date:20071101

Re: [Samba] Serving MS Access Databases, with ACL

2007-11-01 Thread jayendren anand maduray

Hi Dale.

Thanks for this, would you guys be able to send me a complete example,
that would allow read/write access for two users

(you can call them user1, and user2)

Alternatively, you can comment on this one:
--
Creating the directories, and set permissions:

#mkdir /srv/samba/file-server/studies/databases
#setfacl -R -m u:user1:rwx,u:user2:rwx
/srv/samba/file-server/studies/databases

#getfacl /srv/samba/file-server/studies/databases
# file:
# owner: root
# group: root
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
mask::rwx
other::r-x

The share entry in smb.conf:

[databases]
path = /srv/samba/file-server/studies/databases
create mode = 0777
writeable = yes
browseable = yes
valid users = user1 user2 root
writelist = user1 user2 root
veto oplock files = /*.mdb/*.MDB
nt acl support = yes
nt pipe support = yes
nt status support = yes
inherit permissions = yes
inherit acls = yes

#smbcontrol smbd reload-config
Global parameter acl compatibility found in service section!
--
Nick/Nico, we must look at moving access databases to SQL/MySQL
backends, soon.

(See message from Dale/David below)

God bless.

Dale Schroeder wrote:

jayendren anand maduray wrote:

Hi All.
Greetings from South Africa.

I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10
Its serving about 200 users, with profiles, and domain logons.

I want to start serving MS Access Databases on it, with the best
speed performance as possible.
At the moment, the back ends for these databases, are about 200+ MB,
and will grow over the next few years.

Basically, the share should serve about 4 users, with read/write access.
I am using the XFS file system, with ACL support.

Has anyone setup such shares in smb.conf?
I would really like to see an example.

Lastly, I do not think I want to use oplocks.

That's a wise choice. In the share, use:

veto oplock files = /*.mdb/*.MDB/

David's suggestion about splitting the databases into Access frontend
and MySQL backend is also wise. It has been my experience that large
Access databases corrupt quite easily. That no longer happens in the
setup David mentioned.

Dale

Any help, will be greatly appreciated.

God bless.

*Ellison, David* david.ellison at atkinsglobal.com
mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACLIn-Reply-To=47288B56.2010206%40hivsa.com

/Wed Oct 31 15:03:52 GMT 2007/

Greetings,

This is a little off topic, but may be usefull to you. If the DB is
going to grow much more than that, I would use a real SQL backend to the
database. The MS Access DB backend is ok, however starts to suffer when
they become huge, by the sounds of things they may. I am sure there are
people with 700mb, 900mb etc Access databases, but its best to split the
front end from the database and use a SQL database like MySQl for the
backend.

Just food for thought :)

Cheers.
Dave

--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
Senior IT Administrator

Perinatal HIV Research Unit
Wits Health Consortium
University of the Witwatersrand

Alternate email address: [EMAIL PROTECTED]
Fax Number: 0866857317

...There are 10 types of people,
those who understand binary
and those who do not...

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't remove groups in AD

2007-11-01 Thread Martin Hauptmann

I can see, change and set any permissions with getfacl/setfacl.

I can see these permissions in Windows but cannot change some of the
properties. For example I cannot set full access rights for other groups
even if I am the owner of the directory/file. The changes are being
silently ignored. I can (un)check the properties and accept the changes,
but these changes do not take place when I review the properties in
windows or getfacl.

Martin

Jordan Keyes schrieb:
 Martin,

 What command exactly are you trying to run to remove the permissions for the
 group Everyone?


 Jordan

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf
 Of Martin Hauptmann
 Sent: Tuesday, October 30, 2007 12:03 PM
 To: samba@lists.samba.org
 Subject: Re: [Samba] can't remove groups in AD

 This problem is really annoying, I cannot use security groups but I need
 to do that.

 Please tell me if you need more information. I am using Samba since 2001
 and never had that kind of trouble.

 The system is an ubuntu 7.10 server with an amd64-kernel.

 I am ready to offer any available information, including log (I do not
 see error/failure/warning-messages when using log level 4) and any
 configurations.

 Thank you in advance!

 Martin


 Martin Hauptmann schrieb:
   
 Hi,

 I set up a samba 3.0.26a as an ads-member of a windows 2003 Small
 Business Server.
 Every windows user in the domain can read and write their files,
 everyone's happy.
 My Problem is, that I cannot set up security groups in the AD. When I
 try, I do not get an error message, but my changes are being silently
 ignored.
 I cannot set rights exceeding read,write, execute and owner.
 E.g. I cannot remove the group 'everyone' from the file access list.
 When I do and confirm I do not get an error message, but when I review
 the settings, nothing has changed, 'everyone' is still in the list.
 It is the same when I try to set or unset full access to files - no
 error message, but no success.
 I tried different settings concerning heritage, but that did not help.

 There are some other postings in the mailing list that sound quite
 similar, related to versions 3.0.25. Maybe there is a bug in these
 versions?

 My smb.conf: http://www.pastebin.ca/753491

 Regards

 Martin
   
 

   

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba in ADS problem

2007-11-01 Thread damiend

Hi all

I have two samba server on the network a week woring fine, then yesterday 
morning they just stopped.

In the log I get the following 

any ideas whats going on ?



[2007/11/01 10:23:30, 3] smbd/process.c:switch_message(926)
  switch message SMBsesssetupX (pid 5671) conn 0x0
[2007/11/01 10:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
  wct=12 flg2=0xc807
[2007/11/01 10:23:30, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old 
resources.
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
  Doing spnego session setup
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1510
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(172)
  ads_keytab_verify_ticket: krb5_rd_req failed for all 24 matched keytab 
principals
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt 
integrity check failed
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check 
failed)
[2007/11/01 10:23:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2007/11/01 10:23:30, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE
[2007/11/01 10:23:30, 3] smbd/process.c:process_smb(1068)
  Transaction 9 of length 1644
[2007/11/01 10:23:30, 3] smbd/process.c:switch_message(926)
  switch message SMBsesssetupX (pid 5671) conn 0x0
[2007/11/01 10:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
  wct=12 flg2=0xc807
[2007/11/01 10:23:30, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old 
resources.
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
  Doing spnego session setup
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1510
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(172)
  ads_keytab_verify_ticket: krb5_rd_req failed for all 24 matched keytab 
principals
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt 
integrity check failed
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check 
failed)
[2007/11/01 10:23:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2007/11/01 10:23:30, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE
[2007/11/01 10:23:30, 3] smbd/process.c:process_smb(1068)
  Transaction 10 of length 1644
[2007/11/01 10:23:30, 3] smbd/process.c:switch_message(926)
  switch message SMBsesssetupX (pid 5671) conn 0x0
[2007/11/01 10:23:30, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
  wct=12 flg2=0xc807
[2007/11/01 10:23:30, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old 
resources.
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
  Doing spnego session setup
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2007/11/01 10:23:30, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1510
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(172)
  ads_keytab_verify_ticket: krb5_rd_req failed for all 24 matched keytab 
principals
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt 
integrity check failed
[2007/11/01 10:23:30, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check 
failed)
[2007/11/01 10:23:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to

Re: [Samba] Samba+LDAP problems

2007-11-01 Thread Edmundo Valle Neto


Marcelo Mogrovejo escreveu:

Hi

(...)

I read this documents and i begin again with samba+ldap...
This time i have not problems, except when i try to create an user for 
testing.
I create a testuser and i add a password for his but when i try to 
login with this user, hi doesn't login...
for exameple with command su testuser as root it show me Id 
desconocido: testuser or Unknown Id: testuser.


i don't know why happen it...


(...)

Have you configured NSS? gentent passwd shows the user?
If I remember right, smbldap-tools creates users with a null shell by 
default too.



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to make Add permission for folder in system with ntacl support?

2007-11-01 Thread Toby Bluhm


Georgy Goshin wrote:
Definitely possible in Samba.  Start with the correct POSIX 
permissions on the directories, then follow the references below.


This chapter, in general
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html 



and this section, in particular
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id374339 



with or without POSIX acl's should explain how to do what you want.


Please please please. I've tried already combinations this weekend, 
spen two days and lost any understanding of logic of file permissions 
and gived up! Please make someone for me small sample please!



Thanks in advance,
Georgy


I believe your original message said you wanted a directory that users 
could only write to but not read?


On samba server:

sudo mkdir test
sudo chown root.root test
sudo chmod 733 test

Now anyone should be able to copy a file to test directory, but not read 
it. Note - this will only work if you use copy in a cmd prompt. GUI file 
explorer tools typically want to read dir content first - not possible 
with these permissions.



Perhaps you should explain what you're trying to achieve - there may be 
better ways to do it.



--
Toby Bluhm
Midwest Instruments Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Serving MS Access Databases, with ACL

2007-11-01 Thread jayendren anand maduray

Hi Dale.

Thank you for this.

I will try some tests.
Can you elaborate on why you do not like ACLs?
Had some bad experiences?

God bless.

Dale Schroeder wrote:

Jayendren,

Rather than acls, my preference (and it's only a preference) would be
to create a group for the database users. Add user1 and user2 to that
group. Then ==

chown root.database_group /srv/samba/file-server/studies/databases

For security, let the permissions of this directory be no greater than
775. (It looks like that is what you already have.) If you go with
MySQL, you can customize the access levels on a user-by-user basis on
global settings, database settings, table settings, etc. The security
options list is quite extensive. If you prefer GUI administration of
MySQL (I do), Navicat is the program of choice. http://www.navicat.com/

It's not free, but is an affordable extension to a free database server.

The only things I would say need changing in your smb.conf are:
create mode = 0775
veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing slash (/)

Good luck to you, Nick, and Nico.

Dale

jayendren anand maduray wrote:

Hi Dale.

Thanks for this, would you guys be able to send me a complete
example, that would allow read/write access for two users

(you can call them user1, and user2)

Alternatively, you can comment on this one:
--
Creating the directories, and set permissions:

#mkdir /srv/samba/file-server/studies/databases
#setfacl -R -m u:user1:rwx,u:user2:rwx
/srv/samba/file-server/studies/databases

#getfacl /srv/samba/file-server/studies/databases
# file:
# owner: root
# group: root
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
mask::rwx
other::r-x

The share entry in smb.conf:

#smbcontrol smbd reload-config
Global parameter acl compatibility found in service section!
--
Nick/Nico, we must look at moving access databases to SQL/MySQL
backends, soon.

(See message from Dale/David below)

God bless.

Dale Schroeder wrote:

jayendren anand maduray wrote:

Hi All.
Greetings from South Africa.

I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10
Its serving about 200 users, with profiles, and domain logons.

Basically, the share should serve about 4 users, with read/write
access.

I am using the XFS file system, with ACL support.

Has anyone setup such shares in smb.conf?
I would really like to see an example.

Lastly, I do not think I want to use oplocks.

That's a wise choice. In the share, use:

veto oplock files = /*.mdb/*.MDB/

David's suggestion about splitting the databases into Access
frontend and MySQL backend is also wise. It has been my experience
that large Access databases corrupt quite easily. That no longer
happens in the setup David mentioned.

Dale

Any help, will be greatly appreciated.

God bless.

*Ellison, David* david.ellison at atkinsglobal.com
mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACLIn-Reply-To=47288B56.2010206%40hivsa.com

/Wed Oct 31 15:03:52 GMT 2007/
Greetings,

Just food for thought :)

Cheers.
Dave

--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
Senior IT Administrator

Perinatal HIV Research Unit
Wits Health Consortium
University of the Witwatersrand

Alternate email address: [EMAIL PROTECTED]
Fax Number: 0866857317

...There are 10 types of people,
those who understand binary
and those who do not...

No virus found in this incoming message.
Checked by AVG.
Version: 7.5.503 / Virus Database: 269.15.15/1101 - Release Date: 10/31/2007 10:06 AM

--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
Senior IT Administrator

Perinatal HIV Research Unit
Wits Health Consortium
University of the Witwatersrand

Alternate email address: [EMAIL PROTECTED]
Fax Number: 0866857317

...There are 10 types of people,
those who

[Samba] Accessing usershares on Redhat EL 5

2007-11-01 Thread Wehrer, Michael J.

I have enabled user shares and have the following entries in
/etc/samba/smb.conf

usershare allow guests = Yes
usershare max shares = 32
usershare owner only = No
usershare path = /var/lib/samba/usershares
usershare prefix allow list = /usr/alcoa/mesif/mes_data
usershare prefix deny list =
usershare template share = template

I have created two shares using the redhat samba configuration script.
These shares show up in the smb.conf file and on the network with no
problems.

I have created several shares using the net usershare add function. The
files for these shares are located in /var/lib/samba/usershares. I am
providing the contents for one of these files below.

#VERSION 2
path=/usr/alcoa/mesif/mes_data/AN
comment=guest_ok=y
usershare_acl=S-1-1-0:R
guest_ok=y

I am unable to see these shares on the network. I am certain that I must
be missing a step or that I have misconstrued the use of the usershares
facility. Can someone point me in the right direction? I am trying to
use the net usershare facility because the application I am developing
must programmatically create shares based on the contents of a
configuration file and the application does not have root access. If
usershares is not the answer, is there another way to programmatically
create and export a share?

Thanks, in advance for your help.

Mike Wehrer
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUILTIN groups mapping via winbind!!

2007-11-01 Thread Kaustubh Chaudhari


Hi Herman.

