Re: [Samba] VFS Recycle

[Sean Boyd]

On Fri, 2004-10-29 at 10:29, Tim Hodgkinson wrote:
 Am using Fedora Core RPM Samba 3.0.7 and am trying to get VFS recycle to
 work. Here is the relevant smb.conf:
 
  
 
 [global]
 
  
 
 workgroup = SSVMTN
 
 netbios name = MONARCH
 
 security = DOMAIN
 
 password server = GOATSEYE
 
 encrypt passwords = yes
 
 server string = Monarch Server
 
 wins server = 172.16.1.100
 
 dns proxy = No
 
 name resolve order = wins lmhosts host bcast
 
 preferred master = no
 
 domain master = no
 
 local master = no
 
 log file = /var/log/samba/%m
 
 log level = 1
 
 syslog = 0
 
 max log size = 0
 
 hosts allow = 172. 127.
 
 invalid users = root, bin, daemon, adm, sync, shutdown
 
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 
 writable = yes
 
 map to guest = bad user
 
 obey pam restrictions = yes
 
 hide dot files = yes
 
 browsable = no
 
 printcap name = /etc/printcap
 
 winbind separator = +
 
 winbind cache time = 30
 
 winbind enum users = yes
 
 winbind enum groups = yes
 
 winbind use default domain = yes
 
 winbind enable local accounts = yes
 
 template homedir = /home/users/%U
 
 idmap uid = 1-2
 
 idmap gid = 1-2
 
  
 
 [test]
 
 comment = Test Drive
 
 path = /home/depts/test
 
 valid users = @SSVMTN+test
 
 admin users = @SSVMTN+Domain Admins
 
 vfs objects = recycle
 
 recycle:repository = /home/depts
 
 recycle:keeptree = Yes
 
 recycle:touch = Yes
 
 recycle:versions = Yes
 
 recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~??
 
 recycle:excludedir = /tmp /temp /cache
 
 create mask = 0770
 
 directory mask = 0770
 
 force create mode = 0770
 
 force directory mode = 0770
 
 security mask = 0770
 
 force group = SSVMTN+test
 
  
 
 Have read the How to and various posts but have not got it going. My
 understanding is that the .recycle directory is created once the first file
 is deleted but I am not seen that directory anywhere. Can someone point me
 in the right direction.
 
  
 
 --Tim

See the link below:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg42514.html

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] VFS Recycle

[Holger Krull]

[test]
path = /home/depts/test
vfs objects = recycle
recycle:repository = /home/depts
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:exclude = *.tmp *.temp *.o *.obj ~$* *.~??
recycle:excludedir = /tmp /temp /cache

understanding is that the .recycle directory is created once the first file
is deleted but I am not seen that directory anywhere. Can someone point me
in the right direction.
If you want a .recycle dir you have to name it .recycle not depts.
recycle:repository = /home/depts/.recycle
I don't know if recycle can handle absolute paths, i only used something 
like  recycle:repository = .Papierkorb/%U

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] help

[QinXuguo]

Dear samba team:
 This is the first time I use samba. I want to install it on
Solaris but I dont know which release of samba is fit for our
workstation. So I hope I can get more and fast information from you. The
details of our workstation is following:
 Workstation Type: SUNW, Ultra-5_10; sparc; sun4u
 OS: SunOS release 5.8 Generic_108528-01
 
 I have installed Samba-2.2.8a for sol8 but I could not share
files of Solaris with windows. I have some questions decribed below:
 1. After install samba, I find a file,
/etc/init.d/samba.server. I wanna use this file to restart the samba
services (nmbd  smbd). But the samba daemons dont start up. Why?
 2.I ever used swat to comfig smb.conf file. After that I
clicked restart button of nmbd and smbd and the page
refreshed the informations which showed that smbd was running and
nmbd was not running. However, I typed command ps ?aux | grep
(s/n)mbd and didnt get the PID of smbd but I could get the ID of nmbd.
Why?
 
 Because I dont know whether this version is fit for my
workstation, I am not sure why the problems came out. 
 Could you please answer me ASAP. Thanks you very much!
 
Winfree
2004-10-22
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Administrator

[darryl penny]

Hi to the list.

Our network = mix of Win98 and XP Pro logging onto Samba3.04 hosted on SuSE9.1
Auth is via passwd and smbpasswd.
No Microsoft AD at all - Samba does all the auth, therefore winbind is not
required?
I would like to logon to some of the XP Pro boxes as a normal network user,
but at the same time be 'Administrator' on the machine. Adding myself to the
Administrator's group on the pc has no effect when logging on via the network.

I've looked and looked and browsed the Samba archives, but so far I've found
nothing to help me.

Can anyone please point me to a solution?

TIA
Darryl

--
Edgemead High School, Cape Town
Tel +27215581132
Fax +27215584407
Cell +27823752081
-
Powered by SuSE 9.1 and the OpenWebmail project
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Thanks :)

[Barryc]

** Message from InterScan E-Mail VirusWall NT **

** WARNING! Attached file Price.exe contains:

 WORM_BAGLE.AT virus

   Attempted to clean the file but it is not cleanable.
   It has been deleted.
* End of message ***

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] how to prevent users from modifying access rights

[.]

Hi,
how can I prevent users from modifying access rights on files and 
directories on a share (on an ext3 partition with ACLs)?

Users must be able to read from arbitrary directories on the share 
belonging to groups they are not members of, and they must have write 
access to files belonging to other users in the same group, sometimes to 
files/directories that are owned by users of other groups. But they must 
not be able to modify the access rights of files owned by users in the 
same group; eventually it will be useful to deny modifying access rights 
to all users.

How can that be achieved?
GH
--
for i in *.txt; do mail -s $i hwilmer  $i; done
su: $i: ambiguous redirect
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba4 reaches the Susan stage

[tridge]

Samba4 reached an important milestone tonight, as I installed it for
my wife to use as her file server for all of her important documents,
email, the book she is working on etc.

Those of you who have been around Samba development for a while will
know that my wife tends to be the first test user of major new
versions of Samba, and she volunteered again this time. Susan played a
large part in the original motivation to develop Samba more than 12
years ago, so she knows how useful it is to have a local test user.

Reaching this stage does not mean that you should now go and install
Samba4 on your production servers. Only a very keen (foolish?) person
would do that. The code is quite incomplete, and is missing major
features such as no netbios name server, no winbind, no admin tools,
and very little documentation. So unless you are a keen C programmer
then stay well clear for the moment.

What this milestone means is that the code is now fairly robust, and
that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc)
all work well and that I am quite confident of not losing data. Of
course, I also have a very strict automated backup regime setup for my
wife, so if I'm wrong about the robustness we can recover without me
having to cook dinner for a week as penance.

The code isn't available as a alpha quality release yet, as there
are just too many missing features, although I do plan on doing a
snapshot release shortly (maybe within a week?).

So far the only problem on my wifes machine is that Eudora startup is
a bit slow. That is caused by Norton Anti-Virus on her WinXP box
scanning all the dlls and the exe, along with the fact that Samba4
does not yet have oplocks, so the client cannot cache the files for
fast re-scanning. With norton disabled startup is fast.

If you want to get involved in Samba4 development then see
http://devel.samba.org/, checkout the code, and start reading. Having
at look at the (incomplete) prog_guide.txt is a good idea.

If you just want to see some slides on the design of Samba4, then
there are some links to various talks I've given on my homepage at
http://samba.org/~tridge/

I'd like to thank everyone who has worked so hard over the last couple
of years to get us this far. It's been a long haul, but the results
are well worth it. Samba4 is a great basis for future Samba
development.

In particular I'd like to thank the members of the Samba Team who have
put so much into the development of Samba4. It's been a great team
effort, and a lot of fun.

Now back to more coding 

Cheers, Tridge
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] trouble to connect to window$ share with netbios name

[Mack Christian]

Hello
I got this message :

3614: Connection to XP failed
SMB connection failed
___
when i try to mount mount a share with netbios name like that:
$mount -t smbfs -o username=test,password=test //Xp/share /mnt/floppy
if i mount the same share with ip address that's no problem.
if i test this :
$smbclient -U=test -L 192.168.4.248
i get that output:

Domain=[Xp] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Sharename   Type  Comment
   -     ---
   IPC$  IPC   IPC remote
   share  Disk
   ADMIN$   Disk 
   C$  Disk  Default Share
session request to 192.168.4.248 failed (Called name not present)
session request to 192 failed (Called name not present)
Domain=[XP] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]


if i do the same with netbios name:
$smbclient -U=test -L Xp
i have that one :
___
Connection to Xp failed
___
any help could...help
chris

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Trusting and trusted domain (home mapping) problem

[Adrian Chow]

Hi Igor,
Once again, thanks for keeping up with me.  I have been migrating my 
master ldap server to 2.1 version so to keep it the same with the PDCs 
version of LDAP.  Now they are the same.

I have rectified such that wbinfo -u on both sides worked now.  I am 
made net rpc trustdom list worked.  It was not working before.  I had 
to put stuadmin = root in the student PDC's smbusers file.  And I had 
to put Administrator = root in the staff's PDC's smbusers file to get 
the net rpc trustdom list to work.  I did not have a uid=root you see.

Now net use x: /home by the Dom B user (grade2 in this case) on the 
Domain_A_machine still does not work.  The /var/log/samba/Dom_A_machine 
from the Domain_A_PDC will be sent separately as I don want to post it 
on the lists.
The /var/log/samba/Domain_A_PDC from Domain_B_PDC will be sent to you too.

My view on the logs
-
I believe by reading it, it will hold the key why it did not work.  I 
believe during authentication, Domain_A_PDC got the information of 
Domain_B_user from Domain_B_PDC properly.  But it cannot find 
Domain_B\Domain_B_user in the Get_Pwnam_internals function.  It can only 
find Domain_B_user in the Get_Pwnam_internals function!  Now because it 
finds Domain_B_user and not Domain_B\Domain_B_user, Domain_A_PDC will 
NOT use the data that it has gotten from the Domain_B_PDC.

Now, I then think that it has something to do with libnssldap.conf, 
pam_ldap.conf and ldap.conf file.

Here is my config:-
libnssldap.conf, pam_ldap.conf and ldap.conf is configured to see both 
domain's data.
On the smb.conf, the ldapsam backend is ONLY seeing its own domain data.
getent passwd on either PDC will see both domain's users.
my nsswitch.conf is doing compat ldap rather than compat winbind. 
Hence getent passwd will then give user as domain_b_user rather than 
domain_B\domain_b_user.

Is this the right way to do it?  If I make sure the getent passwd is 
ONLY seeing its own domain ,then I cannot login into the other domain !!

Hope when I sent you the files, you will be able to help.  Thanks for 
giving that hope that you made it working before.  Thanks for not 
posting up the logs and the conf files.

Cheers,
adrian
Igor Belyi wrote:
Adrian Chow wrote:
Hi Igor,
Here are my smb.conf files for feanor and gloin.  They are the PDCs 
for the staff and student domain.  My ldaps in the PDCs are configured 
to update to the master LDAP which have the lower version of LDAP.  
Upon update the master, the master will then update the slave ldaps 
which are the PDCs.
 

Setup looks fine. At least, I don't see any problem with it. The next 
step then will be to collect 'log level = 5' trace during login and LDAP 
entries for both users from DomainA and DomainB which you use to test 
home mounts. But I would recommend to update Samba to 3.0.7 in both PDCs 
first.

I did not post it up to the samba lists cause i wonder would it bleach 
the security for my servers.  Hope you understand.  Let me know your 
concerns in this.

I always thought that people avoid posing their config files due to 
liability problems (don't want their users to know that they have 
problems) than due to security concerns.. But, I can be wrong and 
probably this information could be used for mischief. But be warn that 
smbd logs usually have more information than config files.

It's fine with me if you don't want to post your config on the list as 
long as you post the solution to your problem afterwards. :)

Igor

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with smbmount

[Jerome Tytgat]

Hello list,
I have a problem with my samba shares.
I have a server with samba installed on it (3.0.7-Debian).
I have workstations under wxp and workstations under linux.
I have a common share which looks like this :
[Archive]
available = yes
valid users = user1, user2
comment = Repertoire Archive
browseable = yes
write list = user1, user2
writable = yes
admin users = user1
path = /home/archives
user = user1, user2
force user = root
I connect my wxp to the share without problem and
can read/write. Of course all new files are created
under the root user as requested by the force user
option.
I can connect my linux to this share using
mount -t smbfs -o rw,username=user1,password=xxx //server/Archive /mnt/server/archive,
(either using smbmount does the same behaviour)
I can do all the read I want, but I can't make any write.
It looks like my workstation get confused by the rights.
If I go in a directory where the user1 have RW access, I can
create a file, and it is automaticllay given to root (according
to the option force user), but I can't make any write
where the user root is the owner of the directory.
It works well under Windows XP workstation, it does not works under linux
workstation (which is a Kanotix/Knoppix/Debian distribution), that's
why I think it's a problem with smbmount/mount -t smbfs
Any idea ?
Thanks
--

 Jérôme Tytgat
Administrateur  Réseau  et  Sécurité
ASTERION -   Impasse de la Hache
CP 5911   -   44 477 CARQUEFOU CEDEX
T: 02 40 300 800 - F: 02 40 25 10 74

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to prevent users from modifying access rights

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
. wrote:
|
| Hi,
|
| how can I prevent users from modifying access rights on files and
| directories on a share (on an ext3 partition with ACLs)?
|
| Users must be able to read from arbitrary directories on
| the share  belonging to groups they are not members of, and
| they must have write access to files belonging to other users
| in the same group, sometimes to files/directories that are
| owned by users of other groups. But they must not be able to
| modify the access rights of files owned by users in the
| same group; eventually it will be useful to deny
| modifying access rights to all users.
set all files to be owned by root :-)  and make sure that
'dos filemode = no'   That should do it.   (but give the
user's the necessary write permissions).


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBgkDCIR7qMdg1EfYRAvU8AJ9nNeVmO27o7yPZ/TsUcBxssBHuAACdGTzW
Nj7dPSEy+GqjXRZdx/i20eQ=
=Khy2
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Possible to map root to group via winbind?

[Graham Dunn]

Gerald (Jerry) Carter wrote:
Graham Dunn wrote:
| samba 3.0.7, freebsd 5.2.1
|
| My /usr/local/etc/samba-user.map looks like
|
| root = DEV.grahamd
|
| I would like to modify the ACLs on a directory that look like so:
|
| drwxrwx---  2 root  Domain Admins  512 Oct 28 16:41 test2/
|
| (if I chown the directory to my DEV.grahamd account, I
| can change ACLs to my heart's content)
|
| I'm operating under the assumption that only root, or
| the owner of a  file can change it's ACLs through windows
| explorer (at least, that way always works in this case).
Try setting 'dos filemode = yes'
No luck.
drwxrwx---+ 2 root  Domain Admins  512 Oct 29 09:07 test2/
%getfacl test2/
#file:test2/
#owner:0
#group:10018
user::rwx
user:GrahamD:rwx
group::rwx
mask::rwx
other::---
As grahamd, I still get
unable to save permission changes on test2. Access is denied.
PS.
http://www.plainjoe.org/gpg_public.asc results in a 404.


cheers, jerry
-
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Hi

[Shinyashiki]

--  Virus Warning Message (on the network)

Price.exe is removed from here because it contains a virus.

---  Virus Warning Message (on the network)
(B
(BFound virus WORM_BAGLE.AT in file Price.exe
(BThe file is deleted.
(B
(BTherefore we removed the attachment-file
(Bby Mail Server and sent the message to you.
(B
(B(Japanese)
$BK\%a!<%k$KE:IU$5$l$F$$$?%U%!%$%k$K%&%#%k%9$,[EMAIL PROTECTED](B
$B$=$N$?$a!"%a!<%k%5!<%P$K$h$C$FE:IU%U%!%$%k$r

[Samba] Samba hanging

[Philip Washington]

On 3 occasions in the last 2 week  my  samba server has hung up.  It has 
occurred each time when I am  trying to do a full backup copy of the 
file server. 

It appears to be happening at the same place, I'm guessing based on the 
number of files which are being transfered.When I look at the rsync 
which is running  I just see a long line of files with I/O errors.

When I try to shutdown smb, I can't.
#service smb stop
Shutting down smb   [Failed]
Shutting down nmb   [Failed]
When I look at
#ps -aux|grep smbd
I get a long list of pid's.  Whenever I try to kill one of these pid's with
kill x
or kill -9 x
or kill -15 x
killall smbd
nothing happens.  I then have to reboot.  I have been running this 
system for 2 years and it just started this.  Any ideas?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba hangs

[Philip Washington]

On 3 occasions in the last 2 week  my  samba server has hung up.  It has 
occurred each time when I am  trying to do a full backup copy of the 
file server.
It appears to be happening at the same place, I'm guessing based on the 
number of files which are being transfered.When I look at the rsync 
which is running  I just see a long line of files with I/O errors.

