[Samba] Deleted files reappear after login
Hi, problem is, if someone deletes files e.g. from Desktop in XP, logs out and logs in again, the files reappear. They are not deleted in the profile on the server. The profile is syncing so that changes to files and new files are ok. Only deleting does not work. am using: Redhat EL4 U4, Samba 3.0.24-SerNet-RedHat, XP SP2 Clients. smb.conf parts: logon path = \\%L\profiles\%U logon script = login.cmd %U %G logon drive = h: [netlogon] comment = Network Logon Service path = /etc/samba/netlogon public = no read only = yes writeable = no browseable = no valid users = @xyz root [profiles] comment = Roaming profiles share path = /shares/profiles writeable = yes create mask = 0660 directory mask = 0770 browsable = no valid users = @xyz root force user = %U profile acls = yes hide dot files = no csc policy = disable Any ideas? Thx Rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hide workgroup names in network neighborhood ?
Hi, since we have have a working wins server all kind of workgroups from private laptops, or from special devices are visible in the network neighborhood in our institute. Is it possible to hide or mask all of them ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
contact_mahajan schrieb: Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U This definition is trying to be subtle by defining a per-user-netlogon share, as %U expands to the session user name. Normally you will not want to do this, so you will strip off the /%U and simply put your login scripts below /var/samba/netlogon. (Permissions should of course be so that everyone can read and only admins can write.) The logon script parameter is a (windows) path relative to the netlogon directory. There is no need to put those in a subdirectory. (Sou you can do away with the scripts\ part...) You should note that the logon script parameter in the [global] section can be overridden by per-user-settings in ldap (if you are using ldap). Kind regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Using Special Characters
[EMAIL PROTECTED] wrote: Volker Lendecke wrote: On Fri, Apr 06, 2007 at 01:42:55AM -0700, [EMAIL PROTECTED] wrote: I know these characters are not allowed in Windows file systems but I don't think that means SMB file names should be restricted (or at least not for linux clients). Anyways I'm mostly just using this Linux to Linux so if their isn't any way to do this, I guess I could just use NFS instead. With latest Samba and latest CIFS you should be able to use the posix extensions that Jeremy has put in lately. So you have a chance here. Volker If I do need a new version of samba then I've have to wait for a Gentoo ebuild for it. Right now I have samba 3.0.24 and kernel 2.6.18. Justin So far I haven't been able to upgrade samba as the latest version still isn't in portage. I did end up restarting the server and client computers though and now I can access files with special characters in them with the Linux CIFS client. So I guess this is supported in the CIFS client but it only works part of the time. Justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Any pointers for multiple subnets?
On Thu, Apr 12, 2007 at 11:58:48AM +0530, Nandan Bhat wrote: Hi Mark, Hi Nandan, Thanks for the link; I'll try it out and let you know how it goes. As for my LANs, my situation is this: * my linux machines are on both LANs * both linux machines are part of the 192.168.1.0/24 workgroup and appear under the workgroup when viewed from Windows clients in 192.168.1.0/24 ** under 192.168.1.0/24, all windows clients are able to browse the two linux boxes and machines under 192.168.1.0/24 but not machines under 192.168.0.0/24 * both linux machines appear under a workgroup when viewed from Windows clients in 192.168.0.0/24 (and are browseable). ** under 192.168.0.0/24, all windows clients are able to browse the two linux boxes and machines under 192.168.0.0/24 but not machines under 192.168.1.0/24 It sounds like Samba is working as desired. To have netbios work for the windows machines across the subnets I believe you will have to have the WINS server as detailed in that old (2005) link I posted. I have never set this up personally so can not help you on that any further. Personally, I would instead use DNS. do you have a DNS server on one of the linux boxes (such as dnsmasq?) if you set up dns and DHCP from the linux box, then your windows clients will most likely browse across fine as long as they are getting their dhcp lease from this box (make sure you turn off any adsl/firewall/router dhcp setup). Regards, Mark I'll try out the suggestions in the link and let you know how it goes. BTW, I am guessing only one of my linux machines needs to be the local master; the other may be a domain master (but need not be). Correct me if I'm wrong on that concept. Thanks, Nandan Mark Adams wrote: Hi Nathan Thanks for your interest. In reply to your question, the answer is yes. Both the linux machines are on both the LANs. Both are browseable from Windows clients in both networks by \\netbiosname and \\ipaddress To confirm, You can connect across these subnets with netbios or ip, but only browsing through My Network Places does not work? and the only shares you are trying to browse for are the samba shares on your linux box? if not do the windows based shares show? Have you set the workgroup in the samba config? or are you choosing 'View Entire Network' when browsing through My network places? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] panic in smbd_audit aftar a connect
hello I'm using Samba 3.0.21b-2 on RHEL4.1. All the machines are logging to a windows 2003 ADS domain server. The samba server is a ADS member of this windows 2k3 server and user's access log is recorded by using the audit module. I recently came into this trouble, when I connect to samba server from client, the smbd_audit suddenly got panic. Please advise me how to solve this problem. The related log file looks like this: Mar 6 11:13:58 host01 smbd_audit: [2007/03/06 11:13:58, 0] lib/fault.c:fault_report(36) Mar 6 11:13:58 host01 smbd_audit: === Mar 6 11:13:58 host01 smbd_audit: [2007/03/06 11:13:58, 0] lib/fault.c:fault_report(37) Mar 6 11:13:58 host01 smbd_audit: INTERNAL ERROR: Signal 11 in pid 15063 (3.0.21b-2) Mar 6 11:13:58 host01 smbd_audit: Please read the Trouble-Shooting section of the Samba3-HOWTO Mar 6 11:13:58 host01 smbd_audit: [2007/03/06 11:13:58, 0] lib/fault.c:fault_report(39) Mar 6 11:13:58 host01 smbd_audit: Mar 6 11:13:58 host01 smbd_audit: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Mar 6 11:13:58 host01 smbd_audit: [2007/03/06 11:13:58, 0] lib/fault.c:fault_report(40) Mar 6 11:13:58 host01 smbd_audit: === Mar 6 11:13:58 host01 smbd_audit: [2007/03/06 11:13:58, 0] lib/util.c:smb_panic2(1576) Mar 6 11:13:58 host01 smbd_audit: PANIC: internal error Mar 6 11:13:58 host01 smbd_audit: [2007/03/06 11:13:58, 0] lib/util.c:smb_panic2(1584) Mar 6 11:13:58 host01 smbd_audit: BACKTRACE: 17 stack frames: Mar 6 11:13:59 host01 smbd_audit:#0 smbd(smb_panic2+0x8a) [0xe1295b] Mar 6 11:13:59 host01 smbd_audit:#1 smbd(smb_panic+0x19) [0xe12b8b] Mar 6 11:13:59 host01 smbd_audit:#2 smbd [0xdfe311] Mar 6 11:13:59 host01 smbd_audit:#3 /lib/tls/libc.so.6 [0x2f18c8] Mar 6 11:13:59 host01 smbd_audit:#4 smbd(winbindd_request_response+0x2e) [0xe22b28] Mar 6 11:13:59 host01 smbd_audit:#5 smbd [0xe22017] Mar 6 11:13:59 host01 smbd_audit:#6 smbd [0xe52188] Mar 6 11:13:59 host01 smbd_audit:#7 smbd [0xe5321b] Mar 6 11:13:59 host01 smbd_audit:#8 smbd(make_server_info_pac+0x198) [0xe53645] Mar 6 11:13:59 host01 smbd_audit:#9 smbd [0xca1fdb] Mar 6 11:13:59 host01 smbd_audit:#10 smbd(reply_sesssetup_and_X+0x4f1) [0xca2f4e] Mar 6 11:13:59 host01 smbd_audit:#11 smbd [0xccf984] Mar 6 11:13:59 host01 smbd_audit:#12 smbd(process_smb+0x19b) [0xccfd60] Mar 6 11:13:59 host01 smbd_audit:#13 smbd(smbd_process+0x15c) [0xcd0c6d] Mar 6 11:13:59 host01 smbd_audit:#14 smbd(main+0x962) [0xeab315] Mar 6 11:14:00 host01 smbd_audit:#15 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x2dee23] Mar 6 11:14:00 host01 smbd_audit:#16 smbd [0xc660f1] Part of my smb.conf, everything but the shares.: ;= Global Settings = [global] acl check permissions = no acl group control = no acl map full control = yes admin users = [EMAIL PROTECTED] allow trusted domains = Yes bind interfaces only = Yes display charset = UTF-8 dos charset = CP932 full_audit:prefix = %u|%I:%S idmap gid = 1-6 idmap uid = 1-6 inherit acls = yes log file = /var/log/samba/log.%m max log size = 1 netbios name = HOST01 password server = .x.xx.xx .y.yy.yy xxxz.zz.zz.zz realm = .X.XX.XX security = ADS server string = Storage socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 template homedir = /home/%U template shell = /bin/bash unix charset = UTF-8 winbind cache time = 15 winbind separator = @ workgroup = DOMAIN01 ;=== Share Settings = [SERVICE01] browseable = yes create mask = 0775 directory mask = 0775 dos filemode = yes force unknown acl user = yes full_audit:failure = connect disconnect mkdir rmdir sendfile rename chmod chown unlink full_audit:success = connect disconnect mkdir rmdir sendfile rename chmod chown unlink open inherit permissions = yes path = /xxx/yyy/zzz printable = no public = no read only = no vfs object = full_audit writable = yes Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem with subfolder permissions within share
Just an question, im currently having the same problem here So main share has to be valid users [EMAIL PROTECTED] sub folders must be chmoded to the special group permissions right? -Mensagem original- De: Mark Adams [mailto:[EMAIL PROTECTED] Enviada: quarta-feira, 11 de Abril de 2007 14:05 Para: Jethro Hermans Cc: [EMAIL PROTECTED] Assunto: Re: [Samba] Problem with subfolder permissions within share On Wed, Apr 11, 2007 at 10:14:49AM +0200, Jethro Hermans wrote: I want to do the following set-up but I don't succeed in it: e.g.: users: user1 user2 user3 share: test with access from user1,2 and 3 Now I want to create a subfolder in test e.g. subtest but only with access for user1 and 3 but I'm not able to do that. Is there a solution for this? I assume that all of these users are in a group e.g group1 that has read/write access, and you are allowing @group1 for the valid users = access in smb.conf? To get what you want you could create another group group2 that allows read/write permission to subtest with only user1 and user3 in the group. Jethro wrote privately Do you want to say that I have to create a second folder (as subfolder) in the smb.conf with only these users as valid?br Is this the only right way to do this or is there maybe a way to do this in windows.br Because I created the subfolder via windows so it would be more easy to manage the permissions and allowed users also that way. Hi Jethro, Please make sure when you reply to mailing list messages that you 'Reply All' as the information may be useful for other users if they have similar issues. To answer your question, No i'm not talking about adding an extra entry in the smb.conf, as it is in the same container as your first share it would still be visible even if you did this. I am talking about setting the folder permissions in linux. You can do what you are asking effectively using groups. I suggest you do the following; Create 2 groups on your linux server; group1 and group2 Add user1, user2, and user3 to group1. Add user1 and user3 to group2. Change your smb.conf config for test so it has valid users = @group1 using the @ sign means it will allow the people in that group, rather than having to add multiple users Then set the perms (chmod) on the test folder in the filesystem to 2774 (the 2 is important as this sets SGID or Set group id this will ensure any files created in this folder, no matter by what user, will always set the group) Change the group ownership (chgrp) recursively to group1 for test cd in to test and change the group ownership of subtest to group2 Set the perms of 2774 for the subtest folder. Once this is done it should work as you desire, if user1 or user3 logs in, they will have access to all folders. If user2 logs in, they will not have access to subtest. I would recommend you read a bit more about linux if you intend to use it. Especially about permissions, see the following link for more information; http://www.zzee.com/solutions/linux-permissions.shtml Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Moving a Samba PDC from Solaris 2.8 to CentOS 4.4
Hello, I try to move a Samba-PDC (3.0.24) from Solaris 2.8 to CentOS 4.4 with the guidance from: http://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id333969 (Replacing a Domain Controller) At the moment I am trying this in a test environment. This means the following (not the real names/IPs. Just for illustration ;-)): smb.conf entries: ... netbios name = smbtest interfaces = 1.1.1.1/255.255.255.0 ... Hostname Solaris: solaris Virtual network interface with ip: 1.1.1.1 Hostname CentOS: smbtest Real network interface with ip: 1.1.1.1 Than I followed the docs expect that I don't power off the Solaris machine. I just stop the samba daemons and delete the virtual network interface. When I did that, the Windows XP clients can't login in the Domain anymore. After some investigation I found out that the SIDs of the domain and of the Linux-host are not the same than before on the Solaris host. When I change the SIDs with net setlocalsid and net setdomainsid to the original ones it seems to work again. Any ideas why that happens? Is this the expected behavior (because of the hostname change)? Do I have something else to change to test the PDC move? Best regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems sharing HP Officejet 6210 Linux -- XP
When sharing a printer via samba you can upload windows' drivers to samba server. I spent many time to do this solution. It's needed upload the driver and create a correct device mode. Upload driver for a samba server can be make either rpcclient(hard mode) or using Windows Wizard for add drivers(easy mode). Please before make any changes on server read from title - Creating the [print$] Share to - Setting Default Print Options for Client Drivers here: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id358044 2007/4/10, 1arrybarnett [EMAIL PROTECTED]: Problem: The basic catch-22 with this printer model is that the drivers aren't part of the standard XP distro. The XP printer installation wizard expects the drivers to be available from the print server. After searching the net, I came across this basic installation method: 1. Temporarily plug the printer into the XP PC and install the drivers from the Printer CD. Then plug the printer back into the linux server. Nooo... please don't do this. worse workaround. :-) At this point 2 techniques were suggested, neither of which worked for me: 2a. Go back to the wizard and install the remote printer, using the correct driver this time. This apparantly succeeds, but printint the test page fails with an uninformative popup inviting me to go to the troubleshooting wizard (which is equally unhelpful). or 2b. Hack the local printer configuration by going to properties--ports and creating a Local port with the value \\servername\printername, as shared by Samba. This step fails for me with error 66 The network resource type is not correct. For me work.. but isn't necessary. So that's it, I'm stuck. I would love to hear from anyone who has worked through this problem already. Failing that, how can I pick apart this problem to figure out what's failing? Note: There was also some discussion in the forums about the print$ share and loading drivers on the Linux box, but I never figured out if that was relevant to my use case (Linux server/Windows client). Many thanks in advance to those who reply. Cheers, Larry -- Att. Lutieri G. B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can upload but can't delete how ?
