Re: [Samba] 3.0.22 smbd/oplock.c:oplock_timeout_handler
Jeremy Allison wrote: Dmitry Melekhov skrev: Hello! Our users created very large excel file - about 60 Mb, then when they want to open it from samba share, they can't. I see in log: [2006/07/26 12:33:20, 0] smbd/oplock.c:oplock_timeout_handler(366) Oplock break failed for file file.xls -- replying anyway That means the client failed to reply to the break request. Usually means a network or client driver/software problem. Get a network trace to be sure. Looks like upgrading to 3.0.23a fixes problem. Could you tell me what can I do to solve this problem? btw, there are no problems in network, looks like file is too large and timeout is because of it's size... How do you know there are no problems in the network - have you done a trace ? any other applications works OK, there are no packet lost :-) People have this wonderful faith in their networks. I remember feeling the same until I consistently had ssh sessions fail in the middle of a multi-gigabyte transfer. Replacing the switch with a more expensive one fixed the problem. Most cheap networking hardware is junk. we use cisco switches, they are expensive enough, imho ;-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re:[Samba] Samba ads not refreshing domain controller group modifications
thanks for the answer you are right .. it is a domain controller in 2003 with a forest and 5 domains in it ... i set up the winbind cache to 1 earlier (i tought that would be the problem) but the same result .. not refreshing domain controller group modifications _ Bogdan Fiscutean - Network Administrator Contor Zenner S.A. Calea Bodrogului 2-4 2900 Arad, Romania Office Phone: +40 257 208521 Company Fax: +40 257 208555 Mobile: +40 728105043 mailto:[EMAIL PROTECTED] http://www.contorgroup.ro _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [questions] aio settings in smb.conf and compile options
hi, i just have some questions about specific (uncommon) compile options and aio-settings in smb.conf: Asynchronous IO Support === Experimental support for async IO has been added to smbd for certain platforms. To enable this new feature, Samba must be compiled to include the --with-aio-support configure option. In addition, the aio read size and aio write size to non-zero values. See the smb.conf(5) man page for more details on these settings. unfortunately i can´t find any documentation about this although it has been in the code since a while. Compile Options - what means/provides (more detailed please) ... ? == --with-cluster-support --with-automount BIG THX!! btw: what happened to john? is he still an active member of the samba team, ´cause i did not see any posts on the list for example?!?! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 09:17:04AM +0200, Michael Gasch wrote: --with-cluster-support That's an option to later enable all cluster features that we're working on. If you are interested in the current (VERY experimental) state of affairs look at the vl-messaging temporary svn branch. The idea is that with a clustered file system like GFS, OCFS, GPFS or some others you will be able to share the same file space transparently from all cluster nodes and have locking working properly. Right now we are discussing and designing ways to make the experimental support for that robust so that we don't depend on a single point of failure. Volker pgpJ9JfynMdV1.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [HELP] Samba 3.0.23a pam_winbind says password expired
hi, i just do some tests with a fresh compiled samba 3.0.23a. trying to authenticate against PAM with pam_winbind gives: Aug 1 09:59:21 humevo36 pam_winbind[27853]: pam_winbind: pam_sm_authenticate (flags: 0x) Aug 1 09:59:23 humevo36 pam_winbind[27853]: Verify user `gasch' Aug 1 09:59:23 humevo36 pam_winbind[27853]: enabling cached login flag Aug 1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' granted access Aug 1 09:59:23 humevo36 pam_winbind[27853]: Password has expired (Password was last set: 1154074953, the policy says it should expire here 1154074952 (now it's: 1154419163) Aug 1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' OK Aug 1 09:59:23 humevo36 pam_winbind[27853]: pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set Aug 1 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on /dev/pts/3 there´s no password policy on the domain controller (samba 3.0.14a, debian): [EMAIL PROTECTED]:~# pdbedit -d 0 -P maximum password age account policy value for maximum password age is 4294967295 [EMAIL PROTECTED]:~# pdbedit -d 0 -P password history account policy value for password history is 0 some samba-ldap attributes on PDC for user gasch: sambaLogonTime: 1130931254 sambaPwdMustChange: 2147483647 sambaPasswordHistory: sambaAcctFlags: [UX ] sambaKickoffTime: 1204325940 sambaPwdCanChange: 1154074953 sambaPwdLastSet: 1154074953 i can provide you with a level 10 debug log of winbindd offline (700kb) if requested. btw: it worked fine with 3.0.20b RPM from SuSE. any ideas? thx in advance! smb.conf [global] workgroup = DOMAIN server string = Samba v3 # username map = /etc/samba/username.map time server = yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 1 unix extensions = No printcap name = cups os level = 32 interfaces = lo eth0 vmnet1 vmnet8 bind interfaces only = yes wins server = 192.168.x.y preferred master = No local master = No domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d idmap backend = idmap_rid:DOMAIN=1-1 idmap uid = 1-1 idmap gid = 1-1 winbind offline logon = yes winbind separator = '\' winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind trusted domains only = no winbind cache time = 60 security = domain allow trusted domains = no template shell = /bin/bash template homedir = /home/%U invalid users = root pam (common-auth) = authrequiredpam_env.so # following also tried without arguments authsufficient pam_winbind.so debug try_first_pass cached_login authrequiredpam_unix2.so use_first_pass -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS share browsing error - Decrypt integrity check failed
Hello everyone, There is a FreeBSD box, which is a member of ADS domain. The domain has both W2000 and W2003 domain controllers. After upgrading to samba-3.0.23a I discovered that it is not possible to browse a share on a FreeBSD computer, but pam_winbind seems to work. Connecting from a WindowsXP box to the FreeBSD causes WinXP to ask for a password a number of times, and eventually say access denied. Smbd log file (log level 3) piece corresponding to this attempt looks like this: Doing spnego session setup [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(687) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 2 840 48018 1 2 2 [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 2 840 113554 1 2 2 [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 3 6 1 4 1 311 2 2 10 [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(550) Got secblob of size 1151 [2006/08/01 13:12:38, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Decrypt integrity check failed [2006/08/01 13:12:38, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check failed [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) Ticket name is [EMAIL PROTECTED] [2006/08/01 13:12:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username DOMAIN/UserName is invalid on this system [2006/08/01 13:12:38, 3] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Everything worked smoothly with samba 3.0.22 With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [HELP] Samba 3.0.23a pam_winbind says password expired
Hello, i just do some tests with a fresh compiled samba 3.0.23a. trying to authenticate against PAM with pam_winbind gives: 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on /dev/pts/3 It seems to me that I have similar problem. However, su succeeds and just writes to the console Your password has expired With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] managing Win2K3 ACL from debian server
I want to modify ACL on files which are on a win2K3 server from a Debian Sarge server. my config. is: Linux Debian Sarge testing with kernel 2.6 samba 3.0.22 configured with winbind krb5 installed, the Linux server is member of a AD domain on witch the win2K3 server is a domain controller. I want to do the following (as root): smbmount //mywin2k3server/share /mnt/smb/mountingfolder -o username:domainuser then: setfacl -m u:domainuser:w /mnt/smb/mountingfolder/afile the first problem is that the mounting command line with smbmount doesn't work; there is no message, but the folder become unreachable. the same command executed on a windows NT or a windows 2000 share success. the second problem is that the setfacl command line doesn't work on files which are on those windows server (NTFS format). It display : Not supported operation . setfacl on a file which is on a Linux ext3 disk success, and an ACL modification from a windows computer to a file on the Linux server success. regards. Vincent. echo of smb.conf: [global] workgroup = WIN2K3DOM server string = %h server (Samba %v) load printers = yes guest account = nobody invalid users = root log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d security = ADS realm = WIN2K3DOM.DOM password server = 192.168.5.44 client use spnego = yes encrypt passwords = true passdb backend = tdbsam guest enable privileges = yes #dos filemode = yes nt acl support = yes map acl inherit = yes os level = 20 domain master = auto preferred master = auto dns proxy = yes unix password sync = true pam password change = yes winbind uid = 1-2 winbind gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/winnt/%D/%U idmap uid = 1-2 idmap gid = 1-2 #=== Share Definitions = etc... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [HELP] Samba 3.0.23a pam_winbind says password expired
what about logins? can you login successfully? greez Peter Trifonov wrote: Hello, i just do some tests with a fresh compiled samba 3.0.23a. trying to authenticate against PAM with pam_winbind gives: 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on /dev/pts/3 It seems to me that I have similar problem. However, su succeeds and just writes to the console Your password has expired With best regards, P. Trifonov -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba too many handles
hello, i have the following problem, im using ubuntu enterprise Server with Samba 3.0.22. Filesharing works perfect. Since i installed a second USB-Printer (HP Laserjet 1022), the samba printsystem becomes unavailable. Printing via CUPS (latest Version) in the syslog i get these errors: smbd[5096]: create_policy_hnd: ERROR: too many handles (1025) on this pipe. Aug 1 14:41:26 xtsrv1 smbd[5096]: [2006/08/01 14:41:26, 0] rpc_server/srv_lsa_hnd.c:create_policy_hnd(111) after restarting samba or restarting Windows XP SP2 workstation it works fine!. printing from my MAC via IPP works fine too (all the time). i cannot change from SAMBA to IPP on the Windows workstation, so i have to solve this problem best regards ** x-technics Technologiezentrum Thomas A. Edisonstrasse 2 A-7000 Eisenstadt Austria Tel: +43 (0)5 9010 28470 Fax: +43 (0)5 9010 28471 www.x-technics.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and unix permissions mismatch
I have just managed to get my first Samba/LDAP PDC up and running. But I have one big security problem -- users logging in to the PDC using ssh can access all shares. User credentials, both for ssh login and for Samba access, are retrieved from the LDAP directory. All shares are stored in the /var/lib/samba directory. The directories permissions look like this: drwxrwx--- 2 root Domain Users 4096 25 jul 15.11 Common drwxrwx--- 2 root Domain Users 4096 13 jun 16.59 Customers drwxrwx--- 2 root Domain Users 4096 13 jun 16.32 Sales ... and so on. Each share is owned by root in the Domain Users group. In the Unix world, each directory can only be owned by one user in one group. But in the Samba world, directories and shares aren't owned by any single group, instead a number of groups have access to the directory or share. That is why the shares has to be owned by the Unix group Domain Users, which is a meta group in which all users of the PDC belong. Obviously, this arrangement isn't very nice. Every user that logs in via ssh can access all shares. Yet all shares need to be owned by the group Domain Users otherwise some groups of users can't access some shares. The Sales share, for example, should really be owned by both the Managers and the Accountants groups. So how do I fix this? There doesn't seem to be any easy way. Thanks in advance. -- Mvh Björn Lindqvist -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] issues with folder redirection and synchronisation