This is really a helpful information, but i am not able to understand 
why in built group we cant see a mapping for a normal user, as if we 
look Builtin is also a OU and we have some Builtin users and groups in it.


If i create a OU and groups or users in it than i can see all those but 
just not with Buitin.


Feel free to correct me, if you find i am wrong.

Thanks for your interest in this. 


Regards,
Kaustubh.


herman wrote:

Kaustubh Chaudhari wrote:

 Hi all,

   When i create a group in AD and adds users in the same than with
   #getent group i can see the group and its members properly.

   But if i add a user to BUILTIN say BUILTIN Guests group than i 
dont see

   its members.
   ==
kktest:x:10026:kk,Administrator
BUILTIN+Guests:x:10019:
   ==

   Here i have added kk user to both kktest and BUILTIN+Guests group. 
But i

   cant see kk associated with BUILTIN Guests.

   I know that BUILTIN groups have pre defined sid by microsoft, and its
   mapping is done separately.(I found this in idmap.c)

   Is this a normal behavior?

   Would appreciate if someone can explain the reasons for this.

   Regards,
   Kaustubh.
In general you need to define an Organizational Unit (OU), then define 
your groups and users inside that OU.  It should then show up with 
Samba winbind.


Some don'ts:
Don't rename anything.
Don't drag and drop anything from one OU to another OU.
Don't make a user in one OU a member of a group in another OU.
It is even not a good idea to delete anything.
If you need to fix a typing mistake, define a new record - don't try 
to edit the mistake.

Make frequent backups of ADS.

Some dos:
Apply security policies to OUs, not to users.
Run ADS on VMware, so that you can take snapshots as backups.

The reason for the above cautions is that ADS (mostly) work using the 
GUIDs, while Samba uses the text strings. So you don't want to get in 
a situation where ADS re-use an old GUID and changes to text strings 
are applied inconsistently, which confuses winbind, so changing any 
text string after it has been defined can also screw things up.


'Hope that helps!

Herman


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Jonathan Parr presents www.libeldefense.com

2007-11-01 Thread Tommy Lee

www.libeldefense.com

Yahoo! has immense reach. Without doubt, you must be in Yahoo. It can bring
you up to 50% of your traffic or more! Fortunately, you can now get listed
in Yahoo! in seven days for a cost of just $199 - often worthwhile. You
should get back your investment in a matter of days. The most important
thing is to have a domain name that is high on the alphabetic order (starts
with a number or an 'a') and also to include your primary keyword phrase -
the one most people use to find your site - in your Web site name (title)
and its description.

Once you get listed, you should also sign up to have your site become a
sponsored site within Yahoo! It costs $25 to $300 or more a month at the
time of writing, depending on the category. Sponsored sites appear in a
separate, clearly demarcated listing box, located on appropriate category
pages in the Directory at the top - which means more traffic.


http://libeldefense.studioathome.com/

http://libeldefense.blogspirit.com/

http://libeldefense.blogster.com/jonathan_parr_presents.html

http://libeldefense.livejournal.com/723.html

http://libeldefense.blogspot.com/

http://www.bloglines.com/blog/libeldefense

http://libeldefense.bloghi.com/

http://libeldefense.tripod.com/libeldefense/

http://www.yasvs.com/

http://www.greatestjournal.com/users/libeldefense

http://www.greatestjournal.com/users/libeldefense/362.html

http://www.naymz.com/search/jonathan/parr/1314951

http://www.xanga.com/libeldefense

http://libeldefense.multiply.com/journal/

http://20six.co.uk/libeldefense/

http://libeldefense.blogsome.com/

http://www.freewebs.com/libeldefense/

http://dangerell.googlepages.com/home

http://www.opendiary.com/entrylist.asp?authorcode=D736464

http://libeldefense.bravehost.com/index.html

http://www.my-diary.org/users/296432

http://www.my-diary.org/edit/?action=viewentryentryid=541256338

http://libeldefense.blog.co.uk/

http://clearblogs.com/libeldefense/78969/Jonathan+Parr+presents+www.libeldefense.com.html

http://libeldefense.bloggerteam.com/entry.php?u=libeldefensee_id=293138

http://www.ebloggy.com/blog.php?username=libeldefenseid=1

http://libeldefense.blogs.ie/

http://www.teenblog.org/libeldefense/

http://libeldefense.myweblog.com/2007/10/27/jonathan-parr-presents-wwwlibeldefensecom/

http://libeldefense.egoweblog.com/

http://www.bahraichblogs.com/libeldefense/5952/

http://libeldefense.blogbeee.com/

http://portal.blogfusion.com/blogs/libeldefense/

http://noss123network.ning.com/profile/JonathanParr


__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Serving MS Access Databases, with ACL

2007-11-01 Thread jayendren anand maduray

Hi Dale, thanks for the explanation.

I understand were you are coming from now.

I certainly hope to be of help to you someday.

God bless.

Dale Schroeder wrote:
I have nothing against posix acl's. In fact, I make sure I install
the acl package on every Debian system I build. It's just a
preference. I like the way things behave with group permissions. I
prefer to administer through permissions. If I use posix acl's, it is
usually to remove a permission rather than add. If it is your
preference to set controls via acl's, then do what is most comfortable
for you.

Conversely, I use Windows acl's quite a bit to fine tune access on
shares _from_ Windows systems. The flexibility is much greater in
Windows acl's, and do much more for me than posix acl's. That being
said, I still prefer the power of posix systems for servers, and use
them whenever feasible. More info
here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id376593

I am not the world's foremost expert on nix; just someone like you,
learning new things, using that which I've experienced to try to help
someone else. I hope I've done some of that for you! :-\

Dale

jayendren anand maduray wrote:

Hi Dale.

Thank you for this.

I will try some tests.
Can you elaborate on why you do not like ACLs?
Had some bad experiences?

God bless.

Dale Schroeder wrote:

Jayendren,

Rather than acls, my preference (and it's only a preference) would
be to create a group for the database users. Add user1 and user2 to
that group. Then ==

chown root.database_group /srv/samba/file-server/studies/databases

For security, let the permissions of this directory be no greater
than 775. (It looks like that is what you already have.) If you go
with MySQL, you can customize the access levels on a user-by-user
basis on global settings, database settings, table settings, etc.
The security options list is quite extensive. If you prefer GUI
administration of MySQL (I do), Navicat is the program of choice.
http://www.navicat.com/

It's not free, but is an affordable extension to a free database server.

The only things I would say need changing in your smb.conf are:
create mode = 0775
veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing
slash (/)

Good luck to you, Nick, and Nico.

Dale

jayendren anand maduray wrote:

Hi Dale.

Thanks for this, would you guys be able to send me a complete
example, that would allow read/write access for two users

(you can call them user1, and user2)

Alternatively, you can comment on this one:
--
Creating the directories, and set permissions:

#mkdir /srv/samba/file-server/studies/databases
#setfacl -R -m u:user1:rwx,u:user2:rwx
/srv/samba/file-server/studies/databases

#getfacl /srv/samba/file-server/studies/databases
# file:
# owner: root
# group: root
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
mask::rwx
other::r-x

The share entry in smb.conf:

#smbcontrol smbd reload-config
Global parameter acl compatibility found in service section!
--
Nick/Nico, we must look at moving access databases to SQL/MySQL
backends, soon.

(See message from Dale/David below)

God bless.

Dale Schroeder wrote:

jayendren anand maduray wrote:

Hi All.
Greetings from South Africa.

I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10
Its serving about 200 users, with profiles, and domain logons.

Basically, the share should serve about 4 users, with read/write
access.

I am using the XFS file system, with ACL support.

Has anyone setup such shares in smb.conf?
I would really like to see an example.

Lastly, I do not think I want to use oplocks.

That's a wise choice. In the share, use:

veto oplock files = /*.mdb/*.MDB/

David's suggestion about splitting the databases into Access
frontend and MySQL backend is also wise. It has been my
experience that large Access databases corrupt quite easily. That
no longer happens in the setup David mentioned.

Dale

Any help, will be greatly appreciated.

God bless.

*Ellison, David* david.ellison at atkinsglobal.com
mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACLIn-Reply-To=47288B56.2010206%40hivsa.com

/Wed Oct 31 15:03:52 GMT 2007/
Greetings,

This is a little off topic, but may be usefull to you. If the DB is
going to grow much more than that, I

Re: [Samba] Samba+LDAP problems

2007-11-01 Thread Edmundo Valle Neto




Have you configured NSS? gentent passwd shows the user?


Its getent.


Edmundo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Accumulating smbd processes and sockets in CLOSE_WAIT state

2007-11-01 Thread Christoph Kaegi

Hello list

The below mentionned problem just occured again.

We had about 673 smbd Processes running and 1746 
Locks (as reported by smbstatus) when it happened.

Again, the only unusual thing smbd.log said was:
 8 
[2007/11/01 15:44:14, 0] lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84)
  tdb_chainlock_with_timeout_internal: alarm (10) timed out for key replay 
cache mutex in tdb /etc/samba/private/secrets.tdb
 8 

Restarting samba helped for the moment but when will
the problem occur again?

What could trigger such a problem? And what can I do to 
better diagnose it?

Thanks
Chris

On 25.10-21:48, Christoph Kaegi wrote:
 
 Our central fileserver is a Samba 3.0.25b on Solaris 9 and has 
 10'000 users (several hundreds at the same time).
 
 This week it died on us and when I inspected the machine, it
 was out of 8GB Memory and 16GB Swap because thousands of 
 smbd processes were running.
 netstat -na showed that many hundreds of connections to 
 port 445 were in CLOSE_WAIT state.
 
 We first thought it could be some sort of DoS Attack, but now I 
 also discovered a lot of the following entries in smbd.log at 
 the times the server became unresponsive:
 
  8 
 [2007/10/25 15:40:30, 0] 
 lib/util_tdb.c:tdb_chainlock_with_timeout_internal(84)
   tdb_chainlock_with_timeout_internal: alarm (10) timed out for key replay 
 cache mutex in tdb /etc/samba/private/secrets.tdb
  8 
 
 The same thing happened three times now, all of them at a time
 when presumably a peak of users (around 600-900) tried to use
 the server. Every time the number of network connections in
 CLOSE_WAIT state and the number of smbd processes was massively 
 increasing.
 
 Others seem to have similar problems (like 
 http://marc.info/?l=sambam=119263114612187w=2).
 
 The fileserver has been performing OK now for several months 
 with this Samba Release.
 
 I'd be grateful if anybody could give me some insight
 about how we can solve this.
 Loosing fileservice for all of staff and students 
 several times a week builds some considerable pressure
 on me...
 

-- 
--
Christoph Kaegi   [EMAIL PROTECTED]
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File permissions issue: different behavior between samba and unix

2007-11-01 Thread Eric Diven

I'm seeing behavior that I was hoping somebody could explain.  I have a
share set up that will be a repository for company-wide data.  There are
three classes of people who can access it, readers, read/writers, and
admins.  Readers and read/writers are self explanatory, admins have
read/write access, and can change the permissions/ownership of files.

Read and write access is controlled by ACLs on the filesystem (see
below), admin access is controlled by smb.conf.  Read and admin access
works as expected.  Reader/Writer access is behaving unexpectedly.  A
writer can create a file in the share, the ownerships, permissions, and
ACLs are inherited as I expect them to be.  Now it gets strange.  

Once I've created a file, I can't rename it and get the error permission
denied.  I can write to the file itself, but not change its name or
delete it.  Yes I'm aware that rename/delete permission is a function of
the parent directory perms, not the file perms.  As I understand, file
creation requires exactly the same permissions (rwx) as rename and
delete.  Hence the unexpectedness of this.

Now it gets *REALLY* strange:

I can create, rename, and remove directories without difficulty.  I
don't get errors either renaming or deleting them.

One last bit of strangeness:

If I change the group ownership of the directory to the writer's group,
the unexpected behavior goes away.  This seems to suggest to me that
something strange is happening with the ACLs in samba in the case of
file rename or delete.

Samba version is 3.0.24, the issue is reproducible on Solaris and
CentOS.  I hesitate to call this a bug, because there could be a reason
for this, but this behavior is not consistent with how this works under
unix at the shell.  I duplicated the reader/writer permissions and acls
with a non-domain user and group, and observed the behavior I expected,
namely that I could rename and remove the file I had created.

If you want logs or further information, I can send them to you.

Thanks,

~Eric

Here are the perms and acls I've set up on the directory.  Note that the
setgid bit is set so that files created in the diretory inherit root
group 
ownership:

bash-3.00# ls -ld afiles
drwxrws---+  2 root root 512 Nov  1 10:21 afiles

bash-3.00# getfacl afiles
# file: afiles
# owner: root
# group: root
user::rwx
user:afile:rwx  #effective:rwx
group::rwx  #effective:rwx
group:afile:rwx #effective:rwx
group:W2K3TEST+areaders:r-x #effective:r-x
group:W2K3TEST+awriters:rwx #effective:rwx
group:W2K3TEST+admins:rwx   #effective:rwx
mask:rwx
other:---
default:user::rwx
default:group::rwx
default:group:W2K3TEST+areaders:r-x
default:group:W2K3TEST+awriters:rwx
default:group:W2K3TEST+admins:rwx
default:mask:rwx
default:other:---
bash-3.00#

Here is the share definition as spat back out from testparm

[afiles]
path = /honda/afiles
admin users = W2K3TEST+bobadmin, @W2K3TEST+admins
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ACL changes on Samba NT 4.0 Member Server

2007-11-01 Thread Hans-Wilhelm Heisinger

I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0 
domain, with a simple share setup with ACLs.  The permissions on the 
share from Windows XP Pro Security tab shows Everyone, and root (Unix 
Group\root) without any Permissions.  When trying to add permissions 
from XP while logged on as CPDOM+admin the error is display Unable to 
save permission changes on share name on server name Access is 
denied.  Files can be copied to the share but can't be opened.  Below is 
the smb.conf.  I believe ACLs would work if I add access.  I tried 
setting the ACLs using setfacl and then the permissions show full 
control from XP, but I'm still unable to change permissions or open files.