Gerald (Jerry) Carter wrote: Stanislav Nedelchev wrote: Hi to all , Is there a way to make this with samba possible . User can save files to share but can't delete the files only user with special right can delete files. See inherit owner in smb.conf(5). But if you can write to a file you can truncate it to 0 bytes so the delete permission is a little misleading. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian See inherit owner in smb.conf(5). But if you can write to a file you can truncate it to 0 bytes so the delete permission is a little misleading. Yes but you can't delete involuntarily some file over the network . i read the manual but i can;t find how to use inherit owner. Any suggestion are welcome. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with subfolder permissions within share
Yes you must chmod so the group has full access, and also make sure you set the correct group with chgrp. Also note that you either must have SGID set on the directorys (Only directories) OR force group = group in smb.conf On Thu, Apr 12, 2007 at 11:29:40AM +0100, Bruno Silva wrote: Just an question, im currently having the same problem here So main share has to be valid users [EMAIL PROTECTED] sub folders must be chmoded to the special group permissions right? -Mensagem original- De: Mark Adams [mailto:[EMAIL PROTECTED] Enviada: quarta-feira, 11 de Abril de 2007 14:05 Para: Jethro Hermans Cc: [EMAIL PROTECTED] Assunto: Re: [Samba] Problem with subfolder permissions within share On Wed, Apr 11, 2007 at 10:14:49AM +0200, Jethro Hermans wrote: I want to do the following set-up but I don't succeed in it: e.g.: users: user1 user2 user3 share: test with access from user1,2 and 3 Now I want to create a subfolder in test e.g. subtest but only with access for user1 and 3 but I'm not able to do that. Is there a solution for this? I assume that all of these users are in a group e.g group1 that has read/write access, and you are allowing @group1 for the valid users = access in smb.conf? To get what you want you could create another group group2 that allows read/write permission to subtest with only user1 and user3 in the group. Jethro wrote privately Do you want to say that I have to create a second folder (as subfolder) in the smb.conf with only these users as valid?br Is this the only right way to do this or is there maybe a way to do this in windows.br Because I created the subfolder via windows so it would be more easy to manage the permissions and allowed users also that way. Hi Jethro, Please make sure when you reply to mailing list messages that you 'Reply All' as the information may be useful for other users if they have similar issues. To answer your question, No i'm not talking about adding an extra entry in the smb.conf, as it is in the same container as your first share it would still be visible even if you did this. I am talking about setting the folder permissions in linux. You can do what you are asking effectively using groups. I suggest you do the following; Create 2 groups on your linux server; group1 and group2 Add user1, user2, and user3 to group1. Add user1 and user3 to group2. Change your smb.conf config for test so it has valid users = @group1 using the @ sign means it will allow the people in that group, rather than having to add multiple users Then set the perms (chmod) on the test folder in the filesystem to 2774 (the 2 is important as this sets SGID or Set group id this will ensure any files created in this folder, no matter by what user, will always set the group) Change the group ownership (chgrp) recursively to group1 for test cd in to test and change the group ownership of subtest to group2 Set the perms of 2774 for the subtest folder. Once this is done it should work as you desire, if user1 or user3 logs in, they will have access to all folders. If user2 logs in, they will not have access to subtest. I would recommend you read a bit more about linux if you intend to use it. Especially about permissions, see the following link for more information; http://www.zzee.com/solutions/linux-permissions.shtml Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Drag and Drop and Crash
This is becoming an interesting problem. The user of the affected machine I was dealing with was in dire need of it working. I ended up using the repair option from the install cd and when that finished and the user logged in everything worked. So at this point I am unsure as to what the cause is. We also are running the dreaded Symantec AV. If I get another machine that this pops up on then hopefully I can have the time to try and isolate the cause. Thanks again for the info. --jim Thomas McNeely wrote: Hi Jim, The Samba listserv rejected this post, so I’m sending it to you directly. Feel free to try posting it to the listserv if you like, as you did for Rhiannon. - We also have this problem. We are using Samba 3.0.23d and 3.0.24, both installed from source code (as opposed to the packages that come with the operating system), running on Slackware Linux 10.2 and 9.1, respectively. The problem first appeared for us on April 5th. Our servers had been running fine with no changes since Christmas when the problem first appeared. The problem manifests as a sudden workstation reboot (without proper shutdown) when users do most any kind of write operation to a Samba share – copying, renaming, or saving files. The affected workstations do not have a problem performing these operations on Microsoft servers – just Samba. Elsewhere on our campus is a Solaris server (unknown version) running an unknown version of Samba that does not have this problem. I’ll try to get more info about this. There is considerable variation among the workstations exhibiting the problem – different generations of hardware, some are domain members and others not, some are logged into Novell and other not. At this point I think all the affected workstations run the Novell Client, but that thought just now came to me and I haven’t experimented with it yet. All affected workstations have been running Windows XP with SP2. We have definitely determined that a key cause of this problem is Symantec AntiVirus. We can induce and cure the problem at will by installing or removing Symantec, and we’ve done so many times now. I don’t have the version info available right now; I’ll try to get it soon. Although the timing with regard to MS patch KB925902 is extremely suspicious, we haven’t been able to experimentally establish any correlation with that patch. We haven’t ruled out that it could be a contributing factor though. Tom McNeely Western Washington University Libraries -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC across WAN
We have several locations seperated by WAN links. There is one PDC in the central office, and a BDC at each other site. The PDC has a WINS server, all other servers and stations are configured to query this server (hybrid mode - WINS first, then broadcast.) Here is my problem: When one of the BDCs is disconnected from the network, all of the sites suffer problems (ie., Windows logins slow down from 10-15 seconds to 5-10 minutes, system policies fail to apply, accessing mapped drives slows down.) The entire domain basically becomes unusable. When the connection is reestablished, everything returns to normal rather quickly. I've spent some time Googling my problem, but so far have been unsuccessful. Should I be using interdomain trust relationships instead of my current single WAN-spanning domain? Or is there something else I've overlooked? -- Mike Alborn [EMAIL PROTECTED] School District 28 (Quesnel) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and XP roaming profiles
Hi, I dont have samba with LDAP. I took out \scripts\ part from logon script part in GLOBAL settings. ALso I created a script for a particular test user (script name is same as login name). I stored that script under /var/samba/netlogon/. Permissions were also set so that this user can read/write/Execute, plus the ownership was also changed. I tried loggin as this user to test the script but nothing was mapped. I think the script failed. Can you think of any reason? I even restarted my samba services. Thanks, Gigs Wolfgang Ratzka wrote: contact_mahajan schrieb: Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U This definition is trying to be subtle by defining a per-user-netlogon share, as %U expands to the session user name. Normally you will not want to do this, so you will strip off the /%U and simply put your login scripts below /var/samba/netlogon. (Permissions should of course be so that everyone can read and only admins can write.) The logon script parameter is a (windows) path relative to the netlogon directory. There is no need to put those in a subdirectory. (Sou you can do away with the scripts\ part...) You should note that the logon script parameter in the [global] section can be overridden by per-user-settings in ldap (if you are using ldap). Kind regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9961787 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] machine trust account password backup
Hi all, I am facing a problem regarding machine trust account password backup for samba-3 acting as NT4 PDC. If I understand it well, password for machine trust account are always modified the first time a windows host joins the domain. I use smbpasswd backend (samba3.0.25rc1), and the password in modified in the db file smbpasswd. Is there a way to now this password in a clear text format ? I manually create user and machine accounts (Unix+samba) and I actually need this because my rescue system automatically recreates smbpasswd from cleartext information stored in a remote DB. It's been working well for years with user accounts, but now that I switched to samab-as-PDC I encounter a big problem (I cant get the machine password to have them stored in my backup database). I am looking for a solution: - Ideally I would like to set an initial password for machine trust account and force the client to use this password: the samba password for the machine would be imported in windows registry (maybe manually) ? Can samba force windows to use a given password for machine trust account ? - Maybe there are some possibilies to get the cleartext transcoding of the password that is set when joining the domain the first time so that I can back-it up in my database ? What is the standard solution you would recommand ? Do I rather backup smbpasswd file and restore lines concerning machine trust account ? Any comments are welcome. Vincent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0 and XP roaming profiles
I haven't done this, so I don't really know. If the script is named user1, would windows know what to do with it? Shouldn't it be user1.bat? (assuming it's a batch file.) If so, shouldn't it say: path= /var/samba/netlogon/%U.bat In the netlogon section? Again, I haven't tried it, so I'm just guessing Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of contact_mahajan Sent: Thursday, April 12, 2007 8:35 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0 and XP roaming profiles Hi, I dont have samba with LDAP. I took out \scripts\ part from logon script part in GLOBAL settings. ALso I created a script for a particular test user (script name is same as login name). I stored that script under /var/samba/netlogon/. Permissions were also set so that this user can read/write/Execute, plus the ownership was also changed. I tried loggin as this user to test the script but nothing was mapped. I think the script failed. Can you think of any reason? I even restarted my samba services. Thanks, Gigs Wolfgang Ratzka wrote: contact_mahajan schrieb: Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U This definition is trying to be subtle by defining a per-user-netlogon share, as %U expands to the session user name. Normally you will not want to do this, so you will strip off the /%U and simply put your login scripts below /var/samba/netlogon. (Permissions should of course be so that everyone can read and only admins can write.) The logon script parameter is a (windows) path relative to the netlogon directory. There is no need to put those in a subdirectory. (Sou you can do away with the scripts\ part...) You should note that the logon script parameter in the [global] section can be overridden by per-user-settings in ldap (if you are using ldap). Kind regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9961 787 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba 3.0 and XP roaming profiles
