ /* TODO: service_init() should return a result */ service-ops-service_init(service, model_ops); + + DLIST_ADD(srv_ctx-service_list, service); } return srv_ctx; @@ -328,3 +330,22 @@ DEBUG(3,(SERVER SERVICE subsystem version %d initialised\n, SERVER_SERVICE_VERSION)); return True; } + + +/* + close all listening sockets. This is called by process models that fork, to + ensure that the listen sockets from the parent are closed +*/ +void service_close_listening_sockets(struct server_context *srv_ctx) +{ + struct server_service *svc; + for (svc=srv_ctx-service_list;svc;svc=svc-next) { + struct server_socket *sock; + for (sock=svc-socket_list;sock;sock=sock-next) { + event_remove_fd(sock-event.ctx, sock-event.fde); + sock-event.fde = NULL; + socket_destroy(sock-socket); + sock-socket = NULL; + } + } +}
svn commit: samba r3357 - in branches/SAMBA_4_0/source: lib libcli ntvfs/common smbd
Author: tridge Date: 2004-10-29 07:29:26 + (Fri, 29 Oct 2004) New Revision: 3357 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3357 Log: removed the need to use TDB_CLEAR_IF_FIRST in Samba4. We found a few months ago that TDB_CLEAR_IF_FIRST is extremely inefficient for large numbers of connections, due to a fundamental limitation in the way posix byte range locking is implemented. Rather than the nasty workaround we had for Samba3, we now have a single cleanup tmp files function that runs when smbd starts. That deletes the tmp tdbs, so TDB_CLEAR_IF_FIRST is not needed at all. Modified: branches/SAMBA_4_0/source/lib/util.c branches/SAMBA_4_0/source/libcli/unexpected.c branches/SAMBA_4_0/source/ntvfs/common/brlock.c branches/SAMBA_4_0/source/ntvfs/common/opendb.c branches/SAMBA_4_0/source/smbd/rewrite.c branches/SAMBA_4_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util.c === --- branches/SAMBA_4_0/source/lib/util.c2004-10-29 07:00:14 UTC (rev 3356) +++ branches/SAMBA_4_0/source/lib/util.c2004-10-29 07:29:26 UTC (rev 3357) @@ -705,16 +705,19 @@ char *lock_path(TALLOC_CTX* mem_ctx, const char *name) { - char *fname; + char *fname, *dname; - fname = talloc_strdup(mem_ctx, lp_lockdir()); - trim_string(fname,,/); + dname = talloc_strdup(mem_ctx, lp_lockdir()); + trim_string(dname,,/); - if (!directory_exist(fname,NULL)) - mkdir(fname,0755); + if (!directory_exist(dname,NULL)) { + mkdir(dname,0755); + } - fname = talloc_asprintf(mem_ctx, %s/%s, fname, name); + fname = talloc_asprintf(mem_ctx, %s/%s, dname, name); + talloc_free(dname); + return fname; } Modified: branches/SAMBA_4_0/source/libcli/unexpected.c === --- branches/SAMBA_4_0/source/libcli/unexpected.c 2004-10-29 07:00:14 UTC (rev 3356) +++ branches/SAMBA_4_0/source/libcli/unexpected.c 2004-10-29 07:29:26 UTC (rev 3357) @@ -50,7 +50,7 @@ mem_ctx = talloc_init(receive_unexpected); if (!mem_ctx) return; tdbd = tdb_wrap_open(NULL, lock_path(mem_ctx, unexpected.tdb), 0, -TDB_CLEAR_IF_FIRST|TDB_DEFAULT, +TDB_DEFAULT, O_RDWR | O_CREAT, 0644); talloc_destroy(mem_ctx); if (!tdbd) { Modified: branches/SAMBA_4_0/source/ntvfs/common/brlock.c === --- branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 07:00:14 UTC (rev 3356) +++ branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 07:29:26 UTC (rev 3357) @@ -84,7 +84,7 @@ path = lock_path(brl, brlock.tdb); brl-w = tdb_wrap_open(brl, path, 0, - TDB_DEFAULT|TDB_CLEAR_IF_FIRST, + TDB_DEFAULT, O_RDWR|O_CREAT, 0600); talloc_free(path); if (brl-w == NULL) { Modified: branches/SAMBA_4_0/source/ntvfs/common/opendb.c === --- branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 07:00:14 UTC (rev 3356) +++ branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 07:29:26 UTC (rev 3357) @@ -88,7 +88,7 @@ path = lock_path(odb, openfiles.tdb); odb-w = tdb_wrap_open(odb, path, 0, - TDB_DEFAULT|TDB_CLEAR_IF_FIRST, + TDB_DEFAULT, O_RDWR|O_CREAT, 0600); talloc_free(path); if (odb-w == NULL) { Modified: branches/SAMBA_4_0/source/smbd/rewrite.c === --- branches/SAMBA_4_0/source/smbd/rewrite.c2004-10-29 07:00:14 UTC (rev 3356) +++ branches/SAMBA_4_0/source/smbd/rewrite.c2004-10-29 07:29:26 UTC (rev 3357) @@ -19,18 +19,12 @@ { return True; } /* - * initialize an smb process + * initialize an smb process. Guaranteed to be called only once per + * smbd instance (so it can assume it is starting from scratch, and + * delete temporary files etc) */ void smbd_process_init(void) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init(smbd_process_init talloc); - if (!mem_ctx) { - DEBUG(0,(smbd_process_init: ERROR: No memory\n)); - exit(1); - } - /* possibly reload the services file. */ reload_services(NULL, True); @@ -39,9 +33,7 @@ DEBUG(2,(Changed root to %s\n, lp_rootdir())); } - /* Start old-style secrets subsystem */ - - talloc_destroy(mem_ctx); +
svn commit: lorikeet r117 - in trunk/mod_ntlm_winbind: .
Author: abartlet Date: 2004-10-29 08:29:27 + (Fri, 29 Oct 2004) New Revision: 117 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=117 Log: Handle the 'BH' reply from ntlm_auth, which indicates that something went badly wrong. Andrew Bartlett Modified: trunk/mod_ntlm_winbind/mod_ntlm_winbind.c Changeset: Modified: trunk/mod_ntlm_winbind/mod_ntlm_winbind.c === --- trunk/mod_ntlm_winbind/mod_ntlm_winbind.c 2004-10-29 01:23:58 UTC (rev 116) +++ trunk/mod_ntlm_winbind/mod_ntlm_winbind.c 2004-10-29 08:29:27 UTC (rev 117) @@ -551,6 +551,7 @@ ap_destroy_pool(connected_user_authenticated-pool); return HTTP_INTERNAL_SERVER_ERROR; } +*childarg3 = '\0'; childarg3++; /* if TT, send to client */ @@ -587,8 +588,16 @@ /* Helper failed */ -ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, - could not parse %s helper callback: %s, auth_type, args_from_helper); +/* if NA, not authenticated */ + +if (strncmp(args_from_helper, BH , 3) == 0) { +ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + ntlm_auth reports Broken Helper: %s, args_from_helper); +} else { + +ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + could not parse %s helper callback: %s, auth_type, args_from_helper); +} ap_destroy_pool(auth_helper-pool); ap_destroy_pool(connected_user_authenticated-pool);
svn commit: samba r3358 - in branches/SAMBA_4_0/source: libcli/util librpc/ndr
Author: abartlet Date: 2004-10-29 08:31:27 + (Fri, 29 Oct 2004) New Revision: 3358 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3358 Log: Try to put all the basic struct dom_sid manipulation functions in one place. (I always have trouble finding one half or the other). Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/util/dom_sid.c branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/util/dom_sid.c === --- branches/SAMBA_4_0/source/libcli/util/dom_sid.c 2004-10-29 07:29:26 UTC (rev 3357) +++ branches/SAMBA_4_0/source/libcli/util/dom_sid.c 2004-10-29 08:31:27 UTC (rev 3358) @@ -23,6 +23,39 @@ #include includes.h /* + convert a dom_sid to a string +*/ +char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) +{ + int i, ofs, maxlen; + uint32_t ia; + char *ret; + + if (!sid) { + return talloc_strdup(mem_ctx, (NULL SID)); + } + + maxlen = sid-num_auths * 11 + 25; + ret = talloc(mem_ctx, maxlen); + if (!ret) return talloc_strdup(mem_ctx, (SID ERR)); + + ia = (sid-id_auth[5]) + + (sid-id_auth[4] 8 ) + + (sid-id_auth[3] 16) + + (sid-id_auth[2] 24); + + ofs = snprintf(ret, maxlen, S-%u-%lu, + (uint_t)sid-sid_rev_num, (unsigned long)ia); + + for (i = 0; i sid-num_auths; i++) { + ofs += snprintf(ret + ofs, maxlen - ofs, -%lu, (unsigned long)sid-sub_auths[i]); + } + + return ret; +} + + +/* convert a string to a dom_sid, returning a talloc'd dom_sid */ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr) @@ -121,3 +154,27 @@ return ret; } +/* + add a rid to a domain dom_sid to make a full dom_sid +*/ +struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, + const struct dom_sid *domain_sid, + uint32_t rid) +{ + struct dom_sid *sid; + + sid = talloc_p(mem_ctx, struct dom_sid); + if (!sid) return NULL; + + *sid = *domain_sid; + /*TODO: use realloc! */ + sid-sub_auths = talloc_array_p(mem_ctx, uint32_t, sid-num_auths+1); + if (!sid-sub_auths) { + return NULL; + } + memcpy(sid-sub_auths, domain_sid-sub_auths, sid-num_auths*sizeof(uint32_t)); + sid-sub_auths[sid-num_auths] = rid; + sid-num_auths++; + return sid; +} + Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c 2004-10-29 07:29:26 UTC (rev 3357) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c 2004-10-29 08:31:27 UTC (rev 3358) @@ -51,39 +51,6 @@ /* - convert a dom_sid to a string -*/ -char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) -{ - int i, ofs, maxlen; - uint32_t ia; - char *ret; - - if (!sid) { - return talloc_strdup(mem_ctx, (NULL SID)); - } - - maxlen = sid-num_auths * 11 + 25; - ret = talloc(mem_ctx, maxlen); - if (!ret) return talloc_strdup(mem_ctx, (SID ERR)); - - ia = (sid-id_auth[5]) + - (sid-id_auth[4] 8 ) + - (sid-id_auth[3] 16) + - (sid-id_auth[2] 24); - - ofs = snprintf(ret, maxlen, S-%u-%lu, - (uint_t)sid-sid_rev_num, (unsigned long)ia); - - for (i = 0; i sid-num_auths; i++) { - ofs += snprintf(ret + ofs, maxlen - ofs, -%lu, (unsigned long)sid-sub_auths[i]); - } - - return ret; -} - - -/* print a dom_sid */ void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, struct dom_sid *sid) @@ -106,30 +73,6 @@ } /* - add a rid to a domain dom_sid to make a full dom_sid -*/ -struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, - const struct dom_sid *domain_sid, - uint32_t rid) -{ - struct dom_sid *sid; - - sid = talloc_p(mem_ctx, struct dom_sid); - if (!sid) return NULL; - - *sid = *domain_sid; - /*TODO: use realloc! */ - sid-sub_auths = talloc_array_p(mem_ctx, uint32_t, sid-num_auths+1); - if (!sid-sub_auths) { - return NULL; - } - memcpy(sid-sub_auths, domain_sid-sub_auths, sid-num_auths*sizeof(uint32_t)); - sid-sub_auths[sid-num_auths] = rid; - sid-num_auths++; - return sid; -} - -/* return the wire size of a security_ace */ size_t ndr_size_security_ace(struct security_ace *ace)
svn commit: samba r3359 - in branches/SAMBA_4_0/source/passdb: .