When I try to shutdown smb, I can't.
#service smb stop
Shutting down smb   [Failed]
Shutting down nmb   [Failed]
When I look at
#ps -aux|grep smbd
I get a long list of pid's.  Whenever I try to kill one of these pid's with
kill x
or kill -9 x
or kill -15 x
killall smbd
nothing happens.  I then have to reboot.  I have been running this 
system for 2 years and it just started this.  Any ideas?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba hangs

[Paul Gienger]

nothing happens.  I then have to reboot.  I have been running this 
system for 2 years and it just started this.  Any ideas?
Well you state that both rsync and samba are having problems and that 
rsync is throwing I/O errors on a system that has been in service a 
couple of years.  Sounds like a hardware/filesystem error. 

/jabOr it could be the multiple identical posts to listservs in short 
succession that are causing your system hangs./jab :-P

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Issue with two domains in one LDAP tree

[Misty Stanley-Jones]

Hi,

I've just moved a second Samba domain to LDAP -- it works great!  However, the 
first domain is now dead in the water.  It refuses to autenticate, and from 
the logs it looks like it's not find the SambaDomainName entry in the LDAP 
tree.  Here is a diagram of how my LDAP tree is set up.

dc=mycompany,dc=com
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain1
|___ ou=domain2
|___ ou=computers
|___ ou=people
|___ ou=groups
|___ sambaDomain=domain2

In domain1's smb.conf, I have:
ldap suffix = dc=mydomain,dc=com

In domain2's smb.conf, I have: 
ldap suffix = ou=domain2,dc=mydomain,dc=com

Domain2 is working flawlessly.  Domain1, however, is not.  When I do a simple 
'smbclient -L localhost' as root, I get the following log from slapd at 
loglevel 256:

Oct 29 09:03:23 oink slapd[5290]: conn=88 fd=16 ACCEPT from IP=127.0.0.1:32841 
(IP=0.0.0.0:389) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn=cn=Manager,dc=borkholder,dc=com method=128 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 BIND 
dn=cn=Manager,dc=borkholder,dc=com mech=SIMPLE ssf=0 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=0 RESULT tag=97 err=0 text= 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH 
base=dc=borkholder,dc=com scope=2 deref=0 
filter=((objectClass=sambaDomain)(sambaDomainName=corp1)) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SRCH attr=sambaDomainName 
sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID 
sambaAlgorithmicRidBase objectClass 
Oct 29 09:03:23 oink slapd[5290]: = bdb_equality_candidates: 
(sambaDomainName) index_param failed (18) 
Oct 29 09:03:23 oink slapd[5290]: conn=88 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH 
base=dc=borkholder,dc=com scope=2 deref=0 filter=((uid=root)
(objectClass=sambaSamAccount)) 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive 
sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp 
Oct 29 09:03:26 oink slapd[5290]: = bdb_equality_candidates: (uid) 
index_param failed(18) 
Oct 29 09:03:26 oink slapd[5290]: conn=88 op=2 SEARCH RESULT tag=101 err=0 
nentries=2 text= 
Oct 29 09:03:26 oink slapd[5290]: conn=88 fd=16 closed 
Oct 29 09:03:27 oink slapd[5290]: conn=24 fd=18 closed 
 
I also want to say that the reason I have domain2 off in its own subtree is 
that it is going to eventually control its portion of the tree and take 
referrals from the main LDAP tree.  It's over a T1 from the main office and I 
want to keep bandwidth down.  I could put domain1 in its own subtree as well, 
but it seems a little overkill if I can avoid it since there will be about 50 
users of domain1 and only about 10 of domain2.

Thanks for any help you can give,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba4 reaches the Susan stage

[rruegner]

Hi,
perhaps we should spend some roses to Susan
to be the first Lady of Samba !!!
Thx to both of you for hard coding times
Regards Robert
[EMAIL PROTECTED] schrieb:
Samba4 reached an important milestone tonight, as I installed it for
my wife to use as her file server for all of her important documents,
email, the book she is working on etc.
Those of you who have been around Samba development for a while will
know that my wife tends to be the first test user of major new
versions of Samba, and she volunteered again this time. Susan played a
large part in the original motivation to develop Samba more than 12
years ago, so she knows how useful it is to have a local test user.
Reaching this stage does not mean that you should now go and install
Samba4 on your production servers. Only a very keen (foolish?) person
would do that. The code is quite incomplete, and is missing major
features such as no netbios name server, no winbind, no admin tools,
and very little documentation. So unless you are a keen C programmer
then stay well clear for the moment.
What this milestone means is that the code is now fairly robust, and
that major applications (Eudora, OpenOffics.org, MS Word, Firefox etc)
all work well and that I am quite confident of not losing data. Of
course, I also have a very strict automated backup regime setup for my
wife, so if I'm wrong about the robustness we can recover without me
having to cook dinner for a week as penance.
The code isn't available as a alpha quality release yet, as there
are just too many missing features, although I do plan on doing a
snapshot release shortly (maybe within a week?).
So far the only problem on my wifes machine is that Eudora startup is
a bit slow. That is caused by Norton Anti-Virus on her WinXP box
scanning all the dlls and the exe, along with the fact that Samba4
does not yet have oplocks, so the client cannot cache the files for
fast re-scanning. With norton disabled startup is fast.
If you want to get involved in Samba4 development then see
http://devel.samba.org/, checkout the code, and start reading. Having
at look at the (incomplete) prog_guide.txt is a good idea.
If you just want to see some slides on the design of Samba4, then
there are some links to various talks I've given on my homepage at
http://samba.org/~tridge/
I'd like to thank everyone who has worked so hard over the last couple
of years to get us this far. It's been a long haul, but the results
are well worth it. Samba4 is a great basis for future Samba
development.
In particular I'd like to thank the members of the Samba Team who have
put so much into the development of Samba4. It's been a great team
effort, and a lot of fun.
Now back to more coding 
Cheers, Tridge
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Ross McInnes]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] how to prevent users from modifying access rights

[.]

Gerald (Jerry) Carter schrieb:
. wrote:
|
| Hi,
|
| how can I prevent users from modifying access rights on files and
| directories on a share (on an ext3 partition with ACLs)?
|
| Users must be able to read from arbitrary directories on
| the share  belonging to groups they are not members of, and
| they must have write access to files belonging to other users
| in the same group, sometimes to files/directories that are
| owned by users of other groups. But they must not be able to
| modify the access rights of files owned by users in the
| same group; eventually it will be useful to deny
| modifying access rights to all users.
set all files to be owned by root :-)  and make sure that
'dos filemode = no'   That should do it.   (but give the
user's the necessary write permissions).
Hm, the manpage says on ´dos filemode´:
 The default behavior in Samba is to provide UNIX-like behavior where
 only the owner of a file/directory is able to  change  the
 permissions  on  it. [...]
 Enabling this parameter allows a user who
 has write access to the file (by whatever means) to modify the
 permissions on it. Note that a user belonging to the group own­ing
 the file will not be allowed to change permissions if the group is
 only granted read access.­
There will be files like that:
directory-1 peter:staff
  |
  |-- file-1peter:staff
  |-- file-2hubba:staff
  |-- file-3elisa:users
  |-- file-4laura:birds
  |-- subdirelisa:users
|-- file-A  elisa:users
|-- file-B  hubba:staff
directory-2 hubba:staff
  |
  |-- file-1peter:staff
  |-- file-2hubba:staff
  |-- file-3elisa:users
  |-- file-4laura:birds
  |-- subdirelisa:users
|-- file-A  elisa:users
|-- file-B  hubba:staff
... and so on. Members of group ´staff´ must have RW access on _all_ 
files in directory-1, and some users of other groups must have that 
also. Other users must have read access to the directories, eventually 
excluding some of their contents.

Most of the directories (and groups) will represent departments of the 
organisation (if there isn´t a better solution). The problem is that I 
cannot get the users to stick to their designated directories :( They 
definitely want what I call ´chaotical access rights´ --- and I cannot 
figure how I could provide that, even with ACLs.

For ´peter´ of ´staff´ is the chief of the department directory-1 
represents/belongs to, I could (want) reasonably give ´peter´ of ´staff´ 
the right to modify access rights on directory-1 and anything it 
contains. But other users must not be able to modify the rights.

An alternative is to maintain the access rights myself, but I´d rather 
like to avoid that --- and it won´t work anyway because users creating 
files within the directories will thereby be able to set the rights on 
their files (unless I could somehow prohibit that). That is even the 
default behaviour (i. e. ´dos filemode = no´).

I´ve tried to use ´directory security mask´ and ´security mask´, but 
setting them to  allows a user to change the rights exactly once 
(instead of denying any changes what was what I expected): When 
attempting to set any rights, the rights just get masked to  and 
then are set on the file/directory --- thereby, any further access is 
effectively denied.

With ´dos filemode = yes´, any other users having write access to files 
in directories would be able to modify the access rights, but I do not 
want them to be able to.

Even our rather over-aged Netware server we´re going to migrate from, 
running Netware 3.2(!), can handle the demand of chaotical access rights 
without having to thing about it. I need that same capability on the new 
Linux server ...

It´s not that I would like such a thing, but I´m facing the demand. The 
answer to questions like ´Which users can access this directory?´ is 
always ´I don´t know, and that would be very difficult to find out ...´ 
 But at least, users cannot modify the access rights unless I 
allow them to. Having users modifying the rights would mean having no 
more control at all:

´Which users can access that directory?´ --- ´I don´t know, and that 
cannot be found out because users can grant access to anything 
theirselves whenever they want ...´, that´s somewhat fatal :) --- And my 
tests showed that users can even delete whole directories though I took 
off all their rights from them. This is very intricated ...

GH
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] MAC OS X and Samba Shares 2 TB

[AndyLiebman]

Does somebody know if the Samba Client in MAC OS X (10.3.4 and 10.3.5) has 
problems looking at Linux-based Samba shares that are larger than 2 TB? 

I have Samba 3.0.2 running on my Linux box. I have never had any difficulty 
with the Mac seeing a 2 TB RAID array on the Linux box, but when the Mac looks 
at the 4 TB array, it can see all the contents and create folders but it can't 
create any new files. And in the Get Info for the 4 TB Samba share, the Mac 
tells me that there is zero K of space left on the drive. 

My Windows XP machines don't have a problem looking at the same share, or in 
creates files on the share. 

I don't think it's a permission thing because: 

a) I have made the share Read/Write for all users
b) I am logging on with the same username and password from both the Windows 
and Mac machines

Any ideas? 

Regards, 
Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Again Linux, Mac OS etc...

[Sascha Guido Zumbusch]

Hi there

Again with the same question, but with a little more information
technically.

Config:

1 Samba File Server (Suse Linux)
40+ M$ Clients (NT, W2K, XP)
4 Mac OS X clients (10.2,10.3)

Authentication throug NT PDC

Everything works fine for the M$ part of it.

Problem: when someone from the OS X side log onto the share it looks
nice by first sight, but the file permissions, owner and group of the
files and directory are not correct.

The users log on through PDC but gets the user id 'nobody'...
On the client side the file permissions, owner and group look totally
different FOR THE SAME FILE.

Example (two views on the same file):

share side: -rwxrwxr-x   domain-ID, domain-GID (this is ls -l on the Linux side)
client side:-rwx-r-x-r-x osx-id, wheel (this is ls -l on the OS X side)

Therefore it is not possible for the client user to change a file and
save it on the share again, because from the viewpoint of OS X, he has
no group write permission.

New files are possible, but get the settings:
-rwx-r-xr-x 'nobody', domain-GID

The relevant settings in the smb.conf are all 775.


What can I do to get rid of this? Any ideas outthere?

All Apple related descriptions assume to use the MAC as SMB Server.
No one talks about a MAC as SMB client.

Thanks for even thinking about that:o(
Sascha Guido Zumbusch

--
Sascha Zumbusch Tel:+49.3381.889898
Hauptstr. 43, D-14776 Brandenburg an der Havel  Fax:+49.3381.410065
mailto:[EMAIL PROTECTED]ICQ:30-505-053 GSM:+49.179.1793259875

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Add Machine Script

[Anton K.]

Can you send that peace of smb.conf which contains that:
Corral, Randy wrote:
All,
Currently we are running Samba 3.0.7 on Solaris 8 and we are experiencing a
problem that the user system are not being added automatically with the add
machine script:
/usr/sbin/useradd -g machines -d /dev/null -s /bin/false %m
If we run it manually it works. 

Any ideas?
Thanks,
Randy Corral
Information Systems
Brooks Automation
Phoenix, Arizona
602-861-9395 ext. 228
Fax: 602-861-1442
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Allow users to delete from read-only share?

[Joe Konecny]

When using Netware I had two directories set up as follows...
1. /data/cad/current
2. /data/cad/hold
I had three groups that controlled access to these directories.
Group A had read-only access to 1.
Group B had read-only and delete access on 1 and read-write on 2.
Group C had read-write on both 1 and 2.
Group A was typically shop floor employees who needed to
view cad drawings.  The reason for group B was so that an
engineer could take a cad drawing file and remove it from 1.
and place it in 2. so that no one could access it while it
was being modified.  When the modifications were complete
and approved a user from group C could put it back.
I cannot figure out any way to do this with Samba.  Any tips?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] group name length limit?

[sharif islam]

I am using samba 3.07 with winbind in AD. I have some long group names
(30 char or more, includes spaces). And I noticed users get access
denied for those groups. Is there a limit on group name length?
Thanks. 

--Sharif

-- 
Sharif Islamhttp://www.sharifislam.com
Research Programmer 
Library Systems Office217-244-4688
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba.schema question

[Misty Stanley-Jones]

I see in samba.schema that it is possible to have multiple SambaDomainName 
entries for a dn.  However I don't see how this does any good because you 
must only have one sambaSID entry per user.  Is there any way to associate 
more than one sambaSID with a dn, so that a user would be authorized to log 
into more than one domain without a trust relationship?  If it's not possible 
now, is it in the works for the future?

Thanks,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Symantec AntiVirus/Filtering for Domino detected a virus in a document you authored.

[lxsrv01 . HOLZMANN]

Please contact your system administrator.


The scanned document was QUARANTINED.


Virus Information:
The attachment document09.scr contained the virus [EMAIL PROTECTED] and could
NOT be repaired.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind name service required for active directory (ADS) authentication and group-based authorization?

[Luke Mewburn]

On Fri, Oct 29, 2004 at 09:16:02AM -0700, DeStefano, Paul wrote:
  | Solution: ADS, perhaps?
  |
  | I've read lots of documents and they seem to indicated
  | that, when using ADS authentication (by which I mean
  | security=ADS and the proper relm, etc.) winbind is NOT
  | involved in the authentication process. It says smbd
  | participates in Kerberos ticketing, like a normal Domain
  | Member, to authorize samba clients. (Details found here:
  | http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-me
  | mber.html) I think means it gets the client user authorization
  | directly from ADS; winbind is not involved.
  |
  | Well, if that's true, then samba has everything it needs to
  | authorize clients by group membership, not just authenticate users,
  | without consulting winbind. The Kerberos ticket that it receives
  | during authentication includes all sorts of information about the
  | user...including the users group memberships. Is that right?
  |
  | This isn't particular to ADS, I suppose, now that I think about it;
  | probably the same as before ADS. But, I couldn't find any examples
  | of samba using windows authentication without winbind.
  |
  | You're probably wondering what is going to happen after
  | authentication and authorization without winbind to map users to
  | UNIX UIDs. Me too. That's my follow up question. I hope that samba
  | can use the unqualified username (without the 'DOMAIN\' prefix)
  | to find a match using the normal resolution so that we can just
  | populate /etc/passwd. Think that will work? Actually, we intend to
  | use force user =, as in the past, so it really doesn't matter what
  | happens with the UID mappings, but samba might not be that clever.
  | It may insist on successfully resolving usernames before checking
  | options like force user.

If you have a mapping in the passwd(5) file between the username
(without 'DOMAIN\' prefix) and a UID, things should work without
needing winbind in nsswitch.conf; the user's password is
checked against ADS and the passwd(5) entry is used to provide a UID.

If there is not a matching entry in passwd(5) for the ADS user,
they will not be able to connect.

Cheers,
Luke.


pgpDJj8YVlSmr.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Directory perms not visible from Properties|Security on clients

[Richard Michael]

Samba 3.0.7, XP Pro SP1 clients

When I view the Properties|Security tab on a folder from my XP SP1
clients, the checkboxes indicating the various permission settings are
all empty.

The share is functioning fine otherwise, permissions are OK when
inspected from the Unix side.

Does anyone know a work around (or fix!)?

This came up back in 2003, without resolution:
http://marc.theaimsgroup.com/?l=sambam=105404730810537w=2

It also came up earlier this month, again without resolution:
http://marc.theaimsgroup.com/?l=sambam=109659106919277w=2

There is a open bug (with a fair degree of reproducibility it seems):
https://bugzilla.samba.org/show_bug.cgi?id=1865

A level 4 debug log reveals that unix_mode (in dosmode.c) is properly
determining the mode (in this case, 0744).  Shortly after that, it
appears that the security descriptor is queried and the SIDs are fetched
from the cache, but just after all that takes place, it reports a
Function not implemented error followed by a
NT_STATUS_BUFFER_TOO_SMALL error.