Script is user1.bat with all the permissions. So Windows should know, but nothing is happening. Gigs Dennis McLeod-5 wrote: I haven't done this, so I don't really know. If the script is named user1, would windows know what to do with it? Shouldn't it be user1.bat? (assuming it's a batch file.) If so, shouldn't it say: path= /var/samba/netlogon/%U.bat In the netlogon section? Again, I haven't tried it, so I'm just guessing Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of contact_mahajan Sent: Thursday, April 12, 2007 8:35 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0 and XP roaming profiles Hi, I dont have samba with LDAP. I took out \scripts\ part from logon script part in GLOBAL settings. ALso I created a script for a particular test user (script name is same as login name). I stored that script under /var/samba/netlogon/. Permissions were also set so that this user can read/write/Execute, plus the ownership was also changed. I tried loggin as this user to test the script but nothing was mapped. I think the script failed. Can you think of any reason? I even restarted my samba services. Thanks, Gigs Wolfgang Ratzka wrote: contact_mahajan schrieb: Also regarding my logon script, my smb.conf fille says like this: [GLOBAL] .. logon script = scripts\login.bat . [netlogon] ... path= /var/samba/netlogon/%U This definition is trying to be subtle by defining a per-user-netlogon share, as %U expands to the session user name. Normally you will not want to do this, so you will strip off the /%U and simply put your login scripts below /var/samba/netlogon. (Permissions should of course be so that everyone can read and only admins can write.) The logon script parameter is a (windows) path relative to the netlogon directory. There is no need to put those in a subdirectory. (Sou you can do away with the scripts\ part...) You should note that the logon script parameter in the [global] section can be overridden by per-user-settings in ldap (if you are using ldap). Kind regards -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9961 787 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- View this message in context: http://www.nabble.com/Samba-3.0-and-XP-roaming-profiles-tf3561201.html#a9963320 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB Signature verification failed when establish trust with win2003 domain
On Wed, Apr 11, 2007 at 09:36:55AM -0400, Lin Li wrote: I found the solution. When the problem happens I set the client use spnego to no. If I set it to yes, the trust works. Can you get me a wireshare/ethereal trace of the failure case please ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot set ACL rights for group Authenticated Users (SID S-1-5-11)
I cannot set rights on a arbitrary file or folder for the Windows predefined group Authenticated Users (which has SID S-1-5-11) via SAMBA 3.0.23d and the standard Windows 2000 File Attribute Dialog. Everything else works: - I can set rights for any other domain group. - I can read the ACL entry for Authenticated Users in the Windows 2000 File Attribute Dialog if I set it manually with setfacl before - I am using tdbsam and the SID S-1-5-11 is mapped to GID 1018 (checked with wbinfo -Y), so SAMBA and Windows both seem to agree on the existence of this predefined group. What am I doing wrong? Is this supposed to work? Is there a workaround or any other suitable mapping for this group? In the Unofficial Samba + ACL Howto, there is a reference (chapter 3.1.4) that this might not work, but that was back in 2003 and 4 years have passed since then. Kind regards for any hint, Jens P.S: smb.conf output from testparm, nt acl support = Yes is also set (testparm does not show it) [global] dos charset = ISO-8859-1 unix charset = ISO-8859-1 display charset = ISO-8859-1 workgroup = XXX realm = XXX.TEST security = ADS password server = xxx.xxx.test passdb backend = tdbsam guest account = samba name resolve order = host wins bcast idmap uid = 1000-6 idmap gid = 1000-6 winbind enum users = Yes winbind enum groups = Yes winbind nss info = rfc2307 ldapsam:trusted = Yes admin users = XXX\\Administrator ea support = Yes map acl inherit = Yes hide dot files = No map hidden = Yes map readonly = permissions dos filemode = Yes [homes] comment = Home Directories read only = No browseable = No preexec = mkdir -m 700 %P [shared] comment = ACL shared folder path = /export/shared read only = No create mask = 0777 directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot set ACL rights for group Authenticated Users (SID S-1-5-11)\
On Thu, Apr 12, 2007 at 08:06:21PM +0200, Jens Nissen wrote: I cannot set rights on a arbitrary file or folder for the Windows predefined group Authenticated Users (which has SID S-1-5-11) via SAMBA 3.0.23d and the standard Windows 2000 File Attribute Dialog. Everything else works: - I can set rights for any other domain group. - I can read the ACL entry for Authenticated Users in the Windows 2000 File Attribute Dialog if I set it manually with setfacl before - I am using tdbsam and the SID S-1-5-11 is mapped to GID 1018 (checked with wbinfo -Y), so SAMBA and Windows both seem to agree on the existence of this predefined group. What am I doing wrong? Is this supposed to work? Is there a workaround or any other suitable mapping for this group? In the Unofficial Samba + ACL Howto, there is a reference (chapter 3.1.4) that this might not work, but that was back in 2003 and 4 years have passed since then. What fails ? Selecting the user in the GUI ? More info on exactly what isn't working would be good. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can I do advanced group mapping (rpc) without Active Directory?
All, I finally figured out how to create essentially 'domain administrators' with the mapping. However, I would like to go further. I work for a school district and I would like to further map students, teachers, and admin to groups. The catch seems to be, that I do not have Active Directory- so I don't think I can just make a 'teachers' group and map it? I have a unixgroup teachers, and people are assigned correctly for that (so they get the correct mappings).. but with rpc mappings, I could give more privileges such as giving teachers printer admin. Any explanation of how to do the most with samba without active directory, would be appreciated. Thanks in advance, Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Idmap back compatible issue
I ran into a problem on idmap backend. In previous Samba releases, there are two kinds of scenarios on idmap backend. 1) No explicit idmap backend option presented in smb.conf. But imply using default tdb idmap backend idmap uid = low - high idmap gid = low - high 2) idmap backend option exists in smb.conf idmap uid = low - high idmap gid = low - high idmap backend = tdb [or ldap:ldap://ldapserver.com] In 3.0.25pre2, 2) works to me. But 1) didn't. It looks the new idmap only considers the second scenarios as back compatibility. It didn't consider the first to be back compatible. Therefore, when using implied idmap backend(without idmap backend option in smb.conf), winbind won't work. When dom_list is empty after dom_list = lp_idmap_backend(), the variable compat didn't assign to 1. I believe that many users take the default setting without specific idmap backend option, if there is no particular idmap requirement. I'd like to recommend considering the first situation as back compatible issue. At lease let it takes the default tdb backend when no idmap domains presented, no idmap backend in smb.conf. Here is a patch for this. Could somebody look at it? # diff -U 3 idmap.c idmap.c_my --- idmap.c 2007-04-12 11:52:07.0 -0700 +++ idmap.c_my 2007-04-12 11:51:49.0 -0700 @@ -321,6 +321,14 @@ *p = '\0'; compat_params = p + 1; } + } else { + /* Back compatible: without idmap domains and explicit idmap backend +* Taking default idmap backend: tdb +*/ + DEBUG(3, (idmap_init: No idmap domains, No idmap backend dom_list=%s\n, *dom_list)); + compat = 1; + compat_backend = talloc_strdup( idmap_ctx, tdb); + compat_params = compat_backend; } if ( ! dom_list) { Thanks. -Ying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] InterDomain Trust Issue w/Server 2003
I'm having an issue establishing a trust between a samba/ldap PDC and a windows 2003 Active directory server on a seperate domain. Here is what I've done. I've created a 2 way trust in windows with the samba domain. When I try to verify the outgoing trust from windows I get an access denied message. In samba logs I get get_md4pw: Workstation CATS$: no account in domain although I've created a trust account on the samba server using 'smbldap-useradd -w CATS' then I do the ldapmodify stuff accourding to the samba interdomain trust howto and set the sambaAcctFlags to I. When I try to do net rpc trustdom establish CATS I type the password and get [2007/04/12 15:43:07, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451) cli_nt_session_open: cli_nt_create failed on pipe \wkssvc to machine CODY1. Error was NT_STATUS_ACCESS_DENIED [2007/04/12 15:43:07, 0] utils/net_rpc.c:rpc_trustdom_establish(4672) Couldn't not initialise wkssvc pipe If I type the wrong password, I get NT_STATUS_LOGON_FAILURE so I know the password is right. Does anyone have any ideas? [EMAIL PROTECTED] ~]# smbldap-usershow cats$ dn: uid=CATS$,ou=People,dc=domain,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: CATS$ sn: CATS$ uid: CATS$ uidNumber: 1140 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer userPassword: {SMD5}ZERr2tHzfxsdfFSddfsdfWs= sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaSID: S-1-5-21-1149954056-267194260-154304278-3280 sambaAcctFlags: [I] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Group Policy install MSI from Samba share
-- Forwarded message -- From: James A. Dinkel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 11 Apr 2007 10:47:45 -0500 Subject: RE: [Samba] Group Policy install MSI from Samba share I'm assigning this to the Computer Accounts, not publishing to groups/users. The only thing I could think of was to give permission to the Domain Computers group, but that does not work. James Dinkel We post our .msi files on our samba share without any problems getting them to install through GPO. In the smb.conf, we list domain computers as being a valid user. We have also set the acl on the directory to give domain computers r-x. Yes, we are using extended acls on our reiserfs partition. Check both places. Good luck Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fwd: machine authentication at Active Directory
On Wed, 2007-04-11 at 18:20 -0300, Otto Fuchshuber Filho wrote: Can anybody help me with this issue or tell me where I can get help? Thanks -- Otto Fuchshuber Filho [EMAIL PROTECTED] -- Forwarded message -- From: Otto Fuchshuber Filho [EMAIL PROTECTED] Date: 10/04/2007 22:08 Subject: machine authentication at Active Directory To: [EMAIL PROTECTED] On a 802.1X environment, it's possible to permit a windows desktop gain access to the network by using only machine authentication at the Active Directory (no need for login + password). Is it possible to do the same with a Linux desktop with samba? I mean a Linux desktop pass machine credentials to Active Directory as windows do (SID), without any login and password. We store the information that could do this, but I don't think anybody has done the link between that and 802.1x. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Rev 100: merge from ronnie in http://samba.org/~tridge/ctdb
revno: 100 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Thu 2007-04-12 16:51:33 +1000 message: merge from ronnie modified: common/ctdb_call.c ctdb_call.c-20061128065342-to93h6eejj5kon81-1 common/ctdb_client.c ctdb_client.c-20070411010216-3kd8v37k61steeya-1 common/ctdb_daemon.c ctdb_daemon.c-20070409200331-3el1kqgdb9m4ib0g-1 common/ctdb_message.c ctdb_message.c-20070208224107-9dnio7x7z33prrmt-1 include/ctdb.h ctdb.h-20061117234101-o3qt14umlg9en8z0-11 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 tests/ctdb_fetch.c ctdb_fetch.c-20070405031748-f7gslozfj3rwh5ie-1 tests/ctdb_messaging.c ctdb_messaging.c-20070411034205-6d6vne56pbih2x1p-1 tests/fetch.sh fetch.sh-20070405031756-lomzqpjyqg3xd1kv-1 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 16:49:37 +1000 message: dont hardcode gdb in the test script. ooops merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 15:46:50 +1000 message: initial support for two new pdus for the domain socket to do fetch_lock no locking is yet done and the store_unlock call is still missing the ./tests/fetch.sh --daemon test fails with parent process dying which needs to be investigated. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 10:52:19 +1000 message: merge from volker Diff too large for email (567, the limit is 200).
svn commit: samba r22188 - in branches/SAMBA_4_0/source/torture/unix: .
