Re: [Samba] Unable to browse from Windows Machine - Samba 3.0.20 as an AD Member
Jerry, These were from enterprisesamba.com http://enterprisesamba.com/ (created by sernet). I use them since Earlier 3.0.14a from them worked very well, Absolutely perfect. regards On 8/23/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sanjay Upadhyay wrote: Problem Solved. Just trying to build from source and repeating the steps solved the problem, So it seems there are problems with the rpm distribution from sarnet. Sanjay, Just to clarify, these RPMs for SLES 9 came from samba.orghttp://samba.org ? Or for enterprisesamba.com http://enterprisesamba.com (created by SerNet)? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key - http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCzi+IR7qMdg1EfYRAsyQAKDgkBMk1NSB9fMM/SK+X6MLDSW9ywCeJ65B PDxQymIayr450OyJWIiT7iE= =ZWk2 -END PGP SIGNATURE- -- Sanjay Upadhyay http://saneax.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager, LDAP database rebuild
On Tue, Aug 23, 2005 at 04:23:43PM +0200, Louis van Belle wrote: Hi i also had this error. Procedure out of range error. I rebuild the ldap database and problem was solved. How to rebuild the LDAP database? Something like: slapcat db ; rm -r /var/lib/ldap/* ; cat db | slapdd ? Or should db taken from the backup because that is a consistent version before the rebuild was due. Louis Cheers Geert Stappers signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a domain
Thanks. I'll have a look at the AD servers. Svend Sorensen wrote: Is it possible that the RestrictAnonymous setting was changed on the Windows AD server in response to the Zotob worm? http://support.microsoft.com/default.aspx?scid=kb;en-us;246261 On 8/23/05, graeme [EMAIL PROTECTED] wrote: I have a very strange issue. I have a linux box connection to a Windows 2003 domain. I use to be connect to is just fine. Yesterday it broke. Now i'm trying to rejoin. In a level 3 debug i get unable to connect to server (anonymously) NT_STATUS_UNSUCCSESSFULL. This use to work and works in my lab environment. . -- Chaos. Panic. Disorder. My work here today is done -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] URGENT winbind problem
Hi all, I have a strange problem with winbind. Samba says that REALMwinbind seperatorusername is not a valid user (winbind getpw() call), but winbind works! The strange thing is when I call wbinfo -u, the result is a AD-Userlist like this: username1 username2 . . . So far so good, but why not: REALMwinbind seperatorusername The same problem occurs when I call getent! I have played with the parameter winbind user default domain = yes/no but without success :( SYSTEM: samba3.0.10/CentOS4 Any suggestions? cheers Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20 and UserManager
Hi, I'll do that just for debug purposes. +1800 Usergroups +1000 Users +1000 Computers Accounts There must be another way :-( Most likely :-) Where it is logical problem, it will help to allow reading in the logical order. Please reply below the text. Thanks, Some one who gets directed to archives by search engines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] i10n question
Dear All, I am using SCO OpenServer 6, and this is the Samba version I am using : [root@/]# testparm -V Version 3.0.13-2sco-SCO My question is that when I connect to Samba Server from Windows XP, and create a directory (or files) in local language (traditional chinese), it's OK to see this localized file or directory on another XP/98SE systems. The characters look correctly from Windows sides, but if I do a login into the UNIX box, and do a ls command, well, it displays the characters I can't read.. This will cause my another problem when I need to backup these files/directories. I can use tar command to archive them, but it will give me checksum error when I un-tar the tarball... I grep the charset set from testparm output : dos charset = CP850 unix charset = UTF-8 display charset = LOCALE and can anyone tell me how I can configure Samba to let the characters are created correctly on UNIX sides? Or which packages I should install to avoid this i10n issue? Any advice? Thanks. Regards, Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind UID/GID mismatch!!
Hi the list. Ive read through http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html and think the idmap_rid way is easy/best for me atm. But it fails to mention exactly how. Ive put the various bits needed in the smb.conf etc wbinfo -u works fine, getent passwd username doesnt work tho. Googling for more info I then find http://lists.samba.org/archive/samba/2005-January/099451.html , which basically says I need to configure idmap_rid (no mention in the howto) so im left thinking which is correct. I reinstall samba using a new ./configure line. (./configure --prefix=/usr/local/samba --with-shared-modules=idmap_rid --with-ldap --with-ads --with-krb5 --with-pam --with-winbindd) All compiled/installed ok, getent passwd username still doesnt work :/ Nothing untoward in anylogs. Is it a case of this is working? Is there an easy way to check? Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross McInnes Sent: 23 August 2005 17:28 To: samba@lists.samba.org Subject: RE: [Samba] Winbind UID/GID mismatch!! In a word... O :/ I did read that doc before, and didnt think it would need to apply to me. The problem I have is that the email and file store servers are separate, but by using NFS I am able to over come the issue of local folders It was whilst diagnosing a problem I found out about the id mis map :/ Any perticular preference on which method I need to use? Which is better/easier to use/maintain? Many thanks Ross -Original Message- From: Guenther Deschner [mailto:[EMAIL PROTECTED] Sent: 23 August 2005 16:35 To: Ross McInnes Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind UID/GID mismatch!! Hi Ross, On Tue, Aug 23, 2005 at 03:29:20PM +0100, Ross McInnes wrote: Hi the list (again) Got a pretty major issue now Did the samba link to AD on a couple of redhat es3 servers using samba 3.0.14a Everything seems ok Except when I do a getent passwd username Server 3 getent passwd ross ross:x:10006:1:ross:/home/ACADEMIC/ross:/bin/false Server 2 getent passwd ross ross:x:10006:1:ross:/home/ACADEMIC/ross:/bin/false Server 1 getent passwd ross ross:x:10195:1:ross:/home/ACADEMIC/ross:/bin/false Er... Why does server 1 have username ross as uid 10195?! :) The idmap-mapping (as stored in your local tdbs) assignes uids and gids in the order they were requested on your system. If you want to have unified mapping on all your servers then you must use one of the idmap-modules described here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Member Server: Group Membership Updates
Hi Eric, thanks for the hint. Starting winbindd without caching solved the problem. I have investigated the log.winbindd before restarting the winbindd. There were several entries simular to: 'testshare' no such user 'public' no such group But 'testshare' and 'public' are no groups or users, this are share-names...?! sorry, I don't have the original logs anymore, they are gone after restarting winbindd twice ... Thanks for your advice - once again ;-) Kind Regards: Thilo Rees eric roseme wrote: Hi Thilo, I cannot duplicate your problem on 11i v1 CIFS A.02.01.01. Can you stop winbind and run it manualy with -n to verify that it bypasses the cache? Eric Roseme Hewlett-Packard [EMAIL PROTECTED] wrote: Hi all, I have a problem with my Samba on HPUX (based on Samba 3.07): There is a Windows 2003 Server (DC). The HPUX-Fileserver is configured as a Member of this Domain. I am Using Winbind to map users and groups. Everything works fine, the Users can access there files on the shares on the samba server. The Permissions are set in smb.conf by the domain group names. Now I have a new Group, addes Users to that group and set a new share with permissions for that group. All members of this group cant access the share: # ./wbinfo -g BUILTIN\System Operators BUILTIN\Replicators BUILTIN\Guests BUILTIN\Power Users BUILTIN\Print Operators BUILTIN\Administrators BUILTIN\Account Operators BUILTIN\Backup Operators BUILTIN\Users [...] Testgroup Wbinfo lists the group testgroup I created a folder and set permissions to that group: # ls -lad testshare drwxrwx--- 2 AdministratTestgroup 96 Aug 23 11:26 testshare gid seems to be 20022: # ls -land testshare drwxrwx--- 2 2 20022 96 Aug 23 11:26 testshare But the User t.rees, who is a member of this group on the domain-controller, is not known to be a member of this group by winbind: # /opt/samba/bin/wbinfo -r t.rees 2 20011 20013 Any suggestions? Kind Regards: Thilo Rees -- Thilo Rees Continum AG, Technik Wentzingerstr. 7a D-79106 Freiburg i. Br. http://www.continum.net Tel.: +49 761 479409-60 Fax.: +49 761 479409-33 mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind UID/GID mismatch!!
basicallt you need something like this in your smb.conf idmap backend = idmap_rid:DOMAIN_NAME=1000-1 idmap uid = 1000-1 idmap gid = 1000-1 make sure to delete the tdb database before you start. e.g. rm /var/lib/samba/winbindd_idmap.tdb Stefanos Ross McInnes wrote: Hi the list. Ive read through http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html and think the idmap_rid way is easy/best for me atm. But it fails to mention exactly how. Ive put the various bits needed in the smb.conf etc wbinfo -u works fine, getent passwd username doesn’t work tho. Googling for more info I then find http://lists.samba.org/archive/samba/2005-January/099451.html , which basically says I need to configure idmap_rid (no mention in the howto) so im left thinking which is correct. I reinstall samba using a new ../configure line. (./configure --prefix=/usr/local/samba --with-shared-modules=idmap_rid --with-ldap --with-ads --with-krb5 --with-pam --with-winbindd) All compiled/installed ok, getent passwd username still doesn’t work :/ Nothing untoward in anylogs. Is it a case of this is working? Is there an easy way to check? Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross McInnes Sent: 23 August 2005 17:28 To: samba@lists.samba.org Subject: RE: [Samba] Winbind UID/GID mismatch!! In a word... O :/ I did read that doc before, and didn’t think it would need to apply to me. The problem I have is that the email and file store servers are separate, but by using NFS I am able to over come the issue of local folders It was whilst diagnosing a problem I found out about the id mis map :/ Any perticular preference on which method I need to use? Which is better/easier to use/maintain? Many thanks Ross -Original Message- From: Guenther Deschner [mailto:[EMAIL PROTECTED] Sent: 23 August 2005 16:35 To: Ross McInnes Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind UID/GID mismatch!! Hi Ross, On Tue, Aug 23, 2005 at 03:29:20PM +0100, Ross McInnes wrote: Hi the list (again) Got a pretty major issue now Did the samba link to AD on a couple of redhat es3 servers using samba 3.0.14a Everything seems ok Except when I do a getent passwd username Server 3 getent passwd ross ross:x:10006:1:ross:/home/ACADEMIC/ross:/bin/false Server 2 getent passwd ross ross:x:10006:1:ross:/home/ACADEMIC/ross:/bin/false Server 1 getent passwd ross ross:x:10195:1:ross:/home/ACADEMIC/ross:/bin/false Er... Why does server 1 have username ross as uid 10195?! :) The idmap-mapping (as stored in your local tdbs) assignes uids and gids in the order they were requested on your system. If you want to have unified mapping on all your servers then you must use one of the idmap-modules described here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Guenther -- == Stefanos Karasavvidis Electronic Computer Engineer, M.Eng. e-mail : [EMAIL PROTECTED] Technical University of Crete, Campus Information Systems Center Address: Akrotiri, Chania, 73100 Tel.: Library Buildings (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376 Environmental Engineering Buildings (+30) 28210 37766 Fax: (+30) 28210 37571 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Acl backup issue
Hello all, I'm sorry, I know that it isn't the good place to post such a question but, probably, some of you know the problem. I've created samba shares acls enabled and I would like to set up a simple incremental backup on these shares keeping acls permissions on another local disk. But the problem is that rsync does not support ext3 acls. If anyone knows a simple and efficient way to do that, it will be appreciated. Thx for help. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getpeername failed
Hello there, I am using a samba 3 PDC with OpenLDAP directory. I can't log on to my samba domain any more from my windows clients! Once the samba domain joined, I reboot the client machine and I try to log on to the domain. The later operation falls with an error message telling that it a connection cannot be opened. I check my smbd log file, it reports the following: [2005/08/24 09:49:09, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected [2005/08/24 09:49:09, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/08/24 09:49:09, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection reset by peer [2005/08/24 09:49:09, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) Would you have any idea of what is going wrong there? Thank you ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.20-1 Fedora SRPM on x86_64 build questions
Hi all, I am trying to build the 3.0.20 fedora srpm from samba.org on x86_64 but I am having a problem with the packaging. When I do rpmbuild -ba I get the following errors: Processing files: samba-client-3.0.20-1 error: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/lowcase.dat error: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/upcase.dat error: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/valid.dat Processing files: samba-common-3.0.20-1 error: File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/charset/CP*.so error: File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/idmap/idmap*.so Processing files: samba-swat-3.0.20-1 error: File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/*.msg Processing files: samba-debuginfo-3.0.20-1 Provides: CP437.so.debug()(64bit) CP850.so.debug()(64bit) audit.so.debug()(64bit) cap.so.debug()(64bit) default_quota.so.debug()(64bit) expand_msdfs.so.debug()(64bit) extd_audit.so.debug()(64bit) fake_perms.so.debug()(64bit) full_audit.so.debug()(64bit) idmap_rid.so.debug()(64bit) libnss_winbind.so.debug()(64bit) libnss_wins.so.debug()(64bit) libsmbclient.so.debug()(64bit) net.debug()(64bit) netatalk.so.debug()(64bit) nmbd.debug()(64bit) nmblookup.debug()(64bit) ntlm_auth.debug()(64bit) pam_smbpass.so.debug()(64bit) pam_winbind.so.debug()(64bit) pdbedit.debug()(64bit) profiles.debug()(64bit) readonly.so.debug()(64bit) recycle.so.debug()(64bit) rpcclient.debug()(64bit) shadow_copy.so.debug()(64bit) smbcacls.debug()(64bit) smbclient.debug()(64bit) smbcontrol.debug()(64bit) smbcquotas.debug()(64bit) smbd.debug()(64bit) smbmnt.debug()(64bit) smbmount.debug()(64bit) smbpasswd.debug()(64bit) smbspool.debug()(64bit) smbstatus.debug()(64bit) smbtree.debug()(64bit) smbumount.debug()(64bit) swat.debug()(64bit) tdbbackup.debug()(64bit) tdbdump.debug()(64bit) tdbtool.debug()(64bit) testparm.debug()(64bit) wbinfo.debug()(64bit) winbindd.debug()(64bit) Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1 RPM build errors: File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/vfs File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/lowcase.dat File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/upcase.dat File not found: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/valid.dat File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/charset/CP*.so File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/idmap/idmap*.so File not found by glob: /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib64/samba/*.msg (pocono pts32) $ All of the missing files are in /home/tdiehl/rpmbuild/tmp/samba-3.0.20-root/usr/lib/samba/. My question is what is the correct location for these files /usr/lib/samba or /usr/lib64/samba? Regards, Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot join Domain with ads under AIX
Hello there! I have to run Samba with ads under AIX 5.3. I have krb5 running, and openldap is running too. I can configure and make samba 3.0.2.0 with the following configure options: ./configure --prefix=/usr/local/samba --with-ads --with-winbind --with-included-popt --with-aio-support ./configure --prefix=/usr/local/samba --with-winbind --with-included-popt --with-aio-support If irun the version without ads , i am able to do a net join, and my samba works fine. If i try to make a net ads join with the version, configured with ads support, i get a Illegal instruction(coredump). Has anyone an idea what happens, did anyone have a similar problem? Regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a samba 3.0 domain with win2003 Server
yitzhak bar geva wrote: I run a Samba PDC under Linux with Windows 2003 domain member connected as a client with Terminal Services. The message I get at login when trying to open a remote Windows Terminal sesion is: The local policy of this system does not permit you to logon interactively. Any advice? Thanks, Yitzhak Bar Geva hello Yitzhak iirc you need to add users via the group policy editor/windows settings/security settings/local policy/user rights/allow logon through terminal services -and add users or groups i just made a group domainTS under the active directory domain and then added users to that group. then I added that group as per the above method. it seems to work for me but i am no guru regards JD - struggling with samba by example... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem to delete directory in samba (on solaris 2.x)
Hello! I am use samba 2.2.2 on solaris8 and 2.2.11 on solaris9. My user can create directory and files. When they try delete a directory (create by theirself), give a message accesso denied. If they connect directly on solaris and execute the command rm -r, it´s work. What variable I must put in smb.conf to permit that they can delete their directory? My smb.conf is: # Samba config file created using SWAT # Global parameters [global] workgroup = COMAU server string = Comau do Brasil - servidor %L versao %v security = user encrypt passwords = Yes unix password sync = Yes update encrypted = Yes username map = /etc/smbusers restrict anonymous = Yes log file = /usr/local/samba/var/log/log.%m max log size = 500 comment = SAMBA %v invalid users = root @root @sys reboot desliga create mask = 0777 force create mode = 0777 directory mask = 0777 hosts allow = 172.18.150. 172.18.151. 172.18.152. 172.18.153. browseable = No hide dot files = yes [processo] comment = usuario restritos processo path = /usr/processo writeable = Yes create mask = 0777 force create mode = 0777 directory mask = 0777 browseable = No valid users = @processo Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Acl backup issue
Problem is solved : Rsync 2.6.6 sources contain a patch to manage ext3 acls and works fine. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join Domain with ads under AIX