I have a samba/ldap PDC with a netlogon share and a samba member server (called sirius) with Profiles and homes shares (samba 3.0.14). Each user in the LDAP database has its sambaHomeDrive attribute set to H:. I'm trying to follow http://samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold to configure my XP Pro client. It seems that I'm unable to have folder redirection AND folder exclusion from roaming profiles work together. After a fresh install of XP pro I use gpedit.msc to exclude My documents from roaming profiles. Then I copy NTUSER.DAT from Default User to the netlogon share. After joining XP to the domain everything works as expected. Folders are roaming except My documents. Now I logon with a domain user and redirect his My documents folder to H:\Windows\My documents. Then each time I logout I have a popup window saying: synchronisation of \\Sirius\lacoste on Samba 3.0.14a (Sirius). Also at the bottom left of every icon in My documents there is a blank square with two blue arrows. Can someone please explain what's going on? Regards, Thierry. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [HELP] Samba 3.0.23a pam_winbind says password expired
Hi, i just do some tests with a fresh compiled samba 3.0.23a. trying to authenticate against PAM with pam_winbind gives: 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on /dev/pts/3 It seems to me that I have similar problem. However, su succeeds and just writes to the console Your password has expired what about logins? can you login successfully? Yes, all pam-based services (pop3, su, etc) permit login. Some of them (like su) inform the user that he needs to change the password. I guess that the others are just unable to do this. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
re: [Samba] managing Win2K3 ACL from debian server
Vincent, smbmount fails for win2k3-hosted shares because it doesn't support win2k3-style digitally signed communications. The symptom is that the mount succeeds, but any attempt to access the mounted share gets Access Denied. Using mount -t cifs instead of smbmount works much better. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and unix permissions mismatch
Our DCs are Win2003 but we dealt with the same problem on Linux member servers. We use filesystem ACLs to control access. The owner/group of a shared directory is nobody:nobody. The default ACL is: default:user::rwx default:group::--- default:other::--- plus numerous default:group:some AD group:rwx entries. One for each group The reason for the group::--- is because the primary group is Domain Users and we want to make sure that files don't default to allowing access to this group. -James -Original Message- On Behalf Of BJörn Lindqvist Sent: Tuesday, August 01, 2006 6:30 AM To: samba@lists.samba.org Subject: [Samba] Samba and unix permissions mismatch I have just managed to get my first Samba/LDAP PDC up and running. But I have one big security problem -- users logging in to the PDC using ssh can access all shares. User credentials, both for ssh login and for Samba access, are retrieved from the LDAP directory. All shares are stored in the /var/lib/samba directory. The directories permissions look like this: drwxrwx--- 2 root Domain Users 4096 25 jul 15.11 Common drwxrwx--- 2 root Domain Users 4096 13 jun 16.59 Customers drwxrwx--- 2 root Domain Users 4096 13 jun 16.32 Sales ... and so on. Each share is owned by root in the Domain Users group. In the Unix world, each directory can only be owned by one user in one group. But in the Samba world, directories and shares aren't owned by any single group, instead a number of groups have access to the directory or share. That is why the shares has to be owned by the Unix group Domain Users, which is a meta group in which all users of the PDC belong. Obviously, this arrangement isn't very nice. Every user that logs in via ssh can access all shares. Yet all shares need to be owned by the group Domain Users otherwise some groups of users can't access some shares. The Sales share, for example, should really be owned by both the Managers and the Accountants groups. So how do I fix this? There doesn't seem to be any easy way. Thanks in advance. -- Mvh Björn Lindqvist -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 09:17:04AM +0200, Michael Gasch wrote: hi, i just have some questions about specific (uncommon) compile options and aio-settings in smb.conf: Asynchronous IO Support === Experimental support for async IO has been added to smbd for certain platforms. To enable this new feature, Samba must be compiled to include the --with-aio-support configure option. In addition, the aio read size and aio write size to non-zero values. See the smb.conf(5) man page for more details on these settings. unfortunately i can´t find any documentation about this although it has been in the code since a while. Compile with --with-aio-support to enable this. Look in the source code smbd/aio.c. I haven't documented the parameters yet (thanks for the reminder, I'll try and get this done soon). They are : aio read size = bytes aio write size = bytes aio write behind = true|false Any reads/writes over bytes will be done via aio. It hasn't been turned on fully yet as some Linux's fake aio support using pthreads which makes smbd *slower* :-(. Kernel support for aio is still a little flakey - I need to spend some more time testing it. The biggest disappointment is that there seems to be no way to get Windows clients to pipeline more than one read or write on the wire. They simply stick with a request/response pair. smbclient will pipeline reads/writes though. Not sure about cifsfs - Stevef, any comments (or I'll just go look in the code :-). aio write behind was an attempt to see if we could fool Windows clients into pipelining. If set true, smbd *lies* about writes being done (and assumes the aio will always succeed) and returns early success to the client. Don't set this if you have *any* interest in your data :-). Compile Options - what means/provides (more detailed please) ... ? == --with-cluster-support --with-automount Volker knows more about these. BIG THX!! btw: what happened to john? is he still an active member of the samba team, ´cause i did not see any posts on the list for example?!?! John is now working at AMD, who keep him rather busy on his day job :-). He still wants to keep active but it's easier said than done :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password Change Problem
Hello List, I am attempting to resolve a problem with my samba / ldap setup when a user attempts to change their samba password. I am running smbd version: 3.0.22 on RHEL4. When a user attempts to change their windows password the following shows up in the smbd.log file: ldapsam_modify_entry: LDAP Password could not be changed for user sland: Confidentiality required Operation requires a secure connection. Since my ldap server is setup with ldaps using a self-signed certificate I figured all I need to do is turn ssl on with: ldap ssl = on and the passdb backend set with ldap://host; but that still returned the same error messages in the log. Next I tried changing the passdb backend to use ldaps://host but then I started getting the following message in the log: LDAP error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Time limit exceeded) and using: openssl s_client -connect server-cert:636 -showcerts -state ends with: Verify return code: 19 (self signed certificate in certificate chain) Which works ok with /etc/ldap.conf by turning off certificate checking. So I am not sure which way to go at this point. Since the ldap authentication for the operating system works through ldaps with no problem, I have it set to not verify the certificate in ldap.conf, then it seems I need to be able to tell samba to not verify the certificate? I looked through the docs and did not see a parameter for that. Is there such a parameter. Any ideas or suggestions? TIA -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Change Problem
UPDATE: I just finished troubleshooting a login problem with the user from the password change problem below. He could not login today. It eventually was discovered that he could login with the new password he was changing to when the messages below were being generated. We did not think the password change was successful because on the windows machine he is using he was getting errors during the transaction yesterday. So it appears that smbd is not handling the return code from the self-signed properly or it needs to be able to ignore the verification somehow similar to how the /etc/ldap.conf / openldap does. Ideas / Suggestions? Thanks Jim Summers wrote: Hello List, I am attempting to resolve a problem with my samba / ldap setup when a user attempts to change their samba password. I am running smbd version: 3.0.22 on RHEL4. When a user attempts to change their windows password the following shows up in the smbd.log file: ldapsam_modify_entry: LDAP Password could not be changed for user sland: Confidentiality required Operation requires a secure connection. Since my ldap server is setup with ldaps using a self-signed certificate I figured all I need to do is turn ssl on with: ldap ssl = on and the passdb backend set with ldap://host; but that still returned the same error messages in the log. Next I tried changing the passdb backend to use ldaps://host but then I started getting the following message in the log: LDAP error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Time limit exceeded) and using: openssl s_client -connect server-cert:636 -showcerts -state ends with: Verify return code: 19 (self signed certificate in certificate chain) Which works ok with /etc/ldap.conf by turning off certificate checking. So I am not sure which way to go at this point. Since the ldap authentication for the operating system works through ldaps with no problem, I have it set to not verify the certificate in ldap.conf, then it seems I need to be able to tell samba to not verify the certificate? I looked through the docs and did not see a parameter for that. Is there such a parameter. Any ideas or suggestions? TIA -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] win 2000 domain clients and samba 2.2.7a Suse
Hello, I have a win 2000 domain with 5 XP SP2 clients logging on to that domain.Let`s say Domain A In my network there is another domain, a samba 2.2.7a Suse, running.Let`s say Domain B. There are different Shares on this Domain B which belong to the Domain Users A (the same username and password on Domain A and B). Now first after booting the System and logging in the Domain A the Xp Clients Domain A can suscsessful establish their connection to their Shares on Samba Domain B and work with their files as usual.But after a few hours the connection is rejected with a alert box:for some security reason...or the share was not found...And the connection is gone.Only after a reboot the XP Clients Domain A can work as usual with their shares on Domain B HOw can I fix this? Does anyone have the same Problem? Thanks in Advance Daniel -- Echte DSL-Flatrate dauerhaft für 0,- Euro*. Nur noch kurze Zeit! Feel free mit GMX DSL: http://www.gmx.net/de/go/dsl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mapping machine name or IP to Linux user-name?