Author: metze Date: 2007-04-12 10:35:21 + (Thu, 12 Apr 2007) New Revision: 22188 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22188 Log: fix formating bug metze Modified: branches/SAMBA_4_0/source/torture/unix/unix_info2.c Changeset: Modified: branches/SAMBA_4_0/source/torture/unix/unix_info2.c === --- branches/SAMBA_4_0/source/torture/unix/unix_info2.c 2007-04-12 10:25:01 UTC (rev 22187) +++ branches/SAMBA_4_0/source/torture/unix/unix_info2.c 2007-04-12 10:35:21 UTC (rev 22188) @@ -84,7 +84,7 @@ */ if ((info2-flags_mask info2-file_flags) == 0) { torture_result(torture, TORTURE_FAIL, - __location__%s: UNIX_INFO2 flags field 0x%08x, + __location__: UNIX_INFO2 flags field 0x%08x, does not match mask 0x%08x\n, info2-file_flags, info2-flags_mask); }
svn commit: samba r22189 - in branches/SAMBA_4_0/source/torture/raw: .
Author: metze Date: 2007-04-12 10:48:30 + (Thu, 12 Apr 2007) New Revision: 22189 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22189 Log: fix compiler warning metze Modified: branches/SAMBA_4_0/source/torture/raw/search.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/search.c === --- branches/SAMBA_4_0/source/torture/raw/search.c 2007-04-12 10:35:21 UTC (rev 22188) +++ branches/SAMBA_4_0/source/torture/raw/search.c 2007-04-12 10:48:30 UTC (rev 22189) @@ -527,7 +527,7 @@ /* callback function for multiple_search */ -static BOOL multiple_search_callback(void *private, union smb_search_data *file) +static BOOL multiple_search_callback(void *private, const union smb_search_data *file) { struct multiple_result *data = private;
svn commit: samba r22190 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: metze Date: 2007-04-12 11:02:26 + (Thu, 12 Apr 2007) New Revision: 22190 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22190 Log: fix compiler warnings and remove unused talloc_reference() metze Modified: branches/SAMBA_4_0/source/torture/rpc/samsync.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samsync.c === --- branches/SAMBA_4_0/source/torture/rpc/samsync.c 2007-04-12 10:48:30 UTC (rev 22189) +++ branches/SAMBA_4_0/source/torture/rpc/samsync.c 2007-04-12 11:02:26 UTC (rev 22190) @@ -112,7 +112,7 @@ struct samsync_state { /* we remember the sequence numbers so we can easily do a DatabaseDelta */ uint64_t seq_num[3]; - char *domain_name[2]; + const char *domain_name[2]; struct samsync_secret *secrets; struct samsync_trusted_domain *trusted_domains; struct creds_CredentialState *creds; @@ -130,14 +130,14 @@ struct samsync_secret { struct samsync_secret *prev, *next; DATA_BLOB secret; - char *name; + const char *name; NTTIME mtime; }; struct samsync_trusted_domain { struct samsync_trusted_domain *prev, *next; struct dom_sid *sid; - char *name; + const char *name; }; static struct policy_handle *samsync_open_domain(TALLOC_CTX *mem_ctx, @@ -324,7 +324,6 @@ } if (samsync_state-domain_handle[database_id]) { samsync_state-sid[database_id] = talloc_reference(samsync_state, dom_sid); - talloc_reference(dom_sid, dom_sid-sub_auths); } printf(\tsequence_nums[%d/%s]=%llu\n,
svn commit: samba-docs r1097 - in trunk/manpages-3: .
Author: kseeger Date: 2007-04-12 11:20:15 + (Thu, 12 Apr 2007) New Revision: 1097 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1097 Log: Fix typos in idmap_rid manpage. Modified: trunk/manpages-3/idmap_rid.8.xml Changeset: Modified: trunk/manpages-3/idmap_rid.8.xml === --- trunk/manpages-3/idmap_rid.8.xml2007-04-11 21:50:59 UTC (rev 1096) +++ trunk/manpages-3/idmap_rid.8.xml2007-04-12 11:20:15 UTC (rev 1097) @@ -40,8 +40,8 @@ termbase_rid = INTEGER/term listitempara Defines the base integer used to build SIDs out of an UID or a GID, - and to rebase the UID or GID to be obtained froma SID. User RIDs - by default starts at 1000 (512 hexadecimal), this means a good value + and to rebase the UID or GID to be obtained from a SID. User RIDs + by default start at 1000 (512 hexadecimal), this means a good value for base_rid can be 1000 as the resulting ID is calculated this way: ID = RID - BASE_RID + LOW RANGE ID. /para/listitem
svn commit: samba r22191 - in branches/SAMBA_4_0/source: heimdal heimdal/kuser heimdal/lib/krb5 heimdal_build
Author: abartlet Date: 2007-04-12 11:23:58 + (Thu, 12 Apr 2007) New Revision: 22191 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22191 Log: Add a samba4kinit binary to the build, so I can test using an existing ccache, as well as PKINIT. Andrew Bartlett Added: branches/SAMBA_4_0/source/heimdal/kuser/ branches/SAMBA_4_0/source/heimdal/kuser/kinit.c branches/SAMBA_4_0/source/heimdal/kuser/kuser_locl.h branches/SAMBA_4_0/source/heimdal/lib/krb5/convert_creds.c branches/SAMBA_4_0/source/heimdal/lib/krb5/prompter_posix.c branches/SAMBA_4_0/source/heimdal_build/kafs.h Modified: branches/SAMBA_4_0/source/heimdal_build/config.mk Changeset: Sorry, the patch is too large (1378 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22191
svn commit: samba r22192 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: metze Date: 2007-04-12 11:24:51 + (Thu, 12 Apr 2007) New Revision: 22192 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22192 Log: fix compiler warnings ClearEventLog test is compiled in but disabled now metze Modified: branches/SAMBA_4_0/source/torture/rpc/eventlog.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/eventlog.c === --- branches/SAMBA_4_0/source/torture/rpc/eventlog.c2007-04-12 11:23:58 UTC (rev 22191) +++ branches/SAMBA_4_0/source/torture/rpc/eventlog.c2007-04-12 11:24:51 UTC (rev 22192) @@ -77,7 +77,7 @@ dcerpc_eventlog_GetNumRecords(p, tctx, r), GetNumRecords failed); - torture_comment(tctx, talloc_asprintf(tctx, %d records\n, *r.out.number)); + torture_comment(tctx, %d records\n, *r.out.number); cr.in.handle = cr.out.handle = handle; @@ -186,12 +186,17 @@ return true; } -static bool test_ClearEventLog(struct dcerpc_pipe *p, TALLOC_CTX *tctx) +static bool test_ClearEventLog(struct torture_context *tctx, + struct dcerpc_pipe *p) { struct eventlog_ClearEventLogW r; struct eventlog_CloseEventLog cr; struct policy_handle handle; + if (!torture_setting_bool(tctx, dangerous, false)) { + torture_skip(tctx, ClearEventLog test disabled - enable dangerous tests to use); + } + if (!get_policy_handle(tctx, p, handle)) return false; @@ -236,15 +241,10 @@ suite = torture_suite_create(talloc_autofree_context(), EVENTLOG); tcase = torture_suite_add_rpc_iface_tcase(suite, eventlog, - dcerpc_table_eventlog); + dcerpc_table_eventlog); torture_rpc_tcase_add_test(tcase, OpenEventLog, test_OpenEventLog); - -#if 0 - /* Destructive test */ torture_rpc_tcase_add_test(tcase, ClearEventLog, test_ClearEventLog); -#endif - torture_rpc_tcase_add_test(tcase, GetNumRecords, test_GetNumRecords); torture_rpc_tcase_add_test(tcase, ReadEventLog, test_ReadEventLog); torture_rpc_tcase_add_test(tcase, FlushEventLog, test_FlushEventLog);
Rev 101: merge from ronnie in http://samba.org/~tridge/ctdb
revno: 101 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Thu 2007-04-12 21:32:16 +1000 message: merge from ronnie added: tests/ctdb_fetch1.cctdb_fetch1.c-20070412111848-xawz6wqk9r0v8jdk-1 tests/fetch1.shfetch1.sh-20070412111854-6s84l3myac9ncl79-1 modified: Makefile.inmakefile.in-20061117234101-o3qt14umlg9en8z0-1 common/ctdb_daemon.c ctdb_daemon.c-20070409200331-3el1kqgdb9m4ib0g-1 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 21:19:00 +1000 message: add the two missing file from the previous commit merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 21:17:10 +1000 message: add a beginning of a new test right now this test only does one fetch lock but this will be enhanced as more code is added to ctdb to handle fetch_lock and store_unlock merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 21:14:41 +1000 message: when sending back a fetch lock reply to a client we cant peek in state-c since this is uninitialized and even if it were not it would be wrong create a new structure to pass BOTH client and also the reqid to respond back to the client with merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 17:13:48 +1000 message: merge from tridges tree Diff too large for email (245, the limit is 200).
svn commit: samba r22193 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: metze Date: 2007-04-12 11:35:00 + (Thu, 12 Apr 2007) New Revision: 22193 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22193 Log: fix compiler warning and formating metze Modified: branches/SAMBA_4_0/source/torture/rpc/wkssvc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/wkssvc.c === --- branches/SAMBA_4_0/source/torture/rpc/wkssvc.c 2007-04-12 11:24:51 UTC (rev 22192) +++ branches/SAMBA_4_0/source/torture/rpc/wkssvc.c 2007-04-12 11:35:00 UTC (rev 22193) @@ -25,7 +25,7 @@ #include torture/rpc/rpc.h static bool test_NetWkstaGetInfo(struct torture_context *tctx, -struct dcerpc_pipe *p) +struct dcerpc_pipe *p) { NTSTATUS status; struct wkssvc_NetWkstaGetInfo r; @@ -38,7 +38,7 @@ for (i=0;iARRAY_SIZE(levels);i++) { r.in.level = levels[i]; - torture_comment(tctx, talloc_asprintf(tctx, testing NetWkstaGetInfo level %u\n, r.in.level)); + torture_comment(tctx, testing NetWkstaGetInfo level %u\n, r.in.level); status = dcerpc_wkssvc_NetWkstaGetInfo(p, tctx, r); torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, NetWkstaGetInfo level %u failed, r.in.level)); @@ -51,7 +51,7 @@ static bool test_NetWkstaTransportEnum(struct torture_context *tctx, - struct dcerpc_pipe *p) + struct dcerpc_pipe *p) { NTSTATUS status; struct wkssvc_NetWkstaTransportEnum r; @@ -72,8 +72,7 @@ status = dcerpc_wkssvc_NetWkstaTransportEnum(p, tctx, r); torture_assert_ntstatus_ok(tctx, status, NetWkstaTransportEnum failed); - torture_assert_werr_ok(tctx, r.out.result, - talloc_asprintf(tctx, + torture_assert_werr_ok(tctx, r.out.result, talloc_asprintf(tctx, NetWkstaTransportEnum level %u failed, r.in.level)); return true; @@ -87,11 +86,11 @@ struct torture_tcase *tcase; suite = torture_suite_create(talloc_autofree_context(), WKSSVC); - tcase = torture_suite_add_rpc_iface_tcase(suite, wkssvc, - dcerpc_table_wkssvc); + tcase = torture_suite_add_rpc_iface_tcase(suite, wkssvc, + dcerpc_table_wkssvc); torture_rpc_tcase_add_test(tcase, NetWkstaGetInfo, test_NetWkstaGetInfo); torture_rpc_tcase_add_test(tcase, NetWkstaTransportEnum, - test_NetWkstaTransportEnum); + test_NetWkstaTransportEnum); return suite; }