On Wed, 24 Aug 2005, Markus PASCHINGER wrote: Hello there! I have to run Samba with ads under AIX 5.3. I have krb5 running, and openldap is running too. I can configure and make samba 3.0.2.0 with the following configure options: ./configure --prefix=/usr/local/samba --with-ads --with-winbind --with-included-popt --with-aio-support ./configure --prefix=/usr/local/samba --with-winbind --with-included-popt --with-aio-support If irun the version without ads , i am able to do a net join, and my samba works fine. If i try to make a net ads join with the version, configured with ads support, i get a Illegal instruction(coredump). 1) What make and version KRB? 2) truss the net ads join and see if you can get an idea where in the code path it's failing. 3) compile with debug symbols (-g) and when it dumps core: $ dbx /path/to/net-command /path/to/core (dbx) where That might help the Samba developers point you in the right direction. Cheers, Bill Has anyone an idea what happens, did anyone have a similar problem? Regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mount.cifs and UID mapping
Hi! I have mounted samba disk with mount.cifs (smbmount has problems with codepage [Czech] - I can't use it). How do I map the server UID/GID to client UID/GID? (I can't have the same UIDs/GIDs on all computers.) Classic mount parameters uid/gid can't be used if CIFS Unix extensions are used on Samba server. Google has not answered my questions (maybe I asked wrong). Thanks, pf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Schema Error? Setting up PDC with LDAP
I have samba 3.0.10 and OpenLDAP(slapd) 2.2.13 on a redhat enterprise 4 machine. I have modified the slapd.conf file according to the official Smaba3 by example book. I have copied samba.schema from the samba directory /usr/share/doc/samba-3.0.10/LDAP/ to /etc/openldap/schema and included it in the slapd.conf file: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/opendlap/schema/samba.schema when I run /usr/sbin/slaptest, I get a bad configuration file! message. But when I comment out the samba.schema and the three lines with index sambaSID, index sambaPrimaryGroupSID and index sambaDomainName the slaptest says that everything is correct. I assume there must be some error in the samba.schema file. But how can I find out what it is if I don't get a line number or anything? Has this happened to anyone? Any help appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Schema Error? Setting up PDC with LDAP
Mike Trzcianowski schrieb: I have samba 3.0.10 and OpenLDAP(slapd) 2.2.13 on a redhat enterprise 4 machine. I have modified the slapd.conf file according to the official Smaba3 by example book. I have copied samba.schema from the samba directory /usr/share/doc/samba-3.0.10/LDAP/ to /etc/openldap/schema and included it in the slapd.conf file: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/opendlap/schema/samba.schema (...) Well, something similar happened to me, try to look at this thread (2nd message): http://sourceforge.net/mailarchive/message.php?msg_id=12606369 It concerns Kolab schemas, but maybe that'll help. -- Tomek http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + BSD 5.4 + AD
I am still stuck on this .. can't seem to get any further. Does anyone have any ideas how to fix this. Any help would be greatly appreciated. Thanks Peter Peter Marshall wrote: I am having some problems getting a samba server to work with Windows 2000 Active Directory. I am at the point where I can successfully list all users and groups, using the wbinfo command, and was able to join the domain with the net join ads ... command. I can also see the computer in my network neighborhood ... however, when I click on it .. it prompts for a username / password .. and will not accept mine. The Log.smb file has these lines repeated over and over when I try and start the samba service. [2005/08/23 08:46:58, 0] lib/until_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer [2005/08/23 09:18:59, 0] lib/util_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer When I try to authenticate to the box by browsing to it in windows, I get this line in the log.smb file [2005/08/23 09:37:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN+Username is invalid on this system Note: DOMAIN is my domain, and Username is my username Any ideas on what I am doing wrong ? Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba pakage update
Hello, I want to update my samba server 3.0.7 - Suse 9.2 pro. Before I' m destroying my whole smb/ldap configuration, I ask the NG. Can I use an 3.0.13 rpm samba, samba-client package? And what's about the smb.conf after updating? Many thanks in advance Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pakage update
Andreas Bauer schrieb: Hello, I want to update my samba server 3.0.7 - Suse 9.2 pro. Before I' m destroying my whole smb/ldap configuration, I ask the NG. Can I use an 3.0.13 rpm samba, samba-client package? Why 3.0.13 if 3.0.20 is there? You can even download binary packages for SuSE from www.samba.org. And what's about the smb.conf after updating? Generally, you don't need to change anything in smb.conf file. Remember to backup first, just in case :) -- Tomek http://wpkg.org Software deployment with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pakage update
Andreas Bauer schrieb: Hello, I want to update my samba server 3.0.7 - Suse 9.2 pro. Before I' m destroying my whole smb/ldap configuration, I ask the NG. Can I use an 3.0.13 rpm samba, samba-client package? And what's about the smb.conf after updating? Many thanks in advance Andreas Hi, i had never problems with updating smb pdc ldap on suse 9.2 / 9.3 use the rpms from http://ftp.suse.com/pub/projects/samba/3.0/i386/9.2/ i normally update with rpm -U --force --nodeps ( which is not very elegant but works ) nothing happens with your old smb.conf , it stays like it is. the inpacked new smb.conf will appear as smb.conf.rpmnew in /etc/samba/ if unsure about this procedure try it on a test server Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wins browsing issue
good morning all, i have an interesting issue with browsing. details: i have three subnets. (subnet1, subnet2, and subnet3) i have a samba server on each subnet. (samba1, samba2, and samba3) i have a windows 2000 server on subnet1. (m$1) samba1 is the domain master and wins server with ip 192.168.0.1 win2k clients authenticate to their local server and wins is set to 192.168.0.1. when i run a net view \\m$1 from a win2k client on subnet2 or subnet3, i get system error 53 has occurred. the network path was not found. message. when i run a net view \\samba1 or \\samba2 from the same win2k client, everything is fine. (shared resources at ) when i run a net view \\m$1 from a win2k client on subnet1, everything is fine. (shared resources at ) pertinent information from smb.conf of samba1 os level = 65 name resolve order = wins host lmhosts bcast domain logons = yes preferred master = yes domain master = yes wins support = yes pertinent information from smb.conf of samba2 and samba3 os level = 65 name resolve order = wins host lmhosts bcast domain logons = yes preferred master = yes domain master = no wins server = 192.168.0.1 local master = yes m$1 appears in browse.dat on both samba2 and samba3. any ideas? stu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba Schema Error? Setting up PDC with LDAP
Mike Trzcianowski schrieb: I have samba 3.0.10 and OpenLDAP(slapd) 2.2.13 on a redhat enterprise 4 machine. I have modified the slapd.conf file according to the official Smaba3 by example book. I have copied samba.schema from the samba directory /usr/share/doc/samba-3.0.10/LDAP/ to /etc/openldap/schema and included it in the slapd.conf file: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/opendlap/schema/samba.schema (...) Well, something similar happened to me, try to look at this thread (2nd message): http://sourceforge.net/mailarchive/message.php?msg_id=12606369 It concerns Kolab schemas, but maybe that'll help. -- Tomek http://wpkg.org -- Thanks Tomek! (Dzieki!) First I tried including the rfc2739.schema but it was giving me this error: line 31: AttributeType inappropriate matching rule: caseIgnoreMatch Then I found and included a modified rfc2739.schema and slaptest says that config file test succeeded. Here's the schema file I found. Any reasons why I should not be using it? file start here--- # RFC2739 calEntry schema for OpenLDAP 2.x # Version of RFC 2739 schema translated by Terrelle Shaw ([EMAIL PROTECTED]) # Nov. 7, 2002 # Modifications by Peter Marschall [EMAIL PROTECTED] # Nov. 9, 2002 # Notes: # * RFC2739 seems to be a bit sloppy about attribute type and # objectclass definitions syntax and also about attribute syntax # and matching rules. # (It even counts the attributes in the calEntry objectclass wrong ;-) # * The following changes have been applied to correct the schema # - added description to each attributetype definition # - changed SYNTAX from 'IA5String' to corresponding OID # to make matching rules and syntax consistent # - replaced illegal keyword SUBSTRING by SUBSTR # - changed SUBSTR from caseIgnoreIA5Match to caseIgnoreIA5SubstringsMatch # - removed illegal keyword MULTI-VALUE # - added keyword SINGLE-VALUE where appropriate # - removed USAGE since cwuserApplications is the default # - added description to the objectclass defintion # - corrected typo in objectclass definition # - added the attributetypes defined but not used to the objectclass # 2.4.4.1 calCalURI attributetype ( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'URI to a snapshot of the users entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # 2.4.4.2 calFBURL attributetype ( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'URI to the users default free/busy time data' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # 2.4.4.3 calCAPURI attributetype ( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'URI used to communicate with the users calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # 2.4.4.4 calCalAdrURI attributetype ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'URI to which event requests should be sent for the user' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # 2.4.4.5 calOtherCalURIs attributetype ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'URIs to snapshots of non-default calendars belonging to the user' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # 2.4.4.6 calOtherFBURLs attributetype ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'URIs to non-default free/busy data belonging to the user' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # 2.4.4.7 calOtherCAPURIs attributetype ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'URIs to non-default calendars belonging to the user' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # 2.4.4.8 calOtherCalAdrURIs attributetype ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'URIs of destinations for event requests to non-default calendars' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # 2.4.3.1 calEntry objectclass ( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'Calendering and free/busy information' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calCAPURI $ calCalAdrURI $
Re: [Samba] samba pakage update
On Wednesday 24 August 2005 08:12, Tomasz Chmielewski wrote: Andreas Bauer schrieb: Hello, I want to update my samba server 3.0.7 - Suse 9.2 pro. Before I' m destroying my whole smb/ldap configuration, I ask the NG. Can I use an 3.0.13 rpm samba, samba-client package? Why 3.0.13 if 3.0.20 is there? You can even download binary packages for SuSE from www.samba.org. Correct. And what's about the smb.conf after updating? Generally, you don't need to change anything in smb.conf file. Correct. Remember to backup first, just in case :) Wowa! Slow down a little. There have been some schema changes during the samba-3 series. Where LDAP is in use, do not forget to take appropriate action to rebuild the LDAP directory. My way, which I am sure even a novice can improve upon, is to follow the following procedure: 1. Dump the LDAP directory: slapcat -v -l foobar.ldif 2. Backup the smb.conf file and ALL the tdb files 3. Update/Upgrade Samba 4. Stop LDAP 5. Delete the LDAP directory database files 6. Install the updated the samba.schema file 7. Re-load the directory database slapadd -v -l foobar.ldif 8. Change ownership of all LDAP directory files to the user and group that slapd runs as. 9. Deal with any other changes needed for the upgrade/update 10. Restart LDAP and Samba Read the WHATSNEW.txt file that ships with Samba-3 and with most binary RPMs. With the binary RPMs this file should get located in /usr/share/doc/packages/samba. The WHATSNEW.txt file is your best guide to what may need to be updated. It will take you a while to read through it. Also, refer to the documentation in the book Samba-3 by Example, Second edition. It is available in print and on-line from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Chapter 8 deals with Samba upgrades and updates. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wins browsing issue
On Wednesday 24 August 2005 08:19, Stuart Highlander wrote: good morning all, i have an interesting issue with browsing. details: i have three subnets. (subnet1, subnet2, and subnet3) i have a samba server on each subnet. (samba1, samba2, and samba3) i have a windows 2000 server on subnet1. (m$1) I have not read in detail through this email, but as a first step, rename the M$1 machine to a name that does not contain the '$' character. The '$' character has special significance in Windows networking. Do not use this is on machine name. - John T. samba1 is the domain master and wins server with ip 192.168.0.1 win2k clients authenticate to their local server and wins is set to 192.168.0.1. when i run a net view \\m$1 from a win2k client on subnet2 or subnet3, i get system error 53 has occurred. the network path was not found. message. when i run a net view \\samba1 or \\samba2 from the same win2k client, everything is fine. (shared resources at ) when i run a net view \\m$1 from a win2k client on subnet1, everything is fine. (shared resources at ) pertinent information from smb.conf of samba1 os level = 65 name resolve order = wins host lmhosts bcast domain logons = yes preferred master = yes domain master = yes wins support = yes pertinent information from smb.conf of samba2 and samba3 os level = 65 name resolve order = wins host lmhosts bcast domain logons = yes preferred master = yes domain master = no wins server = 192.168.0.1 local master = yes m$1 appears in browse.dat on both samba2 and samba3. any ideas? stu -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] BDC + LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good Moring list I already possess PDC + LDAP. Today the necessity appeared to possess a BDC, but users in base LDAP would like to legalize all, and mine configuracao follows below: [global] ~workgroup = AURORA ~netbios name = fly ~server string = Marcio(CPD) ~passdb backend = ldapsam:ldap://121.1.16.245 ~#username map = /usr/local/etc/smbusers ~printcap name = cups ~logon drive = H: ~logon path = \\%L\%U\profiles ~logon home = \\%L\%U ~logon script = logon.bat ~domain logons = Yes ~os level = 33 ~preferred master = Yes ~domain master = No ~passdb backend = ldapsam:ldap://121.1.16.245 ~ldap passwd sync = yes ~ldap delete dn = Yes ~ldap admin dn = cn=suporte,dc=auroraalimentos,dc=com,dc=br ~ldap suffix = dc=auroraalimentos,dc=com,dc=br ~ldap machine suffix = ou=Computadores ~ldap user suffix = ou=Usuarios ~ldap group suffix = ou=Grupos ~ldap idmap suffix = ou=Idmap ~idmap backend = ldap:ldap://121.1.16.245 ~idmap uid = 1-2 ~idmap gid = 1-2 ~printing = cups [netlogon] ~comment = Servico de Logon em Rede [ startup.bat ] ~path = /home/samba/netlogon ~browseable = No ~locking = No ~read only = Yes [home] ~comment = Diretorio Pessoal %U, %u ~path = /home/%U ~read only = No ~valid users = %U ~force user = %U ~create mask = 0664 ~directory mask = 0775 ~writeable = Yes ~browseable = No # the default is to use the user's home directory [profiles] ~comment = Perfil %U ~path = /home/samba/profiles ~read only = No ~create mask = 0600 ~directory mask = 0700 ~browseable = No ~guest ok = Yes ~profile acls = Yes ~csc policy = disable ~# next line is a great way to secure the profiles ~force user = %U ~# next line allows administrator to access all profiles ~valid users = %U [dados] ~comment = Suporte Backup ~path = /backup/suporte ~writable = Yes [Musicas] ~comment = Musicas Marcio ~path = /backup/dados ~valid users = marcio ~writable = Yes Now the problem and that nao I obtain to legalize user in the base ldap, in log occurs the following one: [2005/08/24 11:51:49, 1] auth/auth_util.c:make_server_info_sam(840) ~ User mdonada in passdb, but getpwnam() fails! [2005/08/24 11:51:49, 0] auth/auth_sam.c:check_sam_security(324) ~ check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2005/08/24 11:51:56, 1] auth/auth_util.c:make_server_info_sam(840) ~ User mdonada in passdb, but getpwnam() fails! [2005/08/24 11:51:56, 0] auth/auth_sam.c:check_sam_security(324) ~ check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Some ideas? Thank's - -- Márcio Luciano Donada T.I. Aurora Alimentos Chapecó(SC) Cooperativa Central Oeste Catarinense mdonada at auroraalimentos dot com dot br -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDDIviyJq2hZEymxcRAr+RAJ9ioQcu6N1+OxBkQ60RbgRfPrGqrACgsk43 ux+Om7x7U3LJKNCdD8VgNus= =Uyfi -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BDC + LDAP
On Wednesday 24 August 2005 09:01, Marcio Luciano Donada wrote: Good Moring list I already possess PDC + LDAP. Today the necessity appeared to possess a BDC, but users in base LDAP would like to legalize all, and mine configuracao follows below: snip ... Now the problem and that nao I obtain to legalize user in the base ldap, in log occurs the following one: [2005/08/24 11:51:49, 1] auth/auth_util.c:make_server_info_sam(840) ~ User mdonada in passdb, but getpwnam() fails! [2005/08/24 11:51:49, 0] auth/auth_sam.c:check_sam_security(324) ~ check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2005/08/24 11:51:56, 1] auth/auth_util.c:make_server_info_sam(840) ~ User mdonada in passdb, but getpwnam() fails! [2005/08/24 11:51:56, 0] auth/auth_sam.c:check_sam_security(324) ~ check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Some ideas? Please follow the examples in the book Samba-3 by Example, Second edition. You can obtain this in print from Amazon.Com, or in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf The chapters that will help you most are Chapters 5 and 6. If you run into difficulties with the official documentation I have suggested please get back to me with specific details of what does not work for you. I will need to know the Chapter, section and page number please. If the documentation is wrong, or misleading, I will fix it. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BDC + LDAP
Marcio Luciano Donada schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good Moring list I already possess PDC + LDAP. Today the necessity appeared to possess a BDC, but users in base LDAP would like to legalize all, and mine configuracao follows below: (...) [2005/08/24 11:51:56, 0] auth/auth_sam.c:check_sam_security(324) ~ check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' It seems to me that the workstation is not in the LDAP database? There are no add user script, add machine script etc. in your smb.conf file. Follow the previous advice and fetch a Samba-3 by Example book! -- Tomek http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wins browsing issue