Hi all, Sorry that my first post to this list is a question - especially one that is a real long shot. Where I work we have taken delivery of a system, including some Linux boxes with a custom distro that have to talk to our Windows Active Directory network. I've set up Samba, and everything is working as it should be. Users can access the shares they need to, and are authenticated via AD - brilliant! There is just one problem - the system includes some software that runs via IIS, using a local machine account on a windows box (i.e. THISPC\accountname as opposed to THISDOMAIN.COM\accountname). Naturally, this will not authenticate via AD and logs into the Linux box as the guest user. However - I did notice that the machine name and ip show up, in the log.smbd file. I was wondering if there was any way of manually mapping a 'machine name' or IP to a Linux user. There are only a few of these boxes, so it wouldn't be too much of a pain. I realise that this is not a very secure model - but the only other alternative is to allow the guest account blanket access - which is even less secure! I realise this is a very long shot - but if it can be done I'd love to have some guidance. If anybody can think of any sneaky work-arounds I'd be grateful too ;) Many thanks Andy http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mount problem
I'm trying to mount a windows share on my linux box. The windows machine is on a domain called utsad.com and the name of the machine is ccare-f45 and the share is Music. I can do this: smbclient -L ccare-f45//Music -U jtowe -W utsad.com and get this: Domain=[UTSAD] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC Remote IPC ip Disk Music Disk ADMIN$ Disk Remote Admin C$ Disk Default share Domain=[UTSAD] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment - --- Workgroup Master - --- So seems like that works. Then I do this: mount -t smbfs -o USERNAME=jtowe,WORKGROUP=utsad.com //ccare-f45/Music /home/jrow/test and get this: 13789: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [HELP] Samba 3.0.23a pam_winbind says password expired
hi peter, thx for your response. so what's the difference in our setups? could you please post your samba DC version, pam settings and smb.conf of the member? i want to figure out my problem. i'm not new to samba so we should be able to fix this rather soon :) thx! Peter Trifonov wrote: Hi, i just do some tests with a fresh compiled samba 3.0.23a. trying to authenticate against PAM with pam_winbind gives: 09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on /dev/pts/3 It seems to me that I have similar problem. However, su succeeds and just writes to the console Your password has expired what about logins? can you login successfully? Yes, all pam-based services (pop3, su, etc) permit login. Some of them (like su) inform the user that he needs to change the password. I guess that the others are just unable to do this. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
thx to jeremy and volker for your quick and detailed response (as usual)... if someone has any explanation for --with-automount i would appreciate this as well :) i'm just trying to explore samba features i recognized but often can't interpret there meaning. @jeremy looks like you took over john's part since you seem to be more present on the list than before :-D (could be too much imagition, though) cheerz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mount problem
If you don't specifiy password it prompts you for it. I tried it with the password in the command line too, no go. Also someone suggested I put it like this: mount -t smbfs //ccare-f45/Music /home/jrow/test -o USERNAME=jtowe,WORKGROUP=utsad.com Same result. On 8/1/06, Daniel Müller [EMAIL PROTECTED] wrote: I do not know much abaut it, but did you forget the password? mount -t smbfs -o USERNAME=jtowe,password=?,WORKGROUP=utsad.com//ccare-f45/Music /home/jrow/test Daniel Original-Nachricht Datum: Tue, 1 Aug 2006 13:36:41 -0400 Von: Jeremiah Towe [EMAIL PROTECTED] An: samba@lists.samba.org Betreff: [Samba] mount problem I'm trying to mount a windows share on my linux box. The windows machine is on a domain called utsad.com and the name of the machine is ccare-f45 and the share is Music. I can do this: smbclient -L ccare-f45//Music -U jtowe -W utsad.com and get this: Domain=[UTSAD] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC Remote IPC ip Disk Music Disk ADMIN$ Disk Remote Admin C$ Disk Default share Domain=[UTSAD] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment - --- Workgroup Master - --- So seems like that works. Then I do this: mount -t smbfs -o USERNAME=jtowe,WORKGROUP=utsad.com //ccare-f45/Music /home/jrow/test and get this: 13789: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues with cifs mounts following Samba upgrade to 3.0.23a
Have you considered putting a big warning message up on your downloads page: !!! INSTALLING THIS WILL MAKE YOUR SERVER NOT WORK !!! Only for cifsfs clients Considering somebody at fedora made the decision to remove smbfs support from FC4 stock kernels a few weeks ago, and FC5 is the same way, and everybody keeps acting like CIFS is a drop-in replacement for SMBFS when it clearly is NOT (totally different behavior with identical configuration parameters), this is a big freaking problem. For properly patched FC4 networks, CIFS is the only easily deployable option. When the removal of the smbfs kernel module came down the pipe, it broke our shares. The user mounted shared would be mounted with seemingly random incorrect UID/GID making it non accessible to the user that mounted it. That was loads of fun. Today, I just started getting these 'access denied' messages on shares, and apparantly I have to compile a SVN version instead of using packages to get it fixed(?). Now I get to go explain to the boss why over 100 workstations in our FC4 managed network can't access their shares, and probably get another Windows is better than linux / I told you so speech. /mitch Well, we do hope people will test code before it goes production. This was something that no one tested. And I mean *no one* tested. The code for Windows clients is obviously tested a lot, but the Linux client code doesn't get tested by people as much. Steve tests things, but he's only one person. I'm hoping this will change, but until it does then sometimes accidents will happen. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
IIRC --with-automount should automount the home directory when a user steps in. Simo. On Tue, 2006-08-01 at 20:52 +0200, Michael Gasch wrote: thx to jeremy and volker for your quick and detailed response (as usual)... if someone has any explanation for --with-automount i would appreciate this as well :) i'm just trying to explore samba features i recognized but often can't interpret there meaning. @jeremy looks like you took over john's part since you seem to be more present on the list than before :-D (could be too much imagition, though) cheerz -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues with cifs mounts following Samba upgrade to 3.0.23a
On Tue, Aug 01, 2006 at 01:54:36PM -0500, Mitch Jackson wrote: Considering somebody at fedora made the decision to remove smbfs support from FC4 stock kernels a few weeks ago, and FC5 is the same way, and everybody keeps acting like CIFS is a drop-in replacement for SMBFS when it clearly is NOT (totally different behavior with identical configuration parameters), this is a big freaking problem. Well it can't have been that big of a problem, as no one tested it :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 08:52:27PM +0200, Michael Gasch wrote: @jeremy looks like you took over john's part since you seem to be more present on the list than before :-D (could be too much imagition, though) Nah, no one can replace John :-). I'm just trying to keep answering questions as usual (modulo working for a living :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, Aug 01, 2006 at 03:05:06PM -0400, simo wrote: IIRC --with-automount should automount the home directory when a user steps in. I'm afraid, this is not what it does. man smb.conf says %N the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have not compiled Samba with the --with-automount option then this value will be the same as %. Looking at the code it also needs the undocumented parameter 'nis home map' to be true. Volker pgpuZ970dFBzr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [questions] aio settings in smb.conf and compile options
On Tue, 2006-08-01 at 21:20 +0200, Volker Lendecke wrote: On Tue, Aug 01, 2006 at 03:05:06PM -0400, simo wrote: IIRC --with-automount should automount the home directory when a user steps in. I'm afraid, this is not what it does. man smb.conf says %N the name of your NIS home directory server. This is obtained from your NIS auto.map entry. If you have not compiled Samba with the --with-automount option then this value will be the same as %. Looking at the code it also needs the undocumented parameter 'nis home map' to be true. Right, reading the code it also looks up where your NIS home directory is using yp calls when %p is used. This configure option name is really misleading imo. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Issues with cifs mounts following Samba upgrade to 3.0.23a
Jeremy Allison jra at samba.org writes: Well it can't have been that big of a problem, as no one tested it . Jeremy. I guess there's a bit of concern that this problem will cause a fair number of systems to stop working in a way that isn't entirely easy to diagnose or resolve, so causing a lot of frustration. I have no idea how the community handles issues like these, but have the samba team notified the relevant repository and distro managers about the bug? Anyway, if anyone wants to apply the source branch fix as I have, I made some notes about building it for my FC4 machine on my blog at http://manwiththebones.dyndns.org/wordpress/?p=117. I offer no warranty, but it might save someone some time. Damian Sinclair -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strangely lingering lock, samba 3.0.22
Hello everyone, Today a user (call them 'abc') came to me and described the following sequence of events: 1. They opened an Excel file, made some changes, saved it, and closed it. 2. They tried to open it again and got an error dialog within Excel that says this: File in Use FooBar.xls is locked for editing by 'abc'. Open 'Read-Only' or, click 'Notify' to open read-only and receive notication when the document is no longer in use. 3. They rebooted their desktop machine and tried again, and got the same dialog again. No matter what they do, the file remains locked. The same file is locked for other Windows users and on other Windows computers as well, so obviously there is some sort of state on the Samba server that is telling the clients that the file is locked. So, I logged into the Samba server (3.0.22 running on Slackware 10.2, with kernel 2.4.31), and tried to see if I could see any evidence of a lock. The file did not show up in the output of smbstatus --locks. Running fuser on the file didn't show that any process had it open. So apparently no process has it open on the Linux machine. Also, I noticed that if I make a copy of the file on the Linux machine (cp FooBar.xls FooBar-new.xls), the copy does not retain the lock. So, it would appear that this is not related to the actual contents of the file. I also tracked down the individual smbd that user abc's machine is connected to and killed it. Another one restarted, but the lock was still not released. For what it's worth, I have oplocks = no and level2 oplocks = no in my smb.conf, so presumably this isn't an oplock issue. Anyone have any ideas what's going on? As far as I can tell, this must be a server-related issue since all clients see the file as locked, and it's apparently not an issue with the contents of the file (like Excel writing some flag into the actual file contents itself), but I can't find any indication on the server that the file is locked. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strangely lingering lock, samba 3.0.22