I surmise from the archives that the ...TOO_SMALL error is just RPC
reply fragmentation across multiple smbd processes.  (Does that mean it
isn't really a problem?  Is fragmentation of this type OK?)

Regards,
Richard


-
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834)
  reduce_name [Computer Administration/Test]
[/data/samba/shared-documents]
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939)
  reduce_name: Computer Administration/Test reduced to (null)
[2004/10/29 18:25:38, 3] smbd/dosmode.c:unix_mode(111)
  unix_mode(Computer Administration/Test) returning 0744
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(834)
  reduce_name [Computer Administration/Test]
[/data/samba/shared-documents]
[2004/10/29 18:25:38, 3] smbd/vfs.c:reduce_name(939)
  reduce_name: Computer Administration/Test reduced to (null)
[2004/10/29 18:25:38, 4] smbd/open.c:open_file_shared1(1244)
  calling open_file with flags=0x0 flags2=0x0 mode=0744
[2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092)
  Transaction 19677 of length 88
[2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887)
  switch message SMBnttrans (pid 13461) conn 0x837c740
[2004/10/29 18:25:38, 4] smbd/uid.c:change_to_user(194)
  change_to_user: Skipping user change - already user
[2004/10/29 18:25:38, 3]
smbd/nttrans.c:call_nt_transact_query_security_desc(1903)
  call_nt_transact_query_security_desc: file = Computer
Administration/Test
[2004/10/29 18:25:38, 3]
passdb/lookup_sid.c:fetch_sid_from_uid_cache(152)
  fetch sid from uid cache 500 -
SNIP SID REMOVED
[2004/10/29 18:25:38, 3]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(226)
  fetch sid from gid cache 500 -
SNIP: SID REMOVED
[2004/10/29 18:25:38, 3]
smbd/nttrans.c:call_nt_transact_query_security_desc(1928)
  call_nt_transact_query_security_desc: sd_size = 120.
[2004/10/29 18:25:38, 3] smbd/error.c:error_packet(105)
  error string = Function not implemented
[2004/10/29 18:25:38, 3] smbd/error.c:error_packet(129)
  error packet at smbd/nttrans.c(101) cmd=160 (SMBnttrans)
NT_STATUS_BUFFER_TOO_SMALL
[2004/10/29 18:25:38, 3] smbd/process.c:process_smb(1092)
  Transaction 19678 of length 88
[2004/10/29 18:25:38, 3] smbd/process.c:switch_message(887)
  switch message SMBnttrans (pid 13461) conn 0x837c740

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Shared folder windows clients

[Gustavo Michels]

Hi

I tried googling and searching the archives, but I guess I don't know how to 
choose the best keywords to describe my problem. So, I'll ask here.

I have a samba box (3.0.5) sharing 1 folder. This folder contains 2 
subfolders; both have around 900 files on each.
 
On my linux box (kde), I can use the smb kio slave and everything is as 
expected, I can see all the files on both folders. Now on two windows 2000 
clients (sp3  sp4) I use, they can only see, say, around 200 files on the 
1st subfolder, and around 100 on the 2nd subfolder. The numbers aren't 
always the same, although both machines always return identical reports on 
file listings.

What could possibly be wrong? Here are the relevant parts of smb.conf, all 
the rest is default:

-
[global]
workgroup = COLORTECH
guest account = vendas
security = share

[Documentos]
 path = /home/vendas/Documentos
 writable = yes
 guest ok = yes
 public = yes
-

Of course, vendas is a valid user account and file permissions are ok.

I had this in the past, where the two subfolders were once one with around 
1600 files. I thought it could be the large number of files so I split them 
into two folders and the problem was gone. All of a sudden, it reappeared, 
even though there are far fewer files than before.

Any ideas? 

Thanks
Gustavo

PS: please cc me as I am not subscribed to the list.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Undeliverable message returned to sender

[Content Filter]

This message was created automatically by mail delivery software.

Delivery failed for the following recipient(s):
[EMAIL PROTECTED]


The message you sent contained an attachment which the recipient has chosen to block.
Usually these sort of attachments are blocked to prevent malicious software from being 
sent to the recipient in question.

The name(s) of the blocked file(s) follow:

document.zip

To send this file, please place it in a compressed archive using WinZip 
(http://www.winzip.com) or the archive software of your choice.


- Original Message Header -
Received: by mail44-ash (MessageSwitch) id 1099114655949580_11269; Sat, 30 Oct 2004 
05:37:35 + (UCT)
Received: from samba.org (unknown [210.5.9.252])
by mail44-ash.bigfish.com (Postfix) with ESMTP id 5C46E801538
for [EMAIL PROTECTED]; Sat, 30 Oct 2004 05:36:56 + (UCT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Error
Date: Sat, 30 Oct 2004 13:44:27 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary==_NextPart_000_0007_42E184A0.B4E93CD3
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

svn commit: samba r3354 - in branches/SAMBA_4_0/source: include libcli/raw

[tridge]

Author: tridge
Date: 2004-10-29 06:01:00 + (Fri, 29 Oct 2004)
New Revision: 3354

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3354

Log:
honor max xmit and max mux from smb.conf in our client code. This
is important as it allows the test suite to exercise the multiple
reply logic in smbd for trans2 search replies.

Modified:
   branches/SAMBA_4_0/source/include/cli_context.h
   branches/SAMBA_4_0/source/libcli/raw/clisession.c
   branches/SAMBA_4_0/source/libcli/raw/clitransport.c
   branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/cli_context.h
===
--- branches/SAMBA_4_0/source/include/cli_context.h 2004-10-29 05:58:22 UTC (rev 
3353)
+++ branches/SAMBA_4_0/source/include/cli_context.h 2004-10-29 06:01:00 UTC (rev 
3354)
@@ -91,6 +91,8 @@
uint_t use_oplocks:1;
uint_t use_level2_oplocks:1;
uint_t use_spnego:1;
+   uint32_t max_xmit;
+   uint16_t max_mux;
 };
 
 /* this is the context for the client transport layer */

Modified: branches/SAMBA_4_0/source/libcli/raw/clisession.c
===
--- branches/SAMBA_4_0/source/libcli/raw/clisession.c   2004-10-29 05:58:22 UTC (rev 
3353)
+++ branches/SAMBA_4_0/source/libcli/raw/clisession.c   2004-10-29 06:01:00 UTC (rev 
3354)
@@ -263,8 +263,8 @@
 
/* use the old interface */
s2.generic.level = RAW_SESSSETUP_OLD;
-   s2.old.in.bufsize = ~0;
-   s2.old.in.mpx_max = 50;
+   s2.old.in.bufsize = session-transport-options.max_xmit;
+   s2.old.in.mpx_max = session-transport-options.max_mux;
s2.old.in.vc_num = 1;
s2.old.in.sesskey = parms-generic.in.sesskey;
s2.old.in.domain = parms-generic.in.domain;
@@ -311,8 +311,8 @@
union smb_sesssetup s2;
 
s2.generic.level = RAW_SESSSETUP_NT1;
-   s2.nt1.in.bufsize = ~0;
-   s2.nt1.in.mpx_max = 50;
+   s2.nt1.in.bufsize = session-transport-options.max_xmit;
+   s2.nt1.in.mpx_max = session-transport-options.max_mux;
s2.nt1.in.vc_num = 1;
s2.nt1.in.sesskey = parms-generic.in.sesskey;
s2.nt1.in.capabilities = parms-generic.in.capabilities;
@@ -371,8 +371,8 @@
const char *chosen_oid;
 
s2.generic.level = RAW_SESSSETUP_SPNEGO;
-   s2.spnego.in.bufsize = ~0;
-   s2.spnego.in.mpx_max = 50;
+   s2.spnego.in.bufsize = session-transport-options.max_xmit;
+   s2.spnego.in.mpx_max = session-transport-options.max_mux;
s2.spnego.in.vc_num = 1;
s2.spnego.in.sesskey = parms-generic.in.sesskey;
s2.spnego.in.capabilities = parms-generic.in.capabilities;

Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c
===
--- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-29 05:58:22 UTC (rev 
3353)
+++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-29 06:01:00 UTC (rev 
3354)
@@ -76,7 +76,10 @@
transport-socket = talloc_reference(transport, sock);
transport-negotiate.protocol = PROTOCOL_NT1;
transport-options.use_spnego = lp_use_spnego();
-   transport-negotiate.max_xmit = ~0;
+   transport-options.max_xmit = lp_max_xmit();
+   transport-options.max_mux = lp_maxmux();
+
+   transport-negotiate.max_xmit = transport-options.max_xmit;

smbcli_init_signing(transport);
 

Modified: branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c
===
--- branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c 2004-10-29 05:58:22 UTC (rev 
3353)
+++ branches/SAMBA_4_0/source/libcli/raw/rawnegotiate.c 2004-10-29 06:01:00 UTC (rev 
3354)
@@ -169,7 +169,7 @@
/* the old core protocol */
transport-negotiate.sec_mode = 0;
transport-negotiate.server_time = time(NULL);
-   transport-negotiate.max_xmit = ~0;
+   transport-negotiate.max_xmit = transport-options.max_xmit;
transport-negotiate.server_zone = 
get_time_zone(transport-negotiate.server_time);
}
 

svn commit: samba r3356 - in branches/SAMBA_4_0/source: lib/socket smbd

[tridge]

Author: tridge
Date: 2004-10-29 07:00:14 + (Fri, 29 Oct 2004)
New Revision: 3356

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3356

Log:
in the standard process model we need to make sure we close all
listening sockets after the fork to prevent the child still listening
on incoming requests.

I have also added an optimisation where we use dup()/close() to lower
the file descriptor number of the new socket to the lowest possible
after closing our listening sockets. This keeps the max fd num passed
to select() low, which makes a difference to the speed of select().

Modified:
   branches/SAMBA_4_0/source/lib/socket/socket.c
   branches/SAMBA_4_0/source/smbd/process_standard.c
   branches/SAMBA_4_0/source/smbd/service.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/socket/socket.c
===
--- branches/SAMBA_4_0/source/lib/socket/socket.c   2004-10-29 06:01:51 UTC (rev 
3355)
+++ branches/SAMBA_4_0/source/lib/socket/socket.c   2004-10-29 07:00:14 UTC (rev 
3356)
@@ -260,6 +260,28 @@
return sock-ops-get_fd(sock);
 }
 
+/*
+  call dup() on a socket, and close the old fd. This is used to change
+  the fd to the lowest available number, to make select() more
+  efficient (select speed depends on the maxiumum fd number passed to
+  it)
+*/
+NTSTATUS socket_dup(struct socket_context *sock)
+{
+   int fd;
+   if (sock-fd == -1) {
+   return NT_STATUS_INVALID_HANDLE;
+   }
+   fd = dup(sock-fd);
+   if (fd == -1) {
+   return map_nt_error_from_unix(errno);
+   }
+   close(sock-fd);
+   sock-fd = fd;
+   return NT_STATUS_OK;
+   
+}
+
 const struct socket_ops *socket_getops_byname(const char *name, enum socket_type type)
 {
if (strcmp(ip, name) == 0 || 

Modified: branches/SAMBA_4_0/source/smbd/process_standard.c
===
--- branches/SAMBA_4_0/source/smbd/process_standard.c   2004-10-29 06:01:51 UTC (rev 
3355)
+++ branches/SAMBA_4_0/source/smbd/process_standard.c   2004-10-29 07:00:14 UTC (rev 
3356)
@@ -34,7 +34,8 @@
 /*
   called when a listening socket becomes readable
 */
-static void standard_accept_connection(struct event_context *ev, struct fd_event 
*srv_fde, time_t t, uint16_t flags)
+static void standard_accept_connection(struct event_context *ev, struct fd_event 
*srv_fde,
+  time_t t, uint16_t flags)
 {
NTSTATUS status;
struct socket_context *sock;
@@ -63,7 +64,11 @@
/* Child code ... */
 
/* close all the listening sockets */
-   event_remove_fd_all_handler(ev, standard_accept_connection);
+   service_close_listening_sockets(server_socket-service-srv_ctx);
+
+   /* we don't care if the dup fails, as its only a select()
+  speed optimisation */
+   socket_dup(sock);

/* tdb needs special fork handling */
if (tdb_reopen_all() == -1) {

Modified: branches/SAMBA_4_0/source/smbd/service.c
===
--- branches/SAMBA_4_0/source/smbd/service.c2004-10-29 06:01:51 UTC (rev 3355)
+++ branches/SAMBA_4_0/source/smbd/service.c2004-10-29 07:00:14 UTC (rev 3356)
@@ -77,6 +77,8 @@

/* TODO: service_init() should return a result */
service-ops-service_init(service, model_ops);
+
+   DLIST_ADD(srv_ctx-service_list, service);
}
 
return srv_ctx;
@@ -328,3 +330,22 @@
DEBUG(3,(SERVER SERVICE subsystem version %d initialised\n, 
SERVER_SERVICE_VERSION));
return True;
 }
+
+
+/*
+  close all listening sockets. This is called by process models that fork, to 
+  ensure that the listen sockets from the parent are closed
+*/
+void service_close_listening_sockets(struct server_context *srv_ctx)
+{
+   struct server_service *svc;
+   for (svc=srv_ctx-service_list;svc;svc=svc-next) {
+   struct server_socket *sock;
+   for (sock=svc-socket_list;sock;sock=sock-next) {
+   event_remove_fd(sock-event.ctx, sock-event.fde);
+   sock-event.fde = NULL;
+   socket_destroy(sock-socket);
+   sock-socket = NULL;
+   }
+   }
+}

svn commit: samba r3357 - in branches/SAMBA_4_0/source: lib libcli ntvfs/common smbd

[tridge]

Author: tridge
Date: 2004-10-29 07:29:26 + (Fri, 29 Oct 2004)
New Revision: 3357

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3357

Log:
removed the need to use TDB_CLEAR_IF_FIRST in Samba4.

We found a few months ago that TDB_CLEAR_IF_FIRST is extremely
inefficient for large numbers of connections, due to a fundamental
limitation in the way posix byte range locking is implemented. Rather
than the nasty workaround we had for Samba3, we now have a single
cleanup tmp files function that runs when smbd starts. That deletes
the tmp tdbs, so TDB_CLEAR_IF_FIRST is not needed at all.


Modified:
   branches/SAMBA_4_0/source/lib/util.c
   branches/SAMBA_4_0/source/libcli/unexpected.c
   branches/SAMBA_4_0/source/ntvfs/common/brlock.c
   branches/SAMBA_4_0/source/ntvfs/common/opendb.c
   branches/SAMBA_4_0/source/smbd/rewrite.c
   branches/SAMBA_4_0/source/smbd/service.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/util.c
===
--- branches/SAMBA_4_0/source/lib/util.c2004-10-29 07:00:14 UTC (rev 3356)
+++ branches/SAMBA_4_0/source/lib/util.c2004-10-29 07:29:26 UTC (rev 3357)
@@ -705,16 +705,19 @@
 
 char *lock_path(TALLOC_CTX* mem_ctx, const char *name)
 {
-   char *fname;
+   char *fname, *dname;
 
-   fname = talloc_strdup(mem_ctx, lp_lockdir());
-   trim_string(fname,,/);
+   dname = talloc_strdup(mem_ctx, lp_lockdir());
+   trim_string(dname,,/);

-   if (!directory_exist(fname,NULL))
-   mkdir(fname,0755);
+   if (!directory_exist(dname,NULL)) {
+   mkdir(dname,0755);
+   }

-   fname = talloc_asprintf(mem_ctx, %s/%s, fname, name);
+   fname = talloc_asprintf(mem_ctx, %s/%s, dname, name);
 
+   talloc_free(dname);
+
return fname;
 }
 

Modified: branches/SAMBA_4_0/source/libcli/unexpected.c
===
--- branches/SAMBA_4_0/source/libcli/unexpected.c   2004-10-29 07:00:14 UTC (rev 
3356)
+++ branches/SAMBA_4_0/source/libcli/unexpected.c   2004-10-29 07:29:26 UTC (rev 
3357)
@@ -50,7 +50,7 @@
mem_ctx = talloc_init(receive_unexpected);
if (!mem_ctx) return;
tdbd = tdb_wrap_open(NULL, lock_path(mem_ctx, unexpected.tdb), 0, 
-TDB_CLEAR_IF_FIRST|TDB_DEFAULT,
+TDB_DEFAULT,
 O_RDWR | O_CREAT, 0644);
talloc_destroy(mem_ctx);
if (!tdbd) {

Modified: branches/SAMBA_4_0/source/ntvfs/common/brlock.c
===
--- branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 07:00:14 UTC (rev 
3356)
+++ branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 07:29:26 UTC (rev 
3357)
@@ -84,7 +84,7 @@
 
path = lock_path(brl, brlock.tdb);
brl-w = tdb_wrap_open(brl, path, 0,  
-  TDB_DEFAULT|TDB_CLEAR_IF_FIRST,
+  TDB_DEFAULT,
   O_RDWR|O_CREAT, 0600);
talloc_free(path);
if (brl-w == NULL) {

Modified: branches/SAMBA_4_0/source/ntvfs/common/opendb.c
===
--- branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 07:00:14 UTC (rev 
3356)
+++ branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 07:29:26 UTC (rev 
3357)
@@ -88,7 +88,7 @@
 
path = lock_path(odb, openfiles.tdb);
odb-w = tdb_wrap_open(odb, path, 0,  
-  TDB_DEFAULT|TDB_CLEAR_IF_FIRST,
+  TDB_DEFAULT,
   O_RDWR|O_CREAT, 0600);
talloc_free(path);
if (odb-w == NULL) {

Modified: branches/SAMBA_4_0/source/smbd/rewrite.c
===
--- branches/SAMBA_4_0/source/smbd/rewrite.c2004-10-29 07:00:14 UTC (rev 3356)
+++ branches/SAMBA_4_0/source/smbd/rewrite.c2004-10-29 07:29:26 UTC (rev 3357)
@@ -19,18 +19,12 @@
 { return True; }
 
 /*
- * initialize an smb process
+ * initialize an smb process. Guaranteed to be called only once per
+ * smbd instance (so it can assume it is starting from scratch, and
+ * delete temporary files etc)
  */
 void smbd_process_init(void)
 {
-   TALLOC_CTX *mem_ctx;
-
-   mem_ctx = talloc_init(smbd_process_init talloc);
-   if (!mem_ctx) {
-   DEBUG(0,(smbd_process_init: ERROR: No memory\n));
-   exit(1);
-   }
-
/* possibly reload the services file. */
reload_services(NULL, True);
 
@@ -39,9 +33,7 @@
DEBUG(2,(Changed root to %s\n, lp_rootdir()));
}
 
-   /* Start old-style secrets subsystem */
-   
-   talloc_destroy(mem_ctx);
+   

svn commit: lorikeet r117 - in trunk/mod_ntlm_winbind: .