Author: abartlet Date: 2004-10-29 08:32:59 + (Fri, 29 Oct 2004) New Revision: 3359 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3359 Log: Add magic auto-initialisation hooks here, to match the rest of secrets. (Which will, I am assured, go away). Andrew Bartlett Modified: branches/SAMBA_4_0/source/passdb/secrets.c Changeset: Modified: branches/SAMBA_4_0/source/passdb/secrets.c === --- branches/SAMBA_4_0/source/passdb/secrets.c 2004-10-29 08:31:27 UTC (rev 3358) +++ branches/SAMBA_4_0/source/passdb/secrets.c 2004-10-29 08:32:59 UTC (rev 3359) @@ -129,6 +129,10 @@ size_t ref_count = *p_ref_count; int ret = 0; + secrets_init(); + if (!tdb) + return False; + if (ref_count == 0) { ret = tdb_lock_bystring(tdb-tdb, name, timeout); if (ret == 0) @@ -152,6 +156,10 @@ SMB_ASSERT(ref_count != 0); + secrets_init(); + if (!tdb) + return; + if (ref_count == 1) { tdb_unlock_bystring(tdb-tdb, name); DEBUG(10,(secrets_named_mutex: released mutex for %s\n, name ));
svn commit: samba r3360 - in branches/SAMBA_4_0/source: lib lib/messaging libcli ntvfs/common rpc_server/netlogon smbd
Author: tridge Date: 2004-10-29 08:38:59 + (Fri, 29 Oct 2004) New Revision: 3360 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3360 Log: improved the deletion of tmp files. smbd now puts all tmp files in var/locks/smbd.tmp/ and deletes that dir on startup. Modified: branches/SAMBA_4_0/source/lib/messaging/messaging.c branches/SAMBA_4_0/source/lib/util.c branches/SAMBA_4_0/source/libcli/unexpected.c branches/SAMBA_4_0/source/ntvfs/common/brlock.c branches/SAMBA_4_0/source/ntvfs/common/opendb.c branches/SAMBA_4_0/source/rpc_server/netlogon/schannel_state.c branches/SAMBA_4_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_4_0/source/lib/messaging/messaging.c === --- branches/SAMBA_4_0/source/lib/messaging/messaging.c 2004-10-29 08:32:59 UTC (rev 3359) +++ branches/SAMBA_4_0/source/lib/messaging/messaging.c 2004-10-29 08:38:59 UTC (rev 3360) @@ -85,7 +85,7 @@ { char *name = talloc_asprintf(mem_ctx, messaging/msg.%u, (unsigned)server_id); char *ret; - ret = lock_path(mem_ctx, name); + ret = smbd_tmp_path(mem_ctx, name); talloc_free(name); return ret; } @@ -449,7 +449,7 @@ } /* create the messaging directory if needed */ - msg-path = lock_path(msg, messaging); + msg-path = smbd_tmp_path(msg, messaging); mkdir(msg-path, 0700); talloc_free(msg-path); Modified: branches/SAMBA_4_0/source/lib/util.c === --- branches/SAMBA_4_0/source/lib/util.c2004-10-29 08:32:59 UTC (rev 3359) +++ branches/SAMBA_4_0/source/lib/util.c2004-10-29 08:38:59 UTC (rev 3360) @@ -702,7 +702,6 @@ /* A useful function for returning a path in the Samba lock directory. */ - char *lock_path(TALLOC_CTX* mem_ctx, const char *name) { char *fname, *dname; @@ -736,6 +735,30 @@ return fname; } +/* + return a path in the smbd.tmp directory, where all temporary file + for smbd go. If NULL is passed for name then return the directory + path itself +*/ +char *smbd_tmp_path(TALLOC_CTX *mem_ctx, const char *name) +{ + char *fname, *dname; + + dname = lock_path(mem_ctx, smbd.tmp); + if (!directory_exist(dname,NULL)) { + mkdir(dname,0755); + } + + if (name == NULL) { + return dname; + } + + fname = talloc_asprintf(mem_ctx, %s/%s, dname, name); + talloc_free(dname); + + return fname; +} + /** * @brief Returns the platform specific shared library extension. * Modified: branches/SAMBA_4_0/source/libcli/unexpected.c === --- branches/SAMBA_4_0/source/libcli/unexpected.c 2004-10-29 08:32:59 UTC (rev 3359) +++ branches/SAMBA_4_0/source/libcli/unexpected.c 2004-10-29 08:38:59 UTC (rev 3360) @@ -44,15 +44,13 @@ struct unexpected_key key; char buf[1024]; int len=0; - TALLOC_CTX *mem_ctx; if (!tdbd) { - mem_ctx = talloc_init(receive_unexpected); - if (!mem_ctx) return; - tdbd = tdb_wrap_open(NULL, lock_path(mem_ctx, unexpected.tdb), 0, + char *path = smbd_tmp_path(NULL, unexpected.tdb); + tdbd = tdb_wrap_open(NULL, path, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0644); - talloc_destroy(mem_ctx); + talloc_free(path); if (!tdbd) { return; } @@ -150,13 +148,12 @@ const char *mailslot_name) { struct tdb_wrap *tdb2; - TALLOC_CTX *mem_ctx; + char *path; - mem_ctx = talloc_init(receive_unexpected); - if (!mem_ctx) return NULL; - tdb2 = tdb_wrap_open(mem_ctx, lock_path(mem_ctx, unexpected.tdb), 0, 0, O_RDONLY, 0); + path = smbd_tmp_path(NULL, unexpected.tdb); + tdb2 = tdb_wrap_open(NULL, path, 0, 0, O_RDONLY, 0); + talloc_free(path); if (!tdb2) { - talloc_destroy(mem_ctx); return NULL; } @@ -167,7 +164,7 @@ tdb_traverse(tdb2-tdb, traverse_match, NULL); - talloc_destroy(mem_ctx); + talloc_free(tdb2); return matched_packet; } Modified: branches/SAMBA_4_0/source/ntvfs/common/brlock.c === --- branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 08:32:59 UTC (rev 3359) +++ branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 08:38:59 UTC (rev 3360) @@ -82,10 +82,9 @@ return NULL; } - path = lock_path(brl,
svn commit: samba r3361 - in branches/SAMBA_4_0/source: auth libcli/auth smb_server
Author: abartlet Date: 2004-10-29 09:15:41 + (Fri, 29 Oct 2004) New Revision: 3361 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3361 Log: Allow Samba4 (I'm interested in ntlm_auth in particular) to use Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/auth/auth.h branches/SAMBA_4_0/source/auth/auth_util.c branches/SAMBA_4_0/source/auth/auth_winbind.c branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c branches/SAMBA_4_0/source/smb_server/sesssetup.c Changeset: Sorry, the patch is too large (404 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3361
svn commit: samba r3362 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: abartlet Date: 2004-10-29 09:19:54 + (Fri, 29 Oct 2004) New Revision: 3362 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3362 Log: Change netlogon.idl so we can parse the 'info3' seperate from it's surroundings, and rename user_id - rid, as it could be a user or group id. Andrew Bartlett Andrew Bartlett Modified: branches/SAMBA_4_0/source/librpc/idl/netlogon.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/netlogon.idl === --- branches/SAMBA_4_0/source/librpc/idl/netlogon.idl 2004-10-29 09:15:41 UTC (rev 3361) +++ branches/SAMBA_4_0/source/librpc/idl/netlogon.idl 2004-10-29 09:19:54 UTC (rev 3362) @@ -134,7 +134,7 @@ } netr_Authenticator; typedef struct { - uint32 user_id; + uint32 rid; uint32 attributes; } netr_GroupMembership; @@ -184,7 +184,7 @@ uint32 attribute; } netr_SidAttr; - typedef struct { + typedef [public] struct { netr_SamBaseInfo base; uint32 sidcount; [size_is(sidcount)] netr_SidAttr *sids;
svn commit: samba r3363 - in branches/SAMBA_4_0/source: include ntvfs/common ntvfs/posix
Author: tridge Date: 2004-10-29 09:28:35 + (Fri, 29 Oct 2004) New Revision: 3363 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3363 Log: added basic support for SA_RIGHT_FILE_EXECUTE, needed for opening .dll files Modified: branches/SAMBA_4_0/source/include/rpc_secdes.h branches/SAMBA_4_0/source/ntvfs/common/opendb.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c Changeset: Modified: branches/SAMBA_4_0/source/include/rpc_secdes.h === --- branches/SAMBA_4_0/source/include/rpc_secdes.h 2004-10-29 09:19:54 UTC (rev 3362) +++ branches/SAMBA_4_0/source/include/rpc_secdes.h 2004-10-29 09:28:35 UTC (rev 3363) @@ -156,6 +156,7 @@ #define SA_RIGHT_FILE_DELETE_CHILD 0x0040 #define SA_RIGHT_FILE_READ_ATTRIBUTES 0x0080 #define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x0100 +#define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE) #define SA_RIGHT_FILE_ALL_ACCESS 0x01FF Modified: branches/SAMBA_4_0/source/ntvfs/common/opendb.c === --- branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 09:19:54 UTC (rev 3362) +++ branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 09:28:35 UTC (rev 3363) @@ -154,10 +154,14 @@ /* if either open involves no read.write or delete access then it can't conflict */ - if (!(e1-access_mask (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | STD_RIGHT_DELETE_ACCESS))) { + if (!(e1-access_mask (SA_RIGHT_FILE_WRITE_DATA | +SA_RIGHT_FILE_READ_EXEC | +STD_RIGHT_DELETE_ACCESS))) { return False; } - if (!(e2-access_mask (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | STD_RIGHT_DELETE_ACCESS))) { + if (!