- Original Message - From: John H Terpstra [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, August 24, 2005 10:01 AM Subject: Re: [Samba] wins browsing issue On Wednesday 24 August 2005 08:19, Stuart Highlander wrote: good morning all, i have an interesting issue with browsing. details: i have three subnets. (subnet1, subnet2, and subnet3) i have a samba server on each subnet. (samba1, samba2, and samba3) i have a windows 2000 server on subnet1. (m$1) I have not read in detail through this email, but as a first step, rename the M$1 machine to a name that does not contain the '$' character. The '$' character has special significance in Windows networking. Do not use this is on machine name. - John T. samba1 is the domain master and wins server with ip 192.168.0.1 win2k clients authenticate to their local server and wins is set to 192.168.0.1. when i run a net view \\m$1 from a win2k client on subnet2 or subnet3, i get system error 53 has occurred. the network path was not found. message. when i run a net view \\samba1 or \\samba2 from the same win2k client, everything is fine. (shared resources at ) when i run a net view \\m$1 from a win2k client on subnet1, everything is fine. (shared resources at ) pertinent information from smb.conf of samba1 os level = 65 name resolve order = wins host lmhosts bcast domain logons = yes preferred master = yes domain master = yes wins support = yes pertinent information from smb.conf of samba2 and samba3 os level = 65 name resolve order = wins host lmhosts bcast domain logons = yes preferred master = yes domain master = no wins server = 192.168.0.1 local master = yes m$1 appears in browse.dat on both samba2 and samba3. any ideas? i am sorry john. the name of the win2k box is ms1 and not m$1. i was trying to be cute. i apologize to all. stu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Tr: [Samba] getpeername failed - PLEASE HELP
--- Bahya NASSR EDDINE [EMAIL PROTECTED] a écrit : Date: Wed, 24 Aug 2005 12:14:37 +0200 (CEST) De: Bahya NASSR EDDINE [EMAIL PROTECTED] À: samba@lists.samba.org Objet: [Samba] getpeername failed Hello there, I am using a samba 3 PDC with OpenLDAP directory. I can't log on to my samba domain any more from my windows clients! Once the samba domain joined, I reboot the client machine and I try to log on to the domain. The later operation falls with an error message telling that it a connection cannot be opened. I check my smbd log file, it reports the following: [2005/08/24 09:49:09, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected [2005/08/24 09:49:09, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/08/24 09:49:09, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection reset by peer [2005/08/24 09:49:09, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) Would you have any idea of what is going wrong there? Thank you ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Groupmapping problems in 3.0.20
Hi all, after updating my pdc from 3.0.14a to 3.0.20 the groupmap function does not work properly. net groupmap list: returns the same groupmapping on both samba versions. Domain Computers (S-1-5-21-xxx-yyy-zzz-515) - nt Domain Guests (S-1-5-21-xxx-yyy-zzz-514) - nobody Domain Admins (S-1-5-21-xxx-yyy-zzz-512) - root Print Operators (S-1-5-32-550) - oper cvs (S-1-5-21-xxx-yyy-zzz-1219) - cvs cad (S-1-5-21-xxx-yyy-zzz-1211) - cad www (S-1-5-21-xxx-yyy-zzz-1213) - www Domain Users (S-1-5-21-xxx-yyy-zzz-513) - users testgr (S-1-5-21-xxx-yyy-zzz-2011) - testgr ... On 3.0.20 net rpc group list: returns the unix groupnames instead of the mapped groupnames nt nobody root oper cvs cad www users testgr ... net group /domain (cmd.exe on xp and w2k): returns the unix groupnames instead of the mapped groupnames usrmgr.exe: returns the unix groupnames instead of the mapped groupnames with following effect: - Editing of groups root and users (Domain Admins and Domain Users) is not possible (Error: the groupname can not be found) - Reassigning the primary group Domain Users in the group membership dialog is not possible, because the group is not shown acl file dialog on windows (xp and w2k): returns the unix groupnames instead of the mapped groupnames with the following effect: - Assigning rights to the groups root and users has no effect - Maunally typing in Domain Users and Domain Admins assigns the rights properly. My environment: - Ldap master on RH8.0 (openldap 2.1.29) - Ldap slave on FC3 (openldap 2.2.13) - PDC on RH8.0 (kernel 2.4.29, samba 3.0.20 (rpmbuild from fedora src rpm from samba.org), nss_ldap-207) I got the same results on a second system: - PDC on FC4 (kernel 2.6.12-1.1398_FC4smp, samba 3.0.20 (build from source from samba.org), openldap-client 2.2.23, nss_ldap-234) After downgrading to 3.0.14a, the groupmapping is ok. Any ideas? Regards Carsten -- . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Move profiles between two samba domains
Hi, I need to move one samba domain (tdbsam) to a new domain on a new server (ldap+tls+smbldap). I wrote a script to move the data from previous backend but I can't move SIDs from previous domain to new domain... Is there a way to do so with smbldap ? The biggest problem concerns roaming profiles on the initial domain. I wrote a script which basically does profiles -c S-1-5-21-4239274624-1890485502-417310458-3672 -n S-1-5-21-789784681-830699192-2927842526-3004 /home/profiles/rh13/ntuser.dat profiles -c S-1-5-21-4239274624-1890485502-417310458-3007 -n S-1-5-21-789784681-830699192-2927842526-3007 /home/profiles/rh13/ntuser.dat for all my users (change user SID and group SID). When I log on the new server, I get all the data from the profile if the user has admin rights but a lot of data is missing it he has user rights... What did I miss ? Regards, Sylvain ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inter Domain trusts and BDC
I have a Samba-LDAP PDC at an office and 5 BDC's at other offices. At corporate HQ I have a W2k Server and domain. I have properly configured an interdomain trust and Users in the Samba domain can get to sections on the W2k machine regardless of location. However, members in the W2K domain can only access shares on the PDC. Attempts to access shares on a BDC cause a user name password dialogue box to open. Does anyone know why the BDC refuse to autheticate. I did a net rpc trustdom list on a BDC and it does list the W2K domain: to# net rpc trustdom list Password: Trusted domains list: FSK Trusting domains list: TACCOUNT Unable to find a suitable server domain controller is not responding FSKS FSK TACCOUNT Unable to find a suitable server domain controller is not responding FSKS FSK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Tr: [Samba] getpeername failed - PLEASE HELP
On Wednesday 24 August 2005 09:57, Bahya NASSR EDDINE wrote: --- Bahya NASSR EDDINE [EMAIL PROTECTED] a écrit Date: Wed, 24 Aug 2005 12:14:37 +0200 (CEST) De: Bahya NASSR EDDINE [EMAIL PROTECTED] À: samba@lists.samba.org Objet: [Samba] getpeername failed Hello there, I am using a samba 3 PDC with OpenLDAP directory. I can't log on to my samba domain any more from my windows clients! Once the samba domain joined, I reboot the client machine and I try to log on to the domain. The later operation falls with an error message telling that it a connection cannot be opened. I check my smbd log file, it reports the following: [2005/08/24 09:49:09, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected [2005/08/24 09:49:09, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/08/24 09:49:09, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection reset by peer [2005/08/24 09:49:09, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) Would you have any idea of what is going wrong there? Add to your smb.conf [globals]: smb ports = 139 If the problem persists, check your ether-switches, HUBS, network cables and ethernet cards. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Groupmapping problems in 3.0.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carsten Sander wrote: | Hi all, | | after updating my pdc from 3.0.14a to 3.0.20 the | groupmap function does not work properly. | | net groupmap list: | returns the same groupmapping on both samba versions. | | Domain Computers (S-1-5-21-xxx-yyy-zzz-515) - nt | Domain Guests (S-1-5-21-xxx-yyy-zzz-514) - nobody ... | | On 3.0.20 | | net rpc group list: | returns the unix groupnames instead of the mapped groupnames | | nt | nobody | root ... grrsorry. Our bug. The one line fix is at http://www.samba.org/~jerry/patches/post-3.0.20/groupname_enumeration.patch cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDDLk4IR7qMdg1EfYRAqw5AKCYxO6+y7R3p29b9vobsdctf1nmRACg4j8A OT8QX9C+T2a1AMwo8gVnzVM= =nnh4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Username.map works in 2.2.8a, doesn't work in 3.0.14a
I'm a bit puzzled. I am able to map an account without any problem on Samba 2.2.8a (security=domain). However, access fails with Samba 3.0.14a when everything else is the same (same configuration files). Any advice as to the cause of the problems (and its solution) would be appreciated. From 2.2.8a logs [2005/08/24 14:59:51, 3, pid=7767] smbd/reply.c:(880) Domain=[americase] NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] [2005/08/24 14:59:51, 3, pid=7767] smbd/reply.c:(890) sesssetupX:name=[pnmadm09] [2005/08/24 14:59:51, 3, pid=7767] lib/username.c:(168) Mapped user pnmadm09 to pnmadm [2005/08/24 14:59:51, 3, pid=7767] libsmb/namequery.c:(769) resolve_lmhosts: Attempting lmhosts lookup for name ZRTPD0PP0x20 [2005/08/24 14:59:51, 3, pid=7767] lib/util_sock.c:(845) Connecting to 47.140.205.113 at port 445 [2005/08/24 14:59:52, 3, pid=7767] smbd/password.c:(340) User name: pnmadm Real name: PNM Admin,PSD17792 [2005/08/24 14:59:52, 3, pid=7767] smbd/password.c:(736) authorise_login: ACCEPTED: validated uid ok as non-guest (user=pnmadm) [2005/08/24 14:59:52, 1, pid=7767] smbd/service.c:(636) boehm-1 (47.143.20.49) connect to service export as user pnmadm (uid=34344, gid=4794) (pid 7767) From 3.0.14a logs [2005/08/24 15:09:11, 3, pid=10515] libsmb/ntlmssp.c:(606) Got user=[pnmadm09] domain=[americase] workstation=[BOEHM-1] len1=24 len2=24 [2005/08/24 15:09:11, 3, pid=10515] lib/username.c:(173) Mapped user pnmadm09 to pnmadm [2005/08/24 15:09:11, 3, pid=10515] auth/auth.c:(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/08/24 15:09:11, 3, pid=10515] auth/auth.c:(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine ZRTPD0PP. Error was : NT_STATUS_ACCESS_DENIED. [2005/08/24 15:09:11, 3, pid=10515] libsmb/cliconnect.c:(1406) Connecting to host=ZRTPD0PP [2005/08/24 15:09:11, 3, pid=10515] lib/util_sock.c:(752) Connecting to 47.140.205.113 at port 445 [2005/08/24 15:09:11, 3, pid=10515] rpc_client/cli_netlogon.c:(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine ZRTPD0PP. Error was : NT_STATUS_ACCESS_DENIED. [2005/08/24 15:09:11, 3, pid=10515] libsmb/cliconnect.c:(1406) Connecting to host=ZRTPD0PP [2005/08/24 15:09:11, 3, pid=10515] lib/util_sock.c:(752) Connecting to 47.140.205.113 at port 445 [2005/08/24 15:09:11, 3, pid=10515] rpc_client/cli_netlogon.c:(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine ZRTPD0PP. Error was : NT_STATUS_ACCESS_DENIED. [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(170) domain_client_validate: Domain password server not available. [2005/08/24 15:09:11, 2, pid=10515] auth/auth.c:(312) check_ntlm_password: Authentication for user [pnmadm09] - [pnmadm] FAILED wi th error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE [2005/08/24 15:09:21, 3, pid=105 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi, someone know how to fix it? [2005/08/24 17:21:52, 0] lib/smbldap.c:smbldap_open_connection(677) Failed to issue the StartTLS instruction: Connect error I´m trying some modifications but, I´m not getting nothing different of It. Any hint will be wellcome, Sergio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] TLS problem
Hi, someone know how to fix it? [2005/08/24 17:21:52, 0] lib/smbldap.c:smbldap_open_connection(677) Failed to issue the StartTLS instruction: Connect error I´m trying some modifications but, I´m not getting nothing different of It. Any hint will be wellcome, Sergio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP Home mounting a Samba share on Solaris 10
I have usccessfully installed Samba-3.0.10 on a Sun workstation running Solaris 10. I am now trying to view the shared directory on a laptop running Windows XP Home. I am only using Samba for a workgroup share as I know XP Home can not log on to a domain. I can see the Samba server on the XP laptop when I selecet view workgroup computers. However, when I try to select the Samba server to view the shared directory I get a connect popup asking for User name and password. When I enter the information for the UNIX/Samba account it just continues to pop back up and does not allow access. I have created the UNIX user account on the workstation and run smbpasswd -a USER amd smbpasswd -e USER, where USER is the account name. When reviewing the log.smbd after attempting to connnect to the Samba server from Windows the following errors are generated - [2005/08/23 18:05:12, 0] lib/util_sock.c:(185) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2005/08/23 18:05:12, 0] lib/util_sock.c:(185) Failed to set socket option TCP_NODELAY (Error Invalid argument) [2005/08/23 18:05:12, 0] lib/util_sock.c:(185) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2005/08/23 18:05:12, 0] lib/util_sock.c:(185) Failed to set socket option TCP_NODELAY (Error Invalid argument) [2005/08/23 18:05:19, 0] lib/util_sock.c:(185) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2005/08/23 18:05:19, 0] lib/util_sock.c:(185) Failed to set socket option TCP_NODELAY (Error Invalid argument) [2005/08/24 11:45:19, 0] lib/util_sock.c:(185) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2005/08/24 11:45:19, 0] lib/util_sock.c:(185) Failed to set socket option TCP_NODELAY (Error Invalid argument) [2005/08/24 12:43:23, 0] lib/util_sock.c:(185) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) The log.mattlaptop contains the following - [2005/08/24 11:14:31, 1] lib/util_sock.c:(937) Gethostbyaddr failed for 192.168.0.3 [2005/08/24 11:35:54, 1] lib/util_sock.c:(937) Gethostbyaddr failed for 192.168.0.3 [2005/08/24 11:44:41, 1] lib/util_sock.c:(937) Gethostbyaddr failed for 192.168.0.3 [2005/08/24 11:45:19, 0] lib/util_sock.c:(367) read_socket_data: recv failure for 4. Error = Connection refused [2005/08/24 11:45:19, 1] lib/util_sock.c:(937) Gethostbyaddr failed for 192.168.0.3 [2005/08/24 12:43:15, 1] lib/util_sock.c:(937) Gethostbyaddr failed for 192.168.0.3 [2005/08/24 12:43:23, 0] lib/util_sock.c:(367) read_socket_data: recv failure for 4. Error = Connection refused I am just running a generic smb.conf file to try and get this up and running. The contents are - [global] workgroup = PAM socket options = TCP_NODELAY security = user hosts allow = pam80, mattlaptop, 192.168.0. hosts deny = all [root] path = / comment = Solaris root guest ok = yes read only = yes [share] path = /share comment = Solaris share browsable = yes guest ok = yes read only = no I have also tried manually editing the registry on the XP machine to enable clear text passwords. It did not correct the issue and, in fact, made the display of the samba server in the workgroup somewhat spotty. Sometimes it's there, sometimes it's not. I would greatly appreciate any input as I'm new to Samba and am trying to go this route rather than using a third-party windows NFS client. -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Preauthentication failed errors when trying to join Samba 3.0.14a to a W2k AD OU
Hi all, I'm trying to add a samba 3.0.14a server (on Solaris 9 w/kerberos5 v1.4.1 OpenLDAP) to a Windows 2000 AD OU and I'm able to successfully run /apps/krb5/bin/kinit [EMAIL PROTECTED] but when I run ... net ads join PATH\TO\THE\RIGHT\SUB\OU I keep getting the following error message: libads/kerberos.c:get_service_ticket(337) get_service_ticket [EMAIL PROTECTED]@NA.EXAMPLE.NET failed: Preauthentication failed Here is an example of what I have in my smb.conf file. security = ads realm = na.example.net encrypt passwords = yes use kerberos keytab = yes netbios name = havok workgroup = naex password server = dc.server1.ip.addr dc.server2.ip.addr wins server = ip addr I have an unmodified krb5.conf file, klist reports the following. Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 08/24/05 14:06:40 08/25/05 00:06:43 krbtgt/[EMAIL PROTECTED] renew until 08/25/05 14:06:40 08/24/05 14:06:56 08/25/05 00:06:43 [EMAIL PROTECTED] renew until 08/25/05 14:06:40 08/24/05 14:06:57 08/25/05 00:06:43 kadmin/[EMAIL PROTECTED] renew until 08/25/05 14:06:40 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached --- Any suggestions? thanks, Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Anyone have management docs for a Samba migration?
I'm helping out a Sun colleague, who has to present a formal proposal and plan to management for Solaris adoption. If anyone has docs for a migration, I'll happily scrub them of any identifying matter for our use, and if it's OK, for addition to the supporting material at samba.org. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems, Toronto | some people and astonish the rest [EMAIL PROTECTED] | -- Mark Twain (416) 263-5733 (x65733) | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 + BSD 5.4 + AD
Peter Marshall wrote: I am still stuck on this .. can't seem to get any further. Does anyone have any ideas how to fix this. Any help would be greatly appreciated. You haven't configured pam.conf correctly. Pam has to know how to authenticte the Windows user Thanks Peter Peter Marshall wrote: I am having some problems getting a samba server to work with Windows 2000 Active Directory. I am at the point where I can successfully list all users and groups, using the wbinfo command, and was able to join the domain with the net join ads ... command. I can also see the computer in my network neighborhood ... however, when I click on it .. it prompts for a username / password .. and will not accept mine. The Log.smb file has these lines repeated over and over when I try and start the samba service. [2005/08/23 08:46:58, 0] lib/until_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer [2005/08/23 09:18:59, 0] lib/util_sock.c:read_socket_data(384) read_socket_data: recv failure for 4. Error = Connection reset by peer When I try to authenticate to the box by browsing to it in windows, I get this line in the log.smb file [2005/08/23 09:37:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN+Username is invalid on this system Note: DOMAIN is my domain, and Username is my username Any ideas on what I am doing wrong ? Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo can not convert User names and Group name to SID
Hi there, I've been fighting with winbind for over 4 hours now and read every related article I found on google to no avail. A server of mine rebooted due to power outage today and a perfectly running winbind + AD setup, wbinfo can now no longer convert user names or group names to SID or vica versa. The weird part is that the built-in groups work just fine. [EMAIL PROTECTED] samba]# wbinfo -n BUILTIN/System Operators S-1-5-32-549 Well-known Group (5) [EMAIL PROTECTED] samba]# wbinfo -n Engineers Could not lookup name Engineers [EMAIL PROTECTED] samba]# getent group |grep Engineers Engineers:x:10018: [EMAIL PROTECTED] samba]# wbinfo -G 10018 S-1-5-21-3139104342-3182081393-1008461833-2114 [EMAIL PROTECTED] samba]# wbinfo -s S-1-5-21-3139104342-3182081393-1008461833-2114 Could not lookup sid S-1-5-21-3139104342-3182081393-1008461833-2114 After I upgraded samba to 3.0.10 everything seemed to work for a while, however after I restarted winbind - the problems started again. Now user-to-SID and vica versa works fine, but group-to-SID still does not. Has anybody experience a similar problem ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File change notification.