[abartlet]

Author: abartlet
Date: 2004-10-29 08:29:27 + (Fri, 29 Oct 2004)
New Revision: 117

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=117

Log:
Handle the 'BH' reply from ntlm_auth, which indicates that something
went badly wrong.

Andrew Bartlett

Modified:
   trunk/mod_ntlm_winbind/mod_ntlm_winbind.c


Changeset:
Modified: trunk/mod_ntlm_winbind/mod_ntlm_winbind.c
===
--- trunk/mod_ntlm_winbind/mod_ntlm_winbind.c   2004-10-29 01:23:58 UTC (rev 116)
+++ trunk/mod_ntlm_winbind/mod_ntlm_winbind.c   2004-10-29 08:29:27 UTC (rev 117)
@@ -551,6 +551,7 @@
 ap_destroy_pool(connected_user_authenticated-pool);
 return HTTP_INTERNAL_SERVER_ERROR;
 }
+*childarg3 = '\0';
 childarg3++;
 
 /* if TT, send to client */
@@ -587,8 +588,16 @@
 
 /* Helper failed */
 
-ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, 
-  could not parse %s helper callback: %s, auth_type, 
args_from_helper);
+/* if NA, not authenticated */
+
+if (strncmp(args_from_helper, BH , 3) == 0) {
+ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, 
+  ntlm_auth reports Broken Helper: %s, args_from_helper);   
 
+} else {
+
+ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, 
+  could not parse %s helper callback: %s, auth_type, 
args_from_helper);
+}
 
 ap_destroy_pool(auth_helper-pool);
 ap_destroy_pool(connected_user_authenticated-pool);

svn commit: samba r3358 - in branches/SAMBA_4_0/source: libcli/util librpc/ndr

[abartlet]

Author: abartlet
Date: 2004-10-29 08:31:27 + (Fri, 29 Oct 2004)
New Revision: 3358

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3358

Log:
Try to put all the basic struct dom_sid manipulation functions in one
place.  (I always have trouble finding one half or the other).

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libcli/util/dom_sid.c
   branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/util/dom_sid.c
===
--- branches/SAMBA_4_0/source/libcli/util/dom_sid.c 2004-10-29 07:29:26 UTC (rev 
3357)
+++ branches/SAMBA_4_0/source/libcli/util/dom_sid.c 2004-10-29 08:31:27 UTC (rev 
3358)
@@ -23,6 +23,39 @@
 #include includes.h
 
 /*
+  convert a dom_sid to a string
+*/
+char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
+{
+   int i, ofs, maxlen;
+   uint32_t ia;
+   char *ret;
+   
+   if (!sid) {
+   return talloc_strdup(mem_ctx, (NULL SID));
+   }
+
+   maxlen = sid-num_auths * 11 + 25;
+   ret = talloc(mem_ctx, maxlen);
+   if (!ret) return talloc_strdup(mem_ctx, (SID ERR));
+
+   ia = (sid-id_auth[5]) +
+   (sid-id_auth[4]  8 ) +
+   (sid-id_auth[3]  16) +
+   (sid-id_auth[2]  24);
+
+   ofs = snprintf(ret, maxlen, S-%u-%lu, 
+  (uint_t)sid-sid_rev_num, (unsigned long)ia);
+
+   for (i = 0; i  sid-num_auths; i++) {
+   ofs += snprintf(ret + ofs, maxlen - ofs, -%lu, (unsigned 
long)sid-sub_auths[i]);
+   }
+   
+   return ret;
+}
+
+
+/*
   convert a string to a dom_sid, returning a talloc'd dom_sid
 */
 struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
@@ -121,3 +154,27 @@
return ret;
 }
 
+/*
+  add a rid to a domain dom_sid to make a full dom_sid
+*/
+struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, 
+   const struct dom_sid *domain_sid, 
+   uint32_t rid)
+{
+   struct dom_sid *sid;
+
+   sid = talloc_p(mem_ctx, struct dom_sid);
+   if (!sid) return NULL;
+
+   *sid = *domain_sid;
+   /*TODO: use realloc! */
+   sid-sub_auths = talloc_array_p(mem_ctx, uint32_t, sid-num_auths+1);
+   if (!sid-sub_auths) {
+   return NULL;
+   }
+   memcpy(sid-sub_auths, domain_sid-sub_auths, sid-num_auths*sizeof(uint32_t));
+   sid-sub_auths[sid-num_auths] = rid;
+   sid-num_auths++;
+   return sid;
+}
+

Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c  2004-10-29 07:29:26 UTC (rev 
3357)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_sec.c  2004-10-29 08:31:27 UTC (rev 
3358)
@@ -51,39 +51,6 @@
 
 
 /*
-  convert a dom_sid to a string
-*/
-char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
-{
-   int i, ofs, maxlen;
-   uint32_t ia;
-   char *ret;
-   
-   if (!sid) {
-   return talloc_strdup(mem_ctx, (NULL SID));
-   }
-
-   maxlen = sid-num_auths * 11 + 25;
-   ret = talloc(mem_ctx, maxlen);
-   if (!ret) return talloc_strdup(mem_ctx, (SID ERR));
-
-   ia = (sid-id_auth[5]) +
-   (sid-id_auth[4]  8 ) +
-   (sid-id_auth[3]  16) +
-   (sid-id_auth[2]  24);
-
-   ofs = snprintf(ret, maxlen, S-%u-%lu, 
-  (uint_t)sid-sid_rev_num, (unsigned long)ia);
-
-   for (i = 0; i  sid-num_auths; i++) {
-   ofs += snprintf(ret + ofs, maxlen - ofs, -%lu, (unsigned 
long)sid-sub_auths[i]);
-   }
-   
-   return ret;
-}
-
-
-/*
   print a dom_sid
 */
 void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, struct dom_sid *sid)
@@ -106,30 +73,6 @@
 }
 
 /*
-  add a rid to a domain dom_sid to make a full dom_sid
-*/
-struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, 
-   const struct dom_sid *domain_sid, 
-   uint32_t rid)
-{
-   struct dom_sid *sid;
-
-   sid = talloc_p(mem_ctx, struct dom_sid);
-   if (!sid) return NULL;
-
-   *sid = *domain_sid;
-   /*TODO: use realloc! */
-   sid-sub_auths = talloc_array_p(mem_ctx, uint32_t, sid-num_auths+1);
-   if (!sid-sub_auths) {
-   return NULL;
-   }
-   memcpy(sid-sub_auths, domain_sid-sub_auths, sid-num_auths*sizeof(uint32_t));
-   sid-sub_auths[sid-num_auths] = rid;
-   sid-num_auths++;
-   return sid;
-}
-
-/*
   return the wire size of a security_ace
 */
 size_t ndr_size_security_ace(struct security_ace *ace)

svn commit: samba r3359 - in branches/SAMBA_4_0/source/passdb: .

[abartlet]

Author: abartlet
Date: 2004-10-29 08:32:59 + (Fri, 29 Oct 2004)
New Revision: 3359

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3359

Log:
Add magic auto-initialisation hooks here, to match the rest of
secrets.  (Which will, I am assured, go away).

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/passdb/secrets.c


Changeset:
Modified: branches/SAMBA_4_0/source/passdb/secrets.c
===
--- branches/SAMBA_4_0/source/passdb/secrets.c  2004-10-29 08:31:27 UTC (rev 3358)
+++ branches/SAMBA_4_0/source/passdb/secrets.c  2004-10-29 08:32:59 UTC (rev 3359)
@@ -129,6 +129,10 @@
size_t ref_count = *p_ref_count;
int ret = 0;
 
+   secrets_init();
+   if (!tdb)
+   return False;
+
if (ref_count == 0) {
ret = tdb_lock_bystring(tdb-tdb, name, timeout);
if (ret == 0)
@@ -152,6 +156,10 @@
 
SMB_ASSERT(ref_count != 0);
 
+   secrets_init();
+   if (!tdb)
+   return;
+
if (ref_count == 1) {
tdb_unlock_bystring(tdb-tdb, name);
DEBUG(10,(secrets_named_mutex: released mutex for %s\n, name ));

svn commit: samba r3360 - in branches/SAMBA_4_0/source: lib lib/messaging libcli ntvfs/common rpc_server/netlogon smbd

[tridge]

Author: tridge
Date: 2004-10-29 08:38:59 + (Fri, 29 Oct 2004)
New Revision: 3360

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3360

Log:
improved the deletion of tmp files. smbd now puts all tmp files in var/locks/smbd.tmp/
and deletes that dir on startup.


Modified:
   branches/SAMBA_4_0/source/lib/messaging/messaging.c
   branches/SAMBA_4_0/source/lib/util.c
   branches/SAMBA_4_0/source/libcli/unexpected.c
   branches/SAMBA_4_0/source/ntvfs/common/brlock.c
   branches/SAMBA_4_0/source/ntvfs/common/opendb.c
   branches/SAMBA_4_0/source/rpc_server/netlogon/schannel_state.c
   branches/SAMBA_4_0/source/smbd/service.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/messaging/messaging.c
===
--- branches/SAMBA_4_0/source/lib/messaging/messaging.c 2004-10-29 08:32:59 UTC (rev 
3359)
+++ branches/SAMBA_4_0/source/lib/messaging/messaging.c 2004-10-29 08:38:59 UTC (rev 
3360)
@@ -85,7 +85,7 @@
 {
char *name = talloc_asprintf(mem_ctx, messaging/msg.%u, (unsigned)server_id);
char *ret;
-   ret = lock_path(mem_ctx, name);
+   ret = smbd_tmp_path(mem_ctx, name);
talloc_free(name);
return ret;
 }
@@ -449,7 +449,7 @@
}
 
/* create the messaging directory if needed */
-   msg-path = lock_path(msg, messaging);
+   msg-path = smbd_tmp_path(msg, messaging);
mkdir(msg-path, 0700);
talloc_free(msg-path);
 

Modified: branches/SAMBA_4_0/source/lib/util.c
===
--- branches/SAMBA_4_0/source/lib/util.c2004-10-29 08:32:59 UTC (rev 3359)
+++ branches/SAMBA_4_0/source/lib/util.c2004-10-29 08:38:59 UTC (rev 3360)
@@ -702,7 +702,6 @@
 /*
  A useful function for returning a path in the Samba lock directory.
 */  
-
 char *lock_path(TALLOC_CTX* mem_ctx, const char *name)
 {
char *fname, *dname;
@@ -736,6 +735,30 @@
return fname;
 }
 
+/*
+  return a path in the smbd.tmp directory, where all temporary file
+  for smbd go. If NULL is passed for name then return the directory 
+  path itself
+*/
+char *smbd_tmp_path(TALLOC_CTX *mem_ctx, const char *name)
+{
+   char *fname, *dname;
+
+   dname = lock_path(mem_ctx, smbd.tmp);
+   if (!directory_exist(dname,NULL)) {
+   mkdir(dname,0755);
+   }
+
+   if (name == NULL) {
+   return dname;
+   }
+
+   fname = talloc_asprintf(mem_ctx, %s/%s, dname, name);
+   talloc_free(dname);
+
+   return fname;
+}
+
 /**
  * @brief Returns the platform specific shared library extension.
  *

Modified: branches/SAMBA_4_0/source/libcli/unexpected.c
===
--- branches/SAMBA_4_0/source/libcli/unexpected.c   2004-10-29 08:32:59 UTC (rev 
3359)
+++ branches/SAMBA_4_0/source/libcli/unexpected.c   2004-10-29 08:38:59 UTC (rev 
3360)
@@ -44,15 +44,13 @@
struct unexpected_key key;
char buf[1024];
int len=0;
-   TALLOC_CTX *mem_ctx;
 
if (!tdbd) {
-   mem_ctx = talloc_init(receive_unexpected);
-   if (!mem_ctx) return;
-   tdbd = tdb_wrap_open(NULL, lock_path(mem_ctx, unexpected.tdb), 0, 
+   char *path = smbd_tmp_path(NULL, unexpected.tdb);
+   tdbd = tdb_wrap_open(NULL, path, 0, 
 TDB_DEFAULT,
 O_RDWR | O_CREAT, 0644);
-   talloc_destroy(mem_ctx);
+   talloc_free(path);
if (!tdbd) {
return;
}
@@ -150,13 +148,12 @@
 const char *mailslot_name)
 {
struct tdb_wrap *tdb2;
-   TALLOC_CTX *mem_ctx;
+   char *path;
 
-   mem_ctx = talloc_init(receive_unexpected);
-   if (!mem_ctx) return NULL;
-   tdb2 = tdb_wrap_open(mem_ctx, lock_path(mem_ctx, unexpected.tdb), 0, 0, 
O_RDONLY, 0);
+   path = smbd_tmp_path(NULL, unexpected.tdb);
+   tdb2 = tdb_wrap_open(NULL, path, 0, 0, O_RDONLY, 0);
+   talloc_free(path);
if (!tdb2) {
-   talloc_destroy(mem_ctx);
return NULL;
}
 
@@ -167,7 +164,7 @@
 
tdb_traverse(tdb2-tdb, traverse_match, NULL);
 
-   talloc_destroy(mem_ctx);
+   talloc_free(tdb2);
 
return matched_packet;
 }

Modified: branches/SAMBA_4_0/source/ntvfs/common/brlock.c
===
--- branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 08:32:59 UTC (rev 
3359)
+++ branches/SAMBA_4_0/source/ntvfs/common/brlock.c 2004-10-29 08:38:59 UTC (rev 
3360)
@@ -82,10 +82,9 @@
return NULL;
}
 
-   path = lock_path(brl, 

svn commit: samba r3361 - in branches/SAMBA_4_0/source: auth libcli/auth smb_server

[abartlet]

Author: abartlet
Date: 2004-10-29 09:15:41 + (Fri, 29 Oct 2004)
New Revision: 3361

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3361

Log:
Allow Samba4 (I'm interested in ntlm_auth in particular) to use
Samba3's winbind.  This is also the start of domain membership code in
Samba4, as we now (partially) parse the info3, and use it like Samba3
does.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/auth.c
   branches/SAMBA_4_0/source/auth/auth.h
   branches/SAMBA_4_0/source/auth/auth_util.c
   branches/SAMBA_4_0/source/auth/auth_winbind.c
   branches/SAMBA_4_0/source/libcli/auth/gensec_ntlmssp.c
   branches/SAMBA_4_0/source/smb_server/sesssetup.c


Changeset:
Sorry, the patch is too large (404 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3361

svn commit: samba r3362 - in branches/SAMBA_4_0/source/librpc/idl: .

[abartlet]

Author: abartlet
Date: 2004-10-29 09:19:54 + (Fri, 29 Oct 2004)
New Revision: 3362

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3362

Log:
Change netlogon.idl so we can parse the 'info3' seperate from it's surroundings, and 
rename user_id - rid, as it could be a user or group id.