svn commit: samba r22194 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: metze Date: 2007-04-12 11:42:09 + (Thu, 12 Apr 2007) New Revision: 22194 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22194 Log: fix compiler warning and compile in but disable NetShareAddSetDel test metze Modified: branches/SAMBA_4_0/source/torture/rpc/srvsvc.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/srvsvc.c === --- branches/SAMBA_4_0/source/torture/rpc/srvsvc.c 2007-04-12 11:35:00 UTC (rev 22193) +++ branches/SAMBA_4_0/source/torture/rpc/srvsvc.c 2007-04-12 11:42:09 UTC (rev 22194) @@ -525,6 +525,11 @@ int i; BOOL ret = True; + if (!lp_parm_bool(-1, torture, dangerous, False)) { + d_printf(NetShareAddSetDel disabled - enable dangerous tests to use\n); + return True; + } + a.in.server_unc = r.in.server_unc = q.in.server_unc = d.in.server_unc = talloc_asprintf(mem_ctx, %s, dcerpc_server_name(p)); r.in.share_name = talloc_strdup(mem_ctx, testshare); @@ -1047,7 +1052,7 @@ } } - talloc_free(r.in.name); + talloc_free(name); d_printf(Maximum length for type %2d, flags %08x: %d\n, i, r.in.flags, max); @@ -1056,7 +1061,7 @@ invalidc = talloc_strdup(mem_ctx, ); for (n = 0x20; n 0x7e; n++) { - r.in.name = talloc_asprintf(mem_ctx, %c, (char)n); + r.in.name = name = talloc_asprintf(mem_ctx, %c, (char)n); status = dcerpc_srvsvc_NetNameValidate(p, mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { @@ -1069,7 +1074,7 @@ invalidc = talloc_asprintf_append(invalidc, %c, (char)n); } - talloc_free(r.in.name); + talloc_free(name); } d_printf( Invalid chars for type %2d, flags %08x: \%s\\n, i, r.in.flags, invalidc); @@ -1115,7 +1120,7 @@ ret = test_NetRemoteTOD(p, mem_ctx); ret = test_NetShareEnum(p, mem_ctx, True); ret = test_NetShareGetInfo(p, mem_ctx, ADMIN$, True); -/* ret = test_NetShareAddSetDel(p, mem_ctx); */ + ret = test_NetShareAddSetDel(p, mem_ctx); ret = test_NetNameValidate(p, mem_ctx); status = torture_rpc_connection(mem_ctx, p, dcerpc_table_srvsvc);
svn commit: samba r22195 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: metze Date: 2007-04-12 11:59:38 + (Thu, 12 Apr 2007) New Revision: 22195 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22195 Log: fix compiler warnings and convert the whole torture/rpc/unixinfo.c code to the new torture ui functions metze Modified: branches/SAMBA_4_0/source/torture/rpc/unixinfo.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/unixinfo.c === --- branches/SAMBA_4_0/source/torture/rpc/unixinfo.c2007-04-12 11:42:09 UTC (rev 22194) +++ branches/SAMBA_4_0/source/torture/rpc/unixinfo.c2007-04-12 11:59:38 UTC (rev 22195) @@ -28,21 +28,18 @@ /** test the SidToUid interface */ -static BOOL test_sidtouid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static bool test_sidtouid(struct torture_context *tctx, struct dcerpc_pipe *p) { NTSTATUS status; struct unixinfo_SidToUid r; struct dom_sid *sid; - sid = dom_sid_parse_talloc(mem_ctx, S-1-5-32-1234-5432); + sid = dom_sid_parse_talloc(tctx, S-1-5-32-1234-5432); r.in.sid = *sid; - status = dcerpc_unixinfo_SidToUid(p, mem_ctx, r); + status = dcerpc_unixinfo_SidToUid(p, tctx, r); if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, status)) { - } else if (!NT_STATUS_IS_OK(status)) { - printf(SidToUid failed == %s\n, nt_errstr(status)); - return False; - } + } else torture_assert_ntstatus_ok(tctx, status, SidToUid failed); return True; } @@ -50,8 +47,7 @@ /* test the UidToSid interface */ -static bool test_uidtosid(struct torture_context *tctx, - struct dcerpc_pipe *p) +static bool test_uidtosid(struct torture_context *tctx, struct dcerpc_pipe *p) { struct unixinfo_UidToSid r; struct dom_sid sid; @@ -60,13 +56,13 @@ r.out.sid = sid; torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_UidToSid(p, tctx, r), - UidToSid failed); + UidToSid failed); return true; } static bool test_getpwuid(struct torture_context *tctx, - struct dcerpc_pipe *p) + struct dcerpc_pipe *p) { uint64_t uids[512]; uint32_t num_uids = ARRAY_SIZE(uids); @@ -93,40 +89,35 @@ /* test the SidToGid interface */ -static BOOL test_sidtogid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static bool test_sidtogid(struct torture_context *tctx, struct dcerpc_pipe *p) { NTSTATUS status; struct unixinfo_SidToGid r; struct dom_sid *sid; - - sid = dom_sid_parse_talloc(mem_ctx, S-1-5-32-1234-5432); + + sid = dom_sid_parse_talloc(tctx, S-1-5-32-1234-5432); r.in.sid = *sid; - status = dcerpc_unixinfo_SidToGid(p, mem_ctx, r); + status = dcerpc_unixinfo_SidToGid(p, tctx, r); if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, status)) { - } else if (!NT_STATUS_IS_OK(status)) { - printf(SidToGid failed == %s\n, nt_errstr(status)); - return False; - } + } else torture_assert_ntstatus_ok(tctx, status, SidToGid failed); - return True; + return true; } /* test the GidToSid interface */ -static BOOL test_gidtosid(struct torture_context *tctx, struct dcerpc_pipe *p) +static bool test_gidtosid(struct torture_context *tctx, struct dcerpc_pipe *p) { - NTSTATUS status; struct unixinfo_GidToSid r; struct dom_sid sid; r.in.gid = 1000; r.out.sid = sid; - status = dcerpc_unixinfo_GidToSid(p, tctx, r); - if (NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_GROUP, status)) { - } else torture_assert_ntstatus_ok(tctx, status, GidToSid failed); + torture_assert_ntstatus_ok(tctx, dcerpc_unixinfo_GidToSid(p, tctx, r), + GidToSid failed); return true; } @@ -138,10 +129,12 @@ suite = torture_suite_create(talloc_autofree_context(), UNIXINFO); tcase = torture_suite_add_rpc_iface_tcase(suite, unixinfo, - dcerpc_table_unixinfo); + dcerpc_table_unixinfo); + torture_rpc_tcase_add_test(tcase, sidtouid, test_sidtouid); torture_rpc_tcase_add_test(tcase, uidtosid, test_uidtosid); torture_rpc_tcase_add_test(tcase, getpwuid, test_getpwuid); + torture_rpc_tcase_add_test(tcase, sidtogid, test_sidtogid); torture_rpc_tcase_add_test(tcase, gidtosid, test_gidtosid); return suite;
Rev 5351: create a fake user token consisting of builtin administrators sid and in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5351 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Thu 2007-04-12 14:27:43 +0200 message: create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. * new function registry_create_admin_token() in lib/util_reg.c * move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c * adapt net_conf.c and Makefile.in accordingly added: source/lib/util_nttoken.c util_nttoken.c-20070412121956-apjs5s3igy1ydc2e-1 modified: source/Makefile.in Makefile.in-20060530022626-b16dac2328ebe703 source/auth/token_util.c token_util.c-20070409110214-hxmlg8kreyeuci30-1 source/lib/util_reg.c util_reg.c-20060711181331-c2d45d0e1f4a8648 source/utils/net_conf.cnet_conf.c-20070409110216-64p0zt0mes4j6yoe-1 === added file 'source/lib/util_nttoken.c' --- a/source/lib/util_nttoken.c 1970-01-01 00:00:00 + +++ b/source/lib/util_nttoken.c 2007-04-12 12:27:43 + @@ -0,0 +1,70 @@ +/* + * Unix SMB/CIFS implementation. + * Authentication utility functions + * Copyright (C) Andrew Tridgell 1992-1998 + * Copyright (C) Andrew Bartlett 2001 + * Copyright (C) Jeremy Allison 2000-2001 + * Copyright (C) Rafal Szczesniak 2002 + * Copyright (C) Volker Lendecke 2006 + * Copyright (C) Michael Adam 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* function(s) moved from auth/auth_util.c to minimize linker deps */ + +#include includes.h + +/ + Duplicate a SID token. +/ + +NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken) +{ + NT_USER_TOKEN *token; + + if (!ptoken) + return NULL; + + token = TALLOC_P(mem_ctx, NT_USER_TOKEN); + if (token == NULL) { + DEBUG(0, (talloc failed\n)); + return NULL; + } + + ZERO_STRUCTP(token); + + if (ptoken-user_sids ptoken-num_sids) { + token-user_sids = (DOM_SID *)talloc_memdup( + token, ptoken-user_sids, sizeof(DOM_SID) * ptoken-num_sids ); + + if (token-user_sids == NULL) { + DEBUG(0, (talloc_memdup failed\n)); + TALLOC_FREE(token); + return NULL; + } + token-num_sids = ptoken-num_sids; + } + + /* copy the privileges; don't consider failure to be critical here */ + + if ( !se_priv_copy( token-privileges, ptoken-privileges ) ) { + DEBUG(0,(dup_nt_token: Failure to copy SE_PRIV!. +Continuing with 0 privileges assigned.\n)); + } + + return token; +} + === modified file 'source/Makefile.in' --- a/source/Makefile.in2007-04-10 10:34:43 + +++ b/source/Makefile.in2007-04-12 12:27:43 + @@ -464,6 +464,7 @@ AUTH_SCRIPT_OBJ = auth/auth_script.o AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ + lib/util_nttoken.o \ auth/auth_compat.o auth/auth_ntlmssp.o \ $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ) @@ -654,7 +655,7 @@ registry/reg_perfcount.o \ registry/reg_dynamic.o \ \ - auth/token_util.o + lib/util_nttoken.o NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ === modified file 'source/auth/token_util.c' --- a/source/auth/token_util.c 2007-04-09 11:02:19 + +++ b/source/auth/token_util.c 2007-04-12 12:27:43 + @@ -28,47 +28,6 @@ #include includes.h / - Duplicate a SID token. -/ - -NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN
svn commit: samba r22196 - in branches/SAMBA_4_0/source/dsdb/common: .
Author: metze Date: 2007-04-12 12:38:32 + (Thu, 12 Apr 2007) New Revision: 22196 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22196 Log: give better error codes to make RPC-UNIXINFO pass metze Modified: branches/SAMBA_4_0/source/dsdb/common/sidmap.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/common/sidmap.c === --- branches/SAMBA_4_0/source/dsdb/common/sidmap.c 2007-04-12 11:59:38 UTC (rev 22195) +++ branches/SAMBA_4_0/source/dsdb/common/sidmap.c 2007-04-12 12:38:32 UTC (rev 22196) @@ -211,7 +211,7 @@ dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); - return NT_STATUS_INVALID_SID; + return NT_STATUS_NONE_MAPPED; } @@ -344,7 +344,7 @@ dom_sid_string(tmp_ctx, sid))); talloc_free(tmp_ctx); - return NT_STATUS_INVALID_SID; + return NT_STATUS_NONE_MAPPED; } @@ -426,7 +426,7 @@ */ allocate_sid: if (uid SIDMAP_MAX_LOCAL_UID) { - return NT_STATUS_INVALID_SID; + return NT_STATUS_NONE_MAPPED; } status = sidmap_primary_domain_sid(sidmap, tmp_ctx, domain_sid); @@ -524,7 +524,7 @@ */ allocate_sid: if (gid SIDMAP_MAX_LOCAL_GID) { - return NT_STATUS_INVALID_SID; + return NT_STATUS_NONE_MAPPED; } status = sidmap_primary_domain_sid(sidmap, tmp_ctx, domain_sid); @@ -565,14 +565,14 @@ if (!dom_sid_in_domain(domain_sid, sid)) { talloc_free(tmp_ctx); - return NT_STATUS_INVALID_SID; + return NT_STATUS_NONE_MAPPED; } talloc_free(tmp_ctx); rid = sid-sub_auths[sid-num_auths-1]; if (rid SIDMAP_LOCAL_USER_BASE) { - return NT_STATUS_INVALID_SID; + return NT_STATUS_NONE_MAPPED; } if (rid SIDMAP_LOCAL_GROUP_BASE) {
svn commit: samba r22200 - in branches/SAMBA_4_0/source/ntvfs: .