[global]

   winbind separator = +
   idmap uid = 1-2
   idmap gid = 1-2
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = no

   security = domain
   workgroup = CPDOM
   netbios name = FILE_SRV
   password server = XSERVER
   server string =


[data]
   comment = FILES
   path = /files
   guest ok = yes
   create mask = 0777
   writeable = yes
   nt acl support = yes
   oplocks = no
   browseable = yes
   dos filemode = yes
   admin users = CPDOM+admin


Hans
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL changes on Samba NT 4.0 Member Server

2007-11-01 Thread John Drescher

On 11/1/07, Hans-Wilhelm Heisinger [EMAIL PROTECTED] wrote:
 I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0
 domain, with a simple share setup with ACLs.  The permissions on the
 share from Windows XP Pro Security tab shows Everyone, and root (Unix
 Group\root) without any Permissions.  When trying to add permissions
 from XP while logged on as CPDOM+admin the error is display Unable to
 save permission changes on share name on server name Access is
 denied.  Files can be copied to the share but can't be opened.  Below is
 the smb.conf.  I believe ACLs would work if I add access.  I tried
 setting the ACLs using setfacl and then the permissions show full
 control from XP, but I'm still unable to change permissions or open files.

 [global]

 winbind separator = +
 idmap uid = 1-2
 idmap gid = 1-2
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = no

 security = domain
 workgroup = CPDOM
 netbios name = FILE_SRV
 password server = XSERVER
 server string =


 [data]
 comment = FILES
 path = /files
 guest ok = yes
 create mask = 0777
 writeable = yes
 nt acl support = yes
 oplocks = no
 browseable = yes
 dos filemode = yes
 admin users =


Your smb.conf file looks fine. Can  CPDOM+admin log into the unix
system and create files? You are mounting your unix filesystem with
acls enabled? Also can you post an ls -al on /files
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Promoting Samba BDC to PDC

2007-11-01 Thread Ivan Ordonez


Hi,

Our domain is setup with one Primary Domain Controller and two Backup 
Domain Controllers, and a member server.  All domain controllers (PDC 
and BDCs) are running Gentoo Linux with Samba and LDAP.  The member 
server (fileserver) is a SUNS machine running Solaris.  We do everything 
(add, edit, modify groups and accounts) on the PDC and it will then sync 
all the changes to the BDC by way of SLURPD, then from the BDC to 
another BDC.  To access the shared file on the member server (Solaris), 
the user will authenticate using the PDC which is the password server on 
smb.conf file of the member server.


What we want to do in the coming days is to turn off and upgrade the PDC 
and promote one of the BDC to PDC and don't miss a beat.   I first stop 
slapd, slurpd and samba service on the PDC.  I then edit the smb.conf 
file of one of the BDC and make it a PDC.  I also added a new line which 
is security = user.
I run a testparm command after making changes to BDC's smb.conf file and 
it showed that it is now the Primary Domain Controller.  I edit the 
member server's smb.conf file and change the password server line to 
match the new PDC.


password server = IP of the new PDC

I login to one of the test machine and see if I can login and it worked, 
but when I tried to map to one of our shared drive, it ask for username 
and password.  Somehow the member server doesn't know that the password 
server has now been changed.  There is not much error on the logs that 
are helpful. 


I made sure that I restarted the samba service every time I made changes.

Please help.

Thanks.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ADS WINBIND WIN2K3 usernames with dots

2007-11-01 Thread Michael Melia Jr.

I am new to this list and fairly new to samba.

I am running samba 3.0.24 on debian etch with winbind and krb5 in ads
security mode.  Everything appears to be working perfectly.  I can see
users and groups with wbinfo and getent.  I can even access shares I
setup using the domain admin account from the w2k3 ad infrastructure.
The problem is all our username in ad have dots (except the admin).  So
the usernames are [EMAIL PROTECTED]

When I try and set valid users = WORKGROUP\firstname.lastname in
smb.conf, I am unable to connect to the share from another machine.  If
I use a username without dots (and I created a few test ones to try) and
set valid users = WORKGROUP\username in smb.conf then I can get into
the share no problem.

How can I get my usernames with dots to work correctly with samba?

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL changes on Samba NT 4.0 Member Server

2007-11-01 Thread Hans-Wilhelm Heisinger


John,

   Thank you for the reply. Below is the output from mount and ls -al.  
Yes I can login as CPDOM+admin and create files, but connecting to the 
share as CPDOM+admin doesn't work.


Hans

[EMAIL PROTECTED] ~]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda1 on /boot type ext3 (rw,acl)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

[EMAIL PROTECTED] ~]# ls -al /files
total 5196
drwxrwxrwx  3 root root4096 Nov  1 10:17 .
drwxr-xr-x 26 root root4096 Nov  1 05:25 ..
-rwxrw-rw-  1 root root 413 Feb 24  2006 AS400.WS
-rwxrw-rw-  1 root root 398 Jul 27 14:13 dnsb.txt
-rwxrw-rw-  1 root root 3100432 May 22  2006 Dsclient.exe
drwxrwxrwx  2 root root4096 Apr  7  2005 Fonts
-rwxrw-rw-  1 root root1411 Aug 15 08:09 hans.txt
-rwxrw-rw-  1 root root   61440 Sep 14 08:57 IDTag.exe
-rwxrw-rw-  1 root root  262727 Apr 21  2003 keyfinder.exe
-rwxrw-rw-  1 root root   25088 Mar 22  2007 Label6x4 layout with text.doc
-rwxrw-rw-  1 root root   60416 Jun  6 09:41 Label proposal II.xls
-rwxrw-rw-  1 root root   90112 May  9  2006 OfficeTime.exe
-rwxrw-rw-  1 root root 317 Jul  3 07:51 OutputsLisec.txt
-rwxrw-rw-  1 root root  173231 May  4  1999 REPLICA.HLP
-rwxrw-rw-  1 root root1101 Apr 25  2005 Salesreport.dtf
-rw-rw-rw-  1 root root 481 Nov  1 08:42 smb.conf
-rwxrw-rw-  1 root root   69632 Mar  4  2004 system.mdw
-rwxrw-rw-  1 root root  491008 May 10 13:20 TSClient.doc
-rwxrw-rw-  1 root root  782848 Jun 30  2006 WIP LOCATIONS.xls
-rwxrw-rw-  1 root root5632 Aug  4  2004 wmi.dll
-rwxrw-rw-  1 root root   16930 May 31  1994 XCOPY.EXE



John Drescher wrote:

On 11/1/07, Hans-Wilhelm Heisinger [EMAIL PROTECTED] wrote:
  

I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0
domain, with a simple share setup with ACLs.  The permissions on the
share from Windows XP Pro Security tab shows Everyone, and root (Unix
Group\root) without any Permissions.  When trying to add permissions
from XP while logged on as CPDOM+admin the error is display Unable to
save permission changes on share name on server name Access is
denied.  Files can be copied to the share but can't be opened.  Below is
the smb.conf.  I believe ACLs would work if I add access.  I tried
setting the ACLs using setfacl and then the permissions show full
control from XP, but I'm still unable to change permissions or open files.

[global]

winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = no

security = domain
workgroup = CPDOM
netbios name = FILE_SRV
password server = XSERVER
server string =


[data]
comment = FILES
path = /files
guest ok = yes
create mask = 0777
writeable = yes
nt acl support = yes
oplocks = no
browseable = yes
dos filemode = yes
admin users =




Your smb.conf file looks fine. Can  CPDOM+admin log into the unix
system and create files? You are mounting your unix filesystem with
acls enabled? Also can you post an ls -al on /files
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Member server - group and user mapping with winbind

2007-11-01 Thread Gaiseric Vandal

Hi all

I am still unsure of the correct way to configure member servers.

I  have one PDC (Samba 3.026a on Solaris 9) and several member servers
(including Samba 3.026a on Solaris 9 and 10, and Samba 3.024 on Fedora
core 6.)  Each machine uses NIS for unix accounts.


The Samba by Examble Book indicates that even if I am using NIS for
user accounts, and not using LDAP for a idmap backend, I still need to
use winbindd to map SID's.   It isn't clear to me if I do need to
update nsswitch.conf to use winbindd.   I don't think I want to update
nsswitch.conf to use winbindd-  after all I still want my unix level
logins (e.g. ssh ) to be done against NIS and not windows accounts.

If I start smbd and nmbd on a member server, I can connect to a share
from a windows 2000 or XP client.  If I look at the permissions on a
folder, if shows Unix Account/someuser or UnixGroup/somegroup
instead of Domain/someuser or domain/someaccount.  If I want to
add users, I can browser users or groups from the domain but the
permissions don't hold.  If, after I have already connected to a
share, and then start winbindd, the file permissions will show the
domain component, and I can set permissions.
However, if I start winbindd before I connect to the share, I just get
prompted for a user name and password-  and I am unable to connect.
It doesn't matter how I have configured nsswitch.conf so it  it seems
that smbd will attempt to use winbindd directly, if available, and not
via the name service switch mechanism.


Member server smb.conf includes the following:


 idmap uid = 1-2
 idmap gid = 1-2
 template shell = /bin/bash
 winbind use default domain = yes
 winbind trusted domains only = no
 winbind enum users = Yes
 winbind enum groups = Yes
 Workgroup = MYDOMAIN
 security = domain
 Password server = MYPDC



Running wbinfo -u and wbinfo -g  on a mamber server (with winbindd
running) will list my domain user and groups.

I appreciate if any one can share some light on either what the problem is
or at least can clarify how winbindd should be working.

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Promoting Samba BDC to PDC

2007-11-01 Thread simo


On Thu, 2007-11-01 at 10:04 -0700, Ivan Ordonez wrote:
 What we want to do in the coming days is to turn off and upgrade the
 PDC 
 and promote one of the BDC to PDC and don't miss a beat.   I first
 stop 
 slapd, slurpd and samba service on the PDC.  I then edit the smb.conf 
 file of one of the BDC and make it a PDC.  I also added a new line
 which 
 is security = user.

What does it mean you change security ??

What was it before?

Are you sure your Domain SIDs are aligned on all DCs ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer [EMAIL PROTECTED]
Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

2007-11-01 Thread Marcelo Mogrovejo


Edmundo Valle Neto wrote:

Marcelo Mogrovejo escreveu:

Hi

(...)

I read this documents and i begin again with samba+ldap...
This time i have not problems, except when i try to create an user 
for testing.
I create a testuser and i add a password for his but when i try to 
login with this user, hi doesn't login...
for exameple with command su testuser as root it show me Id 
desconocido: testuser or Unknown Id: testuser.


i don't know why happen it...


(...)

Have you configured NSS? gentent passwd shows the user?

NSS is the same of /etc/nsswitch.conf ??
No, getent passwd doesn't show me the users i created...

regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC promotion and getlocalsid errror

2007-11-01 Thread Gaiseric Vandal

I relatively recently implemented Samba 3.026a (Solaris PDC)I then
moved the PDC role to another machine.  On the new pdc  I 1st grabbed
the domain SID

newpdc# net rpc getsid -S oldpdc
Storing SID --for Domain MYDOMAIN in secrets.tdb
newpdc#

and then updated the smb.conf file on each machine to convert the PDC
to member server and vice versa.

If I ran the net getlocalsid command on the old PDC prior to the
migration, it would return the SID for the domain.

oldpdc #  net getlocalsid MYDOMAIN

SID for domain MYDOMAIN is:  S-1--99

oldpdc#



If I run get getlocalsid  on the new PDC I get

newpdc#  net getlocalsid

[2007/11/01 14:52:55, 0] utils/net.c:net_getlocalsid(622)

  Can't fetch domain SID for name: NEWPDC

newpdc #


However explicity specifying the domain name seems OK

newpdc#  net getlocalsid MYDOMAIN

SID for domain MYDOMAIN is:  S-1--99


As far as I can tell everything is working OK.   But did I mis a step
in the change over?

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Hosts Disappearing

2007-11-01 Thread Gaiseric Vandal

I find having all clients point to a  WINS server (whether Samba is
the WINS client or WINS server) avoids most browsing issues.

On 10/25/07, Shawn Everett [EMAIL PROTECTED] wrote:
  I have a problem with my long-running Samba workgroup where hosts will
  stop
  coming up in View Network Computers.   Only the UNIX system with Samba
  running shows up.  If I restart Samba on the UNIX system then the hosts
  start showing up again in a few minutes.
 
  Any thoughts out there?
 
  Thanks, Rick
 
 Past experience with this is that it's a browser service issue.

 Programs like browmon and browstat can be downloaded to figure out which
 machine thinks it's the master browser on the network.

 An easy fix is to disable/stop the computer browser service on all
 machines except the server.