Andrew Bartlett

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/librpc/idl/netlogon.idl


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/netlogon.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/netlogon.idl   2004-10-29 09:15:41 UTC (rev 
3361)
+++ branches/SAMBA_4_0/source/librpc/idl/netlogon.idl   2004-10-29 09:19:54 UTC (rev 
3362)
@@ -134,7 +134,7 @@
} netr_Authenticator;
 
typedef struct {
-   uint32 user_id;
+   uint32 rid;
uint32 attributes;
} netr_GroupMembership;
 
@@ -184,7 +184,7 @@
uint32 attribute;
} netr_SidAttr;
 
-   typedef struct {
+   typedef [public] struct {
netr_SamBaseInfo base;
uint32 sidcount;
[size_is(sidcount)] netr_SidAttr *sids;

svn commit: samba r3363 - in branches/SAMBA_4_0/source: include ntvfs/common ntvfs/posix

[tridge]

Author: tridge
Date: 2004-10-29 09:28:35 + (Fri, 29 Oct 2004)
New Revision: 3363

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3363

Log:
added basic support for SA_RIGHT_FILE_EXECUTE, needed for opening .dll files



Modified:
   branches/SAMBA_4_0/source/include/rpc_secdes.h
   branches/SAMBA_4_0/source/ntvfs/common/opendb.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/rpc_secdes.h
===
--- branches/SAMBA_4_0/source/include/rpc_secdes.h  2004-10-29 09:19:54 UTC (rev 
3362)
+++ branches/SAMBA_4_0/source/include/rpc_secdes.h  2004-10-29 09:28:35 UTC (rev 
3363)
@@ -156,6 +156,7 @@
 #define SA_RIGHT_FILE_DELETE_CHILD 0x0040
 #define SA_RIGHT_FILE_READ_ATTRIBUTES  0x0080
 #define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x0100
+#define SA_RIGHT_FILE_READ_EXEC
(SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
 
 #define SA_RIGHT_FILE_ALL_ACCESS   0x01FF
 

Modified: branches/SAMBA_4_0/source/ntvfs/common/opendb.c
===
--- branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 09:19:54 UTC (rev 
3362)
+++ branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-29 09:28:35 UTC (rev 
3363)
@@ -154,10 +154,14 @@
 
/* if either open involves no read.write or delete access then
   it can't conflict */
-   if (!(e1-access_mask  (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | 
STD_RIGHT_DELETE_ACCESS))) {
+   if (!(e1-access_mask  (SA_RIGHT_FILE_WRITE_DATA | 
+SA_RIGHT_FILE_READ_EXEC | 
+STD_RIGHT_DELETE_ACCESS))) {
return False;
}
-   if (!(e2-access_mask  (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | 
STD_RIGHT_DELETE_ACCESS))) {
+   if (!(e2-access_mask  (SA_RIGHT_FILE_WRITE_DATA | 
+SA_RIGHT_FILE_READ_EXEC | 
+STD_RIGHT_DELETE_ACCESS))) {
return False;
}
 
@@ -165,11 +169,19 @@
CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_WRITE_DATA, 
NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e2-access_mask, e1-share_access, SA_RIGHT_FILE_WRITE_DATA, 
NTCREATEX_SHARE_ACCESS_WRITE);
 
-   CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_READ_DATA, 
NTCREATEX_SHARE_ACCESS_READ);
-   CHECK_MASK(e2-access_mask, e1-share_access, SA_RIGHT_FILE_READ_DATA, 
NTCREATEX_SHARE_ACCESS_READ);
+   CHECK_MASK(e1-access_mask, e2-share_access, 
+  SA_RIGHT_FILE_READ_EXEC, 
+  NTCREATEX_SHARE_ACCESS_READ);
+   CHECK_MASK(e2-access_mask, e1-share_access, 
+  SA_RIGHT_FILE_READ_EXEC, 
+  NTCREATEX_SHARE_ACCESS_READ);
 
-   CHECK_MASK(e1-access_mask, e2-share_access, STD_RIGHT_DELETE_ACCESS, 
NTCREATEX_SHARE_ACCESS_DELETE);
-   CHECK_MASK(e2-access_mask, e1-share_access, STD_RIGHT_DELETE_ACCESS, 
NTCREATEX_SHARE_ACCESS_DELETE);
+   CHECK_MASK(e1-access_mask, e2-share_access, 
+  STD_RIGHT_DELETE_ACCESS, 
+  NTCREATEX_SHARE_ACCESS_DELETE);
+   CHECK_MASK(e2-access_mask, e1-share_access, 
+  STD_RIGHT_DELETE_ACCESS, 
+  NTCREATEX_SHARE_ACCESS_DELETE);
 
/* if a delete is pending then a second open is not allowed */
if ((e1-create_options  NTCREATEX_OPTIONS_DELETE_ON_CLOSE) ||

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c   2004-10-29 09:19:54 UTC (rev 
3362)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c   2004-10-29 09:28:35 UTC (rev 
3363)
@@ -289,16 +289,13 @@
access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
}
 
-   switch (access_mask  (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) {
-   case SA_RIGHT_FILE_READ_DATA:
-   flags = O_RDONLY;
-   break;
-   case SA_RIGHT_FILE_WRITE_DATA:
-   flags = O_WRONLY;
-   break;
-   case SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_READ_DATA:
+   if ((access_mask  SA_RIGHT_FILE_READ_EXEC) 
+   (access_mask  SA_RIGHT_FILE_WRITE_DATA)) {
flags = O_RDWR;
-   break;
+   } else if (access_mask  SA_RIGHT_FILE_WRITE_DATA) {
+   flags = O_WRONLY;
+   } else {
+   flags = O_RDONLY;
}
 
f = talloc_p(req, struct pvfs_file);
@@ -493,16 +490,13 @@
return NT_STATUS_INVALID_PARAMETER;
}
 
-   switch (access_mask  (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) {
-   case SA_RIGHT_FILE_READ_DATA:
- 

svn commit: samba r3364 - in branches/SAMBA_4_0/source/rpc_server/netlogon: .

[abartlet]

Author: abartlet
Date: 2004-10-29 09:57:31 + (Fri, 29 Oct 2004)
New Revision: 3364

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3364

Log:
Add parameter to fix the compile.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
===
--- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2004-10-29 
09:28:35 UTC (rev 3363)
+++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2004-10-29 
09:57:31 UTC (rev 3364)
@@ -541,6 +541,7 @@
 
nt_status = auth_context-check_ntlm_password(auth_context,
  user_info, 
+ mem_ctx,
  server_info);
 
if (!NT_STATUS_IS_OK(nt_status)) {

svn commit: samba r3365 - in branches/SAMBA_4_0/source/libcli/auth: .

[abartlet]

Author: abartlet
Date: 2004-10-29 09:58:23 + (Fri, 29 Oct 2004)
New Revision: 3365

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3365

Log:
Fill in the user and primary group SIDs into the 'server info' before
the session info.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c
===
--- branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c 2004-10-29 09:57:31 UTC (rev 
3364)
+++ branches/SAMBA_4_0/source/libcli/auth/gensec_krb5.c 2004-10-29 09:58:23 UTC (rev 
3365)
@@ -616,8 +616,8 @@
 
*session_info_out = NULL;
 
-   /* IF we have the PAC - otherwise (TODO) we need to get this
-* data from elsewere - local ldb, or lookup of some
+   /* IF we have the PAC - otherwise we need to get this
+* data from elsewere - local ldb, or (TODO) lookup of some
 * kind... */
 
principal = talloc_strdup(gensec_krb5_state, 
gensec_krb5_state-peer_principal);
@@ -666,14 +666,17 @@
}


-   sid = dom_sid_dup(session_info, logon_info-dom_sid);
-   ptoken-user_sids[0] = dom_sid_add_rid(session_info, sid, 
logon_info-user_rid);
+   sid = dom_sid_dup(server_info, logon_info-dom_sid);
+   server_info-user_sid = dom_sid_add_rid(server_info, sid, 
logon_info-user_rid);
+   sid = dom_sid_dup(server_info, logon_info-dom_sid);
+   server_info-primary_group_sid = dom_sid_add_rid(server_info, sid, 
logon_info-group_rid);
+
+   ptoken-user_sids[0] = talloc_reference(session_info, 
server_info-user_sid);
ptoken-num_sids++;
-   sid = dom_sid_dup(session_info, logon_info-dom_sid);
-   ptoken-user_sids[1] = dom_sid_add_rid(session_info, sid, 
logon_info-group_rid);
+   ptoken-user_sids[1] = talloc_reference(session_info, 
server_info-primary_group_sid);
ptoken-num_sids++;
-   
-   for (;ptoken-num_sids  logon_info-groups_count; ptoken-num_sids++) 
{
+
+   for (;ptoken-num_sids  (logon_info-groups_count + 2); 
ptoken-num_sids++) {
sid = dom_sid_dup(session_info, logon_info-dom_sid);
ptoken-user_sids[ptoken-num_sids]
= dom_sid_add_rid(session_info, sid, 

svn commit: samba r3367 - in branches/SAMBA_4_0/source: lib/registry/common lib/registry/reg_backend_ldb lib/registry/reg_backend_rpc rpc_server/winreg

[jelmer]

Author: jelmer
Date: 2004-10-29 11:44:59 + (Fri, 29 Oct 2004)
New Revision: 3367

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3367

Log:
More registry updates. 
Add support flush_key and close_hive.

Modified:
   branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c
   branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c
   branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c
   branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c
===
--- branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c   2004-10-29 
11:39:08 UTC (rev 3366)
+++ branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c   2004-10-29 
11:44:59 UTC (rev 3367)
@@ -157,6 +157,19 @@
return WERR_OK;
 }
 
+WERROR reg_close (struct registry_context *ctx)
+{
+   int i;
+   for (i = 0; i  ctx-num_hives; i++) {
+   if (ctx-hives[i]-functions-close_hive) {
+   ctx-hives[i]-functions-close_hive(ctx-hives[i]);
+   }
+   }
+   talloc_destroy(ctx);
+
+   return WERR_OK;
+}
+
 /* Open a registry file/host/etc */
 WERROR reg_import_hive(struct registry_context *h, const char *backend, const char 
*location, const char *credentials, const char *hivename)
 {
@@ -367,7 +380,8 @@
 
if(key-hive-functions-get_subkey_by_name) {
error = key-hive-functions-get_subkey_by_name(mem_ctx, 
key,name,subkey);
-   /* FIXME: Fall back to reg_open_key rather then get_subkey_by_index */
+   } else if(key-hive-functions-open_key) {
+   error = key-hive-functions-open_key(mem_ctx, key-hive, 
talloc_asprintf(mem_ctx, %s\\%s, key-path, name), subkey);
} else if(key-hive-functions-get_subkey_by_index) {
for(i = 0; W_ERROR_IS_OK(error); i++) {
error = reg_key_get_subkey_by_index(mem_ctx, key, i, subkey);
@@ -589,9 +603,8 @@
return ret;
 }
 
-WERROR reg_save(struct registry_context *h, const char *location)
+WERROR reg_save (struct registry_context *ctx, const char *location)
 {
-   /* FIXME */ 
return WERR_NOT_SUPPORTED;
 }
 
@@ -615,3 +628,17 @@
SAFE_FREE(parent_name);
return error;
 }
+
+WERROR reg_key_flush(struct registry_key *key)
+{
+   if (!key) {
+   return WERR_INVALID_PARAM;
+   }
+   
+   if (key-hive-functions-flush_key) {
+   return key-hive-functions-flush_key(key);
+   }
+   
+   /* No need for flushing, apparently */
+   return WERR_OK;
+}

Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c
===
--- branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c
2004-10-29 11:39:08 UTC (rev 3366)
+++ branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb/reg_backend_ldb.c
2004-10-29 11:44:59 UTC (rev 3367)
@@ -194,11 +194,18 @@
return WERR_OK;
 }
 
+static WERROR ldb_close_hive (struct registry_hive *hive)
+{
+   ldb_close (hive-backend_data);
+   return WERR_OK;
+}
+
 static struct registry_operations reg_backend_ldb = {
.name = ldb,
.add_key = ldb_add_key,
.del_key = ldb_del_key,
.open_hive = ldb_open_hive,
+   .close_hive = ldb_close_hive,
.open_key = ldb_open_key,
.get_value_by_index = ldb_get_value_by_id,
.get_subkey_by_index = ldb_get_subkey_by_id,

Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c
===
--- branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c
2004-10-29 11:39:08 UTC (rev 3366)
+++ branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc/reg_backend_rpc.c
2004-10-29 11:44:59 UTC (rev 3367)
@@ -97,6 +97,12 @@
return WERR_OK;
 }
 
+static WERROR rpc_close_hive (struct registry_hive *h)
+{
+   dcerpc_pipe_close(h-backend_data);
+   return WERR_OK;
+}
+
 static WERROR rpc_open_hive(TALLOC_CTX *mem_ctx, struct registry_hive *h, struct 
registry_key **k)
 {
NTSTATUS status;
@@ -373,6 +379,7 @@
 static struct registry_operations reg_backend_rpc = {
.name = rpc,
.open_hive = rpc_open_hive,
+   .close_hive = rpc_close_hive,
.open_key = rpc_open_key,
.get_subkey_by_index = rpc_get_subkey_by_index,
.get_value_by_index = rpc_get_value_by_index,

Modified: branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c
===
--- branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2004-10-29 11:39:08 
UTC (rev 3366)
+++ branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2004-10-29 11:44:59 
UTC (rev 

Re: svn commit: lorikeet r116 - in trunk/samba4-ad-thesis: .

[Jim McDonough]

Andrew Bartlett wrote:
- Death to dashes.

Woohoo!


Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

[EMAIL PROTECTED] 
[EMAIL PROTECTED]

Phone: (207) 885-5565
IBM tie-line: 776-9984

svn commit: samba r3369 - in branches/SAMBA_4_0/source: include lib/registry/common rpc_server/winreg

[jelmer]

Author: jelmer
Date: 2004-10-29 13:38:37 + (Fri, 29 Oct 2004)
New Revision: 3369

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3369

Log:
More registry updates
We now pass the RPC-WINREG torture test. 
Also, constructions like the following work now:

regtree - smbd - NTUSER.DAT

Modified:
   branches/SAMBA_4_0/source/include/registry.h
   branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c
   branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/registry.h
===
--- branches/SAMBA_4_0/source/include/registry.h2004-10-29 12:12:24 UTC (rev 
3368)
+++ branches/SAMBA_4_0/source/include/registry.h2004-10-29 13:38:37 UTC (rev 
3369)
@@ -73,7 +73,7 @@
 
 struct registry_value {
   char *name;
-  int data_type;
+  unsigned int data_type;
   int data_len;
   void *data_blk;/* Might want a separate block */
   struct registry_hive *hive;
@@ -104,6 +104,7 @@

/* Implement this one */
WERROR (*open_hive) (TALLOC_CTX *, struct registry_hive *, struct registry_key 
**);
+   WERROR (*close_hive) (struct registry_hive *);
 
/* Or this one */
WERROR (*open_key) (TALLOC_CTX *, struct registry_hive *, const char *name, 
struct registry_key **);
@@ -131,6 +132,7 @@
/* Key management */
WERROR (*add_key)(TALLOC_CTX *, struct registry_key *, const char *name, 
uint32_t access_mask, SEC_DESC *, struct registry_key **);
WERROR (*del_key)(struct registry_key *);
+   WERROR (*flush_key) (struct registry_key *);
 
/* Value management */
WERROR (*set_value)(struct registry_key *, const char *name, int type, void 
*data, int len); 

Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c
===
--- branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c   2004-10-29 
12:12:24 UTC (rev 3368)
+++ branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c   2004-10-29 
13:38:37 UTC (rev 3369)
@@ -340,7 +340,7 @@
talloc_destroy(mem_ctx);
 
*count = i;
-   if(W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) return WERR_OK;
+   if(W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) error = WERR_OK;
return error;
}
 
@@ -351,8 +351,26 @@
 {

if(!key) return WERR_INVALID_PARAM;
-   
-   return key-hive-functions-num_values(key, count);
+
+   if (key-hive-functions-num_values) {
+   return key-hive-functions-num_values(key, count);
+   }
+
+   if(key-hive-functions-get_value_by_index) {
+   int i;
+   WERROR error;
+   struct registry_value *dest;
+   TALLOC_CTX *mem_ctx = talloc_init(num_subkeys);
+   
+   for(i = 0; W_ERROR_IS_OK(error = 
key-hive-functions-get_value_by_index(mem_ctx, key, i, dest)); i++);
+   talloc_destroy(mem_ctx);
+
+   *count = i;
+   if(W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) error = WERR_OK;
+   return error;
+   }
+
+   return WERR_NOT_SUPPORTED;
 }
 
 WERROR reg_key_get_subkey_by_index(TALLOC_CTX *mem_ctx, struct registry_key *key, int 
idx, struct registry_key **subkey)
@@ -646,3 +664,55 @@
/* No need for flushing, apparently */
return WERR_OK;
 }
+
+WERROR reg_key_subkeysizes(struct registry_key *key, uint32 *max_subkeylen, uint32 
*max_subkeysize)
+{
+   int i = 0; 
+   struct registry_key *subkey;
+   WERROR error;
+   TALLOC_CTX *mem_ctx = talloc_init(subkeysize);
+
+   *max_subkeylen = *max_subkeysize = 0;
+
+   do {
+   error = reg_key_get_subkey_by_index(mem_ctx, key, i, subkey);
+
+   if (W_ERROR_IS_OK(error)) {
+   *max_subkeysize = MAX(*max_subkeysize, 0xFF);
+   *max_subkeylen = MAX(*max_subkeylen, strlen(subkey-name));
+   }
+
+   i++;
+   } while (W_ERROR_IS_OK(error));
+
+   talloc_destroy(mem_ctx);
+
+   return WERR_OK;
+}
+
+WERROR reg_key_valuesizes(struct registry_key *key, uint32 *max_valnamelen, uint32 
*max_valbufsize)
+{
+   int i = 0; 
+   struct registry_value *value;
+   WERROR error;
+   TALLOC_CTX *mem_ctx = talloc_init(subkeysize);
+
+   *max_valnamelen = *max_valbufsize = 0;
+
+   do {
+   error = reg_key_get_value_by_index(mem_ctx, key, i, value);
+
+   if (W_ERROR_IS_OK(error)) {
+   if (value-name) {
+   *max_valnamelen = MAX(*max_valnamelen, 
strlen(value-name));
+   }
+   *max_valbufsize = MAX(*max_valbufsize, value-data_len);
+   }
+
+   i++;
+   } while (W_ERROR_IS_OK(error));
+
+

svn commit: samba r3370 - in branches/SAMBA_4_0/source: gtk/tools lib/registry/tools

[jelmer]

Author: jelmer
Date: 2004-10-29 14:53:23 + (Fri, 29 Oct 2004)
New Revision: 3370

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3370

Log:
Initial work on Add Key/Delete Key/Add Value/Mod Value/Del Value support in 
gregedit

Modified:
   branches/SAMBA_4_0/source/gtk/tools/gregedit.c
   branches/SAMBA_4_0/source/lib/registry/tools/regdiff.c


Changeset:
Sorry, the patch is too large (372 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3370

svn commit: samba r3372 - in branches/SAMBA_4_0/source/ntvfs/posix: .