On Tue, Aug 01, 2006 at 03:35:09PM -0500, Logan Shaw wrote: Hello everyone, Today a user (call them 'abc') came to me and described the following sequence of events: 1. They opened an Excel file, made some changes, saved it, and closed it. 2. They tried to open it again and got an error dialog within Excel that says this: File in Use FooBar.xls is locked for editing by 'abc'. Open 'Read-Only' or, click 'Notify' to open read-only and receive notication when the document is no longer in use. 3. They rebooted their desktop machine and tried again, and got the same dialog again. No matter what they do, the file remains locked. The same file is locked for other Windows users and on other Windows computers as well, so obviously there is some sort of state on the Samba server that is telling the clients that the file is locked. I added cleanup code for 3.0.23 that should fix this issue. You might want to try 3.0.23a to see if it fixes it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Issues with cifs mounts following Samba upgrade to 3.0.23a
On Tue, Aug 01, 2006 at 08:18:42PM +, Damian Sinclair wrote: I guess there's a bit of concern that this problem will cause a fair number of systems to stop working in a way that isn't entirely easy to diagnose or resolve, so causing a lot of frustration. I have no idea how the community handles issues like these, but have the samba team notified the relevant repository and distro managers about the bug? I'm sorry about the problem but fixed it as soon as I knew about it, and we'll be releasing a 3.0.23b asap to fix this issue. Package maintainers for Samba on distros should be on samba-technical, so we haven't done any asynchronous notification - we only do that for security bugs via vendor-sec. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strangely lingering lock, samba 3.0.22
On Tue, 1 Aug 2006, Jeremy Allison wrote: On Tue, Aug 01, 2006 at 03:35:09PM -0500, Logan Shaw wrote: Today a user (call them 'abc') came to me and described the following sequence of events: 1. They opened an Excel file, made some changes, saved it, and closed it. 2. They tried to open it again and got an error dialog within Excel that says this: File in Use FooBar.xls is locked for editing by 'abc'. Open 'Read-Only' or, click 'Notify' to open read-only and receive notication when the document is no longer in use. I added cleanup code for 3.0.23 that should fix this issue. You might want to try 3.0.23a to see if it fixes it. Wow, Jeremy, thanks for the quick response. It's a fairly important server, for us at least, so it's hard to justify installing a release as a test unless the issue is serious, which this isn't really. So I'll probably wait until 3.0.23b (which seems like it could be more solid than 3.0.23 and 3.0.23a), but I will keep an eye out for this problem and whether 3.0.23b fixes it when I install that. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strangely lingering lock, samba 3.0.22
I have seen the exact same behavior on a recently installed Samba server (was 3.0.22, now running 3.0.23 as of last night's update). I also have oplocks set to false, but that doesn't seem to make any difference. Fortunately, it isn't a problem that happens every time, only occasionally. Eventually, the lock does expire, but it takes a couple hours or so. I have 4 other samba servers running at the same location, all various versions of Fedora Core and samba (depending on what was current at the time of installation). None of the older systems have had any troubles, but the new server that I installed 2 weeks ago (fc5, smb 3.0.23) has been trouble from the very beginning. The same server is also generating a lot of packet errors at the network level, which causes other machines to drop the network connection to the file server. The users have to log off and back onto the network to re-establish the connection to the new server. The packet errors are not global (or at least the severity isn't). It seems to concentrate on a few users at a time. I'm planning to put a different network card into the server tonight to see if it makes any difference in tomorrow's operations. I'll let you know. Mike Logan Shaw wrote: Hello everyone, Today a user (call them 'abc') came to me and described the following sequence of events: 1. They opened an Excel file, made some changes, saved it, and closed it. 2. They tried to open it again and got an error dialog within Excel that says this: File in Use FooBar.xls is locked for editing by 'abc'. Open 'Read-Only' or, click 'Notify' to open read-only and receive notication when the document is no longer in use. 3. They rebooted their desktop machine and tried again, and got the same dialog again. No matter what they do, the file remains locked. The same file is locked for other Windows users and on other Windows computers as well, so obviously there is some sort of state on the Samba server that is telling the clients that the file is locked. So, I logged into the Samba server (3.0.22 running on Slackware 10.2, with kernel 2.4.31), and tried to see if I could see any evidence of a lock. The file did not show up in the output of smbstatus --locks. Running fuser on the file didn't show that any process had it open. So apparently no process has it open on the Linux machine. Also, I noticed that if I make a copy of the file on the Linux machine (cp FooBar.xls FooBar-new.xls), the copy does not retain the lock. So, it would appear that this is not related to the actual contents of the file. I also tracked down the individual smbd that user abc's machine is connected to and killed it. Another one restarted, but the lock was still not released. For what it's worth, I have oplocks = no and level2 oplocks = no in my smb.conf, so presumably this isn't an oplock issue. Anyone have any ideas what's going on? As far as I can tell, this must be a server-related issue since all clients see the file as locked, and it's apparently not an issue with the contents of the file (like Excel writing some flag into the actual file contents itself), but I can't find any indication on the server that the file is locked. - Logan -- Michael L. Morgan Director of Operations Iodynamics, LLC (435) 760-1046 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba too many handles
Bernhard Fuchs wrote: hello, i have the following problem, im using ubuntu enterprise Server with Samba 3.0.22. Filesharing works perfect. Since i installed a second USB-Printer (HP Laserjet 1022), the samba printsystem becomes unavailable. Printing via CUPS (latest Version) in the syslog i get these errors: smbd[5096]: create_policy_hnd: ERROR: too many handles (1025) on this pipe. I believe this has been fixed in the latest version of cups. -- Regards -- Gerald Drouillard Technology Architect Drouillard Associates, Inc. http://www.Drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Speeding up samba
Douglas D Germann Sr wrote: Hi-- My old samba server, running on a RedHat 9.0 eMachines box, ran well. It died this weekend. So I took a new Ubuntu 6.06 box and restored the data files here and turned it into a samba server. My other two Ubuntu boxes (which mount cifs) and my two Win boxes (one XP Pro, one Win95) are all slow on this network now. Are there any tricks for speeding up samba generally? Thanks! Try this: socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY -- Regards -- Gerald Drouillard Technology Architect Drouillard Associates, Inc. http://www.Drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow Transfer Speeds (I have read the HOWTO)
Richard Collyer wrote: Richard Collyer wrote: I've been having a few troubles with samba 3. I can only get 4MB/sec writing to the FreeBSD server that it is running on. As its on a 100Mbit network I was expecting at least 6-7MB/sec. ... socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Tule of thumb for socket options: Don't set this unless you can explain why you need them. Just realized I replied to the person and no the list :( Try again Anyhoo, I've tried it with socket options commented out, TCP_NODELAY only and with the SO options in there and I see no difference in the amount of data that is being sent. I've put this machine and the server on its own switch to factor out the router and done some more testing. Read speeds are 6MB/sec and write only half of that at 3MB/sec. TO be fair the read speeds are ok as are the dir listing speeds its just the write performance that I am having problems with. Does anyone have any more suggestions. Cheers Richard Try this: socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY -- Regards -- Gerald Drouillard Technology Architect Drouillard Associates, Inc. http://www.Drouillard.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Issues with cifs mounts following Samba upgrade to 3.0.23a
On Tuesday 01 August 2006 17:47, Jeremy Allison wrote: On Tue, Aug 01, 2006 at 08:18:42PM +, Damian Sinclair wrote: I guess there's a bit of concern that this problem will cause a fair number of systems to stop working in a way that isn't entirely easy to diagnose or resolve, so causing a lot of frustration. I have no idea how the community handles issues like these, but have the samba team notified the relevant repository and distro managers about the bug? I'm sorry about the problem but fixed it as soon as I knew about it, and we'll be releasing a 3.0.23b asap to fix this issue. Package maintainers for Samba on distros should be on samba-technical, so we haven't done any asynchronous notification - we only do that for security bugs via vendor-sec. Why not publish a patch for 3.0.23a? Many people find it easier to apply a patch than to browse svn and fetch patches from it (once they know which revision as the correct fix). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Issues with cifs mounts following Samba upgrade to 3.0.23a
On Tue, Aug 01, 2006 at 08:28:57PM -0300, Andreas Hasenack wrote: Why not publish a patch for 3.0.23a? Many people find it easier to apply a patch than to browse svn and fetch patches from it (once they know which revision as the correct fix). I'll try and track down the correct svn rev and post it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Bug in kernel-space samba client (3.0.23a) on FC5 (2.6.17-1.2157_FC5)