 Shawn

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Compile samba to ARM cross compiler

2007-11-01 Thread Bjørn Tore Sund




On 31/10/07 05:26, herman [EMAIL PROTECTED] wrote:

 hce wrote:
 Hi,
 
 Can the samba be compiled by ARM cross compiler (arm/3.4.1/arm-linux)?
 I am currently downloaded samba-3.0.26a tar ball. I guess I have
 following two choices, please advice which one make sense.
 
 1. Run configurate under a linux pc distribution such as FC6, then
 modify Makefile to the cross compiler path and lib.
 
 2. Modify configurate to directly run under ARM cross compiler.
 
 Thank you.
 
 Jim
   
 1 and 2 amounts to the same thing.  I have compiled Samba for the Arm
 about 5 years ago, so it can probably still be done.  Please don't ask
 me anything about it though...
 :)

It was also how the Linux-based ARM PDA Sharp Zaurus exported local data to
the PC it was syncing with.  Latest version of the OS for that must be about
four years now, so the unit is just old enough that I _think_ it must have
run Samba 2.X.  If Samba 3.X fails you may want to try that, at least it's
known to have been run on ARM.

Bjørn
-- 
Bjørn Tore Sund   Phone: 555-84894   Email:   [EMAIL PROTECTED]
IT department VIP:   81724   Support: http://bs.uib.no
Univ. of Bergen

When in fear and when in doubt, run in circles, scream and shout.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] several users with several printers

2007-11-01 Thread Guido Lorenzutti

Ok but I have 2000 users and 600 printers. Do you have something working
to map the printers to the users, or group of users, in the build time
of the netlogon?
How do you setup permissions in the samba to allow or deny access to the
printers? Do you set individual printers like shares in the samba?

Tnxs in advance.


Roel van Meer wrote:
 Guido Lorenzutti writes:

 Hi people. I have a Samba PDC with Microsoft Clients. My printserver is
 a CUPS and I would like to know how do you handle if you have more than
 2000 users and you have to set up the printers for each one.
 Do you use a netlogon script to map the printers?
 Do you set individual permissions for each printer in the samba?
 Do you setup every printer by hand?

 We use automatically generated login scripts from which the printers
 are added. For this, we use the following command:
 RUNDLL32 PRINTUI.DLL,PrintUIEntry /in /q /n\\SERVERNAME\PRINTERNAME

 The precise grokking of this has been excellently described in my
 dead-tree version of the official samba-3 howto and reference guide.

 Regards,

 roel


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authenticates on lan but not through VPN

2007-11-01 Thread John Adams

Hi

We have a samba server which has been working fine for four years, SAMBA is 
configured as an Active directory domain member (SECURITY=ADS in the conf 
file), using Kerberos tickets to allow it to authenticate users. 

SAMBA is not however performing in pure native ADS mode as it is using WINBIND 
TRUSTED DOMAINS ONLY=YES
Local and VPN connected users have worked fine.

About a week ago we added a Windows 2003r2 server as a domain controller this 
involved upgrading the schema on the w2000 server
to let it work with the 2003 server.

Things seemed to be working Ok until four days later when we restarted the 
samba server (after making all the servers use the same time server). 

We were getting error rec_free read bad magic messages in /var/log/messages 
saying the tdb files are corrupt, Though this has now stopped.

It now no longer authenticates users who access the samba server through the 
VPN, though local users are fine. VPN users are asked to type in a username and 
password, repeatedly even if they enter the correct ones.

No firewall, samba.conf or VPN settings have been changed.

Any ideas what we can do to allow the external VPN users connect again.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUILTIN groups mapping via winbind!!

2007-11-01 Thread herman


Kaustubh Chaudhari wrote:

Hi Herman.

This is really a helpful information, but i am not able to understand 
why in built group we cant see a mapping for a normal user, as if we 
look Builtin is also a OU and we have some Builtin users and groups in 
it.


If i create a OU and groups or users in it than i can see all those 
but just not with Buitin.


Feel free to correct me, if you find i am wrong.

Thanks for your interest in this.
Regards,
Kaustubh. 
Well, I have found that Winbind can get confused when you do things in 
ADS that you should not do - for example cross linked users and groups 
after you dragged records around.  WinXP clients may still work, but the 
only way to fix Winbind is to delete the offending records in ADS.  The 
problem is that how you are supposed to find the offending records is 
impossible to say.  Sometimes you can fix it by trying to remember when 
it last worked and deleting everything that was changed since.  
Sometimes, the only way to fix things is to give up and re-install ADS.


Sooo, try to roll back till you get to a working situation, then make 
your changes very carefully and with frequent backups.  I run ADS on 
VMware and take a snapshot before every change I make to it, so I can 
roll back without too much hassle as soon as things stop working.  
Unfortunately, Winbind is still immature and not as robust as one may 
like it to be.


Cheers,

Herman
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL changes on Samba NT 4.0 Member Server

2007-11-01 Thread John Drescher

On 11/1/07, Hans-Wilhelm Heisinger [EMAIL PROTECTED] wrote:

  John,

  Thank you for the reply. Below is the output from mount and ls -al.
 Yes I can login as CPDOM+admin and create files, but connecting to the share
 as CPDOM+admin doesn't work.

  Hans

  [EMAIL PROTECTED] ~]# mount
  /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
  proc on /proc type proc (rw)
  sysfs on /sys type sysfs (rw)
  devpts on /dev/pts type devpts (rw,gid=5,mode=620)
  /dev/hda1 on /boot type ext3 (rw,acl)
  tmpfs on /dev/shm type tmpfs (rw)
  none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
  sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

  [EMAIL PROTECTED] ~]# ls -al /files
  total 5196
  drwxrwxrwx  3 root root4096 Nov  1 10:17 .
  drwxr-xr-x 26 root root4096 Nov  1 05:25 ..
  -rwxrw-rw-  1 root root 413 Feb 24  2006 AS400.WS
  -rwxrw-rw-  1 root root 398 Jul 27 14:13 dnsb.txt
  -rwxrw-rw-  1 root root 3100432 May 22  2006 Dsclient.exe
  drwxrwxrwx  2 root root4096 Apr  7  2005 Fonts
  -rwxrw-rw-  1 root root1411 Aug 15 08:09 hans.txt
  -rwxrw-rw-  1 root root   61440 Sep 14 08:57 IDTag.exe
  -rwxrw-rw-  1 root root  262727 Apr 21  2003 keyfinder.exe
  -rwxrw-rw-  1 root root   25088 Mar 22  2007 Label6x4 layout with text.doc
  -rwxrw-rw-  1 root root   60416 Jun  6 09:41 Label proposal II.xls
  -rwxrw-rw-  1 root root   90112 May  9  2006 OfficeTime.exe
  -rwxrw-rw-  1 root root 317 Jul  3 07:51 OutputsLisec.txt
  -rwxrw-rw-  1 root root  173231 May  4  1999 REPLICA.HLP
  -rwxrw-rw-  1 root root1101 Apr 25  2005 Salesreport.dtf
  -rw-rw-rw-  1 root root 481 Nov  1 08:42 smb.conf
  -rwxrw-rw-  1 root root   69632 Mar  4  2004 system.mdw
  -rwxrw-rw-  1 root root  491008 May 10 13:20 TSClient.doc
  -rwxrw-rw-  1 root root  782848 Jun 30  2006 WIP LOCATIONS.xls
  -rwxrw-rw-  1 root root5632 Aug  4  2004 wmi.dll
  -rwxrw-rw-  1 root root   16930 May 31  1994 XCOPY.EXE





It is possible the problem is that the owner and group of the share
are both root. I never do that for any of my working samba shares. The
owner can be a user or possibly root but the group is always a group
that the users I want to change acls. I see from the docs that dos
filemode is supposed to fix that so maybe this is not the case.

Can you set a log level of 10 and see if there are any errors caused
when you try to change the acls?

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUILTIN groups mapping via winbind!!

2007-11-01 Thread Kaustubh Chaudhari


Hi Herman,

Ok, i got an idea, thanks a lot for putting your time in this and 
helping me out. :)


Regards,
Kaustubh

herman wrote:

Kaustubh Chaudhari wrote:

Hi Herman.

This is really a helpful information, but i am not able to understand 
why in built group we cant see a mapping for a normal user, as if we 
look Builtin is also a OU and we have some Builtin users and groups 
in it.


If i create a OU and groups or users in it than i can see all those 
but just not with Buitin.


Feel free to correct me, if you find i am wrong.

Thanks for your interest in this.
Regards,
Kaustubh. 
Well, I have found that Winbind can get confused when you do things in 
ADS that you should not do - for example cross linked users and groups 
after you dragged records around.  WinXP clients may still work, but 
the only way to fix Winbind is to delete the offending records in 
ADS.  The problem is that how you are supposed to find the offending 
records is impossible to say.  Sometimes you can fix it by trying to 
remember when it last worked and deleting everything that was changed 
since.  Sometimes, the only way to fix things is to give up and 
re-install ADS.


Sooo, try to roll back till you get to a working situation, then make 
your changes very carefully and with frequent backups.  I run ADS on 
VMware and take a snapshot before every change I make to it, so I can 
roll back without too much hassle as soon as things stop working.  
Unfortunately, Winbind is still immature and not as robust as one may 
like it to be.


Cheers,

Herman


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Jonathan Parr presents www.libeldefense.com

2007-11-01 Thread Tommy Lee

www.libeldefense.com

Costs are widely varying at this level of service. Some charge a basic setup
fee then charge you for 'click-throughs'. Paying a fee each time someone
visits your site is unpredictable and can get very costly. Others charge
setup fees then have a 'pay on results' system where you pay an agreed
commission when one of your pages reaches a top 10 or 20 position on a
targeted search engine. This approach is incentive driven and provides you
with a 'maximum cost exposure' at the start of the job. Others charge based
on an hourly rate and provide 'best endeavors' to achieve the rankings you
require, without any guarantees.

Developing a better understanding of how it all works will help you decide
the best approach for your web site, and will help you make an informed
decision based on realistic expectations.


http://libeldefense.studioathome.com/

http://libeldefense.blogspirit.com/

http://libeldefense.blogster.com/jonathan_parr_presents.html

http://libeldefense.livejournal.com/723.html

http://libeldefense.blogspot.com/

http://www.bloglines.com/blog/libeldefense

http://libeldefense.bloghi.com/

http://libeldefense.tripod.com/libeldefense/

http://www.yasvs.com/

http://www.greatestjournal.com/users/libeldefense

http://www.greatestjournal.com/users/libeldefense/362.html

http://www.naymz.com/search/jonathan/parr/1314951

http://www.xanga.com/libeldefense

http://libeldefense.multiply.com/journal/

http://20six.co.uk/libeldefense/

http://libeldefense.blogsome.com/

http://www.freewebs.com/libeldefense/

http://dangerell.googlepages.com/home

http://www.opendiary.com/entrylist.asp?authorcode=D736464

http://libeldefense.bravehost.com/index.html

http://www.my-diary.org/users/296432

http://www.my-diary.org/edit/?action=viewentryentryid=541256338

http://libeldefense.blog.co.uk/

http://clearblogs.com/libeldefense/78969/Jonathan+Parr+presents+www.libeldefense.com.html

http://libeldefense.bloggerteam.com/entry.php?u=libeldefensee_id=293138

http://www.ebloggy.com/blog.php?username=libeldefenseid=1

http://libeldefense.blogs.ie/

http://www.teenblog.org/libeldefense/

http://libeldefense.myweblog.com/2007/10/27/jonathan-parr-presents-wwwlibeldefensecom/

http://libeldefense.egoweblog.com/

http://www.bahraichblogs.com/libeldefense/5952/

http://libeldefense.blogbeee.com/

http://portal.blogfusion.com/blogs/libeldefense/

http://noss123network.ning.com/profile/JonathanParr
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:

http://www.catb.org/~esr/faqs/smart-questions.html

svn commit: samba r25773 - in branches/SAMBA_4_0/source/librpc/idl: .