(e2-access_mask (SA_RIGHT_FILE_WRITE_DATA | +SA_RIGHT_FILE_READ_EXEC | +STD_RIGHT_DELETE_ACCESS))) { return False; } @@ -165,11 +169,19 @@ CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); CHECK_MASK(e2-access_mask, e1-share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); - CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ); - CHECK_MASK(e2-access_mask, e1-share_access, SA_RIGHT_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ); + CHECK_MASK(e1-access_mask, e2-share_access, + SA_RIGHT_FILE_READ_EXEC, + NTCREATEX_SHARE_ACCESS_READ); + CHECK_MASK(e2-access_mask, e1-share_access, + SA_RIGHT_FILE_READ_EXEC, + NTCREATEX_SHARE_ACCESS_READ); - CHECK_MASK(e1-access_mask, e2-share_access, STD_RIGHT_DELETE_ACCESS, NTCREATEX_SHARE_ACCESS_DELETE); - CHECK_MASK(e2-access_mask, e1-share_access, STD_RIGHT_DELETE_ACCESS, NTCREATEX_SHARE_ACCESS_DELETE); + CHECK_MASK(e1-access_mask, e2-share_access, + STD_RIGHT_DELETE_ACCESS, + NTCREATEX_SHARE_ACCESS_DELETE); + CHECK_MASK(e2-access_mask, e1-share_access, + STD_RIGHT_DELETE_ACCESS, + NTCREATEX_SHARE_ACCESS_DELETE); /* if a delete is pending then a second open is not allowed */ if ((e1-create_options NTCREATEX_OPTIONS_DELETE_ON_CLOSE) || Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-29 09:19:54 UTC (rev 3362) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-29 09:28:35 UTC (rev 3363) @@ -289,16 +289,13 @@ access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE; } - switch (access_mask (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) { - case SA_RIGHT_FILE_READ_DATA: - flags = O_RDONLY; - break; - case SA_RIGHT_FILE_WRITE_DATA: - flags = O_WRONLY; - break; - case SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_READ_DATA: + if ((access_mask SA_RIGHT_FILE_READ_EXEC) + (access_mask SA_RIGHT_FILE_WRITE_DATA)) { flags = O_RDWR; - break; + } else if (access_mask SA_RIGHT_FILE_WRITE_DATA) { + flags = O_WRONLY; + } else { + flags = O_RDONLY; } f = talloc_p(req, struct pvfs_file); @@ -493,16 +490,13 @@ return NT_STATUS_INVALID_PARAMETER; } - switch (access_mask (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) { - case SA_RIGHT_FILE_READ_DATA: -
svn commit: samba r3364 - in branches/SAMBA_4_0/source/rpc_server/netlogon: .
Author: abartlet Date: 2004-10-29 09:57:31 + (Fri, 29 Oct 2004) New Revision: 3364 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3364 Log: Add parameter to fix the compile. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c === --- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2004-10-29 09:28:35 UTC (rev 3363) +++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2004-10-29 09:57:31 UTC (rev 3364) @@ -541,6 +541,7 @@ nt_status = auth_context-check_ntlm_password(auth_context, user_info, + mem_ctx, server_info); if (!NT_STATUS_IS_OK(nt_status)) {
svn commit: samba r3365 - in branches/SAMBA_4_0/source/libcli/auth: .
Author: abartlet Date: 2004-10-29 09:58:23 + (Fri, 29 Oct 2004) New Revision: 3365 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3365 Log: Fill in the user and primary group SIDs into the 'server info' before the session info. Andrew Bartlett Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c === --- branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c 2004-10-29 09:57:31 UTC (rev 3364) +++ branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c 2004-10-29 09:58:23 UTC (rev 3365) @@ -616,8 +616,8 @@ *session_info_out = NULL; - /* IF we have the PAC - otherwise (TODO) we need to get this -* data from elsewere - local ldb, or lookup of some + /* IF we have the PAC - otherwise we need to get this +* data from elsewere - local ldb, or (TODO) lookup of some * kind... */ principal = talloc_strdup(gensec_krb5_state, gensec_krb5_state-peer_principal); @@ -666,14 +666,17 @@ } - sid = dom_sid_dup(session_info, logon_info-dom_sid); - ptoken-user_sids[0] = dom_sid_add_rid(session_info, sid, logon_info-user_rid); + sid = dom_sid_dup(server_info, logon_info-dom_sid); + server_info-user_sid = dom_sid_add_rid(server_info, sid, logon_info-user_rid); + sid = dom_sid_dup(server_info, logon_info-dom_sid); + server_info-primary_group_sid = dom_sid_add_rid(server_info, sid, logon_info-group_rid); + + ptoken-user_sids[0] = talloc_reference(session_info, server_info-user_sid); ptoken-num_sids++; - sid = dom_sid_dup(session_info, logon_info-dom_sid); - ptoken-user_sids[1] = dom_sid_add_rid(session_info, sid, logon_info-group_rid); + ptoken-user_sids[1] = talloc_reference(session_info, server_info-primary_group_sid); ptoken-num_sids++; - - for (;ptoken-num_sids logon_info-groups_count; ptoken-num_sids++) { + + for (;ptoken-num_sids (logon_info-groups_count + 2); ptoken-num_sids++) { sid = dom_sid_dup(session_info, logon_info-dom_sid); ptoken-user_sids[ptoken-num_sids] = dom_sid_add_rid(session_info, sid,
svn commit: samba r3367 - in branches/SAMBA_4_0/source: lib/registry/common lib/registry/reg_backend_ldb lib/registry/reg_backend_rpc rpc_server/winreg
Author: jelmer Date: 2004-10-29 11:44:59 + (Fri, 29 Oct 2004) New Revision: 3367 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3367 Log: More registry updates. Add support flush_key and close_hive. Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c Changeset: Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c === --- branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c 2004-10-29 11:39:08 UTC (rev 3366) +++ branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c 2004-10-29 11:44:59 UTC (rev 3367) @@ -157,6 +157,19 @@ return WERR_OK; } +WERROR reg_close (struct registry_context *ctx) +{ + int i; + for (i = 0; i ctx-num_hives; i++) { + if (ctx-hives[i]-functions-close_hive) { + ctx-hives[i]-functions-close_hive(ctx-hives[i]); + } + } + talloc_destroy(ctx); + + return WERR_OK; +} + /* Open a registry file/host/etc */ WERROR reg_import_hive(struct registry_context *h, const char *backend, const char *location, const char *credentials, const char *hivename) { @@ -367,7 +380,8 @@ if(key-hive-functions-get_subkey_by_name) { error = key-hive-functions-get_subkey_by_name(mem_ctx, key,name,subkey); - /* FIXME: Fall back to reg_open_key rather then get_subkey_by_index */ + } else if(key-hive-functions-open_key) { + error = key-hive-functions-open_key(mem_ctx, key-hive, talloc_asprintf(mem_ctx, %s\\%s, key-path, name), subkey); } else if(key-hive-functions-get_subkey_by_index) { for(i = 0; W_ERROR_IS_OK(error); i++) { error = reg_key_get_subkey_by_index(mem_ctx, key, i, subkey); @@ -589,9 +603,8 @@ return ret; } -WERROR reg_save(struct registry_context *h, const char *location) +WERROR reg_save (struct registry_context *ctx, const char *location) { - /* FIXME */ return WERR_NOT_SUPPORTED; } @@ -615,3 +628,17 @@ SAFE_FREE(parent_name); return error; } + +WERROR reg_key_flush(struct registry_key *key) +{ + if (!key) { + return WERR_INVALID_PARAM; + } + + if (key-hive-functions-flush_key) { + return key-hive-functions-flush_key(key); + } + + /* No need for flushing, apparently */ + return WERR_OK; +} Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c === --- branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c 2004-10-29 11:39:08 UTC (rev 3366) +++ branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c 2004-10-29 11:44:59 UTC (rev 3367) @@ -194,11 +194,18 @@ return WERR_OK; } +static WERROR ldb_close_hive (struct registry_hive *hive) +{ + ldb_close (hive-backend_data); + return WERR_OK; +} + static struct registry_operations reg_backend_ldb = { .name = ldb, .add_key = ldb_add_key, .del_key = ldb_del_key, .open_hive = ldb_open_hive, + .close_hive = ldb_close_hive, .open_key = ldb_open_key, .get_value_by_index = ldb_get_value_by_id, .get_subkey_by_index = ldb_get_subkey_by_id, Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c === --- branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c 2004-10-29 11:39:08 UTC (rev 3366) +++ branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c 2004-10-29 11:44:59 UTC (rev 3367) @@ -97,6 +97,12 @@ return WERR_OK; } +static WERROR rpc_close_hive (struct registry_hive *h) +{ + dcerpc_pipe_close(h-backend_data); + return WERR_OK; +} + static WERROR rpc_open_hive(TALLOC_CTX *mem_ctx, struct registry_hive *h, struct registry_key **k) { NTSTATUS status; @@ -373,6 +379,7 @@ static struct registry_operations reg_backend_rpc = { .name = rpc, .open_hive = rpc_open_hive, + .close_hive = rpc_close_hive, .open_key = rpc_open_key, .get_subkey_by_index = rpc_get_subkey_by_index, .get_value_by_index = rpc_get_value_by_index, Modified: branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c === --- branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2004-10-29 11:39:08 UTC (rev 3366) +++ branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2004-10-29 11:44:59 UTC (rev
Re: svn commit: lorikeet r116 - in trunk/samba4-ad-thesis: .