On a client running FC5 with all packages updated from yum (running samba 3.0.23a-1.fc5.1 and the 2.6.17-1.2157_FC5 linux kernel), I cannot access multiple samba shares that have share-level security using cifs. 0. To reproduce, use a server that serves two shares with share-level security. Make sure the shares have different passwords. 1. Using the standard mount command and specifying cifs as the fs, mount the first share (it doesn't matter which one you pick). If you watch the ethereal traffic, pay attention to (what I presume is the encrypted form of) the password that gets sent as part of the TreeConnect AndX Request packet. Let's call this hexadecimal password string A. 2. Now attempt to mount the second share using the mount command as well. This will fail with an Operation not permitted error, and ethereal traffic will show the server responded with STATUS_WRONG_PASSWORD. If you watch the ethereal traffic closely, you'll notice that no matter what password you try to send for this second share, the client software sends string A (which - as previously mentioned - is the password for the first share) to the server in the TreeConnect AndX Request packet, and thus the server correctly rejects the password. This is clearly a bug in the samba 3.0.23a kernel-space client. Can someone let me know if this has already been identified and even fixed in 3.0.23b? In case you're interested, here's some more info... Here's a log of my console: [EMAIL PROTECTED] madwifi]# mount -t cifs -o ro //[MY SERVER]/Pictures /media/Pictures/ Password: [EMAIL PROTECTED] madwifi]# mount -t cifs -o ro //[MY SERVER]/Music /media/Music/ Password: mount error 1 = Operation not permitted Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) Note, in this example, the first mount (for the 'Pictures' share) worked, but the second one failed. If I restart my client machine, and access the 'Music' share first, then that one will successfully mount, but the 'Pictures' share won't. The only information in /var/log/messages is: Jul 31 15:48:33 talisker kernel: CIFS VFS: cifs_mount failed w/return code = -1 Echoing 1 into /proc/fs/cifs/cifsFYI produces no more output in the log (this used to work in FC3 - how does one produce more debugging data now?). Disabling linux extensions doesn't change the behaviour. I will add that this is an improvement over the result on my FC3 machine, where even one share cannot be mounted using cifs. In a previous e-mail to the samba list where I was primarily dealing with another issue, I said that running ethereal showed in that FC3 case that the share password wasn't being correctly sent at the same time as the TreeConnect AndX Request for the share (the client in that case only sent '00' as the password). The server thus responded with STATUS_WRONG_PASSWORD. In the FC5 case, ethereal shows what appears to be the encrypted form of a password (albeit the incorrect one) being sent when the TreeConnect AndX Request packet gets sent. So, at first glance, it appears that at least the password sending bug got fixed in the newer version of the samba client (unfortunately, it only got partially fixed). The server unfortunately responds with STATUS_WRONG_PASSWORD for the reason mentioned above. Accessing both shares through the user-space smbclient program works just fine. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bug in kernel-space samba client (3.0.23a) on FC5 (2.6.17-1.2157_FC5)
On Tue, Aug 01, 2006 at 05:25:25PM -0700, samba newbie wrote: On a client running FC5 with all packages updated from yum (running samba 3.0.23a-1.fc5.1 and the 2.6.17-1.2157_FC5 linux kernel), I cannot access multiple samba shares that have share-level security using cifs. This is clearly a bug in the samba 3.0.23a kernel-space client. FYI: The CIFSFS kernel client is developed independently of Samba, so Samba version numbers like 3.0.23a mean nothing to cifsfs mounts - they are known by kernel version numbers, not Samba version numbers. Can someone let me know if this has already been identified and even fixed in 3.0.23b? See above. Having said that I'm not sure how much testing Steve does with share level security. I'll forward your message on to him. Accessing both shares through the user-space smbclient program works just fine. The smbclient program is part of Samba, so it's fair to use Samba version numbers like 3.0.23a for that :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Issues with cifs mounts following Samba upgrade to 3.0.23a
On Tue, Aug 01, 2006 at 08:28:57PM -0300, Andreas Hasenack wrote: On Tuesday 01 August 2006 17:47, Jeremy Allison wrote: On Tue, Aug 01, 2006 at 08:18:42PM +, Damian Sinclair wrote: I guess there's a bit of concern that this problem will cause a fair number of systems to stop working in a way that isn't entirely easy to diagnose or resolve, so causing a lot of frustration. I have no idea how the community handles issues like these, but have the samba team notified the relevant repository and distro managers about the bug? I'm sorry about the problem but fixed it as soon as I knew about it, and we'll be releasing a 3.0.23b asap to fix this issue. Package maintainers for Samba on distros should be on samba-technical, so we haven't done any asynchronous notification - we only do that for security bugs via vendor-sec. Why not publish a patch for 3.0.23a? Many people find it easier to apply a patch than to browse svn and fetch patches from it (once they know which revision as the correct fix). Here's the patch for 3.0.23a. Jeremy. Index: smbd/open.c === --- smbd/open.c (revision 17258) +++ smbd/open.c (revision 17259) @@ -1204,14 +1204,12 @@ /* If file exists replace/overwrite. If file doesn't * exist create. */ flags2 |= (O_CREAT | O_TRUNC); - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ break; case FILE_OVERWRITE_IF: /* If file exists replace/overwrite. If file doesn't * exist create. */ flags2 |= (O_CREAT | O_TRUNC); - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ break; case FILE_OPEN: @@ -1238,7 +1236,6 @@ return NULL; } flags2 |= O_TRUNC; - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ break; case FILE_CREATE: @@ -1292,9 +1289,6 @@ /* This is a nasty hack - must fix... JRA. */ if (access_mask == MAXIMUM_ALLOWED_ACCESS) { open_access_mask = access_mask = FILE_GENERIC_ALL; - if (flags2 O_TRUNC) { - open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ - } } /* @@ -1302,7 +1296,12 @@ */ se_map_generic(access_mask, file_generic_mapping); + open_access_mask = access_mask; + if (flags2 O_TRUNC) { + open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */ + } + DEBUG(10, (open_file_ntcreate: fname=%s, after mapping access_mask=0x%x\n, fname, access_mask )); @@ -1539,9 +1538,11 @@ unx_mode = 0777; } - DEBUG(4,(calling open_file with flags=0x%X flags2=0x%X mode=0%o\n, + DEBUG(4,(calling open_file with flags=0x%X flags2=0x%X mode=0%o, + access_mask = 0x%x, open_access_mask = 0x%x\n, (unsigned int)flags, (unsigned int)flags2, -(unsigned int)unx_mode)); +(unsigned int)unx_mode, (unsigned int)access_mask, +(unsigned int)open_access_mask)); /* * open_file strips any O_TRUNC flags itself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17353 - in branches/SAMBA_3_0: examples examples/gpfs source source/modules source/smbd
Author: ab Date: 2006-08-01 07:38:36 + (Tue, 01 Aug 2006) New Revision: 17353 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17353 Log: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs. Added: branches/SAMBA_3_0/examples/gpfs/ branches/SAMBA_3_0/examples/gpfs/README.nfs4acls.txt branches/SAMBA_3_0/source/modules/nfs4_acls.c branches/SAMBA_3_0/source/modules/nfs4_acls.h branches/SAMBA_3_0/source/modules/vfs_aixacl2.c branches/SAMBA_3_0/source/modules/vfs_gpfsacl.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Sorry, the patch is too large (2190 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17353
svn commit: samba r17354 - in branches/SAMBA_3_0/source: . modules smbd
Author: ab Date: 2006-08-01 08:27:19 + (Tue, 01 Aug 2006) New Revision: 17354 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17354 Log: Revert -r 17353 per Volker request while gpfs compatibility layer code will be released. Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/modules/nfs4_acls.c branches/SAMBA_3_0/source/modules/nfs4_acls.h branches/SAMBA_3_0/source/modules/vfs_aixacl2.c branches/SAMBA_3_0/source/modules/vfs_gpfsacl.c branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Sorry, the patch is too large (2102 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17354
svn commit: samba r17355 - in branches/SAMBA_3_0_RELEASE/source: libsmb passdb utils
Author: jerry Date: 2006-08-01 08:41:17 + (Tue, 01 Aug 2006) New Revision: 17355 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17355 Log: go ahead and catch some changes from the 3.0.23 dev tree Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clidfs.c branches/SAMBA_3_0_RELEASE/source/libsmb/clitrans.c branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c branches/SAMBA_3_0_RELEASE/source/utils/netlookup.c Changeset: Sorry, the patch is too large (566 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17355
svn commit: samba r17356 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec Date: 2006-08-01 09:06:18 + (Tue, 01 Aug 2006) New Revision: 17356 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17356 Log: Also transfer the sambaHomePath attribute. Volker Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc_samsync.c === --- branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-08-01 08:41:17 UTC (rev 17355) +++ branches/SAMBA_3_0/source/utils/net_rpc_samsync.c 2006-08-01 09:06:18 UTC (rev 17356) @@ -1579,6 +1579,10 @@ unistr2_to_ascii(homedrive, (delta-account_info.uni_dir_drive), sizeof(homedrive)-1); +/* Get the home path */ +unistr2_to_ascii(homepath, (delta-account_info.uni_home_dir), +sizeof(homepath)-1); + /* Get the description */ unistr2_to_ascii(description, (delta-account_info.uni_acct_desc), sizeof(description)-1);
svn commit: samba r17357 - in branches/SAMBA_4_0/source: . librpc
Author: metze Date: 2006-08-01 09:09:45 + (Tue, 01 Aug 2006) New Revision: 17357 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17357 Log: - fix the build - generate the IDL_NDR_* variables before using them (this was the reason I didn't noticed this error) metze Modified: branches/SAMBA_4_0/source/librpc/config.mk branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/librpc/config.mk === --- branches/SAMBA_4_0/source/librpc/config.mk 2006-08-01 09:06:18 UTC (rev 17356) +++ branches/SAMBA_4_0/source/librpc/config.mk 2006-08-01 09:09:45 UTC (rev 17357) @@ -336,6 +336,8 @@ PUBLIC_HEADERS = gen_ndr/winbind.h PUBLIC_DEPENDENCIES = LIBNDR NDR_NETLOGON +include ../heimdal_build/perl_path_wrapper.sh ../librpc/idl-deps.pl librpc/idl/*.idl| + librpc/gen_ndr/tables.c: $(IDL_NDR_PARSE_H_FILES) @echo Generating librpc/gen_ndr/tables.c @$(PERL) $(srcdir)/librpc/tables.pl --output=librpc/gen_ndr/tables.c $(IDL_NDR_PARSE_H_FILES) librpc/gen_ndr/tables.x @@ -356,7 +358,7 @@ NDR_NETLOGON NDR_TRKWKS NDR_KEYSVC NDR_KRB5PAC NDR_XATTR NDR_SCHANNEL \ NDR_ROT NDR_DRSBLOBS NDR_SVCCTL NDR_NBT NDR_WINSREPL NDR_SECURITY \ NDR_INITSHUTDOWN NDR_DNSSERVER NDR_WINSTATION NDR_IRPC NDR_DCOM NDR_OPENDB \ - NDR_SASL_HELPERS NDR_NOTIFY + NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND [LIBRARY::RPC_NDR_ROT] VERSION = 0.0.1 Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-08-01 09:06:18 UTC (rev 17356) +++ branches/SAMBA_4_0/source/main.mk 2006-08-01 09:09:45 UTC (rev 17357) @@ -188,8 +188,6 @@ uninstallpidl: pidl/Makefile $(MAKE) -C pidl uninstall -include heimdal_build/perl_path_wrapper.sh ../librpc/idl-deps.pl librpc/idl/*.idl| - $(IDL_HEADER_FILES) \ $(IDL_NDR_PARSE_H_FILES) $(IDL_NDR_PARSE_C_FILES) \ $(IDL_NDR_CLIENT_C_FILES) $(IDL_NDR_CLIENT_H_FILES) \
svn commit: samba r17358 - in branches/SAMBA_3_0: examples examples/aix source source/modules source/smbd
Author: ab Date: 2006-08-01 09:25:24 + (Tue, 01 Aug 2006) New Revision: 17358 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17358 Log: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific examples directory. Added: branches/SAMBA_3_0/examples/aix/ branches/SAMBA_3_0/examples/aix/README.nfs4acls.txt Removed: branches/SAMBA_3_0/examples/gpfs/ Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/modules/nfs4_acls.c branches/SAMBA_3_0/source/modules/nfs4_acls.h branches/SAMBA_3_0/source/modules/vfs_aixacl2.c branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Sorry, the patch is too large (1527 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17358
svn commit: samba r17359 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: metze Date: 2006-08-01 10:11:37 + (Tue, 01 Aug 2006) New Revision: 17359 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17359 Log: http://www.cs.wisc.edu/~cao/cs739/draft-leach-cifs-v1-spec-01.txt says that with the 0x fid all files only for the given pid should be flushed Does samba3 handle this correct? metze Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c 2006-08-01 09:25:24 UTC (rev 17358) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c 2006-08-01 10:11:37 UTC (rev 17359) @@ -62,8 +62,13 @@ return NT_STATUS_OK; } - /* they are asking to flush all open files */ + /* +* they are asking to flush all open files +* for the given SMBPID +*/ for (f=pvfs-files.list;f;f=f-next) { + if (f-smbpid != req-smbpid) continue; + pvfs_flush_file(pvfs, f); }
Re: svn commit: samba r17352 - in branches/SAMBA_4_0/source/setup: .