2007-11-01 Thread sahlberg

Author: sahlberg
Date: 2007-11-01 08:00:36 + (Thu, 01 Nov 2007)
New Revision: 25773

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25773

Log:
update frsrpc.idl and add some more comments


Modified:
   branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 04:00:05 UTC 
(rev 25772)
+++ branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 08:00:36 UTC 
(rev 25773)
@@ -13,7 +13,25 @@
 {
/*/
/* Function 0x00 */
+
+   /* TAG:3 this TLV contains a GUID and the name of the server sending
+* the call
+*/
typedef struct {
+   [subcontext(4)] GUID unknown1;
+   [subcontext(4)] nstring source_server;
+   } frsrpc_FrsSendCommPktChunkDataSSRV;
+
+   /* TAG:4 this TLV contains a GUID and the name of the destination
+* server the PDU is sent to
+*/
+   typedef struct {
+   [subcontext(4)] GUID unknown1;
+   [subcontext(4)] nstring dest_server;
+   } frsrpc_FrsSendCommPktChunkDataDSRV;
+
+
+   typedef struct {
uint32 unknown1;
} frsrpc_FrsSendCommPktChunkDataA;
 
@@ -36,8 +54,8 @@
[default,flag(NDR_REMAINING)] DATA_BLOB blob;
[case(1)] frsrpc_FrsSendCommPktChunkDataA A;
[case(2)] frsrpc_FrsSendCommPktChunkDataA A;
-   [case(3)] frsrpc_FrsSendCommPktChunkDataB B;
-   [case(4)] frsrpc_FrsSendCommPktChunkDataB B;
+   [case(3)] frsrpc_FrsSendCommPktChunkDataSSRV SSRV;
+   [case(4)] frsrpc_FrsSendCommPktChunkDataDSRV DSRV;
[case(5)] frsrpc_FrsSendCommPktChunkDataB B;
[case(8)] frsrpc_FrsSendCommPktChunkDataB B;
[case(6)] frsrpc_FrsSendCommPktChunkDataC C;
@@ -73,10 +91,10 @@
uint32 unknown8;
uint32 unknown9;
/*
-* the format of this blob is this:
+* The format of this blob is this a concatenation
+* of TLVs which are not really NDR encoded.
 *
-* some of the folloeing chunks are concatenated:
-*
+* The individual TLVs are encoded as :
 * struct {
 *  uint16 type;
 *  [subcontext(4),switch_is(type)] chunk_data data;
@@ -89,6 +107,12 @@
 *  struct GUID guid;
 *  lstring string;
 * } ...;
+*
+*
+* The tags are (might be) :
+* 3: Source server sending the PDU
+* 4: Destination server the PDU is sent to
+*
 */
[subcontext(4)/*,size_is(tlv_size)*/] 
frsrpc_FrsSendCommPktChunkCtr *chunks;
uint32 unknown10;

svn commit: samba r25775 - in branches/SAMBA_4_0/source/libcli/cldap: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 08:15:41 + (Thu, 01 Nov 2007)
New Revision: 25775

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25775

Log:
use ndr_pull_union_blob_all() in CLDAP code

metze
Modified:
   branches/SAMBA_4_0/source/libcli/cldap/cldap.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/cldap/cldap.c
===
--- branches/SAMBA_4_0/source/libcli/cldap/cldap.c  2007-11-01 08:10:54 UTC 
(rev 25774)
+++ branches/SAMBA_4_0/source/libcli/cldap/cldap.c  2007-11-01 08:15:41 UTC 
(rev 25775)
@@ -614,16 +614,16 @@
}
data = search.out.response-attributes[0].values;
 
-   status = ndr_pull_union_blob(data, mem_ctx, io-out.netlogon, 
-io-in.version  0xF,
-
(ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon);
+   status = ndr_pull_union_blob_all(data, mem_ctx, io-out.netlogon, 
+io-in.version  0xF,
+
(ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,(cldap failed to parse netlogon response of type 
0x%02x\n,
 SVAL(data-data, 0)));
dump_data(10, data-data, data-length);
}
 
-   return status;
+   return NT_STATUS_OK;
 }
 
 /*

svn commit: samba r25776 - in branches/SAMBA_4_0/source/librpc/ndr: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 09:48:42 + (Thu, 01 Nov 2007)
New Revision: 25776

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25776

Log:
ndr compression: make use of NDR_CHECK() and not use NTSTATUS directly

metze
Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c  2007-11-01 
08:15:41 UTC (rev 25775)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_compression.c  2007-11-01 
09:48:42 UTC (rev 25776)
@@ -26,7 +26,8 @@
 
 static NTSTATUS ndr_pull_compression_mszip_chunk(struct ndr_pull *ndrpull,
 struct ndr_push *ndrpush,
-struct decomp_state 
*decomp_state)
+struct decomp_state 
*decomp_state,
+bool *last)
 {
DATA_BLOB comp_chunk;
uint32_t comp_chunk_offset;
@@ -65,17 +66,16 @@
 
if ((plain_chunk_size  0x8000) || (ndrpull-offset+4 = 
ndrpull-data_size)) {
/* this is the last chunk */
-   return NT_STATUS_OK;
+   *last = true;
}
 
-   return NT_STATUS_MORE_PROCESSING_REQUIRED;
+   return NT_STATUS_OK;
 }
 
 static NTSTATUS ndr_pull_compression_mszip(struct ndr_pull *subndr,
   struct ndr_pull **_comndr,
   ssize_t decompressed_len)
 {
-   NTSTATUS status = NT_STATUS_MORE_PROCESSING_REQUIRED;
struct ndr_push *ndrpush;
struct ndr_pull *comndr;
DATA_BLOB uncompressed;
@@ -84,6 +84,7 @@
uint32_t payload_offset;
uint8_t *payload;
struct decomp_state *decomp_state;
+   bool last = false;
 
ndrpush = ndr_push_init_ctx(subndr);
NT_STATUS_HAVE_NO_MEMORY(ndrpush);
@@ -91,10 +92,9 @@
decomp_state = ZIPdecomp_state(subndr);
NT_STATUS_HAVE_NO_MEMORY(decomp_state);
 
-   while (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
-   status = ndr_pull_compression_mszip_chunk(subndr, ndrpush, 
decomp_state);
+   while (!last) {
+   NDR_CHECK(ndr_pull_compression_mszip_chunk(subndr, ndrpush, 
decomp_state, last));
}
-   NT_STATUS_NOT_OK_RETURN(status);
 
uncompressed = ndr_push_blob(ndrpush);
 
@@ -152,7 +152,8 @@
 }
 
 static NTSTATUS ndr_pull_compression_xpress_chunk(struct ndr_pull *ndrpull,
- struct ndr_push *ndrpush)
+ struct ndr_push *ndrpush,
+ bool *last)
 {
DATA_BLOB comp_chunk;
uint32_t comp_chunk_offset;
@@ -181,28 +182,27 @@
 
if ((plain_chunk_size  0x0001) || (ndrpull-offset+4 = 
ndrpull-data_size)) {
/* this is the last chunk */
-   return NT_STATUS_OK;
+   *last = true;
}
 
-   return NT_STATUS_MORE_PROCESSING_REQUIRED;
+   return NT_STATUS_OK;
 }
 
 static NTSTATUS ndr_pull_compression_xpress(struct ndr_pull *subndr,
struct ndr_pull **_comndr,
ssize_t decompressed_len)
 {
-   NTSTATUS status = NT_STATUS_MORE_PROCESSING_REQUIRED;
struct ndr_push *ndrpush;
struct ndr_pull *comndr;
DATA_BLOB uncompressed;
+   bool last = false;
 
ndrpush = ndr_push_init_ctx(subndr);
NT_STATUS_HAVE_NO_MEMORY(ndrpush);
 
-   while (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
-   status = ndr_pull_compression_xpress_chunk(subndr, ndrpush);
+   while (!last) {
+   NDR_CHECK(ndr_pull_compression_xpress_chunk(subndr, ndrpush, 
last));
}
-   NT_STATUS_NOT_OK_RETURN(status);
 
uncompressed = ndr_push_blob(ndrpush);

svn commit: samba r25778 - in branches/SAMBA_4_0/source/librpc/ndr: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 10:13:36 + (Thu, 01 Nov 2007)
New Revision: 25778

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25778

Log:
use NT_STATUS_HAVE_NO_MEMORY() and NDR_CHECK() macros

metze
Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2007-11-01 09:50:24 UTC (rev 
25777)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2007-11-01 10:13:36 UTC (rev 
25778)
@@ -728,10 +728,9 @@
 {
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx);
-   if (!ndr) {
-   return NT_STATUS_NO_MEMORY;
-   }
-   return fn(ndr, NDR_SCALARS|NDR_BUFFERS, p);
+   NT_STATUS_HAVE_NO_MEMORY(ndr);
+   NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+   return NT_STATUS_OK;
 }
 
 /*
@@ -741,14 +740,9 @@
  ndr_pull_flags_fn_t fn)
 {
struct ndr_pull *ndr;
-   NTSTATUS status;
-
ndr = ndr_pull_init_blob(blob, mem_ctx);
-   if (!ndr) {
-   return NT_STATUS_NO_MEMORY;
-   }
-   status = fn(ndr, NDR_SCALARS|NDR_BUFFERS, p);
-   if (!NT_STATUS_IS_OK(status)) return status;
+   NT_STATUS_HAVE_NO_MEMORY(ndr);
+   NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
if (ndr-offset  ndr-data_size) {
return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
  not all bytes consumed ofs[%u] size[%u],
@@ -765,11 +759,10 @@
 {
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx);
-   if (!ndr) {
-   return NT_STATUS_NO_MEMORY;
-   }
+   NT_STATUS_HAVE_NO_MEMORY(ndr);
ndr_pull_set_switch_value(ndr, p, level);
-   return fn(ndr, NDR_SCALARS|NDR_BUFFERS, p);
+   NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+   return NT_STATUS_OK;
 }
 
 /*
@@ -780,15 +773,10 @@
 uint32_t level, ndr_pull_flags_fn_t fn)
 {
struct ndr_pull *ndr;
-   NTSTATUS status;
-
ndr = ndr_pull_init_blob(blob, mem_ctx);
-   if (!ndr) {
-   return NT_STATUS_NO_MEMORY;
-   }
+   NT_STATUS_HAVE_NO_MEMORY(ndr);
ndr_pull_set_switch_value(ndr, p, level);
-   status = fn(ndr, NDR_SCALARS|NDR_BUFFERS, p);
-   if (!NT_STATUS_IS_OK(status)) return status;
+   NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
if (ndr-offset  ndr-data_size) {
return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
  not all bytes consumed ofs[%u] size[%u],

svn commit: samba r25779 - in branches/SAMBA_4_0/source/librpc/ndr: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 10:15:13 + (Thu, 01 Nov 2007)
New Revision: 25779

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25779

Log:
the return value of ndr_pull_set_switch_value() should be checked

metze
Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2007-11-01 10:13:36 UTC (rev 
25778)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2007-11-01 10:15:13 UTC (rev 
25779)
@@ -760,7 +760,7 @@
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(ndr);
-   ndr_pull_set_switch_value(ndr, p, level);
+   NDR_CHECK(ndr_pull_set_switch_value(ndr, p, level));
NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
return NT_STATUS_OK;
 }
@@ -775,7 +775,7 @@
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(ndr);
-   ndr_pull_set_switch_value(ndr, p, level);
+   NDR_CHECK(ndr_pull_set_switch_value(ndr, p, level));
NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
if (ndr-offset  ndr-data_size) {
return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,

svn commit: samba r25780 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 11:43:00 + (Thu, 01 Nov 2007)
New Revision: 25780

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25780

Log:
fix bool return

metze
Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c   2007-11-01 
10:15:13 UTC (rev 25779)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c   2007-11-01 
11:43:00 UTC (rev 25780)
@@ -51,7 +51,7 @@
status = ndr_push_struct_blob(v, msg, sid, 
  (ndr_push_flags_fn_t)ndr_push_dom_sid);
if (!NT_STATUS_IS_OK(status)) {
-   return -1;
+   return false;
}
return (ldb_msg_add_value(msg, name, v, NULL) == 0);
 }

svn commit: samba r25781 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs

2007-11-01 Thread abartlet

Author: abartlet
Date: 2007-11-01 12:34:06 + (Thu, 01 Nov 2007)
New Revision: 25781

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25781

Log:
Handle and test linked attribute renames.  

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
   branches/SAMBA_4_0/testprogs/ejs/ldap.js


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
2007-11-01 11:43:00 UTC (rev 25780)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
2007-11-01 12:34:06 UTC (rev 25781)
@@ -41,6 +41,8 @@
struct ldb_request **down_req;
int num_requests;
int finished_requests;
+
+   const char **linked_attrs;
 };
 
 static struct linked_attributes_context *linked_attributes_init_handle(struct 
ldb_request *req, 
@@ -369,22 +371,323 @@
return ret;
 }
 
-/* delete */
-static int linked_attributes_delete(struct ldb_module *module, struct 
ldb_request *req)
+static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, 
+ struct linked_attributes_context *ac,
+ struct ldb_message *msg, 
+ struct ldb_dn *olddn, struct ldb_dn *newdn) 
 {
-   /* Look up list of linked attributes */
-   /* Search to see if any linked attributes are in this entry */
-   return ldb_next_request(module, req);
+   int i, j, ret = LDB_SUCCESS;
+   const struct dsdb_schema *schema = dsdb_get_schema(ldb);
+   /* Look up each of the returned attributes */
+   /* Find their schema */
+   /* And it is an actual entry: now create a series of modify requests */
+   for (i=0; i  msg-num_elements; i++) {
+   int otherid;
+   const struct dsdb_attribute *target_attr;
+   const struct ldb_message_element *el = msg-elements[i];
+   const struct dsdb_attribute *schema_attr
+   = dsdb_attribute_by_lDAPDisplayName(schema, el-name);
+   if (!schema_attr) {
+   ldb_asprintf_errstring(ldb, 
+  attribute %s is not a valid 
attribute in schema, el-name);
+   return LDB_ERR_OBJECT_CLASS_VIOLATION;  
+   }
+   /* We have a valid attribute, but if it's not linked they maybe 
we just got an extra return on our search... */
+   if (schema_attr-linkID == 0) {
+   continue;
+   }
+   
+   /* Depending on which direction this link is in, we need to 
find it's partner */
+   if ((schema_attr-linkID  1) == 1) {
+   otherid = schema_attr-linkID - 1;
+   } else {
+   otherid = schema_attr-linkID + 1;
+   }
+   
+   /* Now find the target attribute */
+   target_attr = dsdb_attribute_by_linkID(schema, otherid);
+   if (!target_attr) {
+   ldb_asprintf_errstring(ldb, 
+  attribute %s does not have 
valid link target, el-name);
+   return LDB_ERR_OBJECT_CLASS_VIOLATION;  
+   }
+   
+   /* For each value being moded, we need to setup the modify */
+   for (j=0; j  el-num_values; j++) {
+   struct ldb_message_element *ret_el;
+   struct ldb_request *new_req;
+   /* Create the modify request */
+   struct ldb_message *new_msg = ldb_msg_new(ac-down_req);
+   if (!new_msg) {
+   ldb_oom(ldb);
+   return LDB_ERR_OPERATIONS_ERROR;
+   }
+   new_msg-dn = ldb_dn_new(new_msg, ldb, (char 
*)el-values[j].data);
+   if (!new_msg-dn) {
+   ldb_asprintf_errstring(ldb, 
+  attribute %s value %s 
was not a valid DN, msg-elements[i].name,
+  el-values[j].data);
+   return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+   }
+   
+   if (olddn) {
+   ret = ldb_msg_add_empty(new_msg, 
target_attr-lDAPDisplayName, 
+   LDB_FLAG_MOD_DELETE, 
ret_el);
+   if (ret != LDB_SUCCESS) {
+   return ret;
+   }   
+   ret_el-values =

svn commit: samba r25782 - in branches/SAMBA_4_0/source/librpc/ndr: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 12:39:12 + (Thu, 01 Nov 2007)
New Revision: 25782