[tridge]

Author: tridge
Date: 2004-10-29 21:51:36 + (Fri, 29 Oct 2004)
New Revision: 3372

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3372

Log:
fixed the initial directory permissions for pvfs_mkdir()

Modified:
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c  2004-10-29 21:51:00 UTC (rev 
3371)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c  2004-10-29 21:51:36 UTC (rev 
3372)
@@ -32,6 +32,7 @@
struct pvfs_state *pvfs = ntvfs-private_data;
NTSTATUS status;
struct pvfs_filename *name;
+   mode_t mode;
 
if (md-generic.level != RAW_MKDIR_MKDIR) {
return NT_STATUS_INVALID_LEVEL;
@@ -48,10 +49,9 @@
return NT_STATUS_OBJECT_NAME_COLLISION;
}
 
-   /* TODO: this is a temporary implementation to allow other
-  tests to run */
+   mode = pvfs_fileperms(pvfs, FILE_ATTRIBUTE_DIRECTORY);
 
-   if (mkdir(name-full_name, 0777) == -1) {
+   if (mkdir(name-full_name, mode) == -1) {
return pvfs_map_errno(pvfs, errno);
}
 

svn commit: samba r3373 - in branches/SAMBA_4_0/source/ntvfs/posix: .

[tridge]

Author: tridge
Date: 2004-10-29 21:52:49 + (Fri, 29 Oct 2004)
New Revision: 3373

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3373

Log:
added better error reporting in pvfs_open


Modified:
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c   2004-10-29 21:51:36 UTC (rev 
3372)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c   2004-10-29 21:52:49 UTC (rev 
3373)
@@ -27,8 +27,8 @@
   create file handles with convenient numbers for sniffers
 */
 #define PVFS_MIN_FILE_FNUM 0x100
-#define PVFS_MIN_NEW_FNUM 0x200
-#define PVFS_MIN_DIR_FNUM 0x1000
+#define PVFS_MIN_NEW_FNUM  0x200
+#define PVFS_MIN_DIR_FNUM  0x300
 
 /*
   find open file handle given fnum
@@ -64,8 +64,8 @@
 
if (f-create_options  NTCREATEX_OPTIONS_DELETE_ON_CLOSE) {
if (rmdir(f-name-full_name) != 0) {
-   DEBUG(0,(pvfs_close: failed to rmdir '%s'\n, 
-f-name-full_name));
+   DEBUG(0,(pvfs_close: failed to rmdir '%s' - %s\n, 
+f-name-full_name, strerror(errno)));
}
}
 
@@ -214,8 +214,8 @@
 
if (f-create_options  NTCREATEX_OPTIONS_DELETE_ON_CLOSE) {
if (unlink(f-name-full_name) != 0) {
-   DEBUG(0,(pvfs_close: failed to delete '%s'\n, 
-f-name-full_name));
+   DEBUG(0,(pvfs_close: failed to delete '%s' - %s\n, 
+f-name-full_name, strerror(errno)));
}
}
 

svn commit: samba r3374 - in branches/SAMBA_4_0/source: gtk/tools lib/registry/common

[jelmer]

Author: jelmer
Date: 2004-10-29 21:53:42 + (Fri, 29 Oct 2004)
New Revision: 3374

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3374

Log:
Couple of bug fixes

Modified:
   branches/SAMBA_4_0/source/gtk/tools/gregedit.c
   branches/SAMBA_4_0/source/lib/registry/common/reg_interface.c


Changeset:
Modified: branches/SAMBA_4_0/source/gtk/tools/gregedit.c
===
--- branches/SAMBA_4_0/source/gtk/tools/gregedit.c  2004-10-29 21:52:49 UTC (rev 
3373)
+++ branches/SAMBA_4_0/source/gtk/tools/gregedit.c  2004-10-29 21:53:42 UTC (rev 
3374)
@@ -28,6 +28,7 @@
 GtkListStore *store_vals;
 GtkWidget *tree_keys;
 GtkWidget *mainwin;
+GtkWidget *mnu_add_key, *mnu_add_value, *mnu_del_key, *mnu_del_value, *mnu_find;
 TALLOC_CTX *mem_ctx; /* FIXME: Split up */
 
 GtkWidget *save;
@@ -438,19 +439,28 @@
 static void on_add_key_activate (GtkMenuItem *menuitem,

gpointer user_data)
 {
+GtkDialog *addwin = GTK_DIALOG(create_NewKeyDialog());
+gtk_dialog_run(addwin);
/* FIXME */
+gtk_widget_destroy(GTK_WIDGET(addwin));
 }
 
 static void on_add_value_activate (GtkMenuItem *menuitem,

gpointer user_data)
 {
+GtkDialog *addwin = GTK_DIALOG(create_SetValueDialog());
+gtk_dialog_run(addwin);
/* FIXME */
+gtk_widget_destroy(GTK_WIDGET(addwin));
 }
 
 static void on_find_activate (GtkMenuItem *menuitem,

gpointer user_data)
 {
+GtkDialog *findwin = GTK_DIALOG(create_FindDialog());
+gtk_dialog_run(findwin);
/* FIXME */
+gtk_widget_destroy(GTK_WIDGET(findwin));
 }
 
 static void on_about_activate  (GtkMenuItem *menuitem,
@@ -472,8 +482,15 @@
struct registry_value *val;
WERROR error;
GtkTreeIter parent;
-   if(path_currently_selected)return TRUE;
 
+   gtk_widget_set_sensitive(mnu_add_key, !path_currently_selected);
+   gtk_widget_set_sensitive(mnu_add_value, !path_currently_selected);
+   gtk_widget_set_sensitive(mnu_del_key, !path_currently_selected);
+   gtk_widget_set_sensitive(mnu_del_value, !path_currently_selected);
+   gtk_widget_set_sensitive(mnu_find, !path_currently_selected);
+
+   if(path_currently_selected) { return TRUE; }
+
gtk_tree_model_get_iter(GTK_TREE_MODEL(store_keys), parent, path);
gtk_tree_model_get(GTK_TREE_MODEL(store_keys), parent, 1, k, -1);
 
@@ -519,9 +536,6 @@
GtkWidget *quit;
GtkWidget *men_key;
GtkWidget *men_key_menu;
-   GtkWidget *delete;
-   GtkWidget *find;
-   GtkWidget *add_key, *add_value;
GtkCellRenderer *renderer;
GtkTreeViewColumn *curcol;
GtkWidget *help;
@@ -618,25 +632,32 @@
men_key_menu = gtk_menu_new ();
gtk_menu_item_set_submenu (GTK_MENU_ITEM (men_key), men_key_menu);
 
-   add_key = gtk_image_menu_item_new_with_mnemonic(Add _Subkey);
-   gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (add_key), 
gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU));
+   mnu_add_key = gtk_image_menu_item_new_with_mnemonic(Add _Subkey);
+   gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (mnu_add_key), 
gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU));
 
-   gtk_widget_set_sensitive(add_key, False);
-   gtk_container_add (GTK_CONTAINER (men_key_menu), add_key);
+   gtk_widget_set_sensitive(mnu_add_key, False);
+   gtk_container_add (GTK_CONTAINER (men_key_menu), mnu_add_key);
 
-   add_value = gtk_image_menu_item_new_with_mnemonic(Add _Value);
-   gtk_widget_set_sensitive(add_value, False);
-   gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (add_value), 
gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU));
-   gtk_container_add (GTK_CONTAINER (men_key_menu), add_value);
+   mnu_add_value = gtk_image_menu_item_new_with_mnemonic(Add _Value);
+   gtk_widget_set_sensitive(mnu_add_value, False);
+   gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (mnu_add_value), 
gtk_image_new_from_stock (gtk-add, GTK_ICON_SIZE_MENU));
+   gtk_container_add (GTK_CONTAINER (men_key_menu), mnu_add_value);
 
-   find = gtk_image_menu_item_new_from_stock (gtk-find, accel_group);
-   gtk_widget_set_sensitive(find, False);
-   gtk_container_add (GTK_CONTAINER (men_key_menu), find);
+   mnu_find = gtk_image_menu_item_new_from_stock (gtk-find, accel_group);
+   gtk_widget_set_sensitive(mnu_find, False);
+   gtk_container_add (GTK_CONTAINER (men_key_menu), mnu_find);
 
-   delete = gtk_image_menu_item_new_from_stock (gtk-delete, 

svn commit: samba r3375 - in branches/SAMBA_4_0/source/param: .

[tridge]

Author: tridge
Date: 2004-10-29 21:55:06 + (Fri, 29 Oct 2004)
New Revision: 3375

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3375

Log:
changed the default max xmit until I fix a problem with the SMBtrans multi-part code 
A higher max xmit avoids multi-part trans requests




Modified:
   branches/SAMBA_4_0/source/param/loadparm.c


Changeset:
Modified: branches/SAMBA_4_0/source/param/loadparm.c
===
--- branches/SAMBA_4_0/source/param/loadparm.c  2004-10-29 21:53:42 UTC (rev 3374)
+++ branches/SAMBA_4_0/source/param/loadparm.c  2004-10-29 21:55:06 UTC (rev 3375)
@@ -939,7 +939,7 @@
do_parameter(load printers, True);
 
do_parameter(max mux, 50);
-   do_parameter(max xmit, 4356);
+   do_parameter(max xmit, 65535);
do_parameter(lpqcachetime, 10);
do_parameter(DisableSpoolss, False);
do_parameter(password level, 0);

svn commit: samba r3376 - in trunk/source: include libads libsmb utils

[jra]

Author: jra
Date: 2004-10-29 22:38:05 + (Fri, 29 Oct 2004)
New Revision: 3376

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3376

Log:
Merge in first part of modified patch from Nalin Dahyabhai [EMAIL PROTECTED]
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.

Modified:
   trunk/source/include/secrets.h
   trunk/source/libads/kerberos.c
   trunk/source/libads/krb5_setpw.c
   trunk/source/libsmb/cliconnect.c
   trunk/source/libsmb/clikrb5.c
   trunk/source/utils/ntlm_auth.c


Changeset:
Sorry, the patch is too large (767 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3376

svn commit: samba r3377 - in branches/SAMBA_3_0/source: include libads libsmb utils

[jra]

Author: jra
Date: 2004-10-29 22:38:10 + (Fri, 29 Oct 2004)
New Revision: 3377

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3377

Log:
Merge in first part of modified patch from Nalin Dahyabhai [EMAIL PROTECTED]
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/include/secrets.h
   branches/SAMBA_3_0/source/libads/kerberos.c
   branches/SAMBA_3_0/source/libads/krb5_setpw.c
   branches/SAMBA_3_0/source/libsmb/cliconnect.c
   branches/SAMBA_3_0/source/libsmb/clikrb5.c
   branches/SAMBA_3_0/source/utils/ntlm_auth.c


Changeset:
Sorry, the patch is too large (767 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3377

svn commit: samba r3378 - in trunk/source: libads libsmb

[jra]

Author: jra
Date: 2004-10-30 00:34:50 + (Sat, 30 Oct 2004)
New Revision: 3378

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3378

Log:
More merging of kerberos keytab and salting fixes from Nalin Dahyabhai [EMAIL 
PROTECTED]
(bugid #1717).
Jeremy.

Modified:
   trunk/source/libads/kerberos.c
   trunk/source/libads/kerberos_keytab.c
   trunk/source/libsmb/clikrb5.c


Changeset:
Modified: trunk/source/libads/kerberos.c
===
--- trunk/source/libads/kerberos.c  2004-10-29 22:38:10 UTC (rev 3377)
+++ trunk/source/libads/kerberos.c  2004-10-30 00:34:50 UTC (rev 3378)
@@ -608,7 +608,18 @@
char *service_principal)
 {
int i;
+   BOOL free_ccache = False;
 
+   if (ccache == NULL) {
+   krb5_error_code ret;
+   if ((ret = krb5_cc_resolve(context, LIBADS_CCACHE_NAME, ccache)) != 
0) {
+   DEBUG(0, (kerberos_derive_salting_principal: krb5_cc_resolve 
for %s failed: %s\n, 
+   LIBADS_CCACHE_NAME, error_message(ret)));
+   return;
+   }
+   free_ccache = True;
+   }
+
/* Try for each enctype separately, because the rules are
 * different for different enctypes. */
for (i = 0; enctypes[i] != 0; i++) {
@@ -629,6 +640,10 @@
enctypes[i],
enctypes);
}
+
+   if (free_ccache  ccache) {
+   krb5_cc_close(context, ccache);
+   }
 }
 
 /

Modified: trunk/source/libads/kerberos_keytab.c
===
--- trunk/source/libads/kerberos_keytab.c   2004-10-29 22:38:10 UTC (rev 3377)
+++ trunk/source/libads/kerberos_keytab.c   2004-10-30 00:34:50 UTC (rev 3378)
@@ -102,8 +102,35 @@
/* Construct our principal */
name_to_fqdn(my_fqdn, global_myname());
strlower_m(my_fqdn);
-   asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, lp_realm());
 
+   if (strchr_m(srvPrinc, '@')) {
+   /* It's a fully-named principal. */
+   asprintf(princ_s, %s, srvPrinc);
+   } else if (srvPrinc[strlen(srvPrinc)-1] == '$') {
+   /* It's the machine account, as used by smbclient clients. */
+   asprintf(princ_s, [EMAIL PROTECTED], srvPrinc, lp_realm());
+   } else {
+   /* It's a normal service principal.  Add the SPN now so that we
+* can obtain credentials for it and double-check the salt value
+* used to generate the service's keys. */
+   asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, 
lp_realm());
+   /* Update the directory with the SPN */
+   DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, 
princ_s));
+   if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), 
srvPrinc))) {
+   DEBUG(1,(ads_keytab_add_entry: ads_add_service_principal_name 
failed.\n));
+   goto out;
+   }
+   }
+
+   ret = get_kerberos_allowed_etypes(context,enctypes);
+   if (ret) {
+   DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed 
(%s)\n,error_message(ret)));
+   goto out;
+   }
+
+   /* Guess at how the KDC is salting keys for this principal. */
+   kerberos_derive_salting_principal(context, NULL, enctypes, princ_s);
+
ret = krb5_parse_name(context, princ_s, princ);
if (ret) {
DEBUG(1,(ads_keytab_add_entry: krb5_parse_name(%s) failed (%s)\n, 
princ_s, error_message(ret)));
@@ -202,12 +229,6 @@
 
/* If we get here, we have deleted all the old entries with kvno's not equal 
to the current kvno-1. */
 
-   ret = get_kerberos_allowed_etypes(context,enctypes);
-   if (ret) {
-   DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed 
(%s)\n,error_message(ret)));
-   goto out;
-   }
-
/* Now add keytab entries for all encryption types */
for (i = 0; enctypes[i]; i++) {
krb5_keyblock *keyp;
@@ -242,13 +263,6 @@
krb5_kt_close(context, keytab);
keytab = NULL; /* Done with keytab now. No double free. */
 