Regarding the following thread. http://lists.samba.org/archive/samba-technical/2005-March/040075.html Does anyone know where to obtain the patch, it appears to be truncated in the mail archive. I am having the same problem, Windows 2003 + IIS6 is not updating cached ASP and ASP.NET pages. I see that Samba replies to all file change notification requests with 0x010C (STATUS_NOTIFY_ENUM_DIR), however IIS does not seem to respect this response. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to auto mount a samba share
When the samba server has a power failure the share must be mounted manually once the power is restored. Is there a auto mount option that can be added to the fstab file on the client machine Thanks Marie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] wbinfo can not convert User names and Group name to S ID
Yep. We are dealing with once perfectly fine working 3.0.9 servers to erratic and weird behaved ones. We believe this is due to changes made my MS in http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx but thus far have not been able to confirm. Commands like: net rpc join -S PDC -U Admin now return no suitable server found even though that is the same command used when we setup the darn thing and it worked then. Bottom line is our samba member machines didn't change but security updates to our PDC, master browser, etc. were done last week and that is when the problems started. Use of wbinfo is very erratic, most of the time the users and groups list won't pull down. The -m option doesn't report the primary domain we belong to, etc. After a service restart or a machine reboot nobody can access the shares then after some magical period of time (an hour) you check and then you can access them but sometimes you can't. Usually I restart winbind and wait then I can sometimes get into the shares after the second attempt. -Original Message- From: Todor Genov [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 24, 2005 11:21 AM To: samba@lists.samba.org Subject: [Samba] wbinfo can not convert User names and Group name to SID Hi there, I've been fighting with winbind for over 4 hours now and read every related article I found on google to no avail. A server of mine rebooted due to power outage today and a perfectly running winbind + AD setup, wbinfo can now no longer convert user names or group names to SID or vica versa. The weird part is that the built-in groups work just fine. [EMAIL PROTECTED] samba]# wbinfo -n BUILTIN/System Operators S-1-5-32-549 Well-known Group (5) [EMAIL PROTECTED] samba]# wbinfo -n Engineers Could not lookup name Engineers [EMAIL PROTECTED] samba]# getent group |grep Engineers Engineers:x:10018: [EMAIL PROTECTED] samba]# wbinfo -G 10018 S-1-5-21-3139104342-3182081393-1008461833-2114 [EMAIL PROTECTED] samba]# wbinfo -s S-1-5-21-3139104342-3182081393-1008461833-2114 Could not lookup sid S-1-5-21-3139104342-3182081393-1008461833-2114 After I upgraded samba to 3.0.10 everything seemed to work for a while, however after I restarted winbind - the problems started again. Now user-to-SID and vica versa works fine, but group-to-SID still does not. Has anybody experience a similar problem ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba install
Hi on gentoo with Samba 3.0.14 and openldap 2.1.30 when I start samba is starts ok bt in the log.smbd file it has 1) lib/smbldap.c:smbldsp_open_connection(677) Failed to issue the StartTLS instruction: Operation error 2) lib/smbldap.c:add_new_domain_info(1364) failed to add domain dn= sambaDomainName=class,dc=mygroup,dc=com with: Strong(er) authentication required modifications require authentication 3) lib/smbldap.c:smbldap_search_domain_info(1413) Adding domain info for class failed with NT_STATUS_UNSUCCESSFUL Someone care to point me in the right direction, as to why and what is happening?? First install and use of samba and openldap Thanks -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.15/80 - Release Date: 8/23/2005 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Anyone have management docs for a Samba migration?
Quoting David Collier-Brown [EMAIL PROTECTED]: Take a look at http://www.idealx.org/prj/samba/smbldap-howto.en.html for migration. Use the IdealX Management Console for management of the domain (http://imc.sourceforge.net). I am making some annotations to the original howto (which is very Red Hat-centric) for Debian. Maybe that would be useful for Solaris. I will have my final version of the howto by next week (after I come back from aKademy) and will send changes to IdealX for a merge. I'm helping out a Sun colleague, who has to present a formal proposal and plan to management for Solaris adoption. If anyone has docs for a migration, I'll happily scrub them of any identifying matter for our use, and if it's OK, for addition to the supporting material at samba.org. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems, Toronto | some people and astonish the rest [EMAIL PROTECTED] | -- Mark Twain (416) 263-5733 (x65733) | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to auto mount a samba share
Quoting Marie Gerenger [EMAIL PROTECTED]: When the samba server has a power failure the share must be mounted manually once the power is restored. Is there a auto mount option that can be added to the fstab file on the client machine What about something like this? //altair/doc/mnt/docsmbfs defaults,users,username=pgquiles,password=mypassword 0 0 The bad side being you have to store your password in clear text in /etc/fstab. You can also have your username and password stored in a file, then use something like this: //altair/doc/mnt/docsmbfs defaults,users,authentication-file=/home/pgquiles/sambaidentity 0 0 The format of the file is: username = value password = value domain = value (for more info, take a look at man smbmount) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc rights command
Hello, i updated my samba to version 3.0.20 on a suse 9.2 system. I thought, some new net rpc commands need samba 3.0.13. But I get faults with the command: amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege [2005/08/25 02:45:35, 0] param/loadparm.c:map_parameter(2536) Unknown parameter encountered: enables privileges [2005/08/25 02:45:35, 0] param/loadparm.c:lp_do_parameter(3277) Ignoring unknown parameter enables privileges Password: Could not connect to server 127.0.0.1 The username or password was not correct. amd:~ # testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: enables privileges Ignoring unknown parameter enables privileges I thought enables privileges = Yes is the rigth entry in smb.conf? Am I right? Best regards and many thanks in advance Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net rpc rights command
Andreas Bauer wrote: amd:~ # testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: enables privileges Ignoring unknown parameter enables privileges Try... enable privileges = true ;-) -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Inconsistent I/O data base when starting SMBD.EXE
Hi there, Since a while I'm getting a Inconsistent I/O data base BUGCHECK when intiating a Samba session on my PC. The system (Personal Workstation 600/au running OVMS 7.2 and TCPIP V5.0) crashes (obviously with a BUGCHECK) stating 19c and INCONSTATE on the console. No memory dump is created (is cancelled it says). I have no idea on what night have been changed on the machine that might be causing the problem. The only thing recently changed in de SCSI card for the internal SCSI bus (i.e. the disk and CD support) Has anyone experienced somthing similar or know the reason why this occurs? Even better: has anyone got a solution to solve the problem? BTW: I'm running Samba/VMS 2.2.8 TIA, Mark de Bruin This e-mail and its contents are subject to the DISCLAIMER at http://www.tno.nl/disclaimer/email.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Inconsistent I/O data base BUGCHECK
Mark wrote (in part): Since a while I'm getting a Inconsistent I/O data base BUGCHECK when intiating a Samba session on my PC. The system (Personal Workstation 600/au running OVMS 7.2 and TCPIP V5.0) crashes (obviously with a BUGCHECK) stating 19c and INCONSTATE on the console. No memory dump is created (is cancelled it says). I would recommend floor of 5.0A for IP stack, lot of patches beyond 5.0 initial release. If you're runing vanilla 7.2 there are lots of patches out for that as well. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r9566 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: tridge Date: 2005-08-24 08:28:49 + (Wed, 24 Aug 2005) New Revision: 9566 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9566 Log: fix an uninitialised variable Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c Changeset: Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c === --- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2005-08-24 04:09:46 UTC (rev 9565) +++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2005-08-24 08:28:49 UTC (rev 9566) @@ -132,7 +132,7 @@ const char *ldifstring; struct ldb_context *ldb; struct ldb_ldif *ldif; - int ret; + int ret = 0; if (argc != 1) { ejsSetErrorMsg(eid, ldb.add/modify invalid arguments);
svn commit: samba r9567 - in branches/SAMBA_4_0/source: lib/registry librpc/idl rpc_server/winreg torture/rpc
Author: tridge Date: 2005-08-24 08:31:39 + (Wed, 24 Aug 2005) New Revision: 9567 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9567 Log: fixed the winreg IDL for CreateKey, including a security descriptor. To keep it simple I just use normal IDL buffers for now, avoiding the complex methods metze used in spoolss. We might change that later Also added decoding of the security_descriptor in winreg_GetKeySecurity() in smbtorture Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c branches/SAMBA_4_0/source/librpc/idl/winreg.idl branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c === --- branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c2005-08-24 08:28:49 UTC (rev 9566) +++ branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c2005-08-24 08:31:39 UTC (rev 9567) @@ -29,14 +29,7 @@ static void init_winreg_String(struct winreg_String *name, const char *s) { -name-name = s; -if (s) { -name-name_len = 2 * (strlen_m(s) + 1); -name-name_size = name-name_len; -} else { -name-name_len = 0; -name-name_size = 0; -} + name-name = s; } @@ -255,14 +248,14 @@ NTSTATUS status; struct winreg_CreateKey r; - init_winreg_String(r.in.key, name); + init_winreg_String(r.in.name, name); init_winreg_String(r.in.class, NULL); r.in.handle = parent-backend_data; - r.out.handle = talloc(mem_ctx, struct policy_handle); + r.out.new_handle = talloc(mem_ctx, struct policy_handle); r.in.options = 0; - r.in.access_mask = access_mask; - r.in.sec_desc = NULL; + r.in.access_required = access_mask; + r.in.secdesc = NULL; status = dcerpc_winreg_CreateKey((struct dcerpc_pipe *)(parent-hive-backend_data), mem_ctx, r); @@ -274,7 +267,7 @@ if (W_ERROR_IS_OK(r.out.result)) { *key = talloc(mem_ctx, struct registry_key); (*key)-name = talloc_strdup(*key, name); - (*key)-backend_data = r.out.handle; + (*key)-backend_data = r.out.new_handle; } return r.out.result; Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.idl === --- branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2005-08-24 08:28:49 UTC (rev 9566) +++ branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2005-08-24 08:31:39 UTC (rev 9567) @@ -83,14 +83,28 @@ /**/ /* Function: 0x06 */ + + typedef struct { + [size_is(size),length_is(len)] uint8 *data; + uint32 size; + uint32 len; + } KeySecurityData; + + typedef struct { + uint32 length; + KeySecurityData sd; + bool8 inherit; + } winreg_SecBuf; + WERROR winreg_CreateKey( - [in,out,ref] policy_handle *handle, - [in] winreg_String key, + [in,ref] policy_handle *handle, + [in] winreg_String name, [in] winreg_String class, [in] uint32 options, - [in] uint32 access_mask, - [in,out,ref] uint32 *action_taken, - [in] sec_desc_buf *sec_desc + [in] uint32 access_required, + [in,unique] winreg_SecBuf *secdesc, + [out,ref] policy_handle *new_handle, + [in,out,unique] uint32 *action_taken ); /**/ @@ -143,18 +157,12 @@ [in,ref] policy_handle *handle ); - typedef struct { - [size_is(size),length_is(len)] uint8 *data; - uint32 size; - uint32 len; - } KeySecurityData; - /**/ /* Function: 0x0c */ WERROR winreg_GetKeySecurity( [in,ref] policy_handle *handle, [in] uint32 access_mask, - [in,out,ref] KeySecurityData *data + [in,out,ref] KeySecurityData *sd ); /**/ Modified: branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c === --- branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2005-08-24 08:28:49 UTC (rev 9566) +++ branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2005-08-24 08:31:39 UTC (rev 9567) @@ -99,17 +99,34 @@ { struct dcesrv_handle *h, *newh; WERROR error; + struct security_descriptor sd; DCESRV_PULL_HANDLE_FAULT(h, r-in.handle, HTYPE_REGKEY); newh = dcesrv_handle_new(dce_call-context, HTYPE_REGKEY); - error = reg_key_add_name(newh,
svn commit: samba r9568 - in branches/SAMBA_4_0/source/scripting: bin libjs
Author: tridge Date: 2005-08-24 08:32:51 + (Wed, 24 Aug 2005) New Revision: 9568 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9568 Log: updated the winreg js library for CreateKey, and add a --createkey option to the winreg tool Modified: branches/SAMBA_4_0/source/scripting/bin/winreg branches/SAMBA_4_0/source/scripting/libjs/winreg.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/bin/winreg === --- branches/SAMBA_4_0/source/scripting/bin/winreg 2005-08-24 08:31:39 UTC (rev 9567) +++ branches/SAMBA_4_0/source/scripting/bin/winreg 2005-08-24 08:32:51 UTC (rev 9568) @@ -12,7 +12,8 @@ var options = GetOptions(ARGV, POPT_AUTOHELP, POPT_COMMON_SAMBA, -POPT_COMMON_CREDENTIALS); +POPT_COMMON_CREDENTIALS, +createkey=s); if (options == undefined) { println(Failed to parse options); return -1; @@ -61,6 +62,10 @@ function list_path(path) { var list = reg.enum_path(path); + if (list == undefined) { + println(Unable to list + path); + return; + } var i; list_values(path); for (i=0;ilist.length;i++) { @@ -83,6 +88,13 @@ root = ''; } -printf(Listing registry tree '%s'\n, root); -list_path(root); +if (options.createkey) { + var ok = reg.create_key(HKLM\\SOFTWARE, options.createkey); + if (!ok) { + + } +} else { + printf(Listing registry tree '%s'\n, root); + list_path(root); +} return 0; Modified: branches/SAMBA_4_0/source/scripting/libjs/winreg.js === --- branches/SAMBA_4_0/source/scripting/libjs/winreg.js 2005-08-24 08:31:39 UTC (rev 9567) +++ branches/SAMBA_4_0/source/scripting/libjs/winreg.js 2005-08-24 08:32:51 UTC (rev 9568) @@ -35,7 +35,7 @@ } else if (hive == HKU) { status = this.winreg_OpenHKU(io); } else { - println(Unknown hive + hive); + this._last_error = Unknown hive + hive; return undefined; } if (!status.is_ok) { @@ -231,7 +231,41 @@ return list; } + /* + create a new key +ok = reg.create_key(path, key); +*/ +function __winreg_create_key(path, key) +{ + var handle = this.open_path(path); + if (handle == undefined) { + return undefined; + } + + var io = irpcObj(); + io.input.handle = handle; + io.input.name = key; + io.input.class = NULL; + io.input.options = 0; + io.input.access_required = this.SEC_FLAG_MAXIMUM_ALLOWED; + io.input.secdesc = NULL; + io.input.action_taken = 0; + + var status = this.winreg_CreateKey(io); + this.close(handle); + if (!status.is_ok) { + return false; + } + if (io.output.result != WERR_OK) { + return false; + } + this.close(io.output.new_handle); + return true; +} + + +/* return a string for a winreg type */ function __winreg_typestring(type) @@ -252,12 +286,13 @@ REG_RESOURCE_LIST, REG_FULL_RESOURCE_DESCRIPTOR, REG_RESOURCE_REQUIREMENTS_LIST, REG_QWORD); - reg.close = __winreg_close; - reg.open_hive = __winreg_open_hive; - reg.open_path = __winreg_open_path; - reg.enum_path = __winreg_enum_path; + reg.close = __winreg_close; + reg.open_hive = __winreg_open_hive; + reg.open_path = __winreg_open_path; + reg.enum_path = __winreg_enum_path; reg.enum_values = __winreg_enum_values; - reg.typestring = __winreg_typestring; + reg.create_key = __winreg_create_key; + reg.typestring = __winreg_typestring; return reg; }
svn commit: samba r9569 - in branches/SAMBA_4_0/source/utils: .
Author: tridge Date: 2005-08-24 08:33:56 + (Wed, 24 Aug 2005) New Revision: 9569 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9569 Log: fixed an uninitialised variable Modified: branches/SAMBA_4_0/source/utils/nmblookup.c Changeset: Modified: branches/SAMBA_4_0/source/utils/nmblookup.c === --- branches/SAMBA_4_0/source/utils/nmblookup.c 2005-08-24 08:32:51 UTC (rev 9568) +++ branches/SAMBA_4_0/source/utils/nmblookup.c 2005-08-24 08:33:56 UTC (rev 9569) @@ -178,7 +178,7 @@ enum nbt_name_type node_type = NBT_NAME_CLIENT; char *node_name, *p; struct nbt_name_socket *nbtsock; - NTSTATUS status; + NTSTATUS status = NT_STATUS_OK; if (!options.case_sensitive) { name = strupper_talloc(tmp_ctx, name);
svn commit: samba r9570 - in trunk/source/smbd: .
Author: vlendec Date: 2005-08-24 08:56:28 + (Wed, 24 Aug 2005) New Revision: 9570 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9570 Log: open_mode_check does not look at oplocks anymore Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2005-08-24 08:33:56 UTC (rev 9569) +++ trunk/source/smbd/open.c2005-08-24 08:56:28 UTC (rev 9570) @@ -534,7 +534,6 @@ uint32 access_mask, uint32 share_access, uint32 create_options, - int *p_oplock_request, BOOL *file_existed) { int i; @@ -1374,8 +1373,7 @@ status = open_mode_check(conn, fname, dev, inode, access_mask, share_access, -create_options, oplock_request, -file_existed); +create_options, file_existed); if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { /* DELETE_PENDING is not deferred for a second */ @@ -1530,8 +1528,7 @@ status = open_mode_check(conn, fname, dev, inode, access_mask, share_access, -create_options, oplock_request, -file_existed); +create_options, file_existed); if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { set_saved_ntstatus(status);
svn commit: samba r9571 - in trunk/source/smbd: .