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] schrieb: Author: abartlet Date: 2006-08-01 05:58:06 + (Tue, 01 Aug 2006) New Revision: 17352 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17352 Log: Don't do a modify on the objectClasses, as OpenLDAP doesn't like this. Instead, handle this one in the add. I think windows also doesn't like it, if I remember correct... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEzyfSm70gjA5TCD8RAhkFAJ9L4C85oKgIjgliRoZdGA23YiXHVQCeL89s uIYiLdtyQmUtOQ4DaYsSbj4= =17cG -END PGP SIGNATURE-
svn commit: samba r17360 - in branches/SAMBA_4_0/source/smb_server/smb2: .
Author: metze Date: 2006-08-01 10:37:34 + (Tue, 01 Aug 2006) New Revision: 17360 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17360 Log: add some comments metze Modified: branches/SAMBA_4_0/source/smb_server/smb2/tcon.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb2/tcon.c === --- branches/SAMBA_4_0/source/smb_server/smb2/tcon.c2006-08-01 10:11:37 UTC (rev 17359) +++ branches/SAMBA_4_0/source/smb_server/smb2/tcon.c2006-08-01 10:37:34 UTC (rev 17360) @@ -49,7 +49,7 @@ tid = IVAL(base, offset + 8); pad = IVAL(base, offset + 12); - if (pad != 0x) { + if (pad != UINT32_MAX) { return NULL; } @@ -58,7 +58,15 @@ return NULL; } -/* TODO: add comments */ + /* +* the handle can belong to a different tcon +* as that TID in the SMB2 header says, but +* the request should succeed nevertheless! +* +* because if this we put the 32 bit TID into the +* 128 bit handle, so that we can extract the tcon from the +* handle +*/ tcon = req-tcon; if (tid != req-tcon-tid) { tcon = smbsrv_smb2_tcon_find(req-session, tid, req-request_time); @@ -72,6 +80,18 @@ return NULL; } + /* +* as the smb2srv_tcon is a child object of the smb2srv_session +* the handle belongs to the correct session! +* +* Note: no check is needed here for SMB2 +*/ + + /* +* as the handle may have overwritten the tcon +* we need to set it on the request so that the +* correct ntvfs context will be used for the ntvfs_*() request +*/ req-tcon = tcon; return handle-ntvfs; } @@ -86,7 +106,7 @@ */ SBVAL(base, offset, handle-hid); SIVAL(base, offset + 8, handle-tcon-tid); - SIVAL(base, offset + 12,0x); + SIVAL(base, offset + 12,UINT32_MAX); } static NTSTATUS smb2srv_handle_create_new(void *private_data, struct ntvfs_request *ntvfs, struct ntvfs_handle **_h)
svn commit: samba r17361 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze Date: 2006-08-01 10:42:03 + (Tue, 01 Aug 2006) New Revision: 17361 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17361 Log: check that file handles are only accessable by the correct session in the SMB frontend server metze Modified: branches/SAMBA_4_0/source/smb_server/smb/request.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb/request.c === --- branches/SAMBA_4_0/source/smb_server/smb/request.c 2006-08-01 10:37:34 UTC (rev 17360) +++ branches/SAMBA_4_0/source/smb_server/smb/request.c 2006-08-01 10:42:03 UTC (rev 17361) @@ -668,6 +668,17 @@ return NULL; } + /* +* For SMB tcons and sessions can be mixed! +* But we need to make sure that file handles +* are only accessed by the opening session! +* +* So check if the handle is valid for the given session! +*/ + if (handle-session != req-session) { + return NULL; + } + return handle-ntvfs; }
svn commit: samba r17362 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: metze Date: 2006-08-01 10:58:01 + (Tue, 01 Aug 2006) New Revision: 17362 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17362 Log: session_info and smbpid are available from the ntvfs_handle so we don't need them on the pvfs_file struct. also we don't need to check is the handle has the correct session as this is job of the frontend server metze Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.h Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c 2006-08-01 10:42:03 UTC (rev 17361) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_flush.c 2006-08-01 10:58:01 UTC (rev 17362) @@ -67,7 +67,7 @@ * for the given SMBPID */ for (f=pvfs-files.list;f;f=f-next) { - if (f-smbpid != req-smbpid) continue; + if (f-ntvfs-smbpid != req-smbpid) continue; pvfs_flush_file(pvfs, f); } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-08-01 10:42:03 UTC (rev 17361) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2006-08-01 10:58:01 UTC (rev 17362) @@ -43,11 +43,6 @@ f = talloc_get_type(p, struct pvfs_file); if (!f) return NULL; - if (req-session_info != f-session_info) { - DEBUG(2,(pvfs_find_fd: attempt to use wrong session for handle %p\n,h)); - return NULL; - } - return f; } @@ -256,8 +251,6 @@ } f-ntvfs = h; - f-session_info = req-session_info; - f-smbpid= req-smbpid; f-pvfs = pvfs; f-pending_list = NULL; f-lock_count= 0; @@ -690,8 +683,6 @@ } f-ntvfs = h; - f-session_info = req-session_info; - f-smbpid= req-smbpid; f-pvfs = pvfs; f-pending_list = NULL; f-lock_count= 0; @@ -861,8 +852,8 @@ */ for (f2=pvfs-files.list;f2;f2=f2-next) { if (f2 != f - f2-session_info == req-session_info - f2-smbpid == req-smbpid + f2-ntvfs-session_info == req-session_info + f2-ntvfs-smbpid == req-smbpid (f2-handle-create_options (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS | NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) @@ -1120,8 +,6 @@ } f-ntvfs = h; - f-session_info = req-session_info; - f-smbpid= req-smbpid; f-pvfs = pvfs; f-pending_list = NULL; f-lock_count= 0; @@ -1344,7 +1333,7 @@ for (f=pvfs-files.list;f;f=next) { next = f-next; - if (f-session_info == req-session_info) { + if (f-ntvfs-session_info == req-session_info) { talloc_free(f); } } @@ -1364,8 +1353,8 @@ for (f=pvfs-files.list;f;f=next) { next = f-next; - if (f-session_info == req-session_info - f-smbpid == req-smbpid) { + if (f-ntvfs-session_info == req-session_info + f-ntvfs-smbpid == req-smbpid) { talloc_free(f); } } Modified: branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.h === --- branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.h 2006-08-01 10:42:03 UTC (rev 17361) +++ branches/SAMBA_4_0/source/ntvfs/posix/vfs_posix.h 2006-08-01 10:58:01 UTC (rev 17362) @@ -161,14 +161,6 @@ uint32_t share_access; uint32_t access_mask; - /* we need to remember the session it was opened on, - as it is illegal to operate on someone elses fnum */ - struct auth_session_info *session_info; - - /* we need to remember the client pid that - opened the file so SMBexit works */ - uint16_t smbpid; - /* a list of pending locks - used for locking cancel operations */ struct pvfs_pending_lock *pending_list;
svn commit: samba r17363 - in branches/SAMBA_3_0/source: libmsrpc libsmb nsswitch rpc_parse torture
Author: vlendec Date: 2006-08-01 12:45:12 + (Tue, 01 Aug 2006) New Revision: 17363 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17363 Log: Some C++ warnings Modified: branches/SAMBA_3_0/source/libmsrpc/cac_samr.c branches/SAMBA_3_0/source/libmsrpc/libmsrpc_internal.c branches/SAMBA_3_0/source/libsmb/smb_share_modes.c branches/SAMBA_3_0/source/nsswitch/winbind_nss_linux.c branches/SAMBA_3_0/source/rpc_parse/parse_buffer.c branches/SAMBA_3_0/source/rpc_parse/parse_dfs.c branches/SAMBA_3_0/source/torture/denytest.c branches/SAMBA_3_0/source/torture/nbio.c branches/SAMBA_3_0/source/torture/pdbtest.c Changeset: Modified: branches/SAMBA_3_0/source/libmsrpc/cac_samr.c === --- branches/SAMBA_3_0/source/libmsrpc/cac_samr.c 2006-08-01 10:58:01 UTC (rev 17362) +++ branches/SAMBA_3_0/source/libmsrpc/cac_samr.c 2006-08-01 12:45:12 UTC (rev 17363) @@ -156,7 +156,8 @@ if(!fs.out.domain_sid) return NULL; - sid = talloc_memdup(mem_ctx, (fs.out.domain_sid-sid), sizeof(DOM_SID)); + sid = (DOM_SID *)talloc_memdup(mem_ctx, (fs.out.domain_sid-sid), + sizeof(DOM_SID)); if(!sid) { hnd-status = NT_STATUS_NO_MEMORY; Modified: branches/SAMBA_3_0/source/libmsrpc/libmsrpc_internal.c === --- branches/SAMBA_3_0/source/libmsrpc/libmsrpc_internal.c 2006-08-01 10:58:01 UTC (rev 17362) +++ branches/SAMBA_3_0/source/libmsrpc/libmsrpc_internal.c 2006-08-01 12:45:12 UTC (rev 17363) @@ -252,7 +252,8 @@ data-reg_binary.data_length = size; - data-reg_binary.data = talloc_memdup(mem_ctx, buf.buffer, size); + data-reg_binary.data = (uint8 *)talloc_memdup(mem_ctx, buf.buffer, + size); if(!data-reg_binary.data) { TALLOC_FREE(data); errno = ENOMEM; @@ -499,7 +500,8 @@ memcpy(info-nt_password, id21-nt_pwd, 8); memcpy(info-lm_password, id21-lm_pwd, 8); - info-logon_hours = talloc_memdup(mem_ctx, (id21-logon_hrs), sizeof(LOGON_HRS)); + info-logon_hours = (LOGON_HRS *)talloc_memdup(mem_ctx, (id21-logon_hrs), + sizeof(LOGON_HRS)); if(!info-logon_hours) return NULL; Modified: branches/SAMBA_3_0/source/libsmb/smb_share_modes.c === --- branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2006-08-01 10:58:01 UTC (rev 17362) +++ branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2006-08-01 12:45:12 UTC (rev 17363) @@ -259,9 +259,10 @@ db_data = tdb_fetch(db_ctx-smb_tdb, locking_key); if (!db_data.dptr) { /* We must create the entry. */ - db_data.dptr = malloc((2*sizeof(struct share_mode_entry)) + - strlen(sharepath) + 1 + - strlen(filename) + 1); + db_data.dptr = (char *)malloc( + (2*sizeof(struct share_mode_entry)) + + strlen(sharepath) + 1 + + strlen(filename) + 1); if (!db_data.dptr) { return -1; } @@ -294,7 +295,8 @@ } /* Entry exists, we must add a new entry. */ - new_data_p = malloc(db_data.dsize + sizeof(struct share_mode_entry)); + new_data_p = (char *)malloc( + db_data.dsize + sizeof(struct share_mode_entry)); if (!new_data_p) { free(db_data.dptr); return -1; @@ -391,7 +393,8 @@ } /* More than one - allocate a new record minus the one we'll delete. */ - new_data_p = malloc(db_data.dsize - sizeof(struct share_mode_entry)); + new_data_p = (char *)malloc( + db_data.dsize - sizeof(struct share_mode_entry)); if (!new_data_p) { free(db_data.dptr); return -1; Modified: branches/SAMBA_3_0/source/nsswitch/winbind_nss_linux.c === --- branches/SAMBA_3_0/source/nsswitch/winbind_nss_linux.c 2006-08-01 10:58:01 UTC (rev 17362) +++ branches/SAMBA_3_0/source/nsswitch/winbind_nss_linux.c 2006-08-01 12:45:12 UTC (rev 17363) @@ -370,7 +370,8 @@ return_result: - pw_cache = getpwent_response.extra_data.data; + pw_cache = (struct winbindd_pw *) + getpwent_response.extra_data.data; /* Check data is valid */ @@ -613,7 +614,8 @@ return_result: - gr_cache = getgrent_response.extra_data.data; + gr_cache = (struct winbindd_gr *) + getgrent_response.extra_data.data; /* Check data is valid
svn commit: samba r17364 - in branches/SAMBA_3_0/source/rpc_server: .