Andrew Bartlett wrote: - Death to dashes. Woohoo! Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984
svn commit: samba r3369 - in branches/SAMBA_4_0/source: include lib/registry/common rpc_server/winreg
Author: jelmer Date: 2004-10-29 13:38:37 + (Fri, 29 Oct 2004) New Revision: 3369 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3369 Log: More registry updates We now pass the RPC-WINREG torture test. Also, constructions like the following work now: regtree - smbd - NTUSER.DAT Modified: branches/SAMBA_4_0/source/include/registry.h branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c Changeset: Modified: branches/SAMBA_4_0/source/include/registry.h === --- branches/SAMBA_4_0/source/include/registry.h2004-10-29 12:12:24 UTC (rev 3368) +++ branches/SAMBA_4_0/source/include/registry.h2004-10-29 13:38:37 UTC (rev 3369) @@ -73,7 +73,7 @@ struct registry_value { char *name; - int data_type; + unsigned int data_type; int data_len; void *data_blk;/* Might want a separate block */ struct registry_hive *hive; @@ -104,6 +104,7 @@ /* Implement this one */ WERROR (*open_hive) (TALLOC_CTX *, struct registry_hive *, struct registry_key **); + WERROR (*close_hive) (struct registry_hive *); /* Or this one */ WERROR (*open_key) (TALLOC_CTX *, struct registry_hive *, const char *name, struct registry_key **); @@ -131,6 +132,7 @@ /* Key management */ WERROR (*add_key)(TALLOC_CTX *, struct registry_key *, const char *name, uint32_t access_mask, SEC_DESC *, struct registry_key **); WERROR (*del_key)(struct registry_key *); + WERROR (*flush_key) (struct registry_key *); /* Value management */ WERROR (*set_value)(struct registry_key *, const char *name, int type, void *data, int len); Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c === --- branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c 2004-10-29 12:12:24 UTC (rev 3368) +++ branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c 2004-10-29 13:38:37 UTC (rev 3369) @@ -340,7 +340,7 @@ talloc_destroy(mem_ctx); *count = i; - if(W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) return WERR_OK; + if(W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) error = WERR_OK; return error; } @@ -351,8 +351,26 @@ { if(!key) return WERR_INVALID_PARAM; - - return key-hive-functions-num_values(key, count); + + if (key-hive-functions-num_values) { + return key-hive-functions-num_values(key, count); + } + + if(key-hive-functions-get_value_by_index) { + int i; + WERROR error; + struct registry_value *dest; + TALLOC_CTX *mem_ctx = talloc_init(num_subkeys); + + for(i = 0; W_ERROR_IS_OK(error = key-hive-functions-get_value_by_index(mem_ctx, key, i, dest)); i++); + talloc_destroy(mem_ctx); + + *count = i; + if(W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) error = WERR_OK; + return error; + } + + return WERR_NOT_SUPPORTED; } WERROR reg_key_get_subkey_by_index(TALLOC_CTX *mem_ctx, struct registry_key *key, int idx, struct registry_key **subkey) @@ -646,3 +664,55 @@ /* No need for flushing, apparently */ return WERR_OK; } + +WERROR reg_key_subkeysizes(struct registry_key *key, uint32 *max_subkeylen, uint32 *max_subkeysize) +{ + int i = 0; + struct registry_key *subkey; + WERROR error; + TALLOC_CTX *mem_ctx = talloc_init(subkeysize); + + *max_subkeylen = *max_subkeysize = 0; + + do { + error = reg_key_get_subkey_by_index(mem_ctx, key, i, subkey); + + if (W_ERROR_IS_OK(error)) { + *max_subkeysize = MAX(*max_subkeysize, 0xFF); + *max_subkeylen = MAX(*max_subkeylen, strlen(subkey-name)); + } + + i++; + } while (W_ERROR_IS_OK(error)); + + talloc_destroy(mem_ctx); + + return WERR_OK; +} + +WERROR reg_key_valuesizes(struct registry_key *key, uint32 *max_valnamelen, uint32 *max_valbufsize) +{ + int i = 0; + struct registry_value *value; + WERROR error; + TALLOC_CTX *mem_ctx = talloc_init(subkeysize); + + *max_valnamelen = *max_valbufsize = 0; + + do { + error = reg_key_get_value_by_index(mem_ctx, key, i, value); + + if (W_ERROR_IS_OK(error)) { + if (value-name) { + *max_valnamelen = MAX(*max_valnamelen, strlen(value-name)); + } + *max_valbufsize = MAX(*max_valbufsize, value-data_len); + } + + i++; + } while (W_ERROR_IS_OK(error)); + +
svn commit: samba r3370 - in branches/SAMBA_4_0/source: gtk/tools lib/registry/tools
Author: jelmer Date: 2004-10-29 14:53:23 + (Fri, 29 Oct 2004) New Revision: 3370 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3370 Log: Initial work on Add Key/Delete Key/Add Value/Mod Value/Del Value support in gregedit Modified: branches/SAMBA_4_0/source/gtk/tools/gregedit.c branches/SAMBA_4_0/source/lib/registry/tools/regdiff.c Changeset: Sorry, the patch is too large (372 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3370
svn commit: samba r3372 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-10-29 21:51:36 + (Fri, 29 Oct 2004) New Revision: 3372 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3372 Log: fixed the initial directory permissions for pvfs_mkdir() Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2004-10-29 21:51:00 UTC (rev 3371) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2004-10-29 21:51:36 UTC (rev 3372) @@ -32,6 +32,7 @@ struct pvfs_state *pvfs = ntvfs-private_data; NTSTATUS status; struct pvfs_filename *name; + mode_t mode; if (md-generic.level != RAW_MKDIR_MKDIR) { return NT_STATUS_INVALID_LEVEL; @@ -48,10 +49,9 @@ return NT_STATUS_OBJECT_NAME_COLLISION; } - /* TODO: this is a temporary implementation to allow other - tests to run */ + mode = pvfs_fileperms(pvfs, FILE_ATTRIBUTE_DIRECTORY); - if (mkdir(name-full_name, 0777) == -1) { + if (mkdir(name-full_name, mode) == -1) { return pvfs_map_errno(pvfs, errno); }
svn commit: samba r3373 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-10-29 21:52:49 + (Fri, 29 Oct 2004) New Revision: 3373 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3373 Log: added better error reporting in pvfs_open Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-29 21:51:36 UTC (rev 3372) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-29 21:52:49 UTC (rev 3373) @@ -27,8 +27,8 @@ create file handles with convenient numbers for sniffers */ #define PVFS_MIN_FILE_FNUM 0x100 -#define PVFS_MIN_NEW_FNUM 0x200 -#define PVFS_MIN_DIR_FNUM 0x1000 +#define PVFS_MIN_NEW_FNUM 0x200 +#define PVFS_MIN_DIR_FNUM 0x300 /* find open file handle given fnum @@ -64,8 +64,8 @@ if (f-create_options NTCREATEX_OPTIONS_DELETE_ON_CLOSE) { if (rmdir(f-name-full_name) != 0) { - DEBUG(0,(pvfs_close: failed to rmdir '%s'\n, -f-name-full_name)); + DEBUG(0,(pvfs_close: failed to rmdir '%s' - %s\n, +f-name-full_name, strerror(errno))); } } @@ -214,8 +214,8 @@ if (f-create_options NTCREATEX_OPTIONS_DELETE_ON_CLOSE) { if (unlink(f-name-full_name) != 0) { - DEBUG(0,(pvfs_close: failed to delete '%s'\n, -f-name-full_name)); + DEBUG(0,(pvfs_close: failed to delete '%s' - %s\n, +f-name-full_name, strerror(errno))); } }
svn commit: samba r3374 - in branches/SAMBA_4_0/source: gtk/tools lib/registry/common
Author: jelmer Date: 2004-10-29 21:53:42 + (Fri, 29 Oct 2004) New Revision: 3374 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3374 Log: Couple of bug fixes Modified: branches/SAMBA_4_0/source/gtk/tools/gregedit.c branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c Changeset: Modified: branches/SAMBA_4_0/source/gtk/tools/gregedit.c === --- branches/SAMBA_4_0/source/gtk/tools/gregedit.c 2004-10-29 21:52:49 UTC (rev 3373) +++ branches/SAMBA_4_0/source/gtk/tools/gregedit.c 2004-10-29 21:53:42 UTC (rev 3374) @@ -28,6 +28,7 @@ GtkListStore *store_vals; GtkWidget *tree_keys; GtkWidget *mainwin; +GtkWidget *mnu_add_key, *mnu_add_value, *mnu_del_key, *mnu_del_value, *mnu_find; TALLOC_CTX *mem_ctx; /* FIXME: Split up */ GtkWidget *save; @@ -438,19 +439,28 @@ static void on_add_key_activate (GtkMenuItem *menuitem, gpointer user_data) { +GtkDialog *addwin = GTK_DIALOG(create_NewKeyDialog()); +gtk_dialog_run(addwin); /* FIXME */ +gtk_widget_destroy(GTK_WIDGET(addwin)); } static void on_add_value_activate (GtkMenuItem *menuitem, gpointer user_data) { +GtkDialog *addwin = GTK_DIALOG(create_SetValueDialog()); +gtk_dialog_run(addwin); /* FIXME */ +gtk_widget_destroy(GTK_WIDGET(addwin)); } static void on_find_activate (GtkMenuItem *menuitem, gpointer user_data) { +GtkDialog *findwin = GTK_DIALOG(create_FindDialog()); +gtk_dialog_run(findwin); /* FIXME */ +gtk_widget_destroy(GTK_WIDGET(findwin)); } static void on_about_activate (GtkMenuItem *menuitem, @@ -472,8 +482,15 @@ struct registry_value *val; WERROR error; GtkTreeIter parent; - if(path_currently_selected)return TRUE; + gtk_widget_set_sensitive(mnu_add_key, !path_currently_selected); + gtk_widget_set_sensitive(mnu_add_value, !path_currently_selected); + gtk_widget_set_sensitive(mnu_del_key, !path_currently_selected); + gtk_widget_set_sensitive(mnu_del_value, !path_currently_selected); + gtk_widget_set_sensitive(mnu_find, !path_currently_selected); + + if(path_currently_selected) { return TRUE; } + gtk_tree_model_get_iter(GTK_TREE_MODEL(store_keys), parent, path); gtk_tree_model_get(GTK_TREE_MODEL(store_keys), parent, 1, k, -1); @@ -519,9 +536,6 @@ GtkWidget *quit; GtkWidget *men_key; GtkWidget *men_key_menu; - GtkWidget *delete; - GtkWidget *find; - GtkWidget *add_key, *add_value; GtkCellRenderer *renderer; GtkTreeViewColumn *curcol; GtkWidget *help; @@ -618,25 +632,32 @@ men_key_menu = gtk_menu_new (); gtk_menu_item_set_submenu (GTK_MENU_ITEM (men_key), men_key_menu); - add_key = gtk_image_menu_item_new_with_mnemonic(Add _Subkey); - gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (add_key), gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU)); + mnu_add_key = gtk_image_menu_item_new_with_mnemonic(Add _Subkey); + gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (mnu_add_key), gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU)); - gtk_widget_set_sensitive(add_key, False); - gtk_container_add (GTK_CONTAINER (men_key_menu), add_key); + gtk_widget_set_sensitive(mnu_add_key, False); + gtk_container_add (GTK_CONTAINER (men_key_menu), mnu_add_key); - add_value = gtk_image_menu_item_new_with_mnemonic(Add _Value); - gtk_widget_set_sensitive(add_value, False); - gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (add_value), gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU)); - gtk_container_add (GTK_CONTAINER (men_key_menu), add_value); + mnu_add_value = gtk_image_menu_item_new_with_mnemonic(Add _Value); + gtk_widget_set_sensitive(mnu_add_value, False); + gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (mnu_add_value), gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU)); + gtk_container_add (GTK_CONTAINER (men_key_menu), mnu_add_value); - find = gtk_image_menu_item_new_from_stock (gtk-find, accel_group); - gtk_widget_set_sensitive(find, False); - gtk_container_add (GTK_CONTAINER (men_key_menu), find); + mnu_find = gtk_image_menu_item_new_from_stock (gtk-find, accel_group); + gtk_widget_set_sensitive(mnu_find, False); + gtk_container_add (GTK_CONTAINER (men_key_menu), mnu_find); - delete = gtk_image_menu_item_new_from_stock (gtk-delete,
svn commit: samba r3375 - in branches/SAMBA_4_0/source/param: .
Author: tridge Date: 2004-10-29 21:55:06 + (Fri, 29 Oct 2004) New Revision: 3375 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3375 Log: changed the default max xmit until I fix a problem with the SMBtrans multi-part code A higher max xmit avoids multi-part trans requests Modified: branches/SAMBA_4_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_4_0/source/param/loadparm.c === --- branches/SAMBA_4_0/source/param/loadparm.c 2004-10-29 21:53:42 UTC (rev 3374) +++ branches/SAMBA_4_0/source/param/loadparm.c 2004-10-29 21:55:06 UTC (rev 3375) @@ -939,7 +939,7 @@ do_parameter(load printers, True); do_parameter(max mux, 50); - do_parameter(max xmit, 4356); + do_parameter(max xmit, 65535); do_parameter(lpqcachetime, 10); do_parameter(DisableSpoolss, False); do_parameter(password level, 0);
svn commit: samba r3376 - in trunk/source: include libads libsmb utils
Author: jra Date: 2004-10-29 22:38:05 + (Fri, 29 Oct 2004) New Revision: 3376 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3376 Log: Merge in first part of modified patch from Nalin Dahyabhai [EMAIL PROTECTED] for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. Modified: trunk/source/include/secrets.h trunk/source/libads/kerberos.c trunk/source/libads/krb5_setpw.c trunk/source/libsmb/cliconnect.c trunk/source/libsmb/clikrb5.c trunk/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (767 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3376
svn commit: samba r3377 - in branches/SAMBA_3_0/source: include libads libsmb utils
Author: jra Date: 2004-10-29 22:38:10 + (Fri, 29 Oct 2004) New Revision: 3377 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3377 Log: Merge in first part of modified patch from Nalin Dahyabhai [EMAIL PROTECTED] for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. Modified: branches/SAMBA_3_0/source/include/secrets.h branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/libads/krb5_setpw.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clikrb5.c branches/SAMBA_3_0/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (767 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3377
svn commit: samba r3378 - in trunk/source: libads libsmb
Author: jra Date: 2004-10-30 00:34:50 + (Sat, 30 Oct 2004) New Revision: 3378 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3378 Log: More merging of kerberos keytab and salting fixes from Nalin Dahyabhai [EMAIL PROTECTED] (bugid #1717). Jeremy. Modified: trunk/source/libads/kerberos.c trunk/source/libads/kerberos_keytab.c trunk/source/libsmb/clikrb5.c Changeset: Modified: trunk/source/libads/kerberos.c === --- trunk/source/libads/kerberos.c 2004-10-29 22:38:10 UTC (rev 3377) +++ trunk/source/libads/kerberos.c 2004-10-30 00:34:50 UTC (rev 3378) @@ -608,7 +608,18 @@ char *service_principal) { int i; + BOOL free_ccache = False; + if (ccache == NULL) { + krb5_error_code ret; + if ((ret = krb5_cc_resolve(context, LIBADS_CCACHE_NAME, ccache)) != 0) { + DEBUG(0, (kerberos_derive_salting_principal: krb5_cc_resolve for %s failed: %s\n, + LIBADS_CCACHE_NAME, error_message(ret))); + return; + } + free_ccache = True; + } + /* Try for each enctype separately, because the rules are * different for different enctypes. */ for (i = 0; enctypes[i] != 0; i++) { @@ -629,6 +640,10 @@ enctypes[i], enctypes); } + + if (free_ccache ccache) { + krb5_cc_close(context, ccache); + } } / Modified: trunk/source/libads/kerberos_keytab.c === --- trunk/source/libads/kerberos_keytab.c 2004-10-29 22:38:10 UTC (rev 3377) +++ trunk/source/libads/kerberos_keytab.c 2004-10-30 00:34:50 UTC (rev 3378) @@ -102,8 +102,35 @@ /* Construct our principal */ name_to_fqdn(my_fqdn, global_myname()); strlower_m(my_fqdn); - asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, lp_realm()); + if (strchr_m(srvPrinc, '@')) { + /* It's a fully-named principal. */ + asprintf(princ_s, %s, srvPrinc); + } else if (srvPrinc[strlen(srvPrinc)-1] == '$') { + /* It's the machine account, as used by smbclient clients. */ + asprintf(princ_s, [EMAIL PROTECTED], srvPrinc, lp_realm()); + } else { + /* It's a normal service principal. Add the SPN now so that we +* can obtain credentials for it and double-check the salt value +* used to generate the service's keys. */ + asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, lp_realm()); + /* Update the directory with the SPN */ + DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, princ_s)); + if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), srvPrinc))) { + DEBUG(1,(ads_keytab_add_entry: ads_add_service_principal_name failed.\n)); + goto out; + } + } + + ret = get_kerberos_allowed_etypes(context,enctypes); + if (ret) { + DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed (%s)\n,error_message(ret))); + goto out; + } + + /* Guess at how the KDC is salting keys for this principal. */ + kerberos_derive_salting_principal(context, NULL, enctypes, princ_s); + ret = krb5_parse_name(context, princ_s, princ); if (ret) { DEBUG(1,(ads_keytab_add_entry: krb5_parse_name(%s) failed (%s)\n, princ_s, error_message(ret))); @@ -202,12 +229,6 @@ /* If we get here, we have deleted all the old entries with kvno's not equal to the current kvno-1. */ - ret = get_kerberos_allowed_etypes(context,enctypes); - if (ret) { - DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed (%s)\n,error_message(ret))); - goto out; - } - /* Now add keytab entries for all encryption types */ for (i = 0; enctypes[i]; i++) { krb5_keyblock *keyp; @@ -242,13 +263,6 @@ krb5_kt_close(context, keytab); keytab = NULL; /* Done with keytab now. No double free. */ - /* Update the LDAP with the SPN */ - DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, princ_s)); - if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), srvPrinc))) { - DEBUG(1,(ads_keytab_add_entry: ads_add_service_principcal_name failed.\n)); - goto out; - } - out: SAFE_FREE(principal); @@ -412,8 +426,9 @@ krb5_kt_cursor