Author: metze Date: 2007-04-12 14:56:29 + (Thu, 12 Apr 2007) New Revision: 22200 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22200 Log: make ntvfs a subsystem as linking ntvfs.so.1 uses ca. 800 cmdline args to ld and that fails on some hosts in the build-farm, lets see if they will be happier now metze Modified: branches/SAMBA_4_0/source/ntvfs/config.mk Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/config.mk === --- branches/SAMBA_4_0/source/ntvfs/config.mk 2007-04-12 13:36:49 UTC (rev 22199) +++ branches/SAMBA_4_0/source/ntvfs/config.mk 2007-04-12 14:56:29 UTC (rev 22200) @@ -79,11 +79,11 @@ # Start SUBSYSTEM NTVFS -[LIBRARY::ntvfs] +[SUBSYSTEM::ntvfs] PUBLIC_HEADERS = ntvfs.h -VERSION = 0.0.1 -SO_VERSION = 0 -DESCRIPTION = Virtual File System with NTFS semantics +#VERSION = 0.0.1 +#SO_VERSION = 0 +#DESCRIPTION = Virtual File System with NTFS semantics PRIVATE_PROTO_HEADER = ntvfs_proto.h OBJ_FILES = \ ntvfs_base.o \
svn commit: samba r22201 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: metze Date: 2007-04-12 15:06:24 + (Thu, 12 Apr 2007) New Revision: 22201 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22201 Log: crash fix... metze Modified: branches/SAMBA_4_0/source/torture/rpc/unixinfo.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/unixinfo.c === --- branches/SAMBA_4_0/source/torture/rpc/unixinfo.c2007-04-12 14:56:29 UTC (rev 22200) +++ branches/SAMBA_4_0/source/torture/rpc/unixinfo.c2007-04-12 15:06:24 UTC (rev 22201) @@ -33,9 +33,11 @@ NTSTATUS status; struct unixinfo_SidToUid r; struct dom_sid *sid; + uint64_t uid; sid = dom_sid_parse_talloc(tctx, S-1-5-32-1234-5432); r.in.sid = *sid; + r.out.uid = uid; status = dcerpc_unixinfo_SidToUid(p, tctx, r); if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, status)) { @@ -94,9 +96,11 @@ NTSTATUS status; struct unixinfo_SidToGid r; struct dom_sid *sid; + uint64_t gid; sid = dom_sid_parse_talloc(tctx, S-1-5-32-1234-5432); r.in.sid = *sid; + r.out.gid = gid; status = dcerpc_unixinfo_SidToGid(p, tctx, r); if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, status)) {
Rev 11830: Initial work on a 'member' test environment'. in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11830 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: SAMBA_4_0 timestamp: Thu 2007-04-12 11:32:57 +0200 message: Initial work on a 'member' test environment'. added: source/script/tests/mktestmember.sh mktestmember.sh-20070411003717-p8x9y5ayzsne0151-2 source/script/tests/test_member.sh test_member.sh-20070411003717-p8x9y5ayzsne0151-1 modified: source/script/tests/README svn-v2:[EMAIL PROTECTED] source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED] source/script/tests/TODO svn-v2:[EMAIL PROTECTED] === added file 'source/script/tests/mktestmember.sh' --- a/source/script/tests/mktestmember.sh 1970-01-01 00:00:00 + +++ b/source/script/tests/mktestmember.sh 2007-04-12 09:32:57 + @@ -0,0 +1,85 @@ +#!/bin/sh + +if [ $# -lt 4 ] +then + echo $0 PREFIX DOMAIN USERNAME PASSWORD + exit 1 +fi + +PREFIX=$1 +DOMAIN=$2 +DC_USERNAME=$3 +DC_PASSWORD=$4 +shift 4 +USERNAME=administrator +PASSWORD=humbolt + +SRCDIR=`pwd` +oldpwd=`dirname $0`/../.. +mkdir -p $PREFIX +cd $PREFIX +PREFIX_ABS=`pwd` +ETCDIR=$PREFIX_ABS/etc +NCALRPCDIR=$PREFIX_ABS/ncalrpc +PIDDIR=$PREFIX_ABS/pid +PRIVATEDIR=$PREFIX_ABS/private +LOCKDIR=$PREFIX_ABS/lockdir +WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket +CONFFILE=$ETCDIR/smb.conf +TMPDIR=$PREFIX_ABS/tmp +NETBIOSNAME=localmember +SMBD_LOGLEVEL=1 + +mkdir -p $PRIVATEDIR $ETCDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR + +cat $CONFFILEEOF +[global] + netbios name = $NETBIOSNAME + workgroup = $DOMAIN + private dir = $PRIVATEDIR + pid directory = $PIDDIR + ncalrpc dir = $NCALRPCDIR + lock dir = $LOCKDIR + setup directory = $SRCDIR/setup + js include = $SRCDIR/scripting/libjs + winbindd socket directory = $WINBINDD_SOCKET_DIR + name resolve order = bcast + interfaces = 127.0.0.5/8 + panic action = $SRCDIR/script/gdb_backtrace %PID% %PROG% + wins support = yes + server role = domain member + max xmit = 32K + server max protocol = SMB2 + notify:inotify = false + ldb:nosync = true + system:anonymous = true +#We don't want to pass our self-tests if the PAC code is wrong + gensec:require_pac = true + log level = $SMBD_LOGLEVEL +EOF + +PROVISION_OPTIONS=$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1 +PROVISION_OPTIONS=$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM +PROVISION_OPTIONS=$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT +PROVISION_OPTIONS=$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT +$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS 2 + +$srcdir/bin/net join member $DOMAIN -U$DC_USERNAME%$DC_PASSWORD 2 || { + echo Join failed + exit $? +} + +echo PREFIX_ABS=$PREFIX_ABS +echo PIDDIR=$PIDDIR +echo SERVER=$SERVER +echo NETBIOSNAME=$NETBIOSNAME +echo DOMAIN=$DOMAIN +echo USERNAME=$USERNAME +echo REALM=$REALM +echo PASSWORD=$PASSWORD +echo SRCDIR=$SRCDIR +echo PREFIX=$PREFIX +echo CONFFILE=$CONFFILE +echo WINBINDD_SOCKET_DIR=$WINBINDD_SOCKET_DIR +echo NCALRPCDIR=$NCALRPCDIR +echo CONFIGURATION=$CONFIGURATION === added file 'source/script/tests/test_member.sh' --- a/source/script/tests/test_member.sh1970-01-01 00:00:00 + +++ b/source/script/tests/test_member.sh2007-04-12 09:32:57 + @@ -0,0 +1,10 @@ +#!/bin/sh + +# add tests to this list as they start passing, so we test +# that they stay passing +ncacn_np_tests=RPC-ECHO + +incdir=`dirname $0` +. $incdir/test_functions.sh + +plantest RPC-ECHO against member server member $VALGRIND bin/smbtorture $TORTURE_OPTIONS ncacn_np:\$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN $t $* === modified file 'source/script/tests/README' --- a/source/script/tests/README2004-09-13 02:37:39 + +++ b/source/script/tests/README2007-04-12 09:32:57 + @@ -1,4 +1,13 @@ This directory contains test scripts that are useful for running a -bunch of tests all at once. I expect it will eventually be hooked into -a make test framework. - +bunch of tests all at once. + +The following environments are currently available: + + - none: No server set up + - dc: Domain controller set up. The following environment variables will + be set: + * USERNAME +* PASSWORD +* DOMAIN +* REALM +* SERVER === modified file 'source/script/tests/Samba4.pm' --- a/source/script/tests/Samba4.pm 2007-04-11 10:25:02 + +++ b/source/script/tests/Samba4.pm 2007-04-12 09:32:57 + @@ -11,7 +11,7 @@ sub new() { my ($classname, $bindir, $ldap, $setupdir) = @_; - my $self = { ldap = $ldap, bindir = $bindir, setupdir = $setupdir }; + my $self = { vars = {}, ldap = $ldap, bindir = $bindir, setupdir = $setupdir }; bless $self;
svn commit: samba r22202 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2007-04-12 19:16:29 + (Thu, 12 Apr 2007) New Revision: 22202 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22202 Log: Volker is clever :-). Use TDB_NOMMAP to prevent any wild pointer problems when validating the winbindd cache. Wish I'd have thought of that. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-12 15:06:24 UTC (rev 22201) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-12 19:16:29 UTC (rev 22202) @@ -2790,9 +2790,12 @@ goto out; } + /* Doh ! Volker is very smart :-). Use TDB_NOMMAP to prevent +* any wild pointer references when reading a corrupt tdb file. */ + tdb = tdb_open_log(cache_path, WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), + lp_winbind_offline_logon() ? TDB_NOMMAP : (TDB_NOMMAP | TDB_CLEAR_IF_FIRST), O_RDWR|O_CREAT, 0600); if (!tdb) { goto out;
Rev 11847: Improve the replace testsuite a bit. in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11847 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: SAMBA_4_0 timestamp: Thu 2007-04-12 22:52:22 +0200 message: Improve the replace testsuite a bit. modified: source/lib/replace/test/testsuite.c svn-v2:[EMAIL PROTECTED] === modified file 'source/lib/replace/test/testsuite.c' --- a/source/lib/replace/test/testsuite.c 2007-04-10 16:00:13 + +++ b/source/lib/replace/test/testsuite.c 2007-04-12 20:52:22 + @@ -115,7 +115,27 @@ static int test_strlcat(void) { - /* FIXME */ + char tmp[10]; + printf(test: strlcat\n); + strcpy(tmp, ); + if (strlcat(tmp, bla, 3) != 3) { + printf(failure: strlcat [\ninvalid return code\n]\n); + return false; + } + if (strcmp(tmp, bl) != 0) { + printf(failure: strlcat [\nexpected \bl\, got \%s\\n]\n, + tmp); + return false; + } + + strcpy(tmp, da); + if (strlcat(tmp, me, 4) != 4) { + printf(failure: strlcat [\nexpected \dam\, got \%s\\n]\n, + tmp); + return false; + } + + printf(success: strlcat\n); return true; } @@ -139,7 +159,16 @@ static int test_strdup(void) { - /* FIXME */ + char *x; + printf(test: strdup\n); + x = strdup(bla); + if (strcmp(bla, x) != 0) { + printf(failure: strdup [\nfailed: expected \bla\, got \%s\\n]\n, + x); + return false; + } + free(x); + printf(success: strdup\n); return true; } @@ -225,13 +254,49 @@ static int test_strndup(void) { - /* FIXME */ + char *x; + printf(test: strndup\n); + x = strndup(bla, 0); + if (strcmp(x, ) != 0) { + printf(failure: strndup [\ninvalid\n]\n); + return false; + } + free(x); + x = strndup(bla, 2); + if (strcmp(x, bl) != 0) { + printf(failure: strndup [\ninvalid\n]\n); + return false; + } + free(x); + x = strndup(bla, 10); + if (strcmp(x, bla) != 0) { + printf(failure: strndup [\ninvalid\n]\n); + return false; + } + free(x); + printf(success: strndup\n); return true; } static int test_strnlen(void) { - /* FIXME */ + printf(test: strnlen\n); + if (strnlen(bla, 2) != 2) { + printf(failure: strnlen [\nunexpected length\n]\n); + return false; + } + + if (strnlen(some text\n, 0) != 0) { + printf(failure: strnlen [\nunexpected length\n]\n); + return false; + } + + if (strnlen(some text, 20) != 9) { + printf(failure: strnlen [\nunexpected length\n]\n); + return false; + } + + printf(success: strnlen\n); return true; } @@ -255,13 +320,43 @@ static int test_asprintf(void) { - /* FIXME */ + char *x; + printf(test: asprintf\n); + if (asprintf(x, %d, 9) != 1) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + if (strcmp(x, 9) != 0) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + if (asprintf(x, dat%s, a) != 4) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + if (strcmp(x, data) != 0) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + printf(success: asprintf\n); return true; } static int test_snprintf(void) { - /* FIXME */ + char tmp[10]; + printf(test: snprintf\n); + if (snprintf(tmp, 3, foo%d, 9) != 4) { + printf(failure: snprintf [\nsnprintf return code failed\n]\n); + return false; + } + + if (strcmp(tmp, fo) != 0) { + printf(failure: snprintf [\nsnprintf failed\n]\n); + return false; + } + + printf(success: snprintf\n); return true; } @@ -328,13 +423,22 @@ static int test_strerror(void) { + printf(test: strerror\n); /* FIXME */ + printf(failure: sterror\n); return true; } static int test_errno(void) { - /* FIXME */ + printf(test: errno\n); + errno = 3; + if (errno != 3) { + printf(failure: errno [\nerrno failed\n]\n); + return false; + } + + printf(success: errno\n); return true; } @@ -376,7 +480,20 @@ static int test_strtoll(void) { - /* FIXME */ + printf(test: strtoll\n); + if (strtoll(15,
svn commit: samba r22203 - in branches/SAMBA_4_0: . source/lib/replace/test