Author: vlendec Date: 2006-08-01 14:46:08 + (Tue, 01 Aug 2006) New Revision: 17364 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17364 Log: Another NT4 join bug: The idealx tools set the primary group sid, and if we do an update_sam_account later on, we want to also set it using the delete/add method. As the idealx tools use the replace method, they don't care about what has been in there before. Jerry, this is a likely 3.0.23b candidate. Not merging, it's your call :-) Volker Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-08-01 12:45:12 UTC (rev 17363) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-08-01 14:46:08 UTC (rev 17364) @@ -3338,13 +3338,20 @@ copy_id25_to_sam_passwd(pwd, id25); + /* write the change out */ + if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { + TALLOC_FREE(pwd); + return status; + } + /* -* The funny part about the previous two calls is -* that pwd still has the password hashes from the -* passdb entry. These have not been updated from -* id21. I don't know if they need to be set.--jerry +* We need to pdb_update_sam_account before the unix primary group +* is set, because the idealx scripts would also change the +* sambaPrimaryGroupSid using the ldap replace method. pdb_ldap uses +* the delete explicit / add explicit, which would then fail to find +* the previous primaryGroupSid value. */ - + if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) { status = pdb_set_unix_primary_group(mem_ctx, pwd); if ( !NT_STATUS_IS_OK(status) ) { @@ -3352,16 +3359,6 @@ } } - /* Don't worry about writing out the user account since the - primary group SID is generated solely from the user's Unix - primary group. */ - - /* write the change out */ - if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); - return status; - } - /* WARNING: No TALLOC_FREE(pwd), we are about to set the password * hereafter! */
svn commit: samba r17368 - in branches/SAMBA_4_0/source/lib/ldb: common include
Author: abartlet Date: 2006-08-01 22:46:49 + (Tue, 01 Aug 2006) New Revision: 17368 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17368 Log: Add 'const' to ldb_match_msg(). Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2006-08-01 18:40:19 UTC (rev 17367) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2006-08-01 22:46:49 UTC (rev 17368) @@ -81,9 +81,9 @@ match if node is present */ static int ldb_match_present(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, - enum ldb_scope scope) +const struct ldb_message *msg, +const struct ldb_parse_tree *tree, +enum ldb_scope scope) { if (ldb_attr_dn(tree-u.present.attr) == 0) { return 1; @@ -97,8 +97,8 @@ } static int ldb_match_comparison(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope, enum ldb_parse_op comp_op) { @@ -138,8 +138,8 @@ match a simple leaf node */ static int ldb_match_equality(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope) { unsigned int i; @@ -183,7 +183,7 @@ } static int ldb_wildcard_compare(struct ldb_context *ldb, - struct ldb_parse_tree *tree, + const struct ldb_parse_tree *tree, const struct ldb_val value) { const struct ldb_attrib_handler *h; @@ -254,8 +254,8 @@ match a simple leaf node */ static int ldb_match_substring(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope) { unsigned int i; @@ -279,7 +279,7 @@ /* bitwise-and comparator */ -static int ldb_comparator_and(struct ldb_val *v1, struct ldb_val *v2) +static int ldb_comparator_and(const struct ldb_val *v1, const struct ldb_val *v2) { uint64_t i1, i2; i1 = strtoull((char *)v1-data, NULL, 0); @@ -290,7 +290,7 @@ /* bitwise-or comparator */ -static int ldb_comparator_or(struct ldb_val *v1, struct ldb_val *v2) +static int ldb_comparator_or(const struct ldb_val *v1, const struct ldb_val *v2) { uint64_t i1, i2; i1 = strtoull((char *)v1-data, NULL, 0); @@ -303,19 +303,19 @@ extended match, handles things like bitops */ static int ldb_match_extended(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope) { int i; const struct { const char *oid; - int (*comparator)(struct ldb_val *, struct ldb_val *); + int (*comparator)(const struct ldb_val *, const struct ldb_val *); } rules[] = { { LDB_OID_COMPARATOR_AND, ldb_comparator_and}, { LDB_OID_COMPARATOR_OR, ldb_comparator_or} }; - int (*comp)(struct ldb_val *, struct ldb_val *) = NULL; + int (*comp)(const struct ldb_val *, const struct ldb_val *) = NULL; struct ldb_message_element *el; if (tree-u.extended.dnAttributes) { @@ -366,8 +366,8 @@ this is a recursive function, and does short-circuit evaluation */ static int ldb_match_message(struct ldb_context *ldb, -struct ldb_message *msg, -struct ldb_parse_tree *tree, +const struct ldb_message *msg, +const struct ldb_parse_tree *tree, enum ldb_scope scope) { unsigned int i; @@ -418,8 +418,8 @@ } int ldb_match_msg(struct ldb_context *ldb, -
svn commit: samba r17369 - in branches/SOC/mkhl: ldb-map/common ldb-map/include ldb-map/ldb_ildap ldb-map/ldb_tdb samdb-map/ldb_modules
Author: mkhl Date: 2006-08-01 22:59:36 + (Tue, 01 Aug 2006) New Revision: 17369 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17369 Log: Merge from mainline, r17368. Removed: branches/SOC/mkhl/samdb-map/ldb_modules/password_sync.c Modified: branches/SOC/mkhl/ldb-map/common/ldb_match.c branches/SOC/mkhl/ldb-map/include/ldb.h branches/SOC/mkhl/ldb-map/include/ldb_private.h branches/SOC/mkhl/ldb-map/ldb_ildap/ldb_ildap.c branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SOC/mkhl/ldb-map/common/ldb_match.c === --- branches/SOC/mkhl/ldb-map/common/ldb_match.c2006-08-01 22:46:49 UTC (rev 17368) +++ branches/SOC/mkhl/ldb-map/common/ldb_match.c2006-08-01 22:59:36 UTC (rev 17369) @@ -81,9 +81,9 @@ match if node is present */ static int ldb_match_present(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, - enum ldb_scope scope) +const struct ldb_message *msg, +const struct ldb_parse_tree *tree, +enum ldb_scope scope) { if (ldb_attr_dn(tree-u.present.attr) == 0) { return 1; @@ -97,8 +97,8 @@ } static int ldb_match_comparison(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope, enum ldb_parse_op comp_op) { @@ -138,8 +138,8 @@ match a simple leaf node */ static int ldb_match_equality(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope) { unsigned int i; @@ -183,7 +183,7 @@ } static int ldb_wildcard_compare(struct ldb_context *ldb, - struct ldb_parse_tree *tree, + const struct ldb_parse_tree *tree, const struct ldb_val value) { const struct ldb_attrib_handler *h; @@ -254,8 +254,8 @@ match a simple leaf node */ static int ldb_match_substring(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope) { unsigned int i; @@ -279,7 +279,7 @@ /* bitwise-and comparator */ -static int ldb_comparator_and(struct ldb_val *v1, struct ldb_val *v2) +static int ldb_comparator_and(const struct ldb_val *v1, const struct ldb_val *v2) { uint64_t i1, i2; i1 = strtoull((char *)v1-data, NULL, 0); @@ -290,7 +290,7 @@ /* bitwise-or comparator */ -static int ldb_comparator_or(struct ldb_val *v1, struct ldb_val *v2) +static int ldb_comparator_or(const struct ldb_val *v1, const struct ldb_val *v2) { uint64_t i1, i2; i1 = strtoull((char *)v1-data, NULL, 0); @@ -303,19 +303,19 @@ extended match, handles things like bitops */ static int ldb_match_extended(struct ldb_context *ldb, - struct ldb_message *msg, - struct ldb_parse_tree *tree, + const struct ldb_message *msg, + const struct ldb_parse_tree *tree, enum ldb_scope scope) { int i; const struct { const char *oid; - int (*comparator)(struct ldb_val *, struct ldb_val *); + int (*comparator)(const struct ldb_val *, const struct ldb_val *); } rules[] = { { LDB_OID_COMPARATOR_AND, ldb_comparator_and}, { LDB_OID_COMPARATOR_OR, ldb_comparator_or} }; - int (*comp)(struct ldb_val *, struct ldb_val *) = NULL; + int (*comp)(const struct ldb_val *, const struct ldb_val *) = NULL; struct ldb_message_element *el; if (tree-u.extended.dnAttributes) { @@ -366,8 +366,8 @@ this is a recursive function, and does short-circuit evaluation */ static int ldb_match_message(struct ldb_context *ldb, -struct ldb_message *msg, -struct ldb_parse_tree *tree, +const struct ldb_message *msg, +const struct ldb_parse_tree *tree,
svn commit: samba r17370 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: idra Date: 2006-08-02 00:01:09 + (Wed, 02 Aug 2006) New Revision: 17370 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17370 Log: Fix tdb searches, we need to return an LDAP_REPLY_DONE packet when done. Awesome how this didn't break everything around... Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2006-08-01 22:59:36 UTC (rev 17369) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2006-08-02 00:01:09 UTC (rev 17370) @@ -478,6 +478,7 @@ { struct ltdb_private *ltdb = talloc_get_type(module-private_data, struct ltdb_private); struct ltdb_context *ltdb_ac; + struct ldb_reply *ares; int ret; if ((req-op.search.base == NULL || req-op.search.base-comp_num == 0) @@ -521,6 +522,20 @@ req-handle-status = ret; } + /* Finally send an LDB_REPLY_DONE packet when searching is finished */ + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ltdb_unlock_read(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + req-handle-state = LDB_ASYNC_DONE; + ares-type = LDB_REPLY_DONE; + + ret = req-callback(module-ldb, req-context, ares); + req-handle-status = ret; + ltdb_unlock_read(module); return LDB_SUCCESS;
svn commit: samba r17371 - in branches/SOC/mkhl/ldb-map/ldb_tdb: .