-   /* Update the LDAP with the SPN */
-   DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, princ_s));
-   if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), 
srvPrinc))) {
-   DEBUG(1,(ads_keytab_add_entry: ads_add_service_principcal_name 
failed.\n));
-   goto out;
-   }
-
 out:
 
SAFE_FREE(principal);
@@ -412,8 +426,9 @@
krb5_kt_cursor 

svn commit: samba r3379 - in branches/SAMBA_3_0/source: libads libsmb

[jra]

Author: jra
Date: 2004-10-30 00:34:58 + (Sat, 30 Oct 2004)
New Revision: 3379

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3379

Log:
More merging of kerberos keytab and salting fixes from Nalin Dahyabhai [EMAIL 
PROTECTED]
(bugid #1717).
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libads/kerberos.c
   branches/SAMBA_3_0/source/libads/kerberos_keytab.c
   branches/SAMBA_3_0/source/libsmb/clikrb5.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/kerberos.c
===
--- branches/SAMBA_3_0/source/libads/kerberos.c 2004-10-30 00:34:50 UTC (rev 3378)
+++ branches/SAMBA_3_0/source/libads/kerberos.c 2004-10-30 00:34:58 UTC (rev 3379)
@@ -608,7 +608,18 @@
char *service_principal)
 {
int i;
+   BOOL free_ccache = False;
 
+   if (ccache == NULL) {
+   krb5_error_code ret;
+   if ((ret = krb5_cc_resolve(context, LIBADS_CCACHE_NAME, ccache)) != 
0) {
+   DEBUG(0, (kerberos_derive_salting_principal: krb5_cc_resolve 
for %s failed: %s\n, 
+   LIBADS_CCACHE_NAME, error_message(ret)));
+   return;
+   }
+   free_ccache = True;
+   }
+
/* Try for each enctype separately, because the rules are
 * different for different enctypes. */
for (i = 0; enctypes[i] != 0; i++) {
@@ -629,6 +640,10 @@
enctypes[i],
enctypes);
}
+
+   if (free_ccache  ccache) {
+   krb5_cc_close(context, ccache);
+   }
 }
 
 /

Modified: branches/SAMBA_3_0/source/libads/kerberos_keytab.c
===
--- branches/SAMBA_3_0/source/libads/kerberos_keytab.c  2004-10-30 00:34:50 UTC (rev 
3378)
+++ branches/SAMBA_3_0/source/libads/kerberos_keytab.c  2004-10-30 00:34:58 UTC (rev 
3379)
@@ -101,8 +101,35 @@
/* Construct our principal */
name_to_fqdn(my_fqdn, global_myname());
strlower_m(my_fqdn);
-   asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, lp_realm());
 
+   if (strchr_m(srvPrinc, '@')) {
+   /* It's a fully-named principal. */
+   asprintf(princ_s, %s, srvPrinc);
+   } else if (srvPrinc[strlen(srvPrinc)-1] == '$') {
+   /* It's the machine account, as used by smbclient clients. */
+   asprintf(princ_s, [EMAIL PROTECTED], srvPrinc, lp_realm());
+   } else {
+   /* It's a normal service principal.  Add the SPN now so that we
+* can obtain credentials for it and double-check the salt value
+* used to generate the service's keys. */
+   asprintf(princ_s, %s/[EMAIL PROTECTED], srvPrinc, my_fqdn, 
lp_realm());
+   /* Update the directory with the SPN */
+   DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, 
princ_s));
+   if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), 
srvPrinc))) {
+   DEBUG(1,(ads_keytab_add_entry: ads_add_service_principal_name 
failed.\n));
+   goto out;
+   }
+   }
+
+   ret = get_kerberos_allowed_etypes(context,enctypes);
+   if (ret) {
+   DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed 
(%s)\n,error_message(ret)));
+   goto out;
+   }
+
+   /* Guess at how the KDC is salting keys for this principal. */
+   kerberos_derive_salting_principal(context, NULL, enctypes, princ_s);
+
ret = krb5_parse_name(context, princ_s, princ);
if (ret) {
DEBUG(1,(ads_keytab_add_entry: krb5_parse_name(%s) failed (%s)\n, 
princ_s, error_message(ret)));
@@ -201,12 +228,6 @@
 
/* If we get here, we have deleted all the old entries with kvno's not equal 
to the current kvno-1. */
 
-   ret = get_kerberos_allowed_etypes(context,enctypes);
-   if (ret) {
-   DEBUG(1,(ads_keytab_add_entry: get_kerberos_allowed_etypes failed 
(%s)\n,error_message(ret)));
-   goto out;
-   }
-
/* Now add keytab entries for all encryption types */
for (i = 0; enctypes[i]; i++) {
krb5_keyblock *keyp;
@@ -241,13 +262,6 @@
krb5_kt_close(context, keytab);
keytab = NULL; /* Done with keytab now. No double free. */
 
-   /* Update the LDAP with the SPN */
-   DEBUG(3,(ads_keytab_add_entry: Attempting to add/update '%s'\n, princ_s));
-   if (!ADS_ERR_OK(ads_add_service_principal_name(ads, global_myname(), 
srvPrinc))) {
-   DEBUG(1,(ads_keytab_add_entry: ads_add_service_principcal_name 
failed.\n));
-   goto out;

svn commit: samba r3380 - in branches/SAMBA_4_0/source: include libcli/raw param smb_server

[tridge]

Author: tridge
Date: 2004-10-30 01:22:52 + (Sat, 30 Oct 2004)
New Revision: 3380

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3380

Log:
- changed the default behaviour of server signing. We now have a default
  setting of server signing = auto, which means to offer signing
  only if we have domain logons enabled (ie. we are a DC). This is a
  better match for what windows clients want, as unfortunately windows
  clients always use signing if it is offered, and when they use signing
  they not only go slower because of the signing itself, they also
  disable large readx/writex support, so they end up sending very small
  IOs for.

- changed the default max xmit again, this time matching longhorn,
  which uses 12288. That seems to be a fairly good compromise value.

Modified:
   branches/SAMBA_4_0/source/include/smb.h
   branches/SAMBA_4_0/source/libcli/raw/smb_signing.c
   branches/SAMBA_4_0/source/param/loadparm.c
   branches/SAMBA_4_0/source/smb_server/signing.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/smb.h
===
--- branches/SAMBA_4_0/source/include/smb.h 2004-10-30 00:34:58 UTC (rev 3379)
+++ branches/SAMBA_4_0/source/include/smb.h 2004-10-30 01:22:52 UTC (rev 3380)
@@ -33,7 +33,8 @@
 #define SMB_PORT2 139
 #define SMB_PORTS 445 139
 
-enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED};
+enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, 
+   SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO};
 
 /* deny modes */
 #define DENY_DOS 0

Modified: branches/SAMBA_4_0/source/libcli/raw/smb_signing.c
===
--- branches/SAMBA_4_0/source/libcli/raw/smb_signing.c  2004-10-30 00:34:58 UTC (rev 
3379)
+++ branches/SAMBA_4_0/source/libcli/raw/smb_signing.c  2004-10-30 01:22:52 UTC (rev 
3380)
@@ -394,6 +394,7 @@
transport-negotiate.sign_info.allow_smb_signing = False;
break;
case SMB_SIGNING_SUPPORTED:
+   case SMB_SIGNING_AUTO:
transport-negotiate.sign_info.allow_smb_signing = True;
break;
case SMB_SIGNING_REQUIRED:

Modified: branches/SAMBA_4_0/source/param/loadparm.c
===
--- branches/SAMBA_4_0/source/param/loadparm.c  2004-10-30 00:34:58 UTC (rev 3379)
+++ branches/SAMBA_4_0/source/param/loadparm.c  2004-10-30 01:22:52 UTC (rev 3380)
@@ -198,8 +198,8 @@
BOOL bLanmanAuth;
BOOL bNTLMAuth;
BOOL bUseSpnego;
-   BOOL server_signing;
-   BOOL client_signing;
+   int  server_signing;
+   int  client_signing;
BOOL bClientLanManAuth;
BOOL bClientNTLMv2Auth;
BOOL bHostMSDfs;
@@ -456,12 +456,12 @@
{SMB_SIGNING_SUPPORTED, 1},
{SMB_SIGNING_SUPPORTED, On},
{SMB_SIGNING_SUPPORTED, enabled},
-   {SMB_SIGNING_SUPPORTED, auto},
{SMB_SIGNING_REQUIRED, required},
{SMB_SIGNING_REQUIRED, mandatory},
{SMB_SIGNING_REQUIRED, force},
{SMB_SIGNING_REQUIRED, forced},
{SMB_SIGNING_REQUIRED, enforced},
+   {SMB_SIGNING_AUTO, auto},
{-1, NULL}
 };
 
@@ -939,7 +939,7 @@
do_parameter(load printers, True);
 
do_parameter(max mux, 50);
-   do_parameter(max xmit, 65535);
+   do_parameter(max xmit, 12288);
do_parameter(lpqcachetime, 10);
do_parameter(DisableSpoolss, False);
do_parameter(password level, 0);
@@ -1006,7 +1006,7 @@
do_parameter(name cache timeout, 660); /* In seconds */
 
do_parameter(client signing, Yes);
-   do_parameter(server signing, Yes);
+   do_parameter(server signing, auto);
 
do_parameter(use spnego, True);
 

Modified: branches/SAMBA_4_0/source/smb_server/signing.c
===
--- branches/SAMBA_4_0/source/smb_server/signing.c  2004-10-30 00:34:58 UTC (rev 
3379)
+++ branches/SAMBA_4_0/source/smb_server/signing.c  2004-10-30 01:22:52 UTC (rev 
3380)
@@ -110,6 +110,13 @@
smb_conn-signing.allow_smb_signing = True;
smb_conn-signing.mandatory_signing = True;
break;
+   case SMB_SIGNING_AUTO:
+   if (lp_domain_logons()) {
+   smb_conn-signing.allow_smb_signing = True;
+   } else {
+   smb_conn-signing.allow_smb_signing = False;
+   }
+   break;
}
return True;
 }

svn commit: samba r3381 - in branches/SAMBA_3_0/source/libads: .

[jra]

Author: jra
Date: 2004-10-30 01:32:05 + (Sat, 30 Oct 2004)
New Revision: 3381

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3381

Log:
More merging of the #1717 patch. Fixup some erroneous assumptions about
memcpy's into fqdn names. I think the original intent was to create
MYNAME.fqdn.tail.part.
Will need testing to see I haven't broken keytab support.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libads/kerberos_keytab.c
   branches/SAMBA_3_0/source/libads/kerberos_verify.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/kerberos_keytab.c
===
--- branches/SAMBA_3_0/source/libads/kerberos_keytab.c  2004-10-30 01:22:52 UTC (rev 
3380)
+++ branches/SAMBA_3_0/source/libads/kerberos_keytab.c  2004-10-30 01:32:05 UTC (rev 
3381)
@@ -425,6 +425,7 @@
krb5_keytab_entry kt_entry;
krb5_kvno kvno;
fstring my_fqdn, my_Fqdn, my_name, my_NAME;
+   char *p_fqdn;
int i, found = 0;
char **oldEntries = NULL, *princ_s[18];;
 
@@ -441,14 +442,20 @@
 
fstrcpy(my_name, global_myname());
strlower_m(my_name);
+
fstrcpy(my_NAME, global_myname());
strupper_m(my_NAME);
-   name_to_fqdn(my_Fqdn, global_myname());
-   strlower_m(my_Fqdn);
-   memcpy(my_Fqdn, my_NAME, strlen(my_NAME));
+
+   my_fqdn[0] = '\0';
name_to_fqdn(my_fqdn, global_myname());
strlower_m(my_fqdn);
 
+   p_fqdn = strchr_m(my_fqdn, '.');
+   fstrcpy(my_Fqdn, my_NAME);
+   if (p_fqdn) {
+   fstrcat(my_Fqdn, p_fqdn);
+   }
+
asprintf(princ_s[0], [EMAIL PROTECTED], my_name, lp_realm());
asprintf(princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm());
asprintf(princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm());

Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c
===
--- branches/SAMBA_3_0/source/libads/kerberos_verify.c  2004-10-30 01:22:52 UTC (rev 
3380)
+++ branches/SAMBA_3_0/source/libads/kerberos_verify.c  2004-10-30 01:32:05 UTC (rev 
3381)
@@ -41,84 +41,92 @@
 {
krb5_error_code ret = 0;
BOOL auth_ok = False;
-
krb5_keytab keytab = NULL;
-   krb5_kt_cursor cursor;
-   krb5_keytab_entry kt_entry;
-   char *princ_name = NULL;
+   fstring my_fqdn, my_name;
+   fstring my_Fqdn, my_NAME;
+   char *p_fqdn;
+   char *host_princ_s[18];
+   krb5_principal host_princ;
+   int i;
 
-   ZERO_STRUCT(kt_entry);
-   ZERO_STRUCT(cursor);
-
ret = krb5_kt_default(context, keytab);
if (ret) {
DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_default failed (%s)\n, 
error_message(ret)));
goto out;
}
 
-   ret = krb5_kt_start_seq_get(context, keytab, cursor);
-   if (ret) {
-   DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_start_seq_get failed 
(%s)\n, error_message(ret)));
-   goto out;
+   /* Generate the list of principal names which we expect clients might
+* want to use for authenticating to the file service. */
+
+   fstrcpy(my_name, global_myname());
+   strlower_m(my_name);
+
+   fstrcpy(my_NAME, global_myname());
+   strupper_m(my_NAME);
+
+   my_fqdn[0] = '\0';
+   name_to_fqdn(my_fqdn, global_myname());
+   strlower_m(my_fqdn);
+
+   p_fqdn = strchr_m(my_fqdn, '.');
+   fstrcpy(my_Fqdn, my_NAME);
+   if (p_fqdn) {
+   fstrcat(my_Fqdn, p_fqdn);
}
 
-   while (!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) {
-   ret = krb5_unparse_name(context, kt_entry.principal, princ_name);
+asprintf(host_princ_s[0], [EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[3], host/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[4], host/[EMAIL PROTECTED], my_fqdn, lp_realm());
+asprintf(host_princ_s[5], host/[EMAIL PROTECTED], my_Fqdn, lp_realm());
+asprintf(host_princ_s[6], HOST/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[7], HOST/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[8], HOST/[EMAIL PROTECTED], my_fqdn, lp_realm());
+asprintf(host_princ_s[9], HOST/[EMAIL PROTECTED], my_Fqdn, lp_realm());
+asprintf(host_princ_s[10], cifs/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[11], cifs/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[12], cifs/[EMAIL PROTECTED], my_fqdn, lp_realm());
+asprintf(host_princ_s[13], cifs/[EMAIL PROTECTED], my_Fqdn, lp_realm());
+asprintf(host_princ_s[14], CIFS/[EMAIL PROTECTED], my_name, lp_realm());
+

svn commit: samba r3382 - in trunk/source/libads: .

[jra]

Author: jra
Date: 2004-10-30 01:32:12 + (Sat, 30 Oct 2004)
New Revision: 3382

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3382

Log:
More merging of the #1717 patch. Fixup some erroneous assumptions about
memcpy's into fqdn names. I think the original intent was to create 
MYNAME.fqdn.tail.part.
Will need testing to see I haven't broken keytab support.
Jeremy.