Author: jelmer Date: 2007-04-12 19:54:15 + (Thu, 12 Apr 2007) New Revision: 22203 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22203 Log: Improve the replace testsuite a bit. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/lib/replace/test/testsuite.c Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:merge ...skipped... Modified: branches/SAMBA_4_0/source/lib/replace/test/testsuite.c === --- branches/SAMBA_4_0/source/lib/replace/test/testsuite.c 2007-04-12 19:16:29 UTC (rev 22202) +++ branches/SAMBA_4_0/source/lib/replace/test/testsuite.c 2007-04-12 19:54:15 UTC (rev 22203) @@ -115,7 +115,27 @@ static int test_strlcat(void) { - /* FIXME */ + char tmp[10]; + printf(test: strlcat\n); + strcpy(tmp, ); + if (strlcat(tmp, bla, 3) != 3) { + printf(failure: strlcat [\ninvalid return code\n]\n); + return false; + } + if (strcmp(tmp, bl) != 0) { + printf(failure: strlcat [\nexpected \bl\, got \%s\\n]\n, + tmp); + return false; + } + + strcpy(tmp, da); + if (strlcat(tmp, me, 4) != 4) { + printf(failure: strlcat [\nexpected \dam\, got \%s\\n]\n, + tmp); + return false; + } + + printf(success: strlcat\n); return true; } @@ -139,7 +159,16 @@ static int test_strdup(void) { - /* FIXME */ + char *x; + printf(test: strdup\n); + x = strdup(bla); + if (strcmp(bla, x) != 0) { + printf(failure: strdup [\nfailed: expected \bla\, got \%s\\n]\n, + x); + return false; + } + free(x); + printf(success: strdup\n); return true; } @@ -225,13 +254,49 @@ static int test_strndup(void) { - /* FIXME */ + char *x; + printf(test: strndup\n); + x = strndup(bla, 0); + if (strcmp(x, ) != 0) { + printf(failure: strndup [\ninvalid\n]\n); + return false; + } + free(x); + x = strndup(bla, 2); + if (strcmp(x, bl) != 0) { + printf(failure: strndup [\ninvalid\n]\n); + return false; + } + free(x); + x = strndup(bla, 10); + if (strcmp(x, bla) != 0) { + printf(failure: strndup [\ninvalid\n]\n); + return false; + } + free(x); + printf(success: strndup\n); return true; } static int test_strnlen(void) { - /* FIXME */ + printf(test: strnlen\n); + if (strnlen(bla, 2) != 2) { + printf(failure: strnlen [\nunexpected length\n]\n); + return false; + } + + if (strnlen(some text\n, 0) != 0) { + printf(failure: strnlen [\nunexpected length\n]\n); + return false; + } + + if (strnlen(some text, 20) != 9) { + printf(failure: strnlen [\nunexpected length\n]\n); + return false; + } + + printf(success: strnlen\n); return true; } @@ -255,13 +320,43 @@ static int test_asprintf(void) { - /* FIXME */ + char *x; + printf(test: asprintf\n); + if (asprintf(x, %d, 9) != 1) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + if (strcmp(x, 9) != 0) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + if (asprintf(x, dat%s, a) != 4) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + if (strcmp(x, data) != 0) { + printf(failure: asprintf [\ngenerate asprintf\n]\n); + return false; + } + printf(success: asprintf\n); return true; } static int test_snprintf(void) { - /* FIXME */ + char tmp[10]; + printf(test: snprintf\n); + if (snprintf(tmp, 3, foo%d, 9) != 4) { + printf(failure: snprintf [\nsnprintf return code failed\n]\n); + return false; + } + + if (strcmp(tmp, fo) != 0) { + printf(failure: snprintf [\nsnprintf failed\n]\n); + return false; + } + + printf(success: snprintf\n); return true; } @@ -328,13 +423,22 @@ static int test_strerror(void) { + printf(test: strerror\n); /* FIXME */ + printf(failure: sterror\n); return true; } static int test_errno(void) { - /* FIXME */ + printf(test: errno\n); + errno = 3; + if (errno != 3) { + printf(failure: errno [\nerrno failed\n]\n); + return false; + } + +
svn commit: samba r22204 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-04-12 21:10:06 + (Thu, 12 Apr 2007) New Revision: 22204 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22204 Log: Workaround to quickly close bug #4508 This hack makes thing work, but we will need to try again to make the getpw* calls fully async, that's the real fix. Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/nsswitch/winbindd.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/nsswitch/winbindd.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c === --- branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -84,6 +84,24 @@ return NULL; } +/* part of a quick hack to avoid loops, need to be sorted out correctly later on */ +static BOOL idmap_in_own_child; + +static BOOL idmap_is_in_own_child(void) +{ + return idmap_in_own_child; +} + +void reset_idmap_in_own_child(void) +{ + idmap_in_own_child = False; +} + +void set_idmap_in_own_child(void) +{ + idmap_in_own_child = True; +} + /** Allow a module to register itself as a method. **/ @@ -801,13 +819,18 @@ if ( ! NT_STATUS_IS_OK(ret)) { return NT_STATUS_NONE_MAPPED; } - - /* by default calls to winbindd are disabled - the following call will not recurse so this is safe */ - winbind_on(); - wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); - winbind_off(); + /* quick hack to make things work, will need proper fix later on */ + if (idmap_is_in_own_child()) { + /* by default calls to winbindd are disabled + the following call will not recurse so this is safe */ + winbind_on(); + wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); + winbind_off(); + } else { + wbret = winbindd_lookup_name_by_sid(ctx, map-sid, domname, name, sid_type); + } + /* check if this is a valid SID and then map it */ if (wbret) { switch (sid_type) { @@ -1395,3 +1418,4 @@ return ret; } + Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -1010,6 +1010,9 @@ namecache_enable(); + /* quick hack to avoid a loop in idmap, proper fix later */ + reset_idmap_in_own_child(); + /* Winbind daemon initialisation */ if ( ! NT_STATUS_IS_OK(idmap_init_cache()) ) { Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -921,6 +921,9 @@ child); } + /* quick hack to avoid a loop in idmap, proper fix later */ + set_idmap_in_own_child(); + while (1) { int ret; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-12 19:54:15 UTC (rev 22203) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-04-12 21:10:06 UTC (rev 22204) @@ -84,6 +84,24 @@ return NULL; } +/* part of a quick hack to avoid loops, need to be sorted out correctly later on */ +static BOOL idmap_in_own_child; + +static BOOL idmap_is_in_own_child(void) +{ + return idmap_in_own_child; +} + +void reset_idmap_in_own_child(void) +{ + idmap_in_own_child = False; +} + +void set_idmap_in_own_child(void) +{ + idmap_in_own_child = True; +} + /** Allow a module to register itself as a method. **/ @@ -801,13 +819,18 @@ if ( ! NT_STATUS_IS_OK(ret)) { return NT_STATUS_NONE_MAPPED; } - - /* by default calls to winbindd are disabled - the following call will not recurse so this is safe */ - winbind_on(); - wbret = winbind_lookup_sid(ctx, map-sid, domname, name, sid_type); - winbind_off(); +
Build status as of Fri Apr 13 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-04-12 00:01:57.0 + +++ /home/build/master/cache/broken_results.txt 2007-04-13 00:00:24.0 + @@ -1,23 +1,23 @@ -Build status as of Thu Apr 12 00:00:02 2007 +Build status as of Fri Apr 13 00:00:02 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 38 6 0 +ccache 37 6 0 ctdb 0 0 0 distcc 3 0 0 ldb 35 4 0 -libreplace 34 4 0 +libreplace 33 6 0 lorikeet-heimdal 31 15 0 pidl 21 2 0 ppp 15 0 0 -rsync38 13 0 +rsync37 13 0 samba0 0 0 samba-docs 0 0 0 samba-gtk3 3 0 -samba4 39 32 1 -samba_3_041 21 1 +samba4 39 34 2 +samba_3_040 20 1 smb-build33 32 0 talloc 37 1 0 tdb 35 2 0
svn commit: samba r22205 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2007-04-13 00:39:06 + (Fri, 13 Apr 2007) New Revision: 22205 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22205 Log: Add some flesh to the bones of the cache validation code. Jeremy Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-12 21:10:06 UTC (rev 22204) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-13 00:39:06 UTC (rev 22205) @@ -52,6 +52,8 @@ uint32 len, ofs; }; +void (*smb_panic_fn)(const char *const why) = smb_panic; + #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024) static struct winbind_cache *wcache; @@ -160,16 +162,27 @@ free(centry); } +static BOOL centry_check_bytes(struct cache_entry *centry, size_t nbytes) +{ + if (centry-len - centry-ofs nbytes) { + DEBUG(0,(centry corruption? needed %u bytes, have %d\n, +(unsigned int)nbytes, +centry-len - centry-ofs)); + return False; + } + return True; +} + /* pull a uint32 from a cache entry */ static uint32 centry_uint32(struct cache_entry *centry) { uint32 ret; - if (centry-len - centry-ofs 4) { - DEBUG(0,(centry corruption? needed 4 bytes, have %d\n, -centry-len - centry-ofs)); - smb_panic(centry_uint32); + + if (centry_check_bytes(centry, 4)) { + smb_panic_fn(centry_uint32); + return (uint32)-1; } ret = IVAL(centry-data, centry-ofs); centry-ofs += 4; @@ -182,10 +195,9 @@ static uint16 centry_uint16(struct cache_entry *centry) { uint16 ret; - if (centry-len - centry-ofs 2) { - DEBUG(0,(centry corruption? needed 2 bytes, have %d\n, -centry-len - centry-ofs)); - smb_panic(centry_uint16); + if (centry_check_bytes(centry, 2)) { + smb_panic_fn(centry_uint16); + return (uint16)-1; } ret = CVAL(centry-data, centry-ofs); centry-ofs += 2; @@ -198,10 +210,9 @@ static uint8 centry_uint8(struct cache_entry *centry) { uint8 ret; - if (centry-len - centry-ofs 1) { - DEBUG(0,(centry corruption? needed 1 bytes, have %d\n, -centry-len - centry-ofs)); - smb_panic(centry_uint32); + if (centry_check_bytes(centry, 1)) { + smb_panic_fn(centry_uint8); + return (uint8)-1; } ret = CVAL(centry-data, centry-ofs); centry-ofs += 1; @@ -214,10 +225,9 @@ static NTTIME centry_nttime(struct cache_entry *centry) { NTTIME ret; - if (centry-len - centry-ofs 8) { - DEBUG(0,(centry corruption? needed 8 bytes, have %d\n, -centry-len - centry-ofs)); - smb_panic(centry_nttime); + if (centry_check_bytes(centry, 8)) { + smb_panic_fn(centry_nttime); + return (NTTIME)-1; } ret = IVAL(centry-data, centry-ofs); centry-ofs += 4; @@ -232,10 +242,9 @@ static time_t centry_time(struct cache_entry *centry) { time_t ret; - if (centry-len - centry-ofs sizeof(time_t)) { - DEBUG(0,(centry corruption? needed %u bytes, have %u\n, -(unsigned int)sizeof(time_t), (unsigned int)(centry-len - centry-ofs))); - smb_panic(centry_time); + if (centry_check_bytes(centry, sizeof(time_t))) { + smb_panic_fn(centry_time); + return (time_t)-1; } ret = IVAL(centry-data, centry-ofs); /* FIXME: correct ? */ centry-ofs += sizeof(time_t); @@ -257,15 +266,15 @@ return NULL; } - if (centry-len - centry-ofs len) { - DEBUG(0,(centry corruption? needed %d bytes, have %d\n, -len, centry-len - centry-ofs)); - smb_panic(centry_string); + if (centry_check_bytes(centry, (size_t)len)) { + smb_panic_fn(centry_string); + return NULL; } ret = TALLOC_ARRAY(mem_ctx, char, len+1); if (!ret) { - smb_panic(centry_string out of memory\n); + smb_panic_fn(centry_string out of memory\n); + return NULL; } memcpy(ret,centry-data + centry-ofs, len); ret[len] = 0; @@ -289,15 +298,14 @@ return NULL; } - if (centry-len - centry-ofs 16) { - DEBUG(0,(centry corruption? needed 16 bytes, have %d\n, -centry-len - centry-ofs)); + if (centry_check_bytes(centry, 16)) { return NULL; } ret =