Author: mkhl Date: 2006-08-02 01:25:05 + (Wed, 02 Aug 2006) New Revision: 17371 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17371 Log: Merge from mainline, r17370. Modified: branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_search.c Changeset: Modified: branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_search.c === --- branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_search.c 2006-08-02 00:01:09 UTC (rev 17370) +++ branches/SOC/mkhl/ldb-map/ldb_tdb/ldb_search.c 2006-08-02 01:25:05 UTC (rev 17371) @@ -478,6 +478,7 @@ { struct ltdb_private *ltdb = talloc_get_type(module-private_data, struct ltdb_private); struct ltdb_context *ltdb_ac; + struct ldb_reply *ares; int ret; if ((req-op.search.base == NULL || req-op.search.base-comp_num == 0) @@ -521,6 +522,20 @@ req-handle-status = ret; } + /* Finally send an LDB_REPLY_DONE packet when searching is finished */ + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ltdb_unlock_read(module); + return LDB_ERR_OPERATIONS_ERROR; + } + + req-handle-state = LDB_ASYNC_DONE; + ares-type = LDB_REPLY_DONE; + + ret = req-callback(module-ldb, req-context, ares); + req-handle-status = ret; + ltdb_unlock_read(module); return LDB_SUCCESS;
svn commit: samba r17372 - in branches/SOC/mkhl/ldb-map/modules: .
Author: abartlet Date: 2006-08-02 02:24:00 + (Wed, 02 Aug 2006) New Revision: 17372 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17372 Log: Changes to ldb_map to handle wildcard mappings, and not rebasing the DN. Andrew Bartlett Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c Changeset: Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c === --- branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-08-02 01:25:05 UTC (rev 17371) +++ branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-08-02 02:24:00 UTC (rev 17372) @@ -218,6 +218,11 @@ struct ldb_dn *new; int i, offset; + /* Perhaps we don't need to rebase at all? */ + if (!old_base || !new_base) { + return ldb_dn_copy(mem_ctx, old); + } + offset = old-comp_num - old_base-comp_num; new = ldb_dn_copy_partial(mem_ctx, new_base, offset + new_base-comp_num); @@ -319,7 +324,7 @@ { int i; - for (i = 0; data-objectclass_maps[i].local_name; i++) + for (i = 0; data-objectclass_maps data-objectclass_maps[i].local_name; i++) if (ldb_attr_cmp(data-objectclass_maps[i] .local_name, name) == 0) return data-objectclass_maps[i]; @@ -334,7 +339,7 @@ { int i; - for (i = 0; data-objectclass_maps[i].remote_name; i++) + for (i = 0; data-objectclass_maps data-objectclass_maps[i].remote_name; i++) if (ldb_attr_cmp(data-objectclass_maps[i] .remote_name, name) == 0) return data-objectclass_maps[i]; @@ -350,11 +355,16 @@ { int i; - for (i = 0; data-attribute_maps[i].local_name; i++) + for (i = 0; data-attribute_maps[i].local_name; i++) { if (ldb_attr_cmp(data-attribute_maps[i] .local_name, name) == 0) return data-attribute_maps[i]; - + } + for (i = 0; data-attribute_maps[i].local_name; i++) { + if (ldb_attr_cmp(data-attribute_maps[i] +.local_name, *) == 0) + return data-attribute_maps[i]; + } return NULL; } @@ -365,8 +375,14 @@ const char *name) { int i, j; + const struct ldb_map_attribute *wildcard = NULL; for (i = 0; data-attribute_maps[i].local_name; i++) { + if (ldb_attr_cmp(data-attribute_maps[i] +.local_name, *) == 0) { + wildcard = data-attribute_maps[i]; + } + switch (data-attribute_maps[i].type) { case MAP_KEEP: if (ldb_attr_cmp(data-attribute_maps[i] .local_name, name) == 0) @@ -390,7 +406,8 @@ } } - return NULL; + /* We didn't find it, so return the wildcard record if one was configured */ + return wildcard; } @@ -404,6 +421,10 @@ { const struct ldb_map_context *data = map_get_context(module); + if (!data-local_base_dn) { + return True; + } + return ldb_dn_compare_base(module-ldb, data-local_base_dn, dn) == 0; } @@ -572,7 +593,7 @@ continue; case MAP_KEEP: - name = map-local_name; + name = attrs[i]; goto named; case MAP_RENAME: @@ -1601,13 +1622,16 @@ partition_msg_el(struct ldb_module *module, struct ldb_message *local, struct ldb_message *remote, -const struct ldb_map_attribute *map, +const char *attr_name, const struct ldb_message *msg, /* const char * const names[], */ const struct ldb_message_element *old) { struct ldb_message_element *el; + const struct ldb_map_context *data = map_get_context(module); + const struct ldb_map_attribute *map = find_local_attr(data, attr_name); + /* no mapping: ignore */ if (map == NULL) { ldb_debug(module-ldb, LDB_DEBUG_WARNING, ldb_map: @@ -1698,10 +1722,8 @@ struct ldb_message *remote, const struct ldb_message *msg) { - const struct ldb_map_context *data = map_get_context(module); /* names of remote attributes the original message can map */ /* const char * const names[]; */ - const struct ldb_map_attribute *map; int i, ret; /* try to map each attribute; @@ -1716,9 +1738,7 @@ continue; } - map = find_local_attr(data, msg-elements[i].name); - - ret = partition_msg_el(module, local, remote, map, + ret =
svn commit: samba r17373 - in branches/SOC/mkhl/samdb-map/ldb_modules: .
Author: abartlet Date: 2006-08-02 02:33:32 + (Wed, 02 Aug 2006) New Revision: 17373 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17373 Log: Add new module entryUUID, using ldb_map infrustruture. Andrew Bartlett Added: branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c Modified: branches/SOC/mkhl/samdb-map/ldb_modules/config.mk Changeset: Modified: branches/SOC/mkhl/samdb-map/ldb_modules/config.mk === --- branches/SOC/mkhl/samdb-map/ldb_modules/config.mk 2006-08-02 02:24:00 UTC (rev 17372) +++ branches/SOC/mkhl/samdb-map/ldb_modules/config.mk 2006-08-02 02:33:32 UTC (rev 17373) @@ -33,6 +33,18 @@ # End MODULE ldb_samldb + +# Start MODULE ldb_entryUUID +[MODULE::ldb_entryUUID] +SUBSYSTEM = ldb +INIT_FUNCTION = ldb_entryUUID_module_init +ENABLE = YES +OBJ_FILES = \ + entryUUID.o +# +# End MODULE ldb_entryUUID + + # # # Start MODULE ldb_proxy # [MODULE::ldb_proxy] Added: branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c === --- branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c 2006-08-02 02:24:00 UTC (rev 17372) +++ branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c 2006-08-02 02:33:32 UTC (rev 17373) @@ -0,0 +1,107 @@ +/* + ldb database library - Samba3 SAM compatibility backend + + Copyright (C) Jelmer Vernooij 2005 +*/ + +#include includes.h +#include ldb/include/ldb.h +#include ldb/include/ldb_private.h +#include ldb/include/ldb_errors.h +#include ldb/modules/ldb_map.h + +#include librpc/gen_ndr/ndr_misc.h +#include librpc/ndr/libndr.h + +static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID guid; + NTSTATUS status = GUID_from_string((char *)val-data, guid); + struct ldb_val out = data_blob(NULL, 0); + + if (!NT_STATUS_IS_OK(status)) { + return out; + } + status = ndr_push_struct_blob(out, ctx, guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NT_STATUS_IS_OK(status)) { + return out; + } + + return out; +} + +static struct ldb_val decode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct GUID *guid; + NTSTATUS status; + struct ldb_val out = data_blob(NULL, 0); + + guid = talloc(ctx, struct GUID); + if (guid == NULL) { + return out; + } + status = ndr_pull_struct_blob(val, guid, guid, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(guid); + return out; + } + out = data_blob_string_const(GUID_string(ctx, guid)); + talloc_free(guid); + return out; +} + +const struct ldb_map_attribute entryUUID_attributes[] = +{ + /* objectGUID */ + { + .local_name = objectGUID, + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = entryUUID, + .convert_local = decode_guid, + .convert_remote = encode_guid, + }, + }, + }, + { + .local_name = *, + .type = MAP_KEEP, + }, + { + .local_name = NULL, + } +}; + +/* the context init function */ +static int entryUUID_init(struct ldb_module *module) +{ +int ret; + + ret = ldb_map_init(module, entryUUID_attributes, NULL, NULL); +if (ret != LDB_SUCCESS) +return ret; + +return ldb_next_init(module); +} + +static struct ldb_module_ops entryUUID_ops = { + .name = entryUUID, + .init_context = entryUUID_init, +}; + +/* the init function */ +int ldb_entryUUID_module_init(void) +{ + struct ldb_module_ops ops = ldb_map_get_ops(); + entryUUID_ops.add = ops.add; + entryUUID_ops.modify= ops.modify; + entryUUID_ops.del = ops.del; + entryUUID_ops.rename= ops.rename; + entryUUID_ops.search= ops.search; + entryUUID_ops.wait = ops.wait; + + return ldb_register_module(entryUUID_ops); +}