Author: vlendec Date: 2005-08-24 09:21:36 + (Wed, 24 Aug 2005) New Revision: 9571 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9571 Log: Fix a fd leak Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2005-08-24 08:56:28 UTC (rev 9570) +++ trunk/source/smbd/open.c2005-08-24 09:21:36 UTC (rev 9571) @@ -1533,6 +1533,7 @@ if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { set_saved_ntstatus(status); unlock_share_entry(dev, inode); + fd_close(conn, fsp); file_free(fsp); return NULL; }
Re: svn commit: samba r9563 - in branches/SAMBA_4_0/source/lib/samba3: .
Hi Tim, On Wed, Aug 24, 2005 at 03:39:26AM +, [EMAIL PROTECTED] wrote about 'svn commit: samba r9563 - in branches/SAMBA_4_0/source/lib/samba3: .': I think this INIT_OBJ_FILES should be ADD_OBJ_FILES so that the lib/samba3 source files are included in make proto. Fixes the build with ./configure.developer. That sounds strange, as both end up in the proto list... Cheers, Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://jelmer.vernstok.nl/ signature.asc Description: Digital signature
svn commit: samba r9572 - in branches/SOC/SAMBA_4_0: . source/include source/lib/registry source/lib/samba3 source/librpc/idl source/pidl/lib/Parse/Pidl/Ethereal source/rpc_server/winreg source/script
Author: metze Date: 2005-08-24 09:47:04 + (Wed, 24 Aug 2005) New Revision: 9572 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9572 Log: [EMAIL PROTECTED] (orig r9552): jelmer | 2005-08-24 01:55:41 +0200 Add idmap support. [EMAIL PROTECTED] (orig r9553): tpot | 2005-08-24 02:04:48 +0200 Some cosmetic things to make the atsvc dissector output look prettier and be more usable: - nicer formatting for summary of set fields in bitmap. - say Pointer to Foo in proto_tree instead of just Foo when dissecting pointers. - append string value to proto_tree when dissecting pointers to strings. - strip librpc/gen_ndr prefix from includes so generated files can live in the ethereal epan/dissectors directory. Now to work on getting the winreg dissector compiling... [EMAIL PROTECTED] (orig r9554): tpot | 2005-08-24 02:53:37 +0200 Do a quick once-over to make the ethereal auto-generated parser code a bit more readable. [EMAIL PROTECTED] (orig r9555): jelmer | 2005-08-24 02:58:52 +0200 More updates. Everything except for secrets.c compiles now.. [EMAIL PROTECTED] (orig r9556): jelmer | 2005-08-24 03:05:48 +0200 Define a few libsamba structs [EMAIL PROTECTED] (orig r9557): jelmer | 2005-08-24 03:52:17 +0200 Some more updates. Use combined function for parsing a set of samba3 databases [EMAIL PROTECTED] (orig r9558): tpot | 2005-08-24 03:58:36 +0200 Add more whitespace to generated output. Change conformance file warning to something more understandable. Don't generate duplicate duplicate element dissectors for function call arguments. Hey this makes the winreg dissector compile, but not link. [EMAIL PROTECTED] (orig r9563): tpot | 2005-08-24 05:39:25 +0200 I think this INIT_OBJ_FILES should be ADD_OBJ_FILES so that the lib/samba3 source files are included in make proto. Fixes the build with ./configure.developer. [EMAIL PROTECTED] (orig r9566): tridge | 2005-08-24 10:28:49 +0200 fix an uninitialised variable [EMAIL PROTECTED] (orig r9567): tridge | 2005-08-24 10:31:39 +0200 fixed the winreg IDL for CreateKey, including a security descriptor. To keep it simple I just use normal IDL buffers for now, avoiding the complex methods metze used in spoolss. We might change that later Also added decoding of the security_descriptor in winreg_GetKeySecurity() in smbtorture [EMAIL PROTECTED] (orig r9568): tridge | 2005-08-24 10:32:51 +0200 updated the winreg js library for CreateKey, and add a --createkey option to the winreg tool [EMAIL PROTECTED] (orig r9569): tridge | 2005-08-24 10:33:56 +0200 fixed an uninitialised variable Added: branches/SOC/SAMBA_4_0/source/lib/samba3/idmap.c branches/SOC/SAMBA_4_0/source/lib/samba3/samba3.c branches/SOC/SAMBA_4_0/source/lib/samba3/samba3.h branches/SOC/SAMBA_4_0/source/lib/samba3/winsdb.c Removed: branches/SOC/SAMBA_4_0/source/lib/samba3/policy.h branches/SOC/SAMBA_4_0/source/lib/samba3/sam.h Modified: branches/SOC/SAMBA_4_0/ branches/SOC/SAMBA_4_0/source/include/structs.h branches/SOC/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c branches/SOC/SAMBA_4_0/source/lib/samba3/config.mk branches/SOC/SAMBA_4_0/source/lib/samba3/group.c branches/SOC/SAMBA_4_0/source/lib/samba3/policy.c branches/SOC/SAMBA_4_0/source/lib/samba3/samba3dump.c branches/SOC/SAMBA_4_0/source/lib/samba3/secrets.c branches/SOC/SAMBA_4_0/source/lib/samba3/tdbsam.c branches/SOC/SAMBA_4_0/source/librpc/idl/winreg.idl branches/SOC/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm branches/SOC/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c branches/SOC/SAMBA_4_0/source/scripting/bin/winreg branches/SOC/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c branches/SOC/SAMBA_4_0/source/scripting/libjs/winreg.js branches/SOC/SAMBA_4_0/source/torture/rpc/winreg.c branches/SOC/SAMBA_4_0/source/utils/nmblookup.c Changeset: Sorry, the patch is too large (2367 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9572
svn commit: samba r9573 - in branches/SAMBA_4_0/source/libcli/security: .
Author: tridge Date: 2005-08-24 10:58:29 + (Wed, 24 Aug 2005) New Revision: 9573 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9573 Log: fixed a comment Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c === --- branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2005-08-24 09:47:04 UTC (rev 9572) +++ branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2005-08-24 10:58:29 UTC (rev 9573) @@ -297,7 +297,7 @@ sd = security_descriptor_create(mem_ctx, mysid, mygroup, - SID_AUTHENTICATED_USERS, + SID_NT_AUTHENTICATED_USERS, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_ALL, SEC_ACE_FLAG_OBJECT_INHERIT,
svn commit: samba r9574 - in branches/SAMBA_4_0/source: librpc/idl torture/rpc
Author: tridge Date: 2005-08-24 11:01:10 + (Wed, 24 Aug 2005) New Revision: 9574 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9574 Log: - made the sec_info fields in lsa and samr use a IDL bitmap - fixed winreg_GetKeySecurity() to use a sec_info field correctly - simplied the winreg torture code, removing the separate opens for each hive - added torture cleanup code in winreg test - added 'create with security descriptor' in the winreg torture test Modified: branches/SAMBA_4_0/source/librpc/idl/lsa.idl branches/SAMBA_4_0/source/librpc/idl/samr.idl branches/SAMBA_4_0/source/librpc/idl/security.idl branches/SAMBA_4_0/source/librpc/idl/winreg.idl branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Sorry, the patch is too large (500 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9574
svn commit: samba r9575 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: tridge Date: 2005-08-24 11:12:16 + (Wed, 24 Aug 2005) New Revision: 9575 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9575 Log: more automatic cleanup code in winreg test Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c === --- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2005-08-24 11:01:10 UTC (rev 9574) +++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2005-08-24 11:12:16 UTC (rev 9575) @@ -329,8 +329,8 @@ struct winreg_DeleteKey r; r.in.handle = handle; + init_winreg_String(r.in.key, key); - dcerpc_winreg_DeleteKey(p, mem_ctx, r); return True; @@ -700,6 +700,8 @@ return False; } + test_Cleanup(p, mem_ctx, handle, TEST_KEY1); + test_Cleanup(p, mem_ctx, handle, TEST_KEY2); test_Cleanup(p, mem_ctx, handle, TEST_KEY_BASE); if (!test_CreateKey(p, mem_ctx, handle, TEST_KEY1, NULL)) { @@ -730,7 +732,8 @@ ret = False; } - if (deleted test_OpenKey(p, mem_ctx, handle, TEST_KEY1, newhandle)) { + if (created deleted + test_OpenKey(p, mem_ctx, handle, TEST_KEY1, newhandle)) { printf(DeleteKey failed (OpenKey after Delete didn't work)\n); ret = False; } @@ -775,6 +778,8 @@ ret = False; } + test_Cleanup(p, mem_ctx, handle, TEST_KEY_BASE); + return ret; }
svn commit: samba r9576 - in branches/SAMBA_4_0/source: librpc/idl pidl pidl/lib/Parse/Pidl/Ethereal
Author: jelmer Date: 2005-08-24 11:17:28 + (Wed, 24 Aug 2005) New Revision: 9576 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9576 Log: Couple of small fixes. Generate notice indicating that the parsers were autogenerated. Modified: branches/SAMBA_4_0/source/librpc/idl/atsvc.idl branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm branches/SAMBA_4_0/source/pidl/pidl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/atsvc.idl === --- branches/SAMBA_4_0/source/librpc/idl/atsvc.idl 2005-08-24 11:12:16 UTC (rev 9575) +++ branches/SAMBA_4_0/source/librpc/idl/atsvc.idl 2005-08-24 11:17:28 UTC (rev 9576) @@ -8,7 +8,7 @@ version(1.0), pointer_default(unique), pointer_default_top(unique), - helpstring(Queue/List/Remove jobs for later execution), + helpstring(Microsoft AT-Scheduler Service), endpoint(ncacn_np:[\\pipe\\atsvc], ncalrpc:) ] interface atsvc { Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm === --- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm 2005-08-24 11:12:16 UTC (rev 9575) +++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm 2005-08-24 11:17:28 UTC (rev 9576) @@ -542,7 +542,7 @@ # in epan/dissctors are deleted. my $name = \ . uc($x-{NAME}) . (pidl)\; - my $short_name = $x-{NAME}; + my $short_name = uc($x-{NAME}); my $filter_name = $x-{NAME}; if (has_property($x, helpstring)) { @@ -697,17 +697,30 @@ # # Generate ethereal parser and header code -sub Parse($$) +sub Parse() { - my($ndr,$h_filename,$cnf_file) = @_; + my($ndr,$idl_file,$h_filename,$cnf_file) = @_; Initialize($cnf_file); $tabs = ; %res = (code=,def=,hdr=); - pidl_hdr /* header auto-generated by pidl */; + my $notice = +/* DO NOT EDIT + This filter was automatically generated + from $idl_file and $cnf_file. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Ethereal team. + Instructions on how to download and install Pidl can be + found at http://wiki.ethereal.com/Pidl +*/ +; + + pidl_hdr $notice; + $res{headers} = \n; $res{headers} .= #ifdef HAVE_CONFIG_H\n; $res{headers} .= #include \config.h\\n; @@ -733,7 +746,7 @@ $res{ett} = DumpEttDeclaration(); $res{hf} = DumpHfDeclaration(); - my $parser = /* parser auto-generated by pidl */; + my $parser = $notice; $parser.= $res{headers}; $parser.=$res{ett}; $parser.=$res{hf}; Modified: branches/SAMBA_4_0/source/pidl/pidl === --- branches/SAMBA_4_0/source/pidl/pidl 2005-08-24 11:12:16 UTC (rev 9575) +++ branches/SAMBA_4_0/source/pidl/pidl 2005-08-24 11:17:28 UTC (rev 9576) @@ -101,26 +101,26 @@ --parse parse a idl file to a .pidl file --dump dump a pidl file back to idl --diff run diff on the idl and dumped output - --keep[=OUTFILE]keep the .pidl file + --keep[=OUTFILE]keep the .pidl file [BASENAME.pidl] --odl accept ODL input --warn-compat warn about incompatibility with other compilers --quiet be quiet --verbose be verbose Samba 4 output: - --header[=OUTFILE] create generic header file + --header[=OUTFILE] create generic header file [BASENAME.h] --uint-enumsdon't use C enums, instead use uint* types - --ndr-header[=OUTFILE] create a C NDR-specific header file - --ndr-parser[=OUTFILE] create a C NDR parser - --client[=OUTFILE] create a C NDR client - --tdr-header[=OUTFILE] create a C TDR header file - --tdr-parser[=OUTFILE] create a C TDR parser - --ejs[=OUTFILE] create ejs wrapper file - --swig[=OUTFILE]create swig wrapper file - --server[=OUTFILE] create server boilerplate + --ndr-header[=OUTFILE] create a C NDR-specific header file [ndr_BASENAME.h] + --ndr-parser[=OUTFILE] create a C NDR parser [ndr_BASENAME.c] + --client[=OUTFILE] create a C NDR client [ndr_BASENAME_c.c] + --tdr-header[=OUTFILE] create a C TDR header file [tdr_BASENAME.h] + --tdr-parser[=OUTFILE] create a C TDR parser [tdr_BASENAME.c] + --ejs[=OUTFILE] create ejs wrapper file [BASENAME_ejs.c] + --swig[=OUTFILE]create swig wrapper file [BASENAME.i] + --server[=OUTFILE] create server boilerplate [ndr_BASENAME_s.c] --template print a template for a pipe - --dcom-proxy[=OUTFILE] create DCOM proxy (implies --odl) - --com-header[=OUTFILE] create header for
svn commit: samba r9578 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: tridge Date: 2005-08-24 11:42:46 + (Wed, 24 Aug 2005) New Revision: 9578 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9578 Log: fixed an endless loop and memory leak in the QueryMultipleValues test Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c === --- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2005-08-24 11:33:26 UTC (rev 9577) +++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2005-08-24 11:42:46 UTC (rev 9578) @@ -456,6 +456,7 @@ { struct winreg_QueryMultipleValues r; NTSTATUS status; + uint32_t bufsize=0; printf(Testing QueryMultipleValues\n); @@ -469,9 +470,9 @@ r.in.num_values = 1; r.in.buffer_size = r.out.buffer_size = talloc(mem_ctx, uint32_t); - *r.in.buffer_size = 0x00; + *r.in.buffer_size = bufsize; do { - *r.in.buffer_size += 0x20; + *r.in.buffer_size = bufsize; r.in.buffer = r.out.buffer = talloc_zero_array(mem_ctx, uint8_t, *r.in.buffer_size); @@ -481,7 +482,8 @@ printf(QueryMultipleValues failed - %s\n, nt_errstr(status)); return False; } - + talloc_free(r.in.buffer); + bufsize += 0x20; } while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)); if (!W_ERROR_IS_OK(r.out.result)) {
svn commit: samba r9579 - in branches/SAMBA_4_0/swat: desktop scripting/client scripting/server
Author: deryck Date: 2005-08-24 11:53:01 + (Wed, 24 Aug 2005) New Revision: 9579 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9579 Log: Desktop SWAT opens now with a little server status window. This includes a table layout that can be reused (see QxListView in status.js). Some formatting fixes, too. deryck Added: branches/SAMBA_4_0/swat/scripting/client/status.js branches/SAMBA_4_0/swat/scripting/server/status.esp Modified: branches/SAMBA_4_0/swat/desktop/index.esp Changeset: Sorry, the patch is too large (413 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9579
svn commit: samba r9577 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tpot Date: 2005-08-24 11:33:26 + (Wed, 24 Aug 2005) New Revision: 9577 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9577 Log: Fix some indentation. Modified: branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl === --- branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl 2005-08-24 11:17:28 UTC (rev 9576) +++ branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl 2005-08-24 11:33:26 UTC (rev 9577) @@ -32,8 +32,8 @@ [in] uint8 reboot ); -WERROR initshutdown_Abort( - [in]uint16 *server + WERROR initshutdown_Abort( + [in] uint16 *server ); WERROR initshutdown_InitEx(
svn commit: samba r9580 - in branches/SAMBA_4_0/source/scripting/bin: .
Author: tridge Date: 2005-08-24 12:19:59 + (Wed, 24 Aug 2005) New Revision: 9580 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9580 Log: put the libinclude() after the GetOptions so the smb.conf is loaded to get the libjs path Modified: branches/SAMBA_4_0/source/scripting/bin/winreg Changeset: Modified: branches/SAMBA_4_0/source/scripting/bin/winreg === --- branches/SAMBA_4_0/source/scripting/bin/winreg 2005-08-24 11:53:01 UTC (rev 9579) +++ branches/SAMBA_4_0/source/scripting/bin/winreg 2005-08-24 12:19:59 UTC (rev 9580) @@ -6,9 +6,6 @@ Released under the GNU GPL v2 or later */ -libinclude(base.js); -libinclude(winreg.js); - var options = GetOptions(ARGV, POPT_AUTOHELP, POPT_COMMON_SAMBA, @@ -19,6 +16,9 @@ return -1; } +libinclude(base.js); +libinclude(winreg.js); + if (options.ARGV.length 1) { println(Usage: winreg.js BINDING [path]); return -1; @@ -91,7 +91,7 @@ if (options.createkey) { var ok = reg.create_key(HKLM\\SOFTWARE, options.createkey); if (!ok) { - + println(Failed to create key); } } else { printf(Listing registry tree '%s'\n, root);
svn commit: samba r9581 - in branches/SAMBA_4_0/source: include lib/samba3
Author: jelmer Date: 2005-08-24 12:21:19 + (Wed, 24 Aug 2005) New Revision: 9581 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9581 Log: Registry db Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/lib/samba3/config.mk branches/SAMBA_4_0/source/lib/samba3/registry.c branches/SAMBA_4_0/source/lib/samba3/samba3.c branches/SAMBA_4_0/source/lib/samba3/samba3.h Changeset: Sorry, the patch is too large (344 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9581
svn commit: samba r9582 - in branches/SAMBA_3_0/source: .