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25782

Log:
use NT_STATUS_HAVE_NO_MEMORY()

metze
Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c  2007-11-01 
12:34:06 UTC (rev 25781)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_spoolss_buf.c  2007-11-01 
12:39:12 UTC (rev 25782)
@@ -56,7 +56,7 @@
if (r-in.buffer) {\
DATA_BLOB _data_blob_info;\
_ndr_info = ndr_push_init_ctx(ndr);\
-   if (!_ndr_info) return NT_STATUS_NO_MEMORY;\
+   NT_STATUS_HAVE_NO_MEMORY(_ndr_info);\
_ndr_info-flags= ndr-flags;\
if (r-out.info) {\
struct __##fn __r;\
@@ -121,7 +121,7 @@
r-out.result   = _r.out.result;\
if (_r.out.info) {\
struct ndr_pull *_ndr_info = ndr_pull_init_blob(_r.out.info, 
ndr);\
-   if (!_ndr_info) return NT_STATUS_NO_MEMORY;\
+   NT_STATUS_HAVE_NO_MEMORY(_ndr_info);\
_ndr_info-flags= ndr-flags;\
if (r-in.offered != _ndr_info-data_size) {\
return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,\
@@ -415,7 +415,7 @@
{
struct __spoolss_GetPrinterData __r;
_ndr_info = ndr_push_init_ctx(ndr);
-   if (!_ndr_info) return NT_STATUS_NO_MEMORY;
+   NT_STATUS_HAVE_NO_MEMORY(_ndr_info);
_ndr_info-flags= ndr-flags;
__r.in.type = r-out.type;
__r.out.data= r-out.data;
@@ -470,7 +470,7 @@
if (_r.out.data.length  0  r-out.needed = 
_r.out.data.length) {
struct __spoolss_GetPrinterData __r;
struct ndr_pull *_ndr_data = 
ndr_pull_init_blob(_r.out.data, ndr);
-   if (!_ndr_data) return NT_STATUS_NO_MEMORY;
+   NT_STATUS_HAVE_NO_MEMORY(_ndr_data);
_ndr_data-flags= ndr-flags;
__r.in.type = r-out.type;
__r.out.data= r-out.data;
@@ -495,7 +495,7 @@
DATA_BLOB _data_blob_data;
 
_ndr_data = ndr_push_init_ctx(ndr);\
-   if (!_ndr_data) return NT_STATUS_NO_MEMORY;\
+   NT_STATUS_HAVE_NO_MEMORY(_ndr_data);\
_ndr_data-flags= ndr-flags;\
 
__r.in.type = r-in.type;

svn commit: samba r25783 - in branches/SAMBA_4_0/source/lib/socket_wrapper: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 13:10:59 + (Thu, 01 Nov 2007)
New Revision: 25783

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25783

Log:
socket_wrapper: don't include includes.h

metze
Modified:
   branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c
===
--- branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c   
2007-11-01 12:39:12 UTC (rev 25782)
+++ branches/SAMBA_4_0/source/lib/socket_wrapper/socket_wrapper.c   
2007-11-01 13:10:59 UTC (rev 25783)
@@ -42,20 +42,11 @@
 #ifdef _SAMBA_BUILD_
 
 #define SOCKET_WRAPPER_NOT_REPLACE
-#include includes.h
+#include lib/replace/replace.h
 #include system/network.h
 #include system/filesys.h
+#include system/time.h
 
-#ifdef malloc
-#undef malloc
-#endif
-#ifdef calloc
-#undef calloc
-#endif
-#ifdef strdup
-#undef strdup
-#endif
-
 #else /* _SAMBA_BUILD_ */
 
 #include sys/types.h
@@ -74,8 +65,10 @@
 #include string.h
 #include stdio.h
 
-#define _PUBLIC_
+#endif
 
+#ifndef _PUBLIC_
+#define _PUBLIC_
 #endif
 
 #define SWRAP_DLIST_ADD(list,item) do { \

Re: svn commit: samba r25781 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs

2007-11-01 Thread Stefan (metze) Metzmacher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 WebSVN: 
 http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25781
 
 Log:
 Handle and test linked attribute renames.  

Hi Andrew,

please also commit dsdb_linked_attribute_lDAPDisplayName_list()

metze
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHKdB3m70gjA5TCD8RAvFSAKCr4NH831xbf8GpwIkvNYMuXjAa9QCgmOQq
7m5caqhs02Dx76343G4DcLY=
=vmP7
-END PGP SIGNATURE-

svn commit: samba r25784 - in branches/SAMBA_4_0/source/librpc/ndr: .

2007-11-01 Thread metze

Author: metze
Date: 2007-11-01 13:22:20 + (Thu, 01 Nov 2007)
New Revision: 25784

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25784

Log:
fix compiler warning

metze
Modified:
   branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c  2007-11-01 13:10:59 UTC 
(rev 25783)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr_drsuapi.c  2007-11-01 13:22:20 UTC 
(rev 25784)
@@ -143,7 +143,7 @@
_oid = data_blob_hex_string(ndr, _oid_array);
NT_STATUS_HAVE_NO_MEMORY(_oid);
} else {
-   _OID_PULL_CHECK(ber_read_OID_String(r-oid, 
_oid_array, _oid));
+   _OID_PULL_CHECK(ber_read_OID_String(ndr, 
_oid_array, _oid));
}
data_blob_free(_oid_array);
talloc_steal(r-oid, _oid);

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-149-g6913536

2007-11-01 Thread Michael Adam

The branch, v3-2-test has been updated
   via  69135360648e395eda29b15625b20a877e38bdd8 (commit)
  from  8a77f520fa03afa60eac2aaeab4babe7dd8db4f0 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 69135360648e395eda29b15625b20a877e38bdd8
Author: Michael Adam [EMAIL PROTECTED]
Date:   Thu Nov 1 14:24:27 2007 +0100

Enable building the zfsacl VFS module by specifying
--with-shared-modules=vfs_zfsacl on the configure command line.

Michael

---

Summary of changes:
 source/configure.in |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/configure.in b/source/configure.in
index 80e57f8..9e1ebef 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -6295,6 +6295,7 @@ SMB_MODULE(vfs_gpfs, \$(VFS_GPFS_OBJ), 
bin/gpfs.$SHLIBEXT, VFS)
 SMB_MODULE(vfs_readahead, \$(VFS_READAHEAD_OBJ), bin/readahead.$SHLIBEXT, 
VFS)
 SMB_MODULE(vfs_fileid, \$(VFS_FILEID_OBJ), bin/fileid.$SHLIBEXT, VFS)
 SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), bin/syncops.$SHLIBEXT, VFS)
+SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), bin/zfsacl.$SHLIBEXT, VFS)
 
 SMB_SUBSYSTEM(VFS,smbd/vfs.o)
 


-- 
Samba Shared Repository

svn commit: samba-docs r1201 - in trunk/manpages-3: .

2007-11-01 Thread lmuelle

Author: lmuelle
Date: 2007-11-01 13:45:31 + (Thu, 01 Nov 2007)
New Revision: 1201

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1201

Log:
Fix type in SAM SET PWDMUSTCHANGENOW reported by Frederik Teichert of
zmnh.uni-hamburg.de.

Modified:
   trunk/manpages-3/net.8.xml


Changeset:
Modified: trunk/manpages-3/net.8.xml
===
--- trunk/manpages-3/net.8.xml  2007-10-30 14:04:26 UTC (rev 1200)
+++ trunk/manpages-3/net.8.xml  2007-11-01 13:45:31 UTC (rev 1201)
@@ -1122,7 +1122,7 @@
 /refsect2
 
 refsect2
-titleSAM SET PWMUSTCHANGENOW lt;NAMEgt; [yes|no]/title
+titleSAM SET PWDMUSTCHANGENOW lt;NAMEgt; [yes|no]/title
 
 para
 Set or unset the password must change flag for a user account.

Jonathan Parr presents www.libeldefense.com

2007-11-01 Thread Tommy Lee

www.libeldefense.com

Most people have limited knowledge when it comes to search engine ranking
and the various types of services on offer. We all know that having top 10
positions on some of the leading engines can bring all the traffic we can
handle, and then some. But how do we get those top 10 listings and what
should we expect to pay to get them?
September 6, 2000
 A simple way to approach this is to look at your competition. Do a quick
search on one of the leading engines like What U Seek, Google or AltaVista,
using a search phrase that people might use when looking for your products
or services, and check the number on the first results page that shows how
many pages have been found.

http://libeldefense.studioathome.com/

http://libeldefense.blogspirit.com/

http://libeldefense.blogster.com/jonathan_parr_presents.html

http://libeldefense.livejournal.com/723.html

http://libeldefense.blogspot.com/

http://www.bloglines.com/blog/libeldefense

http://libeldefense.bloghi.com/

http://libeldefense.tripod.com/libeldefense/

http://www.yasvs.com/

http://www.greatestjournal.com/users/libeldefense

http://www.greatestjournal.com/users/libeldefense/362.html

http://www.naymz.com/search/jonathan/parr/1314951

http://www.xanga.com/libeldefense

http://libeldefense.multiply.com/journal/

http://20six.co.uk/libeldefense/

http://libeldefense.blogsome.com/

http://www.freewebs.com/libeldefense/

http://dangerell.googlepages.com/home

http://www.opendiary.com/entrylist.asp?authorcode=D736464

http://libeldefense.bravehost.com/index.html

http://www.my-diary.org/users/296432

http://www.my-diary.org/edit/?action=viewentryentryid=541256338

http://libeldefense.blog.co.uk/

http://clearblogs.com/libeldefense/78969/Jonathan+Parr+presents+www.libeldefense.com.html

http://libeldefense.bloggerteam.com/entry.php?u=libeldefensee_id=293138

http://www.ebloggy.com/blog.php?username=libeldefenseid=1

http://libeldefense.blogs.ie/

http://www.teenblog.org/libeldefense/

http://libeldefense.myweblog.com/2007/10/27/jonathan-parr-presents-wwwlibeldefensecom/

http://libeldefense.egoweblog.com/

http://www.bahraichblogs.com/libeldefense/5952/

http://libeldefense.blogbeee.com/

http://portal.blogfusion.com/blogs/libeldefense/

http://noss123network.ning.com/profile/JonathanParr

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-150-g5cf2811

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  5cf2811e8e1d9e6a1114bbdff89c333d5b374282 (commit)
  from  69135360648e395eda29b15625b20a877e38bdd8 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 5cf2811e8e1d9e6a1114bbdff89c333d5b374282
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Nov 1 10:21:27 2007 -0700

Add missing recvfile_bytes element - noticed by Kukks.
Jeremy.

---

Summary of changes:
 source/include/smbprofile.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/smbprofile.h b/source/include/smbprofile.h
index acd8460..864f2bf 100644
--- a/source/include/smbprofile.h
+++ b/source/include/smbprofile.h
@@ -741,6 +741,7 @@ struct profile_stats {
unsigned syscall_read_bytes;
unsigned syscall_write_bytes;
unsigned syscall_sendfile_bytes;
+   unsigned syscall_recvfile_bytes;
 
 /* stat cache counters */
unsigned statcache_lookups;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-151-g94f2c35

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  94f2c35a683eace7f9f3dad9748aaec93f7c534f (commit)
  from  5cf2811e8e1d9e6a1114bbdff89c333d5b374282 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 94f2c35a683eace7f9f3dad9748aaec93f7c534f
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Wed Oct 31 15:06:22 2007 +0100

save memory

Hi!

Attached find a patch that I've wanted to check in for ages.
The whole area probably needs a major rewrite, but this is a
minimal patch that on a 32-bit box saves 1.5k per smbd per
defined share, twice as much on a 64-bit box.

Volker

From ebb80e664ecc49eb597a45cb57e1067fbae49e62 Mon Sep 17 00:00:00 2001
From: Volker Lendecke [EMAIL PROTECTED]
Date: Wed, 31 Oct 2007 15:04:34 +0100
Subject: [PATCH] Change global-copymap from bool* to a bitmap

We right now have 401 parameters, so with bool being represented as a 64-bit
integer this saves about 3k of memory per smbd per share that is defined in
smb.conf.