svn commit: samba r3379 - in branches/SAMBA_3_0/source: libads libsmb
Author: jra Date: 2004-10-30 00:34:58 + (Sat, 30 Oct 2004) New Revision: 3379 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3379 Log: More merging of kerberos keytab and salting fixes from Nalin Dahyabhai [EMAIL PROTECTED] (bugid #1717). Jeremy. Modified: branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/libads/kerberos_keytab.c branches/SAMBA_3_0/source/libsmb/clikrb5.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos.c === --- branches/SAMBA_3_0/source/libads/kerberos.c 2004-10-30 00:34:50 UTC (rev 3378) +++ branches/SAMBA_3_0/source/libads/kerberos.c 2004-10-30 00:34:58 UTC (rev 3379) @@ -608,7 +608,18 @@ char *service_principal) { int i; + BOOL free_ccache = False; + if (ccache == NULL) { + krb5_error_code ret; + if ((ret = krb5_cc_resolve(context, LIBADS_CCACHE_NAME, ccache)) != 0) { + DEBUG(0, (kerberos_derive_salting_principal: krb5_cc_resolve for %s failed: %s\n, + LIBADS_CCACHE_NAME, error_message(ret))); + return; + } + free_ccache = True; + } + /* Try for each enctype separately, because the rules are * different for different enctypes. */ for (i = 0; enctypes[i] != 0; i++) { @@ -629,6 +640,10 @@ enctypes[i], enctypes); } + + if (free_ccache ccache) { + krb5_cc_close(context, ccache); + } } / Modified: branches/SAMBA_3_0/source/libads/kerberos_keytab.c === --- branches/SAMBA_3_0/source/libads/kerberos_keytab.c 2004-10-30 00:34:50 UTC (rev 3378) +++ branches/SAMBA_3_0/source/libads/kerberos_keytab.c 2004-10-30 00:34:58 UTC (rev 3379) @@ -101,8 +101,35 @@ /* Construct our principal */ name_to_fqdn(my_fqdn, global_myname()); strlower_m(my_fqdn); - asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, lp_realm()); + if (strchr_m(srvPrinc, '@')) { + /* It's a fully-named principal. */ + asprintf(princ_s, %s, srvPrinc); + } else if (srvPrinc[strlen(srvPrinc)-1] == '$') { + /* It's the machine account, as used by smbclient clients. */ + asprintf(princ_s, [EMAIL PROTECTED], srvPrinc, lp_realm()); + } else { + /* It's a normal service principal. Add the SPN now so that we +* can obtain credentials for it and double-check the salt value +* used to generate the service's keys. */ + asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, lp_realm()); + /* Update the directory with the SPN */ + DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, princ_s)); + if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), srvPrinc))) { + DEBUG(1,(ads_keytab_add_entry: ads_add_service_principal_name failed.\n)); + goto out; + } + } + + ret = get_kerberos_allowed_etypes(context,enctypes); + if (ret) { + DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed (%s)\n,error_message(ret))); + goto out; + } + + /* Guess at how the KDC is salting keys for this principal. */ + kerberos_derive_salting_principal(context, NULL, enctypes, princ_s); + ret = krb5_parse_name(context, princ_s, princ); if (ret) { DEBUG(1,(ads_keytab_add_entry: krb5_parse_name(%s) failed (%s)\n, princ_s, error_message(ret))); @@ -201,12 +228,6 @@ /* If we get here, we have deleted all the old entries with kvno's not equal to the current kvno-1. */ - ret = get_kerberos_allowed_etypes(context,enctypes); - if (ret) { - DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed (%s)\n,error_message(ret))); - goto out; - } - /* Now add keytab entries for all encryption types */ for (i = 0; enctypes[i]; i++) { krb5_keyblock *keyp; @@ -241,13 +262,6 @@ krb5_kt_close(context, keytab); keytab = NULL; /* Done with keytab now. No double free. */ - /* Update the LDAP with the SPN */ - DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, princ_s)); - if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), srvPrinc))) { - DEBUG(1,(ads_keytab_add_entry: ads_add_service_principcal_name failed.\n)); - goto out;
svn commit: samba r3380 - in branches/SAMBA_4_0/source: include libcli/raw param smb_server
Author: tridge Date: 2004-10-30 01:22:52 + (Sat, 30 Oct 2004) New Revision: 3380 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3380 Log: - changed the default behaviour of server signing. We now have a default setting of server signing = auto, which means to offer signing only if we have domain logons enabled (ie. we are a DC). This is a better match for what windows clients want, as unfortunately windows clients always use signing if it is offered, and when they use signing they not only go slower because of the signing itself, they also disable large readx/writex support, so they end up sending very small IOs for. - changed the default max xmit again, this time matching longhorn, which uses 12288. That seems to be a fairly good compromise value. Modified: branches/SAMBA_4_0/source/include/smb.h branches/SAMBA_4_0/source/libcli/raw/smb_signing.c branches/SAMBA_4_0/source/param/loadparm.c branches/SAMBA_4_0/source/smb_server/signing.c Changeset: Modified: branches/SAMBA_4_0/source/include/smb.h === --- branches/SAMBA_4_0/source/include/smb.h 2004-10-30 00:34:58 UTC (rev 3379) +++ branches/SAMBA_4_0/source/include/smb.h 2004-10-30 01:22:52 UTC (rev 3380) @@ -33,7 +33,8 @@ #define SMB_PORT2 139 #define SMB_PORTS 445 139 -enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED}; +enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, + SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO}; /* deny modes */ #define DENY_DOS 0 Modified: branches/SAMBA_4_0/source/libcli/raw/smb_signing.c === --- branches/SAMBA_4_0/source/libcli/raw/smb_signing.c 2004-10-30 00:34:58 UTC (rev 3379) +++ branches/SAMBA_4_0/source/libcli/raw/smb_signing.c 2004-10-30 01:22:52 UTC (rev 3380) @@ -394,6 +394,7 @@ transport-negotiate.sign_info.allow_smb_signing = False; break; case SMB_SIGNING_SUPPORTED: + case SMB_SIGNING_AUTO: transport-negotiate.sign_info.allow_smb_signing = True; break; case SMB_SIGNING_REQUIRED: Modified: branches/SAMBA_4_0/source/param/loadparm.c === --- branches/SAMBA_4_0/source/param/loadparm.c 2004-10-30 00:34:58 UTC (rev 3379) +++ branches/SAMBA_4_0/source/param/loadparm.c 2004-10-30 01:22:52 UTC (rev 3380) @@ -198,8 +198,8 @@ BOOL bLanmanAuth; BOOL bNTLMAuth; BOOL bUseSpnego; - BOOL server_signing; - BOOL client_signing; + int server_signing; + int client_signing; BOOL bClientLanManAuth; BOOL bClientNTLMv2Auth; BOOL bHostMSDfs; @@ -456,12 +456,12 @@ {SMB_SIGNING_SUPPORTED, 1}, {SMB_SIGNING_SUPPORTED, On}, {SMB_SIGNING_SUPPORTED, enabled}, - {SMB_SIGNING_SUPPORTED, auto}, {SMB_SIGNING_REQUIRED, required}, {SMB_SIGNING_REQUIRED, mandatory}, {SMB_SIGNING_REQUIRED, force}, {SMB_SIGNING_REQUIRED, forced}, {SMB_SIGNING_REQUIRED, enforced}, + {SMB_SIGNING_AUTO, auto}, {-1, NULL} }; @@ -939,7 +939,7 @@ do_parameter(load printers, True); do_parameter(max mux, 50); - do_parameter(max xmit, 65535); + do_parameter(max xmit, 12288); do_parameter(lpqcachetime, 10); do_parameter(DisableSpoolss, False); do_parameter(password level, 0); @@ -1006,7 +1006,7 @@ do_parameter(name cache timeout, 660); /* In seconds */ do_parameter(client signing, Yes); - do_parameter(server signing, Yes); + do_parameter(server signing, auto); do_parameter(use spnego, True); Modified: branches/SAMBA_4_0/source/smb_server/signing.c === --- branches/SAMBA_4_0/source/smb_server/signing.c 2004-10-30 00:34:58 UTC (rev 3379) +++ branches/SAMBA_4_0/source/smb_server/signing.c 2004-10-30 01:22:52 UTC (rev 3380) @@ -110,6 +110,13 @@ smb_conn-signing.allow_smb_signing = True; smb_conn-signing.mandatory_signing = True; break; + case SMB_SIGNING_AUTO: + if (lp_domain_logons()) { + smb_conn-signing.allow_smb_signing = True; + } else { + smb_conn-signing.allow_smb_signing = False; + } + break; } return True; }
svn commit: samba r3381 - in branches/SAMBA_3_0/source/libads: .