Author: jerry Date: 2005-08-24 12:42:32 + (Wed, 24 Aug 2005) New Revision: 9582 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9582 Log: a few makefile fixes for 'make test'; get the dependencies and cleanup right Modified: branches/SAMBA_3_0/source/Makefile.in Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2005-08-24 12:21:19 UTC (rev 9581) +++ branches/SAMBA_3_0/source/Makefile.in 2005-08-24 12:42:32 UTC (rev 9582) @@ -774,7 +774,7 @@ ## ## Targets for 'make test' ## -test: all +test: all torture @echo Running Samba 3 Test suite @sh ./script/tests/runtests.sh t_dir @@ -1441,7 +1441,8 @@ clean: delheaders python_clean -rm -f core */*~ *~ */*.o */[EMAIL PROTECTED]@ */[EMAIL PROTECTED]@ \ $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) \ - $(LIBSMBCLIENT) $(EVERYTHING_PROGS) .headers.stamp t_dir + $(LIBSMBCLIENT) $(EVERYTHING_PROGS) .headers.stamp + -rm -rf t_dir # Making this target will just make sure that the prototype files # exist, not necessarily that they are up to date. Since they're
svn commit: samba r9583 - in branches/SAMBA_3_0/source/script/tests: .
Author: jerry Date: 2005-08-24 13:09:13 + (Wed, 24 Aug 2005) New Revision: 9583 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9583 Log: ensure that Samba was with with --enable-socket-wrapper for running 'make test' Modified: branches/SAMBA_3_0/source/script/tests/runtests.sh Changeset: Modified: branches/SAMBA_3_0/source/script/tests/runtests.sh === --- branches/SAMBA_3_0/source/script/tests/runtests.sh 2005-08-24 12:42:32 UTC (rev 9582) +++ branches/SAMBA_3_0/source/script/tests/runtests.sh 2005-08-24 13:09:13 UTC (rev 9583) @@ -44,6 +44,19 @@ export SRCDIR SCRIPTDIR export USERNAME PASSWORD + +## +## verify that we were built with --enable-socket-wrapper +## + +if test x`smbd -b | grep SOCKET_WRAPPER` == x; then + echo *** + echo *** You must include --enable-socket-wrapper when compiling Samba + echo *** in order to execute 'make test'. Exiting + echo *** + exit 1 +fi + ## ## create the test directory layout ##
svn commit: samba r9584 - branches/SAMBA_3_0/source/smbd branches/SAMBA_4_0/source/torture branches/SAMBA_4_0/source/torture/raw trunk/source/smbd
Author: vlendec Date: 2005-08-24 13:15:01 + (Wed, 24 Aug 2005) New Revision: 9584 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9584 Log: Fix a race condition in Samba 3. If two files are opened simultaneously with NTCREATEX_DISP_CREATE (create if not exists, else fail) they might end up with two or more times NT_STATUS_OK as EEXIST is not correctly handled. Jeremy, please look closely at this. You can easily verify this by adding a smb_msleep(100) to the top of open_file_ntcreate and run the new samba4 torture test. It does also happen without the msleep, but not as reliably. Thanks, Volker Modified: branches/SAMBA_3_0/source/smbd/open.c branches/SAMBA_4_0/source/torture/raw/open.c branches/SAMBA_4_0/source/torture/torture.c trunk/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2005-08-24 13:09:13 UTC (rev 9583) +++ branches/SAMBA_3_0/source/smbd/open.c 2005-08-24 13:15:01 UTC (rev 9584) @@ -1585,6 +1585,15 @@ fsp_open = open_file(fsp,conn,fname,psbuf,flags|flags2,unx_mode,access_mask); + if (!fsp_open (flags2 O_EXCL) (errno == EEXIST)) { + /* +* Two smbd's tried to open exclusively, but only one of them +* succeeded. +*/ + file_free(fsp); + return NULL; + } + if (!fsp_open (flags == O_RDWR) (errno != ENOENT)) { if((fsp_open = open_file(fsp,conn,fname,psbuf, O_RDONLY,unx_mode,access_mask)) == True) { Modified: branches/SAMBA_4_0/source/torture/raw/open.c === --- branches/SAMBA_4_0/source/torture/raw/open.c2005-08-24 13:09:13 UTC (rev 9583) +++ branches/SAMBA_4_0/source/torture/raw/open.c2005-08-24 13:15:01 UTC (rev 9584) @@ -23,6 +23,7 @@ #include system/time.h #include system/filesys.h #include librpc/gen_ndr/ndr_security.h +#include lib/events/events.h /* enum for whether reads/writes are possible on a file */ enum rdwr_mode {RDWR_NONE, RDWR_RDONLY, RDWR_WRONLY, RDWR_RDWR}; @@ -1236,7 +1237,131 @@ return ret; } +/* A little torture test to expose a race condition in Samba 3.0.20 ... :-) */ +static BOOL test_raw_open_multi(void) +{ + struct smbcli_state *cli; + TALLOC_CTX *mem_ctx = talloc_init(torture_test_oplock_multi); + const char *fname = \\test_oplock.dat; + NTSTATUS status; + BOOL ret = True; + union smb_open io; + struct smbcli_state **clients; + struct smbcli_request **requests; + union smb_open *ios; + const char *host = lp_parm_string(-1, torture, host); + const char *share = lp_parm_string(-1, torture, share); + int i, num_files = 3; + struct event_context *ev; + int num_ok = 0; + int num_collision = 0; + + ev = event_context_init(mem_ctx); + clients = talloc_array(mem_ctx, struct smbcli_state *, num_files); + requests = talloc_array(mem_ctx, struct smbcli_request *, num_files); + ios = talloc_array(mem_ctx, union smb_open, num_files); + if ((ev == NULL) || (clients == NULL) || (requests == NULL) || + (ios == NULL)) { + DEBUG(0, (talloc failed\n)); + return False; + } + + if (!torture_open_connection_share(mem_ctx, cli, host, share, ev)) { + return False; + } + + cli-tree-session-transport-options.request_timeout = 6; + + for (i=0; inum_files; i++) { + if (!torture_open_connection_share(mem_ctx, (clients[i]), + host, share, ev)) { + DEBUG(0, (Could not open %d'th connection\n, i)); + return False; + } + clients[i]-tree-session-transport- + options.request_timeout = 6; + } + + /* cleanup */ + smbcli_unlink(cli-tree, fname); + + /* + base ntcreatex parms + */ + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.root_fid = 0; + io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ| + NTCREATEX_SHARE_ACCESS_WRITE| + NTCREATEX_SHARE_ACCESS_DELETE; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; + io.ntcreatex.in.create_options = 0; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = fname; + io.ntcreatex.in.flags = 0; + + for (i=0; inum_files; i++) { +
svn commit: samba r9585 - in branches/SAMBA_3_0/source/script/tests: .
Author: jerry Date: 2005-08-24 13:27:24 + (Wed, 24 Aug 2005) New Revision: 9585 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9585 Log: update test #1 Modified: branches/SAMBA_3_0/source/script/tests/t_001.sh Changeset: Modified: branches/SAMBA_3_0/source/script/tests/t_001.sh === --- branches/SAMBA_3_0/source/script/tests/t_001.sh 2005-08-24 13:15:01 UTC (rev 9584) +++ branches/SAMBA_3_0/source/script/tests/t_001.sh 2005-08-24 13:27:24 UTC (rev 9585) @@ -5,6 +5,7 @@ cat $CONFFILEEOF [global] include = $LIBDIR/common.conf + smb ports = 139 [test] path = $TMPDIR
svn commit: samba r9586 - in trunk/source/smbd: .
Author: vlendec Date: 2005-08-24 14:13:58 + (Wed, 24 Aug 2005) New Revision: 9586 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9586 Log: I *hate* code duplication... :-) This changes the handling of the race condition where two smbd's detect that a file does not exist and try to create it, and the share mode requests create a violation or other error from the open_mode_check. Volker Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2005-08-24 13:27:24 UTC (rev 9585) +++ trunk/source/smbd/open.c2005-08-24 14:13:58 UTC (rev 9586) @@ -707,6 +707,15 @@ SAFE_FREE(de_array); } +static BOOL request_timed_out(struct timeval request_time, + struct timeval timeout) +{ + struct timeval now, end_time; + GetTimeOfDay(now); + end_time = timeval_sum(request_time, timeout); + return (timeval_compare(end_time, now) 0); +} + / Handle the 1 second delay in returning a SHARING_VIOLATION error. / @@ -720,17 +729,6 @@ pid_t mypid = sys_getpid(); deferred_open_entry *de_array = NULL; int num_de_entries, i; - struct timeval now, end_time; - - GetTimeOfDay(now); - end_time = timeval_sum(request_time, timeout); - - if (timeval_compare(end_time, now) 0) { - /* Request already timed out */ - DEBUG(10, (Request timed out\n)); - return; - } - /* Paranoia check */ num_de_entries = get_deferred_opens(state-dev, state-inode, de_array); @@ -1347,12 +1345,15 @@ if (delay_for_oplocks(fsp)) { struct deferred_open_record state; + struct timeval timeout; if (delayed_for_oplocks) { DEBUG(0, (Trying to delay for oplocks twice\n)); exit_server(exiting); } + timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0); + /* Normally the smbd we asked should respond within * OPLOCK_BREAK_TIMEOUT seconds regardless of whether * the client did, give twice the timeout as a safety @@ -1363,9 +1364,10 @@ state.dev = dev; state.inode = inode; - defer_open(request_time, - timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0), - fname, state); + if (!request_timed_out(request_time, timeout)) { + defer_open(request_time, timeout, + fname, state); + } unlock_share_entry(dev, inode); return NULL; @@ -1444,14 +1446,22 @@ * cope with the braindead 1 second delay. */ - if (!internal_only_open lp_defer_sharing_violations()) { + if (!internal_only_open + lp_defer_sharing_violations()) { + struct timeval timeout; struct deferred_open_record state; + + timeout = timeval_set(0, SHARING_VIOLATION_USEC_WAIT); + state.delayed_for_oplocks = False; state.dev = dev; state.inode = inode; - defer_open(request_time, - timeval_set(0, SHARING_VIOLATION_USEC_WAIT), - fname, state); + + if (!request_timed_out(request_time, + timeout)) { + defer_open(request_time, timeout, + fname, state); + } } unlock_share_entry(dev, inode); @@ -1514,16 +1524,17 @@ return NULL; } - /* -* Deal with the race condition where two smbd's detect the file -* doesn't exist and do the create at the same time. One of them will -* win and set a share mode, the other (ie. this one) should check if -* the requested share mode for this create is allowed. -*/ - if (!file_existed) { /* +* Deal with the race condition where two smbd's detect the +* file doesn't exist and
svn commit: samba r9587 - in branches/SAMBA_4_0/source/build: m4 smb_build
Author: jelmer Date: 2005-08-24 15:11:13 + (Wed, 24 Aug 2005) New Revision: 9587 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9587 Log: Fix SWAT data dir for --with-fhs Modified: branches/SAMBA_4_0/source/build/m4/check_path.m4 branches/SAMBA_4_0/source/build/smb_build/makefile.pm Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_path.m4 === --- branches/SAMBA_4_0/source/build/m4/check_path.m42005-08-24 14:13:58 UTC (rev 9586) +++ branches/SAMBA_4_0/source/build/m4/check_path.m42005-08-24 15:11:13 UTC (rev 9587) @@ -19,7 +19,7 @@ logfilebase=\${localstatedir}/log/samba privatedir=\${CONFIGDIR}/private libdir=\${prefix}/lib/samba -swatdir=\${DATADIR}/samba/swat, +swatdir=\${datadir}/samba/swat, configdir=\${LIBDIR} logfilebase=\${localstatedir} lockdir=\${localstatedir}/locks Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pm === --- branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2005-08-24 14:13:58 UTC (rev 9586) +++ branches/SAMBA_4_0/source/build/smb_build/makefile.pm 2005-08-24 15:11:13 UTC (rev 9587) @@ -26,6 +26,7 @@ BASEDIR = @prefix@ BINDIR = @bindir@ SBINDIR = @sbindir@ +datadir = @datadir@ LIBDIR = @libdir@ CONFIGDIR = @configdir@ localstatedir = @localstatedir@
svn commit: samba r9588 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/auth branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/nsswitch trunk/source trunk/source/auth trunk/source/libsm
Author: jerry Date: 2005-08-24 16:19:07 + (Wed, 24 Aug 2005) New Revision: 9588 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9588 Log: remove netsamlogon_cache interface...everything seems to work fine. Will deal with any fallout from special environments using a non-cache solution Removed: trunk/source/libsmb/samlogon_cache.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/auth/auth_domain.c branches/SAMBA_3_0/source/libsmb/samlogon_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd.c branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c trunk/source/Makefile.in trunk/source/auth/auth_domain.c trunk/source/nsswitch/winbindd.c trunk/source/nsswitch/winbindd_cache.c trunk/source/nsswitch/winbindd_pam.c trunk/source/nsswitch/winbindd_rpc.c Changeset: Sorry, the patch is too large (973 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9588
Re: svn commit: samba r9584 - branches/SAMBA_3_0/source/smbd branches/SAMBA_4_0/source/torture branches/SAMBA_4_0/source/torture/raw trunk/source/smbd
On Wed, Aug 24, 2005 at 01:15:02PM +, [EMAIL PROTECTED] wrote: Author: vlendec Date: 2005-08-24 13:15:01 + (Wed, 24 Aug 2005) New Revision: 9584 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9584 Log: Fix a race condition in Samba 3. If two files are opened simultaneously with NTCREATEX_DISP_CREATE (create if not exists, else fail) they might end up with two or more times NT_STATUS_OK as EEXIST is not correctly handled. Jeremy, please look closely at this. You can easily verify this by adding a smb_msleep(100) to the top of open_file_ntcreate and run the new samba4 torture test. It does also happen without the msleep, but not as reliably. Great catch - yes, that's been there for a while :-). Jeremy.
svn commit: samba r9590 - in branches/SAMBA_3_0/source/libsmb: .