---

Summary of changes:
 source/param/loadparm.c |   27 +++
 1 files changed, 15 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index a5b2647..163f417 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -441,7 +441,7 @@ typedef struct {
bool bStrictAllocate;
bool bStrictSync;
char magic_char;
-   bool *copymap;
+   struct bitmap *copymap;
bool bDeleteReadonly;
bool bFakeOplocks;
bool bDeleteVetoFiles;
@@ -2181,7 +2181,8 @@ static const char *get_boolean(bool bool_value);
 static int getservicebyname(const char *pszServiceName,
service * pserviceDest);
 static void copy_service(service * pserviceDest,
-service * pserviceSource, bool *pcopymapDest);
+service * pserviceSource,
+struct bitmap *pcopymapDest);
 static bool do_parameter(const char *pszParmName, const char *pszParmValue);
 static bool do_section(const char *pszSectionName);
 static void init_copymap(service * pservice);
@@ -2455,7 +2456,7 @@ static void free_service(service *pservice)
   pservice-szService));
 
string_free(pservice-szService);
-   SAFE_FREE(pservice-copymap);
+   bitmap_free(pservice-copymap);
 
for (i = 0; parm_table[i].label; i++) {
if ((parm_table[i].type == P_STRING ||
@@ -3188,7 +3189,8 @@ static int getservicebyname(const char *pszServiceName, 
service * pserviceDest)
  If pcopymapDest is NULL then copy all fields
 ***/
 
-static void copy_service(service * pserviceDest, service * pserviceSource, 
bool *pcopymapDest)
+static void copy_service(service * pserviceDest, service * pserviceSource,
+struct bitmap *pcopymapDest)
 {
int i;
bool bcopyall = (pcopymapDest == NULL);
@@ -3197,7 +3199,7 @@ static void copy_service(service * pserviceDest, service 
* pserviceSource, bool
 
for (i = 0; parm_table[i].label; i++)
if (parm_table[i].ptr  parm_table[i].p_class == P_LOCAL 
-   (bcopyall || pcopymapDest[i])) {
+   (bcopyall || bitmap_query(pcopymapDest,i))) {
void *def_ptr = parm_table[i].ptr;
void *src_ptr =
((char *)pserviceSource) + PTR_DIFF(def_ptr,
@@ -3244,9 +3246,8 @@ static void copy_service(service * pserviceDest, service 
* pserviceSource, bool
if (bcopyall) {
init_copymap(pserviceDest);
if (pserviceSource-copymap)
-   memcpy((void *)pserviceDest-copymap,
-  (void *)pserviceSource-copymap,
-  sizeof(bool) * NUMPARAMETERS);
+   bitmap_copy(pserviceDest-copymap,
+   pserviceSource-copymap);
}

data = pserviceSource-param_opt;
@@ -3985,15 +3986,17 @@ static bool handle_printing(int snum, const char 
*pszParmValue, char **ptr)
 static void init_copymap(service * pservice)
 {
int i;
-   SAFE_FREE(pservice-copymap);
-   pservice-copymap = SMB_MALLOC_ARRAY(bool,NUMPARAMETERS);
+   if (pservice-copymap) {
+   bitmap_free(pservice-copymap);
+   }
+   pservice-copymap = bitmap_allocate(NUMPARAMETERS);
if (!pservice-copymap)
DEBUG(0,
  (Couldn't allocate copymap!! (size %d)\n,
   (int)NUMPARAMETERS));
else
for (i = 0; i  NUMPARAMETERS; i++)
-

svn commit: samba r25785 - in branches/SAMBA_4_0/source/librpc/idl: .

2007-11-01 Thread sahlberg

Author: sahlberg
Date: 2007-11-01 20:30:55 + (Thu, 01 Nov 2007)
New Revision: 25785

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25785

Log:
more small updates to frsrpc
tag 18 contains a timestamp


Modified:
   branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 13:22:20 UTC 
(rev 25784)
+++ branches/SAMBA_4_0/source/librpc/idl/frsrpc.idl 2007-11-01 20:30:55 UTC 
(rev 25785)
@@ -30,7 +30,13 @@
[subcontext(4)] nstring dest_server;
} frsrpc_FrsSendCommPktChunkDataDSRV;
 
+   /* TAG:18 this TLV contains a  timestamp 
+   */
+   typedef struct {
+   [subcontext(4)] NTTIME time;
+   } frsrpc_FrsSendCommPktChunkDataTS;
 
+
typedef struct {
uint32 unknown1;
} frsrpc_FrsSendCommPktChunkDataA;
@@ -46,10 +52,6 @@
GUID unknown2;
} frsrpc_FrsSendCommPktChunkDataC;
 
-   typedef struct {
-   NTTIME time;
-   } frsrpc_FrsSendCommPktChunkDataD;
-
typedef [nodiscriminant] union {
[default,flag(NDR_REMAINING)] DATA_BLOB blob;
[case(1)] frsrpc_FrsSendCommPktChunkDataA A;
@@ -59,7 +61,7 @@
[case(5)] frsrpc_FrsSendCommPktChunkDataB B;
[case(8)] frsrpc_FrsSendCommPktChunkDataB B;
[case(6)] frsrpc_FrsSendCommPktChunkDataC C;
-   [case(18)] frsrpc_FrsSendCommPktChunkDataD D;
+   [case(18)] frsrpc_FrsSendCommPktChunkDataTS TS;
[case(19)] frsrpc_FrsSendCommPktChunkDataA A;
} frsrpc_FrsSendCommPktChunkData;
 
@@ -110,8 +112,9 @@
 *
 *
 * The tags are (might be) :
-* 3: Source server sending the PDU
-* 4: Destination server the PDU is sent to
+*  3: Source server sending the PDU
+*  4: Destination server the PDU is sent to
+* 18: Timestamp
 *
 */
[subcontext(4)/*,size_is(tlv_size)*/] 
frsrpc_FrsSendCommPktChunkCtr *chunks;

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-152-gb481abf

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  b481abf5914dcafe5642c4d9394d02603e905bbb (commit)
  from  94f2c35a683eace7f9f3dad9748aaec93f7c534f (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit b481abf5914dcafe5642c4d9394d02603e905bbb
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Sat Oct 20 11:12:11 2007 +0200

Fix for bug 5021

This is a different fix than the bug reporter (Evgeniy Dushistov
dushistov at mail.ru, thanks!) created, but it lives without the boolean
status variable. Untested so far, but I can not add attachments to bugs 
right
now. But to me this looks really obvious.

---

Summary of changes:
 source/libsmb/libsmbclient.c |6 +-
 1 files changed, 5 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c
index 0b45cad..ff434d2 100644
--- a/source/libsmb/libsmbclient.c
+++ b/source/libsmb/libsmbclient.c
@@ -2671,7 +2671,11 @@ smbc_opendir_ctx(SMBCCTX *context,
 return NULL;
 }
 
-ip_list = server_addr;
+   ip_list = memdup(server_addr, sizeof(server_addr));
+   if (ip_list == NULL) {
+   errno = ENOMEM;
+   return NULL;
+   }
 count = 1;
 }
 


-- 
Samba Shared Repository

svn commit: samba r25786 - in branches/SAMBA_4_0/source/dsdb/schema: .

2007-11-01 Thread abartlet

Author: abartlet
Date: 2007-11-01 22:01:48 + (Thu, 01 Nov 2007)
New Revision: 25786

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25786

Log:
Add function required by linked_attributes module (We need a list of
all linked attributes in the schema, so we can try and find them).

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/schema/schema_init.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c
===
--- branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-11-01 20:30:55 UTC 
(rev 25785)
+++ branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-11-01 22:01:48 UTC 
(rev 25786)
@@ -1014,6 +1014,26 @@
return NULL;
 }
 
+WERROR dsdb_linked_attribute_lDAPDisplayName_list(const struct dsdb_schema 
*schema, TALLOC_CTX *mem_ctx, const char ***attr_list_ret)
+{
+   const char **attr_list = NULL;
+   struct dsdb_attribute *cur;
+   int i = 0;
+   for (cur = schema-attributes; cur; cur = cur-next) {
+   if (cur-linkID == 0) continue;
+   
+   attr_list = talloc_realloc(mem_ctx, attr_list, const char *, 
i+2);
+   if (!attr_list) {
+   return WERR_NOMEM;
+   }
+   attr_list[i] = cur-lDAPDisplayName;
+   i++;
+   }
+   attr_list[i] = NULL;
+   *attr_list_ret = attr_list;
+   return WERR_OK;
+}
+
 int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
 {
int ret;

Build status as of Fri Nov 2 00:00:02 2007

2007-11-01 Thread build

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2007-11-01 
00:01:56.0 +
+++ /home/build/master/cache/broken_results.txt 2007-11-02 00:00:34.0 
+
@@ -1,4 +1,4 @@
-Build status as of Thu Nov  1 00:00:02 2007
+Build status as of Fri Nov  2 00:00:02 2007
 
 Build counts:
 Tree Total  Broken Panic 
@@ -16,9 +16,9 @@
 rsync29 13 0 
 samba-docs   0  0  0 
 samba-gtk2  2  0 
-samba4   26 18 5 
+samba4   25 20 1 
 samba_3_20  0  0 
-samba_3_2_test 28 18 0 
+samba_3_2_test 28 19 0 
 smb-build28 28 0 
 talloc   29 2  0 
 tdb  29 3  0

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-153-g47dbddc

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  47dbddcb5361caa30ee60cf4e15bb50d557d1191 (commit)
  from  b481abf5914dcafe5642c4d9394d02603e905bbb (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 47dbddcb5361caa30ee60cf4e15bb50d557d1191
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Nov 1 18:30:02 2007 -0700

Add brackets so as not to break the POSIX caps return.
Jeremy.

---

Summary of changes:
 source/smbd/trans2.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 09a8fcc..c9ea029 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -2738,8 +2738,8 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, 
(unsigned int)bsize, (unsigned
CIFS_UNIX_EXTATTR_CAP|
CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP|
CIFS_UNIX_LARGE_READ_CAP|
-   large_write ?
-   CIFS_UNIX_LARGE_WRITE_CAP : 0)));
+   (large_write ?
+   CIFS_UNIX_LARGE_WRITE_CAP : 0;
break;
}
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-156-g779353b

2007-11-01 Thread Gerald (Jerry) Carter

The branch, v3-2-test has been updated
   via  779353b86d1699324149896f1ffa237c6ebe46ec (commit)
   via  d6cdbfd875bb2653e831d314726c3240beb0a96b (commit)
   via  b7d2fadbef044a89920da613b1aafc74a3d94e24 (commit)
  from  47dbddcb5361caa30ee60cf4e15bb50d557d1191 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 779353b86d1699324149896f1ffa237c6ebe46ec
Merge: d6cdbfd875bb2653e831d314726c3240beb0a96b 
47dbddcb5361caa30ee60cf4e15bb50d557d1191
Author: Gerald (Jerry) Carter [EMAIL PROTECTED]
Date:   Thu Nov 1 21:30:43 2007 -0400

Merge branch 'v3-2-test' of git://git.samba.org/samba into v3-2-test

commit d6cdbfd875bb2653e831d314726c3240beb0a96b
Author: Gerald (Jerry) Carter [EMAIL PROTECTED]
Date:   Thu Nov 1 15:53:44 2007 -0400

Patch 2 of 3 from Debian Samba packagers:

The point is doing the following associations:

- non discardable state data (all TDB files that may need to be backed
  up) go to statedir
- shared data (codepage stuff) go to codepagedir

The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.

The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir

commit b7d2fadbef044a89920da613b1aafc74a3d94e24
Author: Gerald (Jerry) Carter [EMAIL PROTECTED]
Date:   Thu Nov 1 13:00:10 2007 -0400

Patch from Debian Samba package maintainers:

Patch 1 of 3:

- Patch 1 adds the new variables
- Patch 2 makes uses of them for files belonging to the state path
  and the code pages path
  This patch seemed more easily acceptable, which explains why we
  separated it from patch 3
- Patch 3 reassigns files to the cache path. Indeed all debatable
  changes have been moved to that one

The point is adding:

- a path for non discardable state data: basically all TDB files
  that may need to be backed up
- a path for shared data: mostly codepage stuff
- a path for cache data to host files such as
  browse.dat, printers.tbd, printer.tdb

All these are currently mixed in libdir (${prefix}/lib/samba by default).
The patch keeps these new paths to point to ${prefix}/lib/samba by default
and does therefore not change the software behaviour.  Used alone, it just
adds unused variables...so it can safely be used in sources without any
behaviour change and no impact on Samba developers work.