Author: jra Date: 2004-10-30 01:32:05 + (Sat, 30 Oct 2004) New Revision: 3381 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3381 Log: More merging of the #1717 patch. Fixup some erroneous assumptions about memcpy's into fqdn names. I think the original intent was to create MYNAME.fqdn.tail.part. Will need testing to see I haven't broken keytab support. Jeremy. Modified: branches/SAMBA_3_0/source/libads/kerberos_keytab.c branches/SAMBA_3_0/source/libads/kerberos_verify.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos_keytab.c === --- branches/SAMBA_3_0/source/libads/kerberos_keytab.c 2004-10-30 01:22:52 UTC (rev 3380) +++ branches/SAMBA_3_0/source/libads/kerberos_keytab.c 2004-10-30 01:32:05 UTC (rev 3381) @@ -425,6 +425,7 @@ krb5_keytab_entry kt_entry; krb5_kvno kvno; fstring my_fqdn, my_Fqdn, my_name, my_NAME; + char *p_fqdn; int i, found = 0; char **oldEntries = NULL, *princ_s[18];; @@ -441,14 +442,20 @@ fstrcpy(my_name, global_myname()); strlower_m(my_name); + fstrcpy(my_NAME, global_myname()); strupper_m(my_NAME); - name_to_fqdn(my_Fqdn, global_myname()); - strlower_m(my_Fqdn); - memcpy(my_Fqdn, my_NAME, strlen(my_NAME)); + + my_fqdn[0] = '\0'; name_to_fqdn(my_fqdn, global_myname()); strlower_m(my_fqdn); + p_fqdn = strchr_m(my_fqdn, '.'); + fstrcpy(my_Fqdn, my_NAME); + if (p_fqdn) { + fstrcat(my_Fqdn, p_fqdn); + } + asprintf(princ_s[0], [EMAIL PROTECTED], my_name, lp_realm()); asprintf(princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm()); asprintf(princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm()); Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c === --- branches/SAMBA_3_0/source/libads/kerberos_verify.c 2004-10-30 01:22:52 UTC (rev 3380) +++ branches/SAMBA_3_0/source/libads/kerberos_verify.c 2004-10-30 01:32:05 UTC (rev 3381) @@ -41,84 +41,92 @@ { krb5_error_code ret = 0; BOOL auth_ok = False; - krb5_keytab keytab = NULL; - krb5_kt_cursor cursor; - krb5_keytab_entry kt_entry; - char *princ_name = NULL; + fstring my_fqdn, my_name; + fstring my_Fqdn, my_NAME; + char *p_fqdn; + char *host_princ_s[18]; + krb5_principal host_princ; + int i; - ZERO_STRUCT(kt_entry); - ZERO_STRUCT(cursor); - ret = krb5_kt_default(context, keytab); if (ret) { DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_default failed (%s)\n, error_message(ret))); goto out; } - ret = krb5_kt_start_seq_get(context, keytab, cursor); - if (ret) { - DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (%s)\n, error_message(ret))); - goto out; + /* Generate the list of principal names which we expect clients might +* want to use for authenticating to the file service. */ + + fstrcpy(my_name, global_myname()); + strlower_m(my_name); + + fstrcpy(my_NAME, global_myname()); + strupper_m(my_NAME); + + my_fqdn[0] = '\0'; + name_to_fqdn(my_fqdn, global_myname()); + strlower_m(my_fqdn); + + p_fqdn = strchr_m(my_fqdn, '.'); + fstrcpy(my_Fqdn, my_NAME); + if (p_fqdn) { + fstrcat(my_Fqdn, p_fqdn); } - while (!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) { - ret = krb5_unparse_name(context, kt_entry.principal, princ_name); +asprintf(host_princ_s[0], [EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[3], host/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[4], host/[EMAIL PROTECTED], my_fqdn, lp_realm()); +asprintf(host_princ_s[5], host/[EMAIL PROTECTED], my_Fqdn, lp_realm()); +asprintf(host_princ_s[6], HOST/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[7], HOST/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[8], HOST/[EMAIL PROTECTED], my_fqdn, lp_realm()); +asprintf(host_princ_s[9], HOST/[EMAIL PROTECTED], my_Fqdn, lp_realm()); +asprintf(host_princ_s[10], cifs/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[11], cifs/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[12], cifs/[EMAIL PROTECTED], my_fqdn, lp_realm()); +asprintf(host_princ_s[13], cifs/[EMAIL PROTECTED], my_Fqdn, lp_realm()); +asprintf(host_princ_s[14], CIFS/[EMAIL PROTECTED], my_name, lp_realm()); +
svn commit: samba r3382 - in trunk/source/libads: .
Author: jra Date: 2004-10-30 01:32:12 + (Sat, 30 Oct 2004) New Revision: 3382 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3382 Log: More merging of the #1717 patch. Fixup some erroneous assumptions about memcpy's into fqdn names. I think the original intent was to create MYNAME.fqdn.tail.part. Will need testing to see I haven't broken keytab support. Jeremy. Modified: trunk/source/libads/kerberos_keytab.c trunk/source/libads/kerberos_verify.c Changeset: Modified: trunk/source/libads/kerberos_keytab.c === --- trunk/source/libads/kerberos_keytab.c 2004-10-30 01:32:05 UTC (rev 3381) +++ trunk/source/libads/kerberos_keytab.c 2004-10-30 01:32:12 UTC (rev 3382) @@ -427,6 +427,7 @@ krb5_keytab_entry kt_entry; krb5_kvno kvno; fstring my_fqdn, my_Fqdn, my_name, my_NAME; + char *p_fqdn; int i, found = 0; char **oldEntries = NULL, *princ_s[18];; @@ -443,14 +444,20 @@ fstrcpy(my_name, global_myname()); strlower_m(my_name); + fstrcpy(my_NAME, global_myname()); strupper_m(my_NAME); - name_to_fqdn(my_Fqdn, global_myname()); - strlower_m(my_Fqdn); - memcpy(my_Fqdn, my_NAME, strlen(my_NAME)); + + my_fqdn[0] = '\0'; name_to_fqdn(my_fqdn, global_myname()); strlower_m(my_fqdn); + p_fqdn = strchr_m(my_fqdn, '.'); + fstrcpy(my_Fqdn, my_NAME); + if (p_fqdn) { + fstrcat(my_Fqdn, p_fqdn); + } + asprintf(princ_s[0], [EMAIL PROTECTED], my_name, lp_realm()); asprintf(princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm()); asprintf(princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm()); Modified: trunk/source/libads/kerberos_verify.c === --- trunk/source/libads/kerberos_verify.c 2004-10-30 01:32:05 UTC (rev 3381) +++ trunk/source/libads/kerberos_verify.c 2004-10-30 01:32:12 UTC (rev 3382) @@ -41,84 +41,92 @@ { krb5_error_code ret = 0; BOOL auth_ok = False; - krb5_keytab keytab = NULL; - krb5_kt_cursor cursor; - krb5_keytab_entry kt_entry; - char *princ_name = NULL; + fstring my_fqdn, my_name; + fstring my_Fqdn, my_NAME; + char *p_fqdn; + char *host_princ_s[18]; + krb5_principal host_princ; + int i; - ZERO_STRUCT(kt_entry); - ZERO_STRUCT(cursor); - ret = krb5_kt_default(context, keytab); if (ret) { DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_default failed (%s)\n, error_message(ret))); goto out; } - ret = krb5_kt_start_seq_get(context, keytab, cursor); - if (ret) { - DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (%s)\n, error_message(ret))); - goto out; + /* Generate the list of principal names which we expect clients might +* want to use for authenticating to the file service. */ + + fstrcpy(my_name, global_myname()); + strlower_m(my_name); + + fstrcpy(my_NAME, global_myname()); + strupper_m(my_NAME); + + my_fqdn[0] = '\0'; + name_to_fqdn(my_fqdn, global_myname()); + strlower_m(my_fqdn); + + p_fqdn = strchr_m(my_fqdn, '.'); + fstrcpy(my_Fqdn, my_NAME); + if (p_fqdn) { + fstrcat(my_Fqdn, p_fqdn); } - while (!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) { - ret = krb5_unparse_name(context, kt_entry.principal, princ_name); +asprintf(host_princ_s[0], [EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[3], host/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[4], host/[EMAIL PROTECTED], my_fqdn, lp_realm()); +asprintf(host_princ_s[5], host/[EMAIL PROTECTED], my_Fqdn, lp_realm()); +asprintf(host_princ_s[6], HOST/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[7], HOST/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[8], HOST/[EMAIL PROTECTED], my_fqdn, lp_realm()); +asprintf(host_princ_s[9], HOST/[EMAIL PROTECTED], my_Fqdn, lp_realm()); +asprintf(host_princ_s[10], cifs/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[11], cifs/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[12], cifs/[EMAIL PROTECTED], my_fqdn, lp_realm()); +asprintf(host_princ_s[13], cifs/[EMAIL PROTECTED], my_Fqdn, lp_realm()); +asprintf(host_princ_s[14], CIFS/[EMAIL PROTECTED], my_name, lp_realm()); +asprintf(host_princ_s[15], CIFS/[EMAIL PROTECTED], my_NAME, lp_realm()); +asprintf(host_princ_s[16],
svn commit: samba r3383 - in branches/SAMBA_4_0/source: libcli/raw librpc/rpc torture/basic torture/rap
Author: tridge Date: 2004-10-30 02:17:03 + (Sat, 30 Oct 2004) New Revision: 3383 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3383 Log: avoid multi-part SMBtrans and SMBtrans2 replies until our client library can handle them properly (they are difficult to do in an async fashion). By choosing trans.in.max_data to fix in the negotiated buffer size a server won't send us multi-part replies. I notice that windows seems to avoid them too :) Modified: branches/SAMBA_4_0/source/libcli/raw/rawacl.c branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c branches/SAMBA_4_0/source/libcli/raw/rawsearch.c branches/SAMBA_4_0/source/libcli/raw/rawtrans.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_smb.c branches/SAMBA_4_0/source/torture/basic/aliases.c branches/SAMBA_4_0/source/torture/basic/scanner.c branches/SAMBA_4_0/source/torture/rap/rap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/rawacl.c === --- branches/SAMBA_4_0/source/libcli/raw/rawacl.c 2004-10-30 01:32:12 UTC (rev 3382) +++ branches/SAMBA_4_0/source/libcli/raw/rawacl.c 2004-10-30 02:17:03 UTC (rev 3383) @@ -31,7 +31,7 @@ nt.in.max_setup = 0; nt.in.max_param = 4; - nt.in.max_data = 0x1; + nt.in.max_data = smb_raw_max_trans_data(tree, 4); nt.in.setup_count = 0; nt.in.function = NT_TRANSACT_QUERY_SECURITY_DESC; nt.in.setup = NULL; Modified: branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c === --- branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c 2004-10-30 01:32:12 UTC (rev 3382) +++ branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c 2004-10-30 02:17:03 UTC (rev 3383) @@ -291,7 +291,7 @@ tp.in.setup_count = 1; tp.in.data = data_blob(NULL, 0); tp.in.max_param = 2; - tp.in.max_data = 0x; + tp.in.max_data = smb_raw_max_trans_data(tree, 2); tp.in.setup = setup; tp.in.params = data_blob_talloc(mem_ctx, NULL, 4); @@ -344,7 +344,7 @@ tp.in.setup_count = 1; tp.in.data = data_blob(NULL, 0); tp.in.max_param = 2; - tp.in.max_data = 0x; + tp.in.max_data = smb_raw_max_trans_data(tree, 2); tp.in.setup = setup; tp.in.params = data_blob_talloc(mem_ctx, NULL, 6); Modified: branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c === --- branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c2004-10-30 01:32:12 UTC (rev 3382) +++ branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c2004-10-30 02:17:03 UTC (rev 3383) @@ -77,7 +77,7 @@ tp.in.timeout = 0; tp.in.setup_count = 1; tp.in.max_param = 0; - tp.in.max_data = 0x1000; /* plenty for all possible QFS levels */ + tp.in.max_data = smb_raw_max_trans_data(tree, 0); tp.in.setup = setup; tp.in.data = data_blob(NULL, 0); tp.in.timeout = 0; Modified: branches/SAMBA_4_0/source/libcli/raw/rawsearch.c === --- branches/SAMBA_4_0/source/libcli/raw/rawsearch.c2004-10-30 01:32:12 UTC (rev 3382) +++ branches/SAMBA_4_0/source/libcli/raw/rawsearch.c2004-10-30 02:17:03 UTC (rev 3383) @@ -206,8 +206,8 @@ tp.in.timeout = 0; tp.in.setup_count = 1; tp.in.data = data_blob(NULL, 0); - tp.in.max_param = 1024; - tp.in.max_data = 8192; + tp.in.max_param = 10; + tp.in.max_data = smb_raw_max_trans_data(tree, 10); tp.in.setup = setup; tp.in.params = data_blob_talloc(mem_ctx, NULL, 12); @@ -258,8 +258,8 @@ tp.in.timeout = 0; tp.in.setup_count = 1; tp.in.data = data_blob(NULL, 0); - tp.in.max_param = 1024; - tp.in.max_data = 8192; + tp.in.max_param = 10; + tp.in.max_data = smb_raw_max_trans_data(tree, 10); tp.in.setup = setup; tp.in.params = data_blob_talloc(mem_ctx, NULL, 12); Modified: branches/SAMBA_4_0/source/libcli/raw/rawtrans.c === --- branches/SAMBA_4_0/source/libcli/raw/rawtrans.c 2004-10-30 01:32:12 UTC (rev 3382) +++ branches/SAMBA_4_0/source/libcli/raw/rawtrans.c 2004-10-30 02:17:03 UTC (rev 3383) @@ -531,3 +531,15 @@ return smb_raw_nttrans_recv(req, mem_ctx, parms); } + +/* + work out the maximum data size for a trans request while avoiding + multi-part replies + + TODO: we only need to avoid multi-part replies because the + multi-part trans receive code is broken. +*/ +size_t smb_raw_max_trans_data(struct smbcli_tree *tree, size_t param_size) +{ + return tree-session-transport-options.max_xmit - (70 + param_size); +} Modified:
svn commit: samba r3384 - in branches/SAMBA_4_0/source/include: .