svn commit: samba r22206 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2007-04-13 01:00:44 + (Fri, 13 Apr 2007) New Revision: 22206 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22206 Log: Added boilerplate to be filled in for other validation functions. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-13 00:39:06 UTC (rev 22205) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-13 01:00:44 UTC (rev 22206) @@ -2730,61 +2730,224 @@ static int validate_loc_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + (void)centry_nttime(centry); + (void)centry_nttime(centry); + (void)centry_uint16(centry); + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_loc_pol: %s ok\n, keystr)); return 0; } static int validate_pwd_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_pwd_pol: %s ok\n, keystr)); return 0; } static int validate_cred(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_cred: %s ok\n, keystr)); return 0; } static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_ul: %s ok\n, keystr)); return 0; } static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_gl: %s ok\n, keystr)); return 0; } static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_ug: %s ok\n, keystr)); return 0; } static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_ua: %s ok\n, keystr)); return 0; } static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_gm: %s ok\n, keystr)); return 0; } static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + + centry_free(centry); + + if (bad_cache_entry) { + return 1; + } + DEBUG(10,(validate_dr: %s ok\n, keystr)); return 0; } static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { + struct cache_entry *centry = create_centry_validate(keystr, dbuf); + + if (!centry) { + return 1; + } + + /* FIXME - fill in details here... */ + +
svn commit: samba r22207 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2007-04-13 01:46:47 + (Fri, 13 Apr 2007) New Revision: 22207 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22207 Log: Fill in the validation functions. Now to test... Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-13 01:00:44 UTC (rev 22206) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-04-13 01:46:47 UTC (rev 22207) @@ -2757,7 +2757,11 @@ return 1; } - /* FIXME - fill in details here... */ + (void)centry_uint16(centry); + (void)centry_uint16(centry); + (void)centry_uint32(centry); + (void)centry_nttime(centry); + (void)centry_nttime(centry); centry_free(centry); @@ -2776,8 +2780,14 @@ return 1; } - /* FIXME - fill in details here... */ + (void)centry_time(centry); + (void)centry_hash16(centry, mem_ctx); + /* We only have 17 bytes more data in the salted cred case. */ + if (centry-len - centry-ofs == 17) { + (void)centry_hash16(centry, mem_ctx); + } + centry_free(centry); if (bad_cache_entry) { @@ -2790,13 +2800,24 @@ static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { struct cache_entry *centry = create_centry_validate(keystr, dbuf); + int32 num_entries, i; if (!centry) { return 1; } - /* FIXME - fill in details here... */ + num_entries = (int32)centry_uint32(centry); + for (i=0; i num_entries; i++) { + DOM_SID sid; + (void)centry_string(centry, mem_ctx); + (void)centry_string(centry, mem_ctx); + (void)centry_string(centry, mem_ctx); + (void)centry_string(centry, mem_ctx); + (void)centry_sid(centry, mem_ctx, sid); + (void)centry_sid(centry, mem_ctx, sid); + } + centry_free(centry); if (bad_cache_entry) { @@ -2809,12 +2830,19 @@ static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { struct cache_entry *centry = create_centry_validate(keystr, dbuf); + int32 num_entries, i; if (!centry) { return 1; } - /* FIXME - fill in details here... */ + num_entries = centry_uint32(centry); + + for (i=0; i num_entries; i++) { + (void)centry_string(centry, mem_ctx); + (void)centry_string(centry, mem_ctx); + (void)centry_uint32(centry); + } centry_free(centry); @@ -2828,13 +2856,19 @@ static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { struct cache_entry *centry = create_centry_validate(keystr, dbuf); + int32 num_groups, i; if (!centry) { return 1; } - /* FIXME - fill in details here... */ + num_groups = centry_uint32(centry); + for (i=0; i num_groups; i++) { + DOM_SID sid; + centry_sid(centry, mem_ctx, sid); + } + centry_free(centry); if (bad_cache_entry) { @@ -2847,13 +2881,18 @@ static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { struct cache_entry *centry = create_centry_validate(keystr, dbuf); + int32 num_aliases, i; if (!centry) { return 1; } - /* FIXME - fill in details here... */ + num_aliases = centry_uint32(centry); + for (i=0; i num_aliases; i++) { + (void)centry_uint32(centry); + } + centry_free(centry); if (bad_cache_entry) { @@ -2866,13 +2905,21 @@ static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { struct cache_entry *centry = create_centry_validate(keystr, dbuf); + int32 num_names, i; if (!centry) { return 1; } - /* FIXME - fill in details here... */ + num_names = centry_uint32(centry); + for (i=0; i num_names; i++) { + DOM_SID sid; + centry_sid(centry, mem_ctx, sid); + (void)centry_string(centry, mem_ctx); + (void)centry_uint32(centry); + } + centry_free(centry); if (bad_cache_entry) { @@ -2884,38 +2931,28 @@ static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf) { - struct cache_entry *centry = create_centry_validate(keystr, dbuf); - - if (!centry) { + /* Can't say anything about this other than must be nonzero. */ + if (dbuf.dsize == 0) { + DEBUG(0,(validate_dr: Corrupt cache for key %s (len == 0) ?\n, +
Re: svn commit: samba r22202 - in branches/SAMBA_3_0/source/nsswitch: .
Volker is clever :-). Use TDB_NOMMAP to prevent any wild pointer problems when validating the winbindd cache. Wish I'd have thought of that. Did you really see problems like this with any tdb file? If so, can you please send me the tdb file? tdb should be doing range checking on all offsets from the db. If it isn't, then we have a bug and should fix it. The range checking code is what triggers the tdb to grow automatically when needed, so it needs to be right even for non-corrupt databases. Cheers, Tridge
Re: svn commit: samba r22202 - in branches/SAMBA_3_0/source/nsswitch: .
On Fri, Apr 13, 2007 at 01:41:39PM +1000, [EMAIL PROTECTED] wrote: Did you really see problems like this with any tdb file? If so, can you please send me the tdb file? No, no winbindd access will produce such a tdb file. tdb should be doing range checking on all offsets from the db. If it isn't, then we have a bug and should fix it. The range checking code is what triggers the tdb to grow automatically when needed, so it needs to be right even for non-corrupt databases. I know - I did work on this code remember :-). The issue some (real) customers are seeing is with laptops (mainly I believe) going down hard - no shutdown. In that case without the equivalent of an msync it's easy to get a corrupted tdb state. Probably the real solution is to go to a transactional tdb for this cache file, but I started this code before transactional tdb existed and Volker did ask me to finish it. I'd imagine the speed isn't an issue but we should check. Jeremy.
Re: svn commit: samba r22202 - in branches/SAMBA_3_0/source/nsswitch: .
Jeremy, The issue some (real) customers are seeing is with laptops (mainly I believe) going down hard - no shutdown. In that case without the equivalent of an msync it's easy to get a corrupted tdb state. That wasn't my question. I don't doubt that it is possible to get a corrupt tdb file. What I am asking is if you have seen a corrupt tdb file that causes a 'wild pointer', and presumably a crash in the tdb code that is reading the file. The patch you applied implied that you thought we might get a file like that, and that disabling MMAP would avoid the segv. I shouldn't matter if you have the contents of /dev/random in a tdb file, it should not segv, no matter if using mmap or not (there is an exception to this, where the file is truncated out from under a running program accessing tdb via mmap - that is arguably a kernel bug, and is not relevant to the situation you are trying to fix). So if you do have a tdb file that when read using mmap causes a crash, please give me a copy. It implies that we have a real bug. Cheers, Tridge
Re: svn commit: samba r22202 - in branches/SAMBA_3_0/source/nsswitch: .
On Fri, Apr 13, 2007 at 02:36:51PM +1000, [EMAIL PROTECTED] wrote: That wasn't my question. I don't doubt that it is possible to get a corrupt tdb file. What I am asking is if you have seen a corrupt tdb file that causes a 'wild pointer', and presumably a crash in the tdb code that is reading the file. The patch you applied implied that you thought we might get a file like that, and that disabling MMAP would avoid the segv. I shouldn't matter if you have the contents of /dev/random in a tdb file, it should not segv, no matter if using mmap or not (there is an exception to this, where the file is truncated out from under a running program accessing tdb via mmap - that is arguably a kernel bug, and is not relevant to the situation you are trying to fix). So if you do have a tdb file that when read using mmap causes a crash, please give me a copy. It implies that we have a real bug. Ah, *now* I see - sorry. I didn't get it. No, I don't have a file like that - I haven't seen a wild pointer crash in the tdb code itself for a long long time :-). I'm thinking of the somewhat less robust code that is processing the tdb output data :-). Although some rather woolley thinking on my part did rather confuse the two :-). I will test this code with the contents of /dev/random though (prepended with a valid tdb header of course :-). Jeremy.
svn commit: samba r22208 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet Date: 2007-04-13 05:37:08 + (Fri, 13 Apr 2007) New Revision: 22208 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22208 Log: Print the target principal name, to help with kdc unreachable errors. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2007-04-13 01:46:47 UTC (rev 22207) +++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2007-04-13 05:37:08 UTC (rev 22208) @@ -320,21 +320,18 @@ principal = gensec_get_target_principal(gensec_security); if (principal lp_client_use_spnego_principal()) { - name_token.value = discard_const_p(uint8_t, principal); - name_token.length = strlen(principal); - name_type = GSS_C_NULL_OID; } else { principal = talloc_asprintf(gensec_gssapi_state, [EMAIL PROTECTED], gensec_get_target_service(gensec_security), hostname); - name_token.value = discard_const_p(uint8_t, principal); - name_token.length = strlen(principal); - name_type = GSS_C_NT_HOSTBASED_SERVICE; } + name_token.value = discard_const_p(uint8_t, principal); + name_token.length = strlen(principal); + maj_stat = gss_import_name (min_stat, name_token, name_type, @@ -351,7 +348,7 @@ case 0: break; case KRB5_KDC_UNREACH: - DEBUG(3, (Cannot reach a KDC we require\n)); + DEBUG(3, (Cannot reach a KDC we require to contact %s\n, principal)); return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ default: DEBUG(1, (Aquiring initiator credentails failed\n));
Rev 102: merge store_unlock code from ronnie in http://samba.org/~tridge/ctdb
revno: 102 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-04-13 15:49:33 +1000 message: merge store_unlock code from ronnie modified: common/ctdb_call.c ctdb_call.c-20061128065342-to93h6eejj5kon81-1 common/ctdb_client.c ctdb_client.c-20070411010216-3kd8v37k61steeya-1 common/ctdb_daemon.c ctdb_daemon.c-20070409200331-3el1kqgdb9m4ib0g-1 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 tests/ctdb_fetch1.cctdb_fetch1.c-20070412111848-xawz6wqk9r0v8jdk-1 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Fri 2007-04-13 09:44:56 +1000 message: add more elaborate test to fetch1 test for now: fetch a record store a known entry for this record fetch the record again (and later verify we got the same record) store it back again this will not work right now since we dont yet store the record inside the daemon merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Fri 2007-04-13 09:41:15 +1000 message: add store_unlock pdu's for the domain socket. note that the store_unlock does not actually do anything yet apart from passing the pdu from client to daemon and daemon responds. next is to make sure the daemon actually stores the data in a database merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-04-12 21:35:16 +1000 message: merge from tridge Diff too large for email (303, the limit is 200).