Modified:
   trunk/source/libads/kerberos_keytab.c
   trunk/source/libads/kerberos_verify.c


Changeset:
Modified: trunk/source/libads/kerberos_keytab.c
===
--- trunk/source/libads/kerberos_keytab.c   2004-10-30 01:32:05 UTC (rev 3381)
+++ trunk/source/libads/kerberos_keytab.c   2004-10-30 01:32:12 UTC (rev 3382)
@@ -427,6 +427,7 @@
krb5_keytab_entry kt_entry;
krb5_kvno kvno;
fstring my_fqdn, my_Fqdn, my_name, my_NAME;
+   char *p_fqdn;
int i, found = 0;
char **oldEntries = NULL, *princ_s[18];;
 
@@ -443,14 +444,20 @@
 
fstrcpy(my_name, global_myname());
strlower_m(my_name);
+
fstrcpy(my_NAME, global_myname());
strupper_m(my_NAME);
-   name_to_fqdn(my_Fqdn, global_myname());
-   strlower_m(my_Fqdn);
-   memcpy(my_Fqdn, my_NAME, strlen(my_NAME));
+
+   my_fqdn[0] = '\0';
name_to_fqdn(my_fqdn, global_myname());
strlower_m(my_fqdn);
 
+   p_fqdn = strchr_m(my_fqdn, '.');
+   fstrcpy(my_Fqdn, my_NAME);
+   if (p_fqdn) {
+   fstrcat(my_Fqdn, p_fqdn);
+   }
+
asprintf(princ_s[0], [EMAIL PROTECTED], my_name, lp_realm());
asprintf(princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm());
asprintf(princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm());

Modified: trunk/source/libads/kerberos_verify.c
===
--- trunk/source/libads/kerberos_verify.c   2004-10-30 01:32:05 UTC (rev 3381)
+++ trunk/source/libads/kerberos_verify.c   2004-10-30 01:32:12 UTC (rev 3382)
@@ -41,84 +41,92 @@
 {
krb5_error_code ret = 0;
BOOL auth_ok = False;
-
krb5_keytab keytab = NULL;
-   krb5_kt_cursor cursor;
-   krb5_keytab_entry kt_entry;
-   char *princ_name = NULL;
+   fstring my_fqdn, my_name;
+   fstring my_Fqdn, my_NAME;
+   char *p_fqdn;
+   char *host_princ_s[18];
+   krb5_principal host_princ;
+   int i;
 
-   ZERO_STRUCT(kt_entry);
-   ZERO_STRUCT(cursor);
-
ret = krb5_kt_default(context, keytab);
if (ret) {
DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_default failed (%s)\n, 
error_message(ret)));
goto out;
}
 
-   ret = krb5_kt_start_seq_get(context, keytab, cursor);
-   if (ret) {
-   DEBUG(1, (ads_keytab_verify_ticket: krb5_kt_start_seq_get failed 
(%s)\n, error_message(ret)));
-   goto out;
+   /* Generate the list of principal names which we expect clients might
+* want to use for authenticating to the file service. */
+
+   fstrcpy(my_name, global_myname());
+   strlower_m(my_name);
+
+   fstrcpy(my_NAME, global_myname());
+   strupper_m(my_NAME);
+
+   my_fqdn[0] = '\0';
+   name_to_fqdn(my_fqdn, global_myname());
+   strlower_m(my_fqdn);
+
+   p_fqdn = strchr_m(my_fqdn, '.');
+   fstrcpy(my_Fqdn, my_NAME);
+   if (p_fqdn) {
+   fstrcat(my_Fqdn, p_fqdn);
}
 
-   while (!krb5_kt_next_entry(context, keytab, kt_entry, cursor)) {
-   ret = krb5_unparse_name(context, kt_entry.principal, princ_name);
+asprintf(host_princ_s[0], [EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[1], [EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[2], host/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[3], host/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[4], host/[EMAIL PROTECTED], my_fqdn, lp_realm());
+asprintf(host_princ_s[5], host/[EMAIL PROTECTED], my_Fqdn, lp_realm());
+asprintf(host_princ_s[6], HOST/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[7], HOST/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[8], HOST/[EMAIL PROTECTED], my_fqdn, lp_realm());
+asprintf(host_princ_s[9], HOST/[EMAIL PROTECTED], my_Fqdn, lp_realm());
+asprintf(host_princ_s[10], cifs/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[11], cifs/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[12], cifs/[EMAIL PROTECTED], my_fqdn, lp_realm());
+asprintf(host_princ_s[13], cifs/[EMAIL PROTECTED], my_Fqdn, lp_realm());
+asprintf(host_princ_s[14], CIFS/[EMAIL PROTECTED], my_name, lp_realm());
+asprintf(host_princ_s[15], CIFS/[EMAIL PROTECTED], my_NAME, lp_realm());
+asprintf(host_princ_s[16], 

svn commit: samba r3383 - in branches/SAMBA_4_0/source: libcli/raw librpc/rpc torture/basic torture/rap

[tridge]

Author: tridge
Date: 2004-10-30 02:17:03 + (Sat, 30 Oct 2004)
New Revision: 3383

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3383

Log:
avoid multi-part SMBtrans and SMBtrans2 replies until our client library can handle
them properly (they are difficult to do in an async fashion). 

By choosing trans.in.max_data to fix in the negotiated buffer size a
server won't send us multi-part replies.

I notice that windows seems to avoid them too :)

Modified:
   branches/SAMBA_4_0/source/libcli/raw/rawacl.c
   branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c
   branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c
   branches/SAMBA_4_0/source/libcli/raw/rawsearch.c
   branches/SAMBA_4_0/source/libcli/raw/rawtrans.c
   branches/SAMBA_4_0/source/librpc/rpc/dcerpc_smb.c
   branches/SAMBA_4_0/source/torture/basic/aliases.c
   branches/SAMBA_4_0/source/torture/basic/scanner.c
   branches/SAMBA_4_0/source/torture/rap/rap.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/raw/rawacl.c
===
--- branches/SAMBA_4_0/source/libcli/raw/rawacl.c   2004-10-30 01:32:12 UTC (rev 
3382)
+++ branches/SAMBA_4_0/source/libcli/raw/rawacl.c   2004-10-30 02:17:03 UTC (rev 
3383)
@@ -31,7 +31,7 @@
 
nt.in.max_setup = 0;
nt.in.max_param = 4;
-   nt.in.max_data = 0x1;
+   nt.in.max_data = smb_raw_max_trans_data(tree, 4);
nt.in.setup_count = 0;
nt.in.function = NT_TRANSACT_QUERY_SECURITY_DESC;
nt.in.setup = NULL;

Modified: branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c
===
--- branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c  2004-10-30 01:32:12 UTC (rev 
3382)
+++ branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c  2004-10-30 02:17:03 UTC (rev 
3383)
@@ -291,7 +291,7 @@
tp.in.setup_count = 1;
tp.in.data = data_blob(NULL, 0);
tp.in.max_param = 2;
-   tp.in.max_data = 0x;
+   tp.in.max_data = smb_raw_max_trans_data(tree, 2);
tp.in.setup = setup;

tp.in.params = data_blob_talloc(mem_ctx, NULL, 4);
@@ -344,7 +344,7 @@
tp.in.setup_count = 1;
tp.in.data = data_blob(NULL, 0);
tp.in.max_param = 2;
-   tp.in.max_data = 0x;
+   tp.in.max_data = smb_raw_max_trans_data(tree, 2);
tp.in.setup = setup;

tp.in.params = data_blob_talloc(mem_ctx, NULL, 6);

Modified: branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c
===
--- branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c2004-10-30 01:32:12 UTC (rev 
3382)
+++ branches/SAMBA_4_0/source/libcli/raw/rawfsinfo.c2004-10-30 02:17:03 UTC (rev 
3383)
@@ -77,7 +77,7 @@
tp.in.timeout = 0;
tp.in.setup_count = 1;
tp.in.max_param = 0;
-   tp.in.max_data = 0x1000; /* plenty for all possible QFS levels */
+   tp.in.max_data = smb_raw_max_trans_data(tree, 0);
tp.in.setup = setup;
tp.in.data = data_blob(NULL, 0);
tp.in.timeout = 0;

Modified: branches/SAMBA_4_0/source/libcli/raw/rawsearch.c
===
--- branches/SAMBA_4_0/source/libcli/raw/rawsearch.c2004-10-30 01:32:12 UTC (rev 
3382)
+++ branches/SAMBA_4_0/source/libcli/raw/rawsearch.c2004-10-30 02:17:03 UTC (rev 
3383)
@@ -206,8 +206,8 @@
tp.in.timeout = 0;
tp.in.setup_count = 1;
tp.in.data = data_blob(NULL, 0);
-   tp.in.max_param = 1024;
-   tp.in.max_data = 8192;
+   tp.in.max_param = 10;
+   tp.in.max_data = smb_raw_max_trans_data(tree, 10);
tp.in.setup = setup;

tp.in.params = data_blob_talloc(mem_ctx, NULL, 12);
@@ -258,8 +258,8 @@
tp.in.timeout = 0;
tp.in.setup_count = 1;
tp.in.data = data_blob(NULL, 0);
-   tp.in.max_param = 1024;
-   tp.in.max_data = 8192;
+   tp.in.max_param = 10;
+   tp.in.max_data = smb_raw_max_trans_data(tree, 10);
tp.in.setup = setup;

tp.in.params = data_blob_talloc(mem_ctx, NULL, 12);

Modified: branches/SAMBA_4_0/source/libcli/raw/rawtrans.c
===
--- branches/SAMBA_4_0/source/libcli/raw/rawtrans.c 2004-10-30 01:32:12 UTC (rev 
3382)
+++ branches/SAMBA_4_0/source/libcli/raw/rawtrans.c 2004-10-30 02:17:03 UTC (rev 
3383)
@@ -531,3 +531,15 @@
 
return smb_raw_nttrans_recv(req, mem_ctx, parms);
 }
+
+/*
+  work out the maximum data size for a trans request while avoiding 
+  multi-part replies
+
+  TODO: we only need to avoid multi-part replies because the
+  multi-part trans receive code is broken.
+*/
+size_t smb_raw_max_trans_data(struct smbcli_tree *tree, size_t param_size)
+{
+   return tree-session-transport-options.max_xmit - (70 + param_size);
+}

Modified: 

svn commit: samba r3384 - in branches/SAMBA_4_0/source/include: .

[tridge]

Author: tridge
Date: 2004-10-30 04:55:45 + (Sat, 30 Oct 2004)
New Revision: 3384

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3384

Log:
added SA_RIGHT_FILE_WRITE_APPEND, which is a combination of write and append

Modified:
   branches/SAMBA_4_0/source/include/rpc_secdes.h


Changeset:
Modified: branches/SAMBA_4_0/source/include/rpc_secdes.h
===
--- branches/SAMBA_4_0/source/include/rpc_secdes.h  2004-10-30 02:17:03 UTC (rev 
3383)
+++ branches/SAMBA_4_0/source/include/rpc_secdes.h  2004-10-30 04:55:45 UTC (rev 
3384)
@@ -157,6 +157,7 @@
 #define SA_RIGHT_FILE_READ_ATTRIBUTES  0x0080
 #define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x0100
 #define SA_RIGHT_FILE_READ_EXEC
(SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
+#define SA_RIGHT_FILE_WRITE_APPEND 
(SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_APPEND_DATA)
 
 #define SA_RIGHT_FILE_ALL_ACCESS   0x01FF
 

svn commit: samba r3385 - in branches/SAMBA_4_0/source/libcli/raw: .

[tridge]

Author: tridge
Date: 2004-10-30 04:56:27 + (Sat, 30 Oct 2004)
New Revision: 3385

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3385

Log:
when discarding a unmatched reply print the command type to help debugging


Modified:
   branches/SAMBA_4_0/source/libcli/raw/clitransport.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c
===
--- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-30 04:55:45 UTC (rev 
3384)
+++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2004-10-30 04:56:27 UTC (rev 
3385)
@@ -350,7 +350,8 @@
}
 
if (!req) {
-   DEBUG(1,(Discarding unmatched reply with mid %d\n, mid));
+   DEBUG(1,(Discarding unmatched reply with mid %d op %d\n, 
+mid, CVAL(hdr, HDR_COM)));
goto error;
}
 

svn commit: samba r3386 - in branches/SAMBA_4_0/source/torture: . basic

[tridge]

Author: tridge
Date: 2004-10-30 04:59:52 + (Sat, 30 Oct 2004)
New Revision: 3386

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3386

Log:
- fixed --seed option in smbtorture

- added new tests BASE-NTDENY1 and BASE-NTDENY2. These are the
  ntcreatex equivalents of the BASE-DENY1 and BASE-DENY2
  tests. Unfortunately, with ntcreatex there are 4 million combination
  and trying each one takes 1 second, so randomised testing is the
  only choice. The BASE-DENY1 test can operate in parallel with
  hundreds of connections, speeding things up a bit (as most time is
  spent waiting 1 second for a sharing violation to come back)

Modified:
   branches/SAMBA_4_0/source/torture/basic/denytest.c
   branches/SAMBA_4_0/source/torture/torture.c


Changeset:
Sorry, the patch is too large (340 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3386

svn commit: samba r3387 - in branches/SAMBA_4_0/source: include ntvfs/common ntvfs/posix torture/basic

[tridge]

Author: tridge
Date: 2004-10-30 05:53:56 + (Sat, 30 Oct 2004)
New Revision: 3387

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=3387

Log:
fixed pvfs to pass the NTDENY tests. The tricky bit was
SA_RIGHT_FILE_EXECUTE, which depends on a flags2 bit

Modified:
   branches/SAMBA_4_0/source/include/smb.h
   branches/SAMBA_4_0/source/ntvfs/common/opendb.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_write.c
   branches/SAMBA_4_0/source/torture/basic/denytest.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/smb.h
===
--- branches/SAMBA_4_0/source/include/smb.h 2004-10-30 04:59:52 UTC (rev 3386)
+++ branches/SAMBA_4_0/source/include/smb.h 2004-10-30 05:53:56 UTC (rev 3387)
@@ -503,7 +503,7 @@
 #define FLAGS2_IS_LONG_NAME0x0040
 #define FLAGS2_EXTENDED_SECURITY   0x0800 
 #define FLAGS2_DFS_PATHNAMES   0x1000
-#define FLAGS2_READ_PERMIT_NO_EXECUTE  0x2000
+#define FLAGS2_READ_PERMIT_EXECUTE 0x2000
 #define FLAGS2_32_BIT_ERROR_CODES  0x4000 
 #define FLAGS2_UNICODE_STRINGS 0x8000
 

Modified: branches/SAMBA_4_0/source/ntvfs/common/opendb.c
===
--- branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-30 04:59:52 UTC (rev 
3386)
+++ branches/SAMBA_4_0/source/ntvfs/common/opendb.c 2004-10-30 05:53:56 UTC (rev 
3387)
@@ -154,20 +154,24 @@
 
/* if either open involves no read.write or delete access then
   it can't conflict */
-   if (!(e1-access_mask  (SA_RIGHT_FILE_WRITE_DATA | 
+   if (!(e1-access_mask  (SA_RIGHT_FILE_WRITE_APPEND | 
 SA_RIGHT_FILE_READ_EXEC | 
 STD_RIGHT_DELETE_ACCESS))) {
return False;
}
-   if (!(e2-access_mask  (SA_RIGHT_FILE_WRITE_DATA | 
+   if (!(e2-access_mask  (SA_RIGHT_FILE_WRITE_APPEND | 
 SA_RIGHT_FILE_READ_EXEC | 
 STD_RIGHT_DELETE_ACCESS))) {
return False;
}
 
/* check the basic share access */
-   CHECK_MASK(e1-access_mask, e2-share_access, SA_RIGHT_FILE_WRITE_DATA, 
NTCREATEX_SHARE_ACCESS_WRITE);
-   CHECK_MASK(e2-access_mask, e1-share_access, SA_RIGHT_FILE_WRITE_DATA, 
NTCREATEX_SHARE_ACCESS_WRITE);
+   CHECK_MASK(e1-access_mask, e2-share_access, 
+  SA_RIGHT_FILE_WRITE_APPEND, 
+  NTCREATEX_SHARE_ACCESS_WRITE);
+   CHECK_MASK(e2-access_mask, e1-share_access, 
+  SA_RIGHT_FILE_WRITE_APPEND, 
+  NTCREATEX_SHARE_ACCESS_WRITE);
 
CHECK_MASK(e1-access_mask, e2-share_access, 
   SA_RIGHT_FILE_READ_EXEC, 

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c   2004-10-30 04:59:52 UTC (rev 
3386)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c   2004-10-30 05:53:56 UTC (rev 
3387)
@@ -290,9 +290,9 @@
}
 
if ((access_mask  SA_RIGHT_FILE_READ_EXEC) 
-   (access_mask  SA_RIGHT_FILE_WRITE_DATA)) {
+   (access_mask  SA_RIGHT_FILE_WRITE_APPEND)) {
flags = O_RDWR;
-   } else if (access_mask  SA_RIGHT_FILE_WRITE_DATA) {
+   } else if (access_mask  SA_RIGHT_FILE_WRITE_APPEND) {
flags = O_WRONLY;
} else {
flags = O_RDONLY;
@@ -491,9 +491,9 @@
}
 
if ((access_mask  SA_RIGHT_FILE_READ_EXEC) 
-   (access_mask  SA_RIGHT_FILE_WRITE_DATA)) {
+   (access_mask  SA_RIGHT_FILE_WRITE_APPEND)) {
flags |= O_RDWR;
-   } else if (access_mask  SA_RIGHT_FILE_WRITE_DATA) {
+   } else if (access_mask  SA_RIGHT_FILE_WRITE_APPEND) {
flags |= O_WRONLY;
} else {
flags |= O_RDONLY;

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c   2004-10-30 04:59:52 UTC (rev 
3386)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_read.c   2004-10-30 05:53:56 UTC (rev 
3387)
@@ -34,6 +34,7 @@
struct pvfs_file *f;
NTSTATUS status;
uint32_t maxcnt;
+   uint32_t mask;
 
if (rd-generic.level != RAW_READ_READX) {
return ntvfs_map_read(req, rd, ntvfs);
@@ -48,9 +49,13 @@
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
 
-   if (!(f-access_mask  SA_RIGHT_FILE_READ_EXEC)) {
-   return NT_STATUS_ACCESS_VIOLATION;
+   mask = SA_RIGHT_FILE_READ_DATA;
+   if (req-flags2  FLAGS2_READ_PERMIT_EXECUTE) {
+   mask |= SA_RIGHT_FILE_EXECUTE;
}
+   if