Author: tridge Date: 2004-10-30 04:55:45 + (Sat, 30 Oct 2004) New Revision: 3384 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3384 Log: added SA_RIGHT_FILE_WRITE_APPEND, which is a combination of write and append Modified: branches/SAMBA_4_0/source/include/rpc_secdes.h Changeset: Modified: branches/SAMBA_4_0/source/include/rpc_secdes.h === --- branches/SAMBA_4_0/source/include/rpc_secdes.h 2004-10-30 02:17:03 UTC (rev 3383) +++ branches/SAMBA_4_0/source/include/rpc_secdes.h 2004-10-30 04:55:45 UTC (rev 3384) @@ -157,6 +157,7 @@ #define SA_RIGHT_FILE_READ_ATTRIBUTES 0x0080 #define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x0100 #define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE) +#define SA_RIGHT_FILE_WRITE_APPEND (SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA) #define SA_RIGHT_FILE_ALL_ACCESS 0x01FF
svn commit: samba r3385 - in branches/SAMBA_4_0/source/libcli/raw: .
Author: tridge Date: 2004-10-30 04:56:27 + (Sat, 30 Oct 2004) New Revision: 3385 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3385 Log: when discarding a unmatched reply print the command type to help debugging Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c === --- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-30 04:55:45 UTC (rev 3384) +++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-30 04:56:27 UTC (rev 3385) @@ -350,7 +350,8 @@ } if (!req) { - DEBUG(1,(Discarding unmatched reply with mid %d\n, mid)); + DEBUG(1,(Discarding unmatched reply with mid %d op %d\n, +mid, CVAL(hdr, HDR_COM))); goto error; }
svn commit: samba r3386 - in branches/SAMBA_4_0/source/torture: . basic
Author: tridge Date: 2004-10-30 04:59:52 + (Sat, 30 Oct 2004) New Revision: 3386 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3386 Log: - fixed --seed option in smbtorture - added new tests BASE-NTDENY1 and BASE-NTDENY2. These are the ntcreatex equivalents of the BASE-DENY1 and BASE-DENY2 tests. Unfortunately, with ntcreatex there are 4 million combination and trying each one takes 1 second, so randomised testing is the only choice. The BASE-DENY1 test can operate in parallel with hundreds of connections, speeding things up a bit (as most time is spent waiting 1 second for a sharing violation to come back) Modified: branches/SAMBA_4_0/source/torture/basic/denytest.c branches/SAMBA_4_0/source/torture/torture.c Changeset: Sorry, the patch is too large (340 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3386
svn commit: samba r3387 - in branches/SAMBA_4_0/source: include ntvfs/common ntvfs/posix torture/basic
Author: tridge Date: 2004-10-30 05:53:56 + (Sat, 30 Oct 2004) New Revision: 3387 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3387 Log: fixed pvfs to pass the NTDENY tests. The tricky bit was SA_RIGHT_FILE_EXECUTE, which depends on a flags2 bit Modified: branches/SAMBA_4_0/source/include/smb.h branches/SAMBA_4_0/source/ntvfs/common/opendb.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_write.c branches/SAMBA_4_0/source/torture/basic/denytest.c Changeset: Modified: branches/SAMBA_4_0/source/include/smb.h === --- branches/SAMBA_4_0/source/include/smb.h 2004-10-30 04:59:52 UTC (rev 3386) +++ branches/SAMBA_4_0/source/include/smb.h 2004-10-30 05:53:56 UTC (rev 3387) @@ -503,7 +503,7 @@ #define FLAGS2_IS_LONG_NAME0x0040 #define FLAGS2_EXTENDED_SECURITY 0x0800 #define FLAGS2_DFS_PATHNAMES 0x1000 -#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000 +#define FLAGS2_READ_PERMIT_EXECUTE 0x2000 #define FLAGS2_32_BIT_ERROR_CODES 0x4000 #define FLAGS2_UNICODE_STRINGS 0x8000 Modified: branches/SAMBA_4_0/source/ntvfs/common/opendb.c === --- branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-30 04:59:52 UTC (rev 3386) +++ branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-30 05:53:56 UTC (rev 3387) @@ -154,20 +154,24 @@ /* if either open involves no read.write or delete access then it can't conflict */ - if (!(e1-access_mask (SA_RIGHT_FILE_WRITE_DATA | + if (!(e1-access_mask (SA_RIGHT_FILE_WRITE_APPEND | SA_RIGHT_FILE_READ_EXEC | STD_RIGHT_DELETE_ACCESS))) { return False; } - if (!(e2-access_mask (SA_RIGHT_FILE_WRITE_DATA | + if (!(e2-access_mask (SA_RIGHT_FILE_WRITE_APPEND | SA_RIGHT_FILE_READ_EXEC | STD_RIGHT_DELETE_ACCESS))) { return False; } /* check the basic share access */ - CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); - CHECK_MASK(e2-access_mask, e1-share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); + CHECK_MASK(e1-access_mask, e2-share_access, + SA_RIGHT_FILE_WRITE_APPEND, + NTCREATEX_SHARE_ACCESS_WRITE); + CHECK_MASK(e2-access_mask, e1-share_access, + SA_RIGHT_FILE_WRITE_APPEND, + NTCREATEX_SHARE_ACCESS_WRITE); CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_READ_EXEC, Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-30 04:59:52 UTC (rev 3386) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2004-10-30 05:53:56 UTC (rev 3387) @@ -290,9 +290,9 @@ } if ((access_mask SA_RIGHT_FILE_READ_EXEC) - (access_mask SA_RIGHT_FILE_WRITE_DATA)) { + (access_mask SA_RIGHT_FILE_WRITE_APPEND)) { flags = O_RDWR; - } else if (access_mask SA_RIGHT_FILE_WRITE_DATA) { + } else if (access_mask SA_RIGHT_FILE_WRITE_APPEND) { flags = O_WRONLY; } else { flags = O_RDONLY; @@ -491,9 +491,9 @@ } if ((access_mask SA_RIGHT_FILE_READ_EXEC) - (access_mask SA_RIGHT_FILE_WRITE_DATA)) { + (access_mask SA_RIGHT_FILE_WRITE_APPEND)) { flags |= O_RDWR; - } else if (access_mask SA_RIGHT_FILE_WRITE_DATA) { + } else if (access_mask SA_RIGHT_FILE_WRITE_APPEND) { flags |= O_WRONLY; } else { flags |= O_RDONLY; Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c 2004-10-30 04:59:52 UTC (rev 3386) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c 2004-10-30 05:53:56 UTC (rev 3387) @@ -34,6 +34,7 @@ struct pvfs_file *f; NTSTATUS status; uint32_t maxcnt; + uint32_t mask; if (rd-generic.level != RAW_READ_READX) { return ntvfs_map_read(req, rd, ntvfs); @@ -48,9 +49,13 @@ return NT_STATUS_FILE_IS_A_DIRECTORY; } - if (!(f-access_mask SA_RIGHT_FILE_READ_EXEC)) { - return NT_STATUS_ACCESS_VIOLATION; + mask = SA_RIGHT_FILE_READ_DATA; + if (req-flags2 FLAGS2_READ_PERMIT_EXECUTE) { + mask |= SA_RIGHT_FILE_EXECUTE; } + if