Author: jerry Date: 2005-08-24 16:50:18 + (Wed, 24 Aug 2005) New Revision: 9590 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9590 Log: forget to remove this from the 3.0 tree Removed: branches/SAMBA_3_0/source/libsmb/samlogon_cache.c Changeset: Deleted: branches/SAMBA_3_0/source/libsmb/samlogon_cache.c ===
svn commit: samba r9589 - in branches/SAMBA_4_0/source: include lib/samba3
Author: jelmer Date: 2005-08-24 16:39:28 + (Wed, 24 Aug 2005) New Revision: 9589 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9589 Log: Support reading secrets tdb Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/lib/samba3/config.mk branches/SAMBA_4_0/source/lib/samba3/samba3.c branches/SAMBA_4_0/source/lib/samba3/samba3.h branches/SAMBA_4_0/source/lib/samba3/secrets.c Changeset: Sorry, the patch is too large (795 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9589
svn commit: samba r9592 - in branches/SOC/SAMBA_4_0: . source/build/m4 source/build/smb_build source/include source/lib source/lib/ldb source/lib/ldb/samba source/lib/samba3 source/libcli/security sou
Author: metze Date: 2005-08-24 17:30:15 + (Wed, 24 Aug 2005) New Revision: 9592 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9592 Log: [EMAIL PROTECTED] (orig r9573): tridge | 2005-08-24 12:58:29 +0200 fixed a comment [EMAIL PROTECTED] (orig r9574): tridge | 2005-08-24 13:01:10 +0200 - made the sec_info fields in lsa and samr use a IDL bitmap - fixed winreg_GetKeySecurity() to use a sec_info field correctly - simplied the winreg torture code, removing the separate opens for each hive - added torture cleanup code in winreg test - added 'create with security descriptor' in the winreg torture test [EMAIL PROTECTED] (orig r9575): tridge | 2005-08-24 13:12:16 +0200 more automatic cleanup code in winreg test [EMAIL PROTECTED] (orig r9576): jelmer | 2005-08-24 13:17:28 +0200 Couple of small fixes. Generate notice indicating that the parsers were autogenerated. [EMAIL PROTECTED] (orig r9577): tpot | 2005-08-24 13:33:26 +0200 Fix some indentation. [EMAIL PROTECTED] (orig r9578): tridge | 2005-08-24 13:42:46 +0200 fixed an endless loop and memory leak in the QueryMultipleValues test [EMAIL PROTECTED] (orig r9579): deryck | 2005-08-24 13:53:01 +0200 Desktop SWAT opens now with a little server status window. This includes a table layout that can be reused (see QxListView in status.js). Some formatting fixes, too. deryck [EMAIL PROTECTED] (orig r9580): tridge | 2005-08-24 14:19:59 +0200 put the libinclude() after the GetOptions so the smb.conf is loaded to get the libjs path [EMAIL PROTECTED] (orig r9581): jelmer | 2005-08-24 14:21:19 +0200 Registry db [EMAIL PROTECTED] (orig r9584): vlendec | 2005-08-24 15:15:01 +0200 Fix a race condition in Samba 3. If two files are opened simultaneously with NTCREATEX_DISP_CREATE (create if not exists, else fail) they might end up with two or more times NT_STATUS_OK as EEXIST is not correctly handled. Jeremy, please look closely at this. You can easily verify this by adding a smb_msleep(100) to the top of open_file_ntcreate and run the new samba4 torture test. It does also happen without the msleep, but not as reliably. Thanks, Volker [EMAIL PROTECTED] (orig r9587): jelmer | 2005-08-24 17:11:13 +0200 Fix SWAT data dir for --with-fhs [EMAIL PROTECTED] (orig r9589): jelmer | 2005-08-24 18:39:28 +0200 Support reading secrets tdb [EMAIL PROTECTED] (orig r9591): jelmer | 2005-08-24 19:01:23 +0200 - Remove empty file - Fix a couple of typo's - Fix build of lib/samba3/secrets.c for systems that don't have /usr/include/tdb.h... Added: branches/SOC/SAMBA_4_0/source/lib/ldb/samba/ldb_samba3.c branches/SOC/SAMBA_4_0/swat/scripting/client/status.js branches/SOC/SAMBA_4_0/swat/scripting/server/status.esp Removed: branches/SOC/SAMBA_4_0/source/lib/tdb_helper.c Modified: branches/SOC/SAMBA_4_0/ branches/SOC/SAMBA_4_0/source/build/m4/check_path.m4 branches/SOC/SAMBA_4_0/source/build/smb_build/makefile.pm branches/SOC/SAMBA_4_0/source/include/structs.h branches/SOC/SAMBA_4_0/source/lib/ldb/README_gcov.txt branches/SOC/SAMBA_4_0/source/lib/samba3/config.mk branches/SOC/SAMBA_4_0/source/lib/samba3/registry.c branches/SOC/SAMBA_4_0/source/lib/samba3/samba3.c branches/SOC/SAMBA_4_0/source/lib/samba3/samba3.h branches/SOC/SAMBA_4_0/source/lib/samba3/secrets.c branches/SOC/SAMBA_4_0/source/lib/select.c branches/SOC/SAMBA_4_0/source/lib/substitute.c branches/SOC/SAMBA_4_0/source/lib/unix_privs.c branches/SOC/SAMBA_4_0/source/libcli/security/security_descriptor.c branches/SOC/SAMBA_4_0/source/librpc/idl/atsvc.idl branches/SOC/SAMBA_4_0/source/librpc/idl/initshutdown.idl branches/SOC/SAMBA_4_0/source/librpc/idl/lsa.idl branches/SOC/SAMBA_4_0/source/librpc/idl/samr.idl branches/SOC/SAMBA_4_0/source/librpc/idl/security.idl branches/SOC/SAMBA_4_0/source/librpc/idl/winreg.idl branches/SOC/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm branches/SOC/SAMBA_4_0/source/pidl/pidl branches/SOC/SAMBA_4_0/source/script/tests/test_pidl.sh branches/SOC/SAMBA_4_0/source/scripting/bin/winreg branches/SOC/SAMBA_4_0/source/torture/raw/open.c branches/SOC/SAMBA_4_0/source/torture/rpc/winreg.c branches/SOC/SAMBA_4_0/source/torture/torture.c branches/SOC/SAMBA_4_0/swat/desktop/index.esp Changeset: Sorry, the patch is too large (2623 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9592
svn commit: samba r9593 - branches/SAMBA_3_0/source/rpc_parse trunk/source/rpc_parse
Author: jerry Date: 2005-08-24 18:13:04 + (Wed, 24 Aug 2005) New Revision: 9593 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9593 Log: fix enumerated group name (should be full name (i.e. mapped name) and not unix name) Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c trunk/source/rpc_parse/parse_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2005-08-24 17:30:15 UTC (rev 9592) +++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2005-08-24 18:13:04 UTC (rev 9593) @@ -1720,7 +1720,7 @@ DEBUG(11, (init_sam_dispinfo_3: entry: %d\n,i)); init_unistr2((*sam)-str[i].uni_grp_name, -entries[i].account_name, UNI_FLAGS_NONE); +entries[i].fullname, UNI_FLAGS_NONE); init_unistr2((*sam)-str[i].uni_grp_desc, entries[i].description, UNI_FLAGS_NONE); Modified: trunk/source/rpc_parse/parse_samr.c === --- trunk/source/rpc_parse/parse_samr.c 2005-08-24 17:30:15 UTC (rev 9592) +++ trunk/source/rpc_parse/parse_samr.c 2005-08-24 18:13:04 UTC (rev 9593) @@ -1718,7 +1718,7 @@ DEBUG(11, (init_sam_dispinfo_3: entry: %d\n,i)); init_unistr2((*sam)-str[i].uni_grp_name, -entries[i].account_name, UNI_FLAGS_NONE); +entries[i].fullname, UNI_FLAGS_NONE); init_unistr2((*sam)-str[i].uni_grp_desc, entries[i].description, UNI_FLAGS_NONE);
svn commit: samba r9594 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry Date: 2005-08-24 19:21:00 + (Wed, 24 Aug 2005) New Revision: 9594 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9594 Log: return the mapped name in enum_dom_groups() Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-08-24 18:13:04 UTC (rev 9593) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-08-24 19:21:00 UTC (rev 9594) @@ -670,7 +670,7 @@ /* * JRA. I think this should include the null. TNG does not. */ - init_unistr2(uni_name[i], entries[i].account_name, + init_unistr2(uni_name[i], entries[i].fullname, UNI_STR_TERMINATE); init_sam_entry(sam[i], uni_name[i], entries[i].rid); } Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2005-08-24 18:13:04 UTC (rev 9593) +++ trunk/source/rpc_server/srv_samr_nt.c 2005-08-24 19:21:00 UTC (rev 9594) @@ -669,7 +669,7 @@ /* * JRA. I think this should include the null. TNG does not. */ - init_unistr2(uni_name[i], entries[i].account_name, + init_unistr2(uni_name[i], entries[i].fullname, UNI_STR_TERMINATE); init_sam_entry(sam[i], uni_name[i], entries[i].rid); }
svn commit: samba r9595 - in branches/SAMBA_4_0/source: include lib/ldb lib/ldb/ldb_map lib/ldb/samba lib/samba3
Author: jelmer Date: 2005-08-24 22:06:26 + (Wed, 24 Aug 2005) New Revision: 9595 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9595 Log: Add ldb map module Added: branches/SAMBA_4_0/source/lib/ldb/ldb_map/ldb_map.c branches/SAMBA_4_0/source/lib/samba3/ldb_samba3.c Removed: branches/SAMBA_4_0/source/lib/ldb/samba/ldb_samba3.c Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/lib/ldb/config.mk branches/SAMBA_4_0/source/lib/ldb/ldb_map/ldb_map.h branches/SAMBA_4_0/source/lib/samba3/config.mk Changeset: Sorry, the patch is too large (446 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9595
svn commit: samba r9596 - in branches/SOC/SAMBA_3_0/source/client: .
Author: kalim Date: 2005-08-24 22:07:55 + (Wed, 24 Aug 2005) New Revision: 9596 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9596 Log: Introduced tool_list() - a replacement for do_list()/cli_list() that uses the libsmbclient library instead of cli_* calls. Rewrote ls/dir command to use the tool_list code. Wrote get command internals and enabled cmd_get. Minimal path parsing is done right now. -Kalim Modified: branches/SOC/SAMBA_3_0/source/client/client.c Changeset: Sorry, the patch is too large (495 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9596
svn commit: samba r9597 - in branches/SOC/SAMBA_3_0/source: include libmsrpc
Author: skel Date: 2005-08-24 22:18:27 + (Wed, 24 Aug 2005) New Revision: 9597 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9597 Log: cleaned up comments for Doxygen and added a doxygen config file to produce the docs changed typedef of cac_SidInfo to CacSidInfo to be consistent with other structures Added: branches/SOC/SAMBA_3_0/source/libmsrpc/Doxyfile Modified: branches/SOC/SAMBA_3_0/source/include/libmsrpc.h branches/SOC/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c Changeset: Sorry, the patch is too large (2012 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9597
Build status as of Thu Aug 25 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-08-24 00:00:29.0 + +++ /home/build/master/cache/broken_results.txt 2005-08-25 00:00:10.0 + @@ -1,16 +1,16 @@ -Build status as of Wed Aug 24 00:00:02 2005 +Build status as of Thu Aug 25 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 37 6 0 distcc 37 5 0 -lorikeet-heimdal 35 21 0 +lorikeet-heimdal 35 22 0 ppp 24 2 0 rsync37 3 0 samba0 0 0 samba-docs 0 0 0 -samba4 42 18 0 -samba_3_038 5 0 +samba4 42 17 0 +samba_3_038 6 0 smb-build33 4 0 talloc 36 11 0 tdb 36 13 0
svn commit: samba r9598 - in trunk/source/rpc_server: .
Author: jra Date: 2005-08-25 00:27:58 + (Thu, 25 Aug 2005) New Revision: 9598 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9598 Log: Copy the correct session keys for the NTLMSSP auth. Ensure the auth processing code doesn't disturb the current parse offset and also doesn't depend on it. Jeremy. Modified: trunk/source/rpc_server/srv_pipe.c Changeset: Modified: trunk/source/rpc_server/srv_pipe.c === --- trunk/source/rpc_server/srv_pipe.c 2005-08-24 22:18:27 UTC (rev 9597) +++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 00:27:58 UTC (rev 9598) @@ -657,14 +657,14 @@ p-pipe_user.gid = a-server_info-gid; /* -* Ok - is this the correct session key to copy ? -* It's used inside the rpc_server/srv_samr_nt.c code -* which works - but if this were an NTLMv2 negotiated -* session I doubt this would be correct. JRA. +* Copy the session key from the ntlmssp state. */ data_blob_free(p-session_key); - p-session_key = data_blob(a-server_info-lm_session_key.data, a-server_info-lm_session_key.length); + p-session_key = data_blob(a-ntlmssp_state-session_key.data, a-ntlmssp_state-session_key.length); + if (!p-session_key.data) { + return False; + } p-pipe_user.ngroups = a-server_info-n_groups; if (p-pipe_user.ngroups) { @@ -1236,6 +1236,12 @@ p-auth.a_u.schannel_auth-seq_num = 0; + /* +* JRA. Should we also copy the schannel session key into the pipe session key p-session_key +* here ? We do that for NTLMSPP, but the session key is already set up from the vuser +* struct of the person who opened the pipe. I need to test this further. JRA. +*/ + /* The client opens a second RPC NETLOGON pipe without doing a auth2. The credentials for the schannel are re-used from the auth2 the client did before. */ @@ -1827,7 +1833,7 @@ { RPC_HDR_AUTH auth_info; uint32 auth_len = p-hdr.auth_len; - uint32 orig_offset = prs_offset(rpc_in); + uint32 save_offset = prs_offset(rpc_in); AUTH_NTLMSSP_STATE *a = p-auth.a_u.auth_ntlmssp_state; unsigned char *data = NULL; size_t data_len; @@ -1869,9 +1875,9 @@ full_packet_data_len = p-hdr.frag_len - auth_len; /* Pull the auth header and the following data into a blob. */ - if(!prs_set_offset(rpc_in, orig_offset + data_len)) { + if(!prs_set_offset(rpc_in, RPC_HDR_REQ_LEN + data_len)) { DEBUG(0,(api_pipe_ntlmssp_auth_process: cannot move offset to %u.\n, - (unsigned int)orig_offset + data_len )); + (unsigned int)RPC_HDR_REQ_LEN + data_len )); *pstatus = NT_STATUS_INVALID_PARAMETER; return False; } @@ -1917,9 +1923,9 @@ * Return the current pointer to the data offset. */ - if(!prs_set_offset(rpc_in, orig_offset)) { + if(!prs_set_offset(rpc_in, save_offset)) { DEBUG(0,(api_pipe_auth_process: failed to set offset back to %u\n, - (unsigned int)orig_offset )); + (unsigned int)save_offset )); *pstatus = NT_STATUS_INVALID_PARAMETER; return False; } @@ -1938,7 +1944,7 @@ */ int data_len; int auth_len; - uint32 old_offset; + uint32 save_offset = prs_offset(rpc_in); RPC_HDR_AUTH auth_info; RPC_AUTH_SCHANNEL_CHK schannel_chk; @@ -1960,11 +1966,9 @@ DEBUG(5,(data %d auth %d\n, data_len, auth_len)); - old_offset = prs_offset(rpc_in); - - if(!prs_set_offset(rpc_in, old_offset + data_len)) { + if(!prs_set_offset(rpc_in, RPC_HDR_REQ_LEN + data_len)) { DEBUG(0,(cannot move offset to %u.\n, -(unsigned int)old_offset + data_len )); +(unsigned int)RPC_HDR_REQ_LEN + data_len )); return False; } @@ -1988,7 +1992,7 @@ p-auth.auth_level, SENDER_IS_INITIATOR, schannel_chk, - prs_data_p(rpc_in)+old_offset, data_len)) { + prs_data_p(rpc_in)+RPC_HDR_REQ_LEN, data_len)) { DEBUG(3,(failed to decode PDU\n)); return False; } @@ -1997,9 +2001,9 @@ * Return the current pointer to the data offset. */ - if(!prs_set_offset(rpc_in, old_offset)) { + if(!prs_set_offset(rpc_in, save_offset)) { DEBUG(0,(failed to set offset back to %u\n, -(unsigned int)old_offset )); +(unsigned int)save_offset )); return False; }
svn commit: samba r9599 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: tridge Date: 2005-08-25 00:38:09 + (Thu, 25 Aug 2005) New Revision: 9599 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9599 Log: fix formatting of echo output Modified: branches/SAMBA_4_0/testprogs/ejs/echo.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/echo.js === --- branches/SAMBA_4_0/testprogs/ejs/echo.js2005-08-25 00:27:58 UTC (rev 9598) +++ branches/SAMBA_4_0/testprogs/ejs/echo.js2005-08-25 00:38:09 UTC (rev 9599) @@ -229,5 +229,5 @@ test_TestSurrounding(echo); test_TestDoublePointer(echo); -print(All OK\n); +println(All OK\n); return 0;
svn commit: samba r9600 - in branches/SAMBA_4_0/source/lib/appweb/ejs: .
Author: tridge Date: 2005-08-25 00:57:21 + (Thu, 25 Aug 2005) New Revision: 9600 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9600 Log: fixed the intermittent failures we were getting with ejs in the build farm. Modified: branches/SAMBA_4_0/source/lib/appweb/ejs/ejsParser.c Changeset: Modified: branches/SAMBA_4_0/source/lib/appweb/ejs/ejsParser.c === --- branches/SAMBA_4_0/source/lib/appweb/ejs/ejsParser.c2005-08-25 00:38:09 UTC (rev 9599) +++ branches/SAMBA_4_0/source/lib/appweb/ejs/ejsParser.c2005-08-25 00:57:21 UTC (rev 9600) @@ -1485,6 +1485,23 @@ return 0; } + +/* + return true if this string is a valid number +*/ +static int string_is_number(const char *s) +{ + char *endptr = NULL; + if (s == NULL || *s == 0) { + return 0; + } + strtod(s, endptr); + if (endptr != NULL *endptr == 0) { + return 1; + } + return 0; +} + /**/ /* * Evaluate an operation. Returns with the result in ep-result. Returns -1 @@ -1533,6 +1550,24 @@ /* Nothing more can be done */ } + /* undefined and null are special, in that they don't get promoted when + comparing */ + if (rel == EJS_EXPR_EQ || rel == EJS_EXPR_NOTEQ) { + if (lhs-type == MPR_TYPE_UNDEFINED || rhs-type == MPR_TYPE_UNDEFINED) { + return evalBoolExpr(ep, + lhs-type == MPR_TYPE_UNDEFINED, + rel, + rhs-type == MPR_TYPE_UNDEFINED); + } + + if (lhs-type == MPR_TYPE_NULL || rhs-type == MPR_TYPE_NULL) { + return evalBoolExpr(ep, + lhs-type == MPR_TYPE_NULL, + rel, + rhs-type == MPR_TYPE_NULL); + } + } + /* * From here on, lhs and rhs may contain allocated data (strings), so * we must always destroy before overwriting. @@ -1556,7 +1591,7 @@ */ if (lhs-type != rhs-type) { if (lhs-type == MPR_TYPE_STRING) { - if (isdigit((int) lhs-string[0])) { + if (string_is_number(lhs-string)) { num = mprVarToNumber(lhs); lhs-allocatedVar = 0; mprDestroyVar(lhs);
svn commit: samba r9601 - in trunk/source/rpc_server: .