---

Summary of changes:
 source/Makefile.in   |   16 +---
 source/configure.in  |7 +++
 source/dynconfig.c   |   31 +++
 source/groupdb/mapping_ldb.c |8 
 source/groupdb/mapping_tdb.c |2 +-
 source/include/dynconfig.h   |4 
 source/intl/lang_tdb.c   |2 +-
 source/lib/account_pol.c |4 ++--
 source/lib/sharesec.c|4 ++--
 source/lib/util.c|   33 +
 source/lib/util_unistr.c |6 +++---
 source/nmbd/nmbd_winsserver.c|4 ++--
 source/param/loadparm.c  |8 
 source/passdb/pdb_tdb.c  |4 ++--
 source/printing/nt_printing.c|   12 ++--
 source/registry/reg_db.c |   10 +-
 source/registry/reg_perfcount.c  |4 ++--
 source/rpc_server/srv_eventlog_lib.c |4 ++--
 source/winbindd/idmap_tdb.c  |2 +-
 19 files changed, 125 insertions(+), 40 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/Makefile.in b/source/Makefile.in
index a1da65a..baa1828 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -127,6 +127,13 @@ SWATDIR = @swatdir@
 # the directory where lock files go
 LOCKDIR = @lockdir@
 
+# FHS directories; equal to LOCKDIR if not using --with-fhs
+CACHEDIR = @cachedir@
+STATEDIR = @statedir@
+
+# Where to look for (and install) codepage databases.
+CODEPAGEDIR = @codepagedir@
+
 # the directory where pid files go
 PIDDIR = @piddir@
 
@@ -154,7 +161,10 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\$(SMB_PASSWD_FILE)\ \
-DLOGFILEBASE=\$(LOGFILEBASE)\ \
-DSHLIBEXT=\@[EMAIL PROTECTED] \
-DCTDBDIR=\$(CTDBDIR)\ \
-   -DCONFIGDIR=\$(CONFIGDIR)\
+   -DCONFIGDIR=\$(CONFIGDIR)\ \
+   -DCODEPAGEDIR=\$(CODEPAGEDIR)\ \
+   -DCACHEDIR=\$(CACHEDIR)\ \
+   -DSTATEDIR=\$(STATEDIR)\
 
 # Note that all executable programs now provide for an optional executable 
suffix.
 
@@ -1761,10 +1771,10 @@ installscripts: installdirs
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN)

Rev 675: patch from michael adam in http://samba.org/~tridge/ctdb

2007-11-01 Thread tridge


revno: 675
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
committer: Andrew Tridgell [EMAIL PROTECTED]
branch nick: tridge
timestamp: Fri 2007-11-02 13:20:29 +1100
message:
  patch from michael adam
modified:
  web/download.html  
getting_the_code.htm-20070608005948-wn5ag3uowh6dbnwr-1
=== modified file 'web/download.html'
--- a/web/download.html 2007-06-12 04:43:26 +
+++ b/web/download.html 2007-11-02 02:20:29 +
@@ -29,7 +29,7 @@
 /pre
 
 
-h2Samba3 ctdb verion/h2
+h2Samba3 ctdb version/h2
 The fastest way to checkout an initial copy of the Samba3 tree with clustering 
patches is:
 pre
   rsync -avz samba.org::ftp/unpacked/samba_3_0_ctdb .
@@ -49,7 +49,7 @@
 
 h2Binary Packages/h2
 
-Note that packages are so far only available for RHEL4. Other packages
+Note that packages are so far only available for RHEL5. Other packages
 will come later. p
 
 See a href=packages/packages/a directory for package

svn commit: samba r25787 - in branches/SAMBA_4_0/testprogs/ejs: .

2007-11-01 Thread abartlet

Author: abartlet
Date: 2007-11-02 02:51:54 + (Fri, 02 Nov 2007)
New Revision: 25787

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25787

Log:
Assert that we handle the group membership updating correctly,
including when we delete members from the DB.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/testprogs/ejs/ldap.js


Changeset:
Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-01 22:01:48 UTC (rev 
25786)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-02 02:51:54 UTC (rev 
25787)
@@ -509,6 +509,7 @@
assert(res.msgs[0].primaryGroupID == 513);
 // assert(res.msgs[0].sAMAccountType == 805306368);
 // assert(res.msgs[0].userAccountControl == 546);
+   assert(res.msgs[0].memberOf[0] == (CN=ldaptestgroup2,CN=Users, + 
base_dn));
 
println(Testing ldb.search for 
((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration, 
+ base_dn + )));
var res2 = 
ldb.search(((cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration,
 + base_dn + )));
@@ -640,7 +641,26 @@
assert(res.msgs[0].nTSecurityDescriptor != undefined);
assert(res.msgs[0].memberOf[0] == (CN=ldaptestgroup2,CN=Users, + 
base_dn));
 
-   ok = ldb.del(res.msgs[0].dn);
+var attrs = new Array(cn, name, objectClass, objectGUID, 
whenCreated, nTSecurityDescriptor, member);
+   println(Testing ldb.search for 
((cn=ldaptestgroup2)(objectClass=group)));
+   var res = ldb.search(((cn=ldaptestgroup2)(objectClass=group)), 
base_dn, ldb.SCOPE_SUBTREE, attrs);
+   if (res.error != 0 || res.msgs.length != 1) {
+   println(Could not find 
((cn=ldaptestgroup2)(objectClass=group)));
+   assert(res.error == 0);
+   assert(res.msgs.length == 1);
+   }
+
+   assert(res.msgs[0].dn == (CN=ldaptestgroup2,CN=Users, + base_dn));
+   assert(res.msgs[0].cn == ldaptestgroup2);
+   assert(res.msgs[0].name == ldaptestgroup2);
+   assert(res.msgs[0].objectClass[0] == top);
+   assert(res.msgs[0].objectClass[1] == group);
+   assert(res.msgs[0].objectGUID != undefined);
+   assert(res.msgs[0].whenCreated != undefined);
+   assert(res.msgs[0].nTSecurityDescriptor != undefined);
+   assert(res.msgs[0].member[0] == (CN=ldaptestuser2,CN=Users, + 
base_dn));
+
+   ok = ldb.del((CN=ldaptestuser2,CN=Users, + base_dn));
if (ok.error != 0) {
println(ok.errstr);
assert(ok.error == 0);

svn commit: samba r25788 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs

2007-11-01 Thread abartlet

Author: abartlet
Date: 2007-11-02 03:39:24 + (Fri, 02 Nov 2007)
New Revision: 25788

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25788

Log:
Use a single routine to handle the creation of modify requests in the
linked_attributs code.

This drasticly reduces the code duplication here.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
   branches/SAMBA_4_0/testprogs/ejs/ldap.js


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
2007-11-02 02:51:54 UTC (rev 25787)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
2007-11-02 03:39:24 UTC (rev 25788)
@@ -77,10 +77,135 @@
return ac;
 }
 
+/* Common routine to handle reading the attributes and creating a
+ * series of modify requests */
+
+static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, 
+ struct linked_attributes_context *ac,
+ struct ldb_message *msg, 
+ struct ldb_dn *olddn, struct ldb_dn *newdn) 
+{
+   int i, j, ret = LDB_SUCCESS;
+   const struct dsdb_schema *schema = dsdb_get_schema(ldb);
+   /* Look up each of the returned attributes */
+   /* Find their schema */
+   /* And it is an actual entry: now create a series of modify requests */
+   for (i=0; i  msg-num_elements; i++) {
+   int otherid;
+   const struct dsdb_attribute *target_attr;
+   const struct ldb_message_element *el = msg-elements[i];
+   const struct dsdb_attribute *schema_attr
+   = dsdb_attribute_by_lDAPDisplayName(schema, el-name);
+   if (!schema_attr) {
+   ldb_asprintf_errstring(ldb, 
+  attribute %s is not a valid 
attribute in schema, el-name);
+   return LDB_ERR_OBJECT_CLASS_VIOLATION;  
+   }
+   /* We have a valid attribute, but if it's not linked they maybe 
we just got an extra return on our search... */
+   if (schema_attr-linkID == 0) {
+   continue;
+   }
+   
+   /* Depending on which direction this link is in, we need to 
find it's partner */
+   if ((schema_attr-linkID  1) == 1) {
+   otherid = schema_attr-linkID - 1;
+   } else {
+   otherid = schema_attr-linkID + 1;
+   }
+   
+   /* Now find the target attribute */
+   target_attr = dsdb_attribute_by_linkID(schema, otherid);
+   if (!target_attr) {
+   ldb_asprintf_errstring(ldb, 
+  attribute %s does not have 
valid link target, el-name);
+   return LDB_ERR_OBJECT_CLASS_VIOLATION;  
+   }
+   
+   /* For each value being moded, we need to setup the modify */
+   for (j=0; j  el-num_values; j++) {
+   struct ldb_message_element *ret_el;
+   struct ldb_request *new_req;
+   /* Create the modify request */
+   struct ldb_message *new_msg = ldb_msg_new(ac-down_req);
+   if (!new_msg) {
+   ldb_oom(ldb);
+   return LDB_ERR_OPERATIONS_ERROR;
+   }
+   new_msg-dn = ldb_dn_new(new_msg, ldb, (char 
*)el-values[j].data);
+   if (!new_msg-dn) {
+   ldb_asprintf_errstring(ldb, 
+  attribute %s value %s 
was not a valid DN, msg-elements[i].name,
+  el-values[j].data);
+   return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+   }
+   
+   if (olddn) {
+   ret = ldb_msg_add_empty(new_msg, 
target_attr-lDAPDisplayName, 
+   LDB_FLAG_MOD_DELETE, 
ret_el);
+   if (ret != LDB_SUCCESS) {
+   return ret;
+   }   
+   ret_el-values = talloc_array(new_msg, struct 
ldb_val, 1);
+   if (!ret_el-values) {
+   ldb_oom(ldb);
+   return LDB_ERR_OPERATIONS_ERROR;
+   }
+   ret_el-values[0] =

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-157-g1c71546

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  1c71546b6152d2930b98f766311bbd161ee0ee4e (commit)
  from  779353b86d1699324149896f1ffa237c6ebe46ec (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 1c71546b6152d2930b98f766311bbd161ee0ee4e
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Nov 1 21:51:45 2007 -0700

Ensure we detect a large writeX when using recvfile.
More changes needed to make the UNIX_LARGE_WRITEX_CAP
writes work (I'll add these tomorrow).
Jeremy.

---

Summary of changes:
 source/smbd/reply.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index d2aa6c6..d4f3f1f 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3926,7 +3926,8 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
numtowrite = SVAL(req-inbuf,smb_vwv10);
smb_doff = SVAL(req-inbuf,smb_vwv11);
smblen = smb_len(req-inbuf);
-   large_writeX = ((req-wct == 14)  (smblen  0x));
+   large_writeX = (req-wct == 14 
+   (smblen  0x || req-unread_bytes  0x));
 
/* Deal with possible LARGE_WRITEX */
if (large_writeX) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-158-g2d3ff9c

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  2d3ff9c502105f92720131355b41e48be8d656c2 (commit)
  from  1c71546b6152d2930b98f766311bbd161ee0ee4e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 2d3ff9c502105f92720131355b41e48be8d656c2
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Nov 1 22:24:39 2007 -0700

Be careful and take care of the correct lengths in large
writeX calls.
Jeremy.

---

Summary of changes:
 source/smbd/reply.c |   16 +++-
 1 files changed, 7 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index d4f3f1f..c83066d 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3912,7 +3912,6 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
unsigned int smb_doff;
unsigned int smblen;
char *data;
-   bool large_writeX;
NTSTATUS status;
 
START_PROFILE(SMBwriteX);
@@ -3926,12 +3925,11 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
numtowrite = SVAL(req-inbuf,smb_vwv10);
smb_doff = SVAL(req-inbuf,smb_vwv11);
smblen = smb_len(req-inbuf);
-   large_writeX = (req-wct == 14 
-   (smblen  0x || req-unread_bytes  0x));
 
-   /* Deal with possible LARGE_WRITEX */
-   if (large_writeX) {
-   numtowrite |= size_t)SVAL(req-inbuf,smb_vwv9))  1 )16);
+   if (req-unread_bytes  0x ||
+   (smblen  smb_doff + 4 
+   smblen - smb_doff + 4  0x)) {
+   numtowrite |= (((size_t)SVAL(req-inbuf,smb_vwv9))16);
}
 
if (req-unread_bytes) {
@@ -3941,7 +3939,8 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
return;
}
} else {
-   if (smb_doff  smblen || smb_doff + numtowrite  smblen) {
+   if (smb_doff + 4  smblen || smb_doff + 4 + numtowrite  
numtowrite ||
+   smb_doff + 4 + numtowrite  smblen) {
reply_doserror(req, ERRDOS, ERRbadmem);
END_PROFILE(SMBwriteX);
return;
@@ -4032,8 +4031,7 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
 
reply_outbuf(req, 6, 0);
SSVAL(req-outbuf,smb_vwv2,nwritten);
-   if (large_writeX)
-   SSVAL(req-outbuf,smb_vwv4,(nwritten16)1);
+   SSVAL(req-outbuf,smb_vwv4,nwritten16);
 
if (nwritten  (ssize_t)numtowrite) {
SCVAL(req-outbuf,smb_rcls,ERRHRD);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-159-g84d22f7

2007-11-01 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  84d22f7747126608b9460f9591bb5967d871b82d (commit)
  from  2d3ff9c502105f92720131355b41e48be8d656c2 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 84d22f7747126608b9460f9591bb5967d871b82d
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Nov 1 22:42:21 2007 -0700

Ensure we can't accidently do a pipe write with
unread bytes in the socket buffer.
Jeremy

---

Summary of changes:
 source/smbd/reply.c |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index c83066d..de0e852 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3949,6 +3949,11 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
 
/* If it's an IPC, pass off the pipe handler. */
if (IS_IPC(conn)) {
+   if (req-unread_bytes) {
+   reply_doserror(req, ERRDOS, ERRbadmem);
+   END_PROFILE(SMBwriteX);
+   return;
+   }
reply_pipe_write_and_X(req);
END_PROFILE(SMBwriteX);
return;


-- 
Samba Shared Repository

58 matches

Mail list logo