Author: jra Date: 2005-08-25 01:02:14 + (Thu, 25 Aug 2005) New Revision: 9601 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9601 Log: Ensure we become the authenticated user for all NTLMSSP auth types. Jeremy. Modified: trunk/source/rpc_server/srv_pipe.c Changeset: Modified: trunk/source/rpc_server/srv_pipe.c === --- trunk/source/rpc_server/srv_pipe.c 2005-08-25 00:57:21 UTC (rev 9600) +++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 01:02:14 UTC (rev 9601) @@ -2081,13 +2081,17 @@ BOOL api_pipe_request(pipes_struct *p) { BOOL ret = False; + BOOL changed_user = False; PIPE_RPC_FNS *pipe_fns; - if (p-pipe_bound p-auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) { + if (p-pipe_bound + ((p-auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) || +(p-auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { if(!become_authenticated_pipe_user(p)) { prs_mem_free(p-out_data.rdata); return False; } + changed_user = True; } DEBUG(5, (Requested \\PIPE\\%s\n, p-name)); @@ -2106,7 +2110,7 @@ p-hdr_req.context_id, p-name)); } - if (p-pipe_bound p-auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) { + if (changed_user) { unbecome_authenticated_pipe_user(); }
svn commit: samba r9602 - in branches/SAMBA_4_0/source: include lib/samba3 param
Author: jelmer Date: 2005-08-25 01:12:43 + (Thu, 25 Aug 2005) New Revision: 9602 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9602 Log: Add support for reading share_info.tdb and smb.conf. Add userdata argument to function pointers for pm_process() Added: branches/SAMBA_4_0/source/lib/samba3/share_info.c Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/lib/samba3/config.mk branches/SAMBA_4_0/source/lib/samba3/ldb_samba3.c branches/SAMBA_4_0/source/lib/samba3/samba3.c branches/SAMBA_4_0/source/lib/samba3/samba3.h branches/SAMBA_4_0/source/param/loadparm.c branches/SAMBA_4_0/source/param/params.c Changeset: Sorry, the patch is too large (916 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9602
svn commit: samba r9603 - in branches/SAMBA_4_0/source/torture/auth: .
Author: tridge Date: 2005-08-25 02:07:51 + (Thu, 25 Aug 2005) New Revision: 9603 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9603 Log: allow the LOCAL-PAC test to use keys and pac data from the command line For example: bin/smbtorture //xx/y LOCAL-PAC --option 'torture:pac_file=x.dat' --option 'torture:pac_kdc_key=B286757148AF7FD252C53603A150B7E7' --option 'torture:pac_member_key=D217FAEAE5E6B5F95CCC94077AB8A5FC' Modified: branches/SAMBA_4_0/source/torture/auth/pac.c Changeset: Modified: branches/SAMBA_4_0/source/torture/auth/pac.c === --- branches/SAMBA_4_0/source/torture/auth/pac.c2005-08-25 01:12:43 UTC (rev 9602) +++ branches/SAMBA_4_0/source/torture/auth/pac.c2005-08-25 02:07:51 UTC (rev 9603) @@ -247,13 +247,13 @@ struct PAC_DATA *pac_data; struct PAC_LOGON_INFO *logon_info; union netr_Validation validation; + const char *pac_file, *pac_kdc_key, *pac_member_key; struct auth_serversupplied_info *server_info_out; krb5_keyblock server_keyblock; krb5_keyblock krbtgt_keyblock; - uint8_t server_bytes[16]; - struct samr_Password *krbtgt_bytes; + struct samr_Password *krbtgt_bytes, *krbsrv_bytes; krb5_error_code ret; @@ -266,23 +266,39 @@ return False; } + pac_kdc_key = lp_parm_string(-1,torture,pac_kdc_key); + if (pac_kdc_key == NULL) { + pac_kdc_key = B286757148AF7FD252C53603A150B7E7; + } + + pac_member_key = lp_parm_string(-1,torture,pac_member_key); + if (pac_member_key == NULL) { + pac_member_key = D217FAEAE5E6B5F95CCC94077AB8A5FC; + } + + printf(Using pac_kdc_key '%s'\n, pac_kdc_key); + printf(Using pac_member_key '%s'\n, pac_member_key); + /* The krbtgt key in use when the above PAC was generated. * This is an arcfour-hmac-md5 key, extracted with our 'net * samdump' tool. */ - krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, B286757148AF7FD252C53603A150B7E7); + krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, pac_kdc_key); if (!krbtgt_bytes) { DEBUG(0, (Could not interpret krbtgt key)); talloc_free(mem_ctx); return False; } - /* The machine trust account in use when the above PAC - was generated. It used arcfour-hmac-md5, so this is easy */ - E_md4hash(iqvwmii8CuEkyY, server_bytes); + krbsrv_bytes = smbpasswd_gethexpwd(mem_ctx, pac_member_key); + if (!krbsrv_bytes) { + DEBUG(0, (Could not interpret krbsrv key)); + talloc_free(mem_ctx); + return False; + } ret = krb5_keyblock_init(smb_krb5_context-krb5_context, ENCTYPE_ARCFOUR_HMAC, -server_bytes, sizeof(server_bytes), +krbsrv_bytes-hash, sizeof(krbsrv_bytes-hash), server_keyblock); if (ret) { DEBUG(1, (Server Keyblock encoding failed: %s\n, @@ -308,10 +324,15 @@ return False; } - tmp_blob = data_blob(saved_pac, sizeof(saved_pac)); + pac_file = lp_parm_string(-1,torture,pac_file); + if (pac_file) { + tmp_blob.data = file_load(pac_file, tmp_blob.length, mem_ctx); + printf(Loaded pac of size %d from %s\n, tmp_blob.length, pac_file); + } else { + tmp_blob = data_blob(saved_pac, sizeof(saved_pac)); + file_save(x.dat, tmp_blob.data, tmp_blob.length); + } - /*tmp_blob.data = file_load(lp_parm_string(-1,torture,pac_file), tmp_blob.length);*/ - dump_data(10,tmp_blob.data,tmp_blob.length); /* Decode and verify the signaure on the PAC */
svn commit: samba r9604 - in branches/SOC/SAMBA_3_0/source: include libmsrpc libmsrpc/test libmsrpc/test/lsa
Author: skel Date: 2005-08-25 02:33:08 + (Thu, 25 Aug 2005) New Revision: 9604 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9604 Log: all functions now return NT_STATUS_INVALID_CONNECTION if no connection is present (instead of NT_STATUS_UNSUCCESSFUL) fixed a bug in cac_LsaRemovePrivileges() and cac_LsaSetPrivileges(), and added a simple test program (lsapriv) Added: branches/SOC/SAMBA_3_0/source/libmsrpc/test/lsa/lsapriv.c Modified: branches/SOC/SAMBA_3_0/source/include/libmsrpc.h branches/SOC/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c branches/SOC/SAMBA_3_0/source/libmsrpc/cac_samr.c branches/SOC/SAMBA_3_0/source/libmsrpc/cac_winreg.c branches/SOC/SAMBA_3_0/source/libmsrpc/test/Makefile Changeset: Sorry, the patch is too large (927 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9604
svn commit: samba r9605 - in branches/SOC/SAMBA_3_0/source/client: .
Author: kalim Date: 2005-08-25 02:55:54 + (Thu, 25 Aug 2005) New Revision: 9605 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9605 Log: Wrote the core of the 'put' command and enabled cmd_put. -Kalim Modified: branches/SOC/SAMBA_3_0/source/client/client.c Changeset: Modified: branches/SOC/SAMBA_3_0/source/client/client.c === --- branches/SOC/SAMBA_3_0/source/client/client.c 2005-08-25 02:33:08 UTC (rev 9604) +++ branches/SOC/SAMBA_3_0/source/client/client.c 2005-08-25 02:55:54 UTC (rev 9605) @@ -933,6 +933,7 @@ if (newhandle) close(handle); smbc_close(fnum); +SAFE_FREE(data); return 1; } while (1) { @@ -944,6 +945,7 @@ if (newhandle) close(handle); smbc_close(fnum); +SAFE_FREE(data); return 1; } if (n == 0) @@ -1315,33 +1317,27 @@ int maxwrite = io_bufsize; int rc = 0; struct timeval tp_start; - struct cli_state *targetcli; - pstring targetname; +struct stat stat; - if ( !cli_resolve_path( , cli, rname, targetcli, targetname ) ) { - d_printf(Failed to open %s: %s\n, rname, cli_errstr(cli)); - return 1; - } - GetTimeOfDay(tp_start); if (reput) { - fnum = cli_open(targetcli, targetname, O_RDWR|O_CREAT, DENY_NONE); - if (fnum = 0) { - if (!cli_qfileinfo(targetcli, fnum, NULL, start, NULL, NULL, NULL, NULL, NULL) - !cli_getattrE(targetcli, fnum, NULL, start, NULL, NULL, NULL)) { - d_printf(getattrib: %s\n,cli_errstr(cli)); - return 1; - } - } +fnum = smbc_open(rname, O_RDWR|O_CREAT, 0644); +if (fnum 0) +{ +d_printf(%s opening remote file %s\n, strerror(errno), rname); +return 1; +} +if (smbc_fstat(fnum, stat) 0) +{ +d_printf(%s trying to stat remote file %s\n, strerror(errno), rname); +smbc_close(fnum); +return 1; +} +start = stat.st_size; } else { - fnum = cli_open(targetcli, targetname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE); +fnum = smbc_creat(rname, 0644); } - - if (fnum == -1) { - d_printf(%s opening remote file %s\n,cli_errstr(targetcli),rname); - return 1; - } /* allow files to be piped into smbclient jdblair 24.jun.98 @@ -1356,6 +1352,8 @@ if (f reput) { if (x_tseek(f, start, SEEK_SET) == -1) { d_printf(Error seeking local file\n); +smbc_close(fnum); +x_fclose(f); return 1; } } @@ -1363,17 +1361,30 @@ if (!f) { d_printf(Error opening local file %s\n,lname); +smbc_close(fnum); return 1; } - DEBUG(1,(putting file %s as %s ,lname, -rname)); + DEBUG(1,(putting file %s as %s ,lname,rname)); buf = (char *)SMB_MALLOC(maxwrite); if (!buf) { d_printf(ERROR: Not enough memory!\n); +smbc_close(fnum); +if (f != x_stdin) +x_fclose(f); return 1; } + +if (smbc_lseek(fnum, start, SEEK_SET) 0) +{ +d_printf(%s trying to lseek remote file %s\n, strerror(errno), rname); +if (f != x_stdin) +x_fclose(f); +smbc_close(fnum); +SAFE_FREE(buf); +return 1; +} while (!x_feof(f)) { int n = maxwrite; int ret; @@ -1387,10 +1398,10 @@ break; } - ret = cli_write(targetcli, fnum, 0, buf, nread + start, n); +ret = smbc_write(fnum, buf, n); if (n != ret) { - d_printf(Error writing file: %s\n, cli_errstr(cli)); + d_printf(Error writing file: %s\n, strerror(errno)); rc = 1; break; } @@ -1398,9 +1409,10 @@ nread += n; } - if (!cli_close(targetcli, fnum)) { - d_printf(%s closing remote file %s\n,cli_errstr(cli),rname); - x_fclose(f); + if (smbc_close(fnum) 0) { + d_printf(%s closing remote file %s\n,strerror(errno),rname); +if (f != x_stdin) +x_fclose(f); SAFE_FREE(buf); return 1; } @@ -1447,8 +1459,9 @@ pstring buf; char *p=buf; -
svn commit: samba r9606 - in trunk/source/rpc_server: .
Author: jra Date: 2005-08-25 03:04:27 + (Thu, 25 Aug 2005) New Revision: 9606 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9606 Log: Remember to remove the sign/seal padding length from the data stream once we've done the sign/seal calculations. Jeremy. Modified: trunk/source/rpc_server/srv_pipe.c trunk/source/rpc_server/srv_pipe_hnd.c Changeset: Modified: trunk/source/rpc_server/srv_pipe.c === --- trunk/source/rpc_server/srv_pipe.c 2005-08-25 02:55:54 UTC (rev 9605) +++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 03:04:27 UTC (rev 9606) @@ -1829,7 +1829,8 @@ Deal with NTLMSSP sign seal processing on an RPC request. / -BOOL api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, NTSTATUS *pstatus) +BOOL api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, + uint32 *p_ss_padding_len, NTSTATUS *pstatus) { RPC_HDR_AUTH auth_info; uint32 auth_len = p-hdr.auth_len; @@ -1888,6 +1889,13 @@ return False; } + /* +* Remember the padding length. We must remove it from the real data +* stream once the sign/seal is done. +*/ + + *p_ss_padding_len = auth_info.auth_pad_len; + auth_blob.data = prs_data_p(rpc_in) + prs_offset(rpc_in); auth_blob.length = auth_len; @@ -1937,7 +1945,7 @@ Deal with schannel processing on an RPC request. / -BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in) +BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len) { /* * We always negotiate the following two bits @@ -1988,6 +1996,13 @@ return False; } + /* +* Remember the padding length. We must remove it from the real data +* stream once the sign/seal is done. +*/ + + *p_ss_padding_len = auth_info.auth_pad_len; + if (!schannel_decode(p-auth.a_u.schannel_auth, p-auth.auth_level, SENDER_IS_INITIATOR, Modified: trunk/source/rpc_server/srv_pipe_hnd.c === --- trunk/source/rpc_server/srv_pipe_hnd.c 2005-08-25 02:55:54 UTC (rev 9605) +++ trunk/source/rpc_server/srv_pipe_hnd.c 2005-08-25 03:04:27 UTC (rev 9606) @@ -543,6 +543,7 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) { + uint32 ss_padding_len = 0; size_t data_len = p-hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - (p-hdr.auth_len ? RPC_HDR_AUTH_LEN : 0) - p-hdr.auth_len; @@ -573,20 +574,19 @@ case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: case PIPE_AUTH_TYPE_NTLMSSP: - { - NTSTATUS status; - if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p,status)) { - DEBUG(0,(process_request_pdu: failed to do auth processing.\n)); - DEBUG(0,(process_request_pdu: error was %s.\n, nt_errstr(status) )); - set_incoming_fault(p); - return False; - } + { + NTSTATUS status; + if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p, ss_padding_len, status)) { + DEBUG(0,(process_request_pdu: failed to do auth processing.\n)); + DEBUG(0,(process_request_pdu: error was %s.\n, nt_errstr(status) )); + set_incoming_fault(p); + return False; } - break; + } case PIPE_AUTH_TYPE_SCHANNEL: - if (!api_pipe_schannel_process(p, rpc_in_p)) { + if (!api_pipe_schannel_process(p, rpc_in_p, ss_padding_len)) { DEBUG(3,(process_request_pdu: failed to do schannel processing.\n)); set_incoming_fault(p); return False; @@ -599,6 +599,11 @@ return False; } + /* Now we've done the sign/seal we can remove any padding data. */ + if (data_len ss_padding_len) { + data_len -= ss_padding_len; + } + /* * Check the data length doesn't go over the 15Mb limit. * increased after observing a bug in the Windows NT 4.0 SP6a
svn commit: samba r9607 - in trunk/source: include rpc_server
Author: jra Date: 2005-08-25 04:52:11 + (Thu, 25 Aug 2005) New Revision: 9607 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=9607 Log: Move the ss_padding closer to the return, where I'll remember it. Add internal type for raw krb5 auth type (not yet supported). Jeremy. Modified: trunk/source/include/ntdomain.h trunk/source/rpc_server/srv_pipe.c Changeset: Modified: trunk/source/include/ntdomain.h === --- trunk/source/include/ntdomain.h 2005-08-25 03:04:27 UTC (rev 9606) +++ trunk/source/include/ntdomain.h 2005-08-25 04:52:11 UTC (rev 9607) @@ -166,7 +166,7 @@ /* Different auth types we support. */ enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL, - PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; + PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 }; /* Possible auth levels. */ enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0, Modified: trunk/source/rpc_server/srv_pipe.c === --- trunk/source/rpc_server/srv_pipe.c 2005-08-25 03:04:27 UTC (rev 9606) +++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 04:52:11 UTC (rev 9607) @@ -1889,13 +1889,6 @@ return False; } - /* -* Remember the padding length. We must remove it from the real data -* stream once the sign/seal is done. -*/ - - *p_ss_padding_len = auth_info.auth_pad_len; - auth_blob.data = prs_data_p(rpc_in) + prs_offset(rpc_in); auth_blob.length = auth_len; @@ -1938,6 +1931,13 @@ return False; } + /* +* Remember the padding length. We must remove it from the real data +* stream once the sign/seal is done. +*/ + + *p_ss_padding_len = auth_info.auth_pad_len; + return True; } @@ -1947,11 +1947,8 @@ BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len) { - /* -* We always negotiate the following two bits -*/ - int data_len; - int auth_len; + uint32 data_len; + uint32 auth_len; uint32 save_offset = prs_offset(rpc_in); RPC_HDR_AUTH auth_info; RPC_AUTH_SCHANNEL_CHK schannel_chk; @@ -1959,7 +1956,7 @@ auth_len = p-hdr.auth_len; if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { - DEBUG(0,(Incorrect auth_len %d.\n, auth_len )); + DEBUG(0,(Incorrect auth_len %u.\n, (unsigned int)auth_len )); return False; } @@ -1969,6 +1966,13 @@ * preceeding the auth_data. */ + if (p-hdr.frag_len RPC_HEADER_LEN + RPC_HDR_REQ_LEN + RPC_HDR_AUTH_LEN + auth_len) { + DEBUG(0,(Incorrect frag %u, auth %u.\n, + (unsigned int)p-hdr.frag_len, + (unsigned int)auth_len )); + return False; + } + data_len = p-hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - RPC_HDR_AUTH_LEN - auth_len; @@ -1996,13 +2000,6 @@ return False; } - /* -* Remember the padding length. We must remove it from the real data -* stream once the sign/seal is done. -*/ - - *p_ss_padding_len = auth_info.auth_pad_len; - if (!schannel_decode(p-auth.a_u.schannel_auth, p-auth.auth_level, SENDER_IS_INITIATOR, @@ -2025,6 +2022,13 @@ /* The sequence number gets incremented on both send and receive. */ p-auth.a_u.schannel_auth-seq_num++; + /* +* Remember the padding length. We must remove it from the real data +* stream once the sign/seal is done. +*/ + + *p_ss_padding_len = auth_info.auth_pad_len; + return True; }