Re: [Samba] How does the guest account param work?
Just to close this off. Thanks to all for the assistance. I do have DHCP handing out the samba WINS server. What I have found is; 1. Despite the claim being so, Windows cannot network neighbourhood browse without using port 139. At least my XP SP2 boxes (5) can't. So using 'smb ports = 445' doesn't work. 2. I have 'map to guest = Bad User' set and have been trying to browse the Workgroup My Network Places - Entire Network - Microsoft Windows Network - workgroup_name on an XP host under my user name. But this particular machine has no passwd for my user. As I am set up in Samba as a user and with a passwd, from those machines where my username has a passwd which matches the registered samba passwd, I have no problems. However on the machine where I have no passwd set, unlike the other XP boxes, I am unable to browse the Workgroup at all. If I know the share I can connect as a guest, but I can't browse the Workgroup the way it is possible to do with Windows Hosts. In fact, it appears that with Samba unless you are a recognised user, you cannot browse the workgroup at all. You can log on to a share, IF you know the name of that share, but it appears Samba does not allow you to browse a workgroup for which it is the master. Kind Regards Kyle Michael Heydon wrote: Theoretically this should all just happen automatically, in the real world the broadcast method of finding hosts and workgroups is pretty flakey. MS worked around this by creating WINS, which is sort of like DNS for SMB. All MS servers since way back when have handed out WINS settings via DHCP out of the box. Under *nix, you need to tell your DHCP server to hand out a WINS server (or specify it on each machine manually). On an unrelated note, your smb.conf is overly complex, you are specifying a lot of settings where the defaults are most likely entirely suitable. You might find it easier in the long term to start over again with the standard config that ships with samba and only add settings that you actually need. (e.g. messing with buffer settings has been depreciated for quite some years). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Browsning problems from Vista
I have a setup where a Vista machine that is behind a NAT connects to a Linux (debian) machine to access SMB shares on that machine. The connection is made with VPN using L2TP/IPSec. I have configured the Linux machine to act as WINS server and PPP will give the Vista machine a new IP on the same subnet and also tell Vista that the WINS server is the Linux machine. I have added one share named samba and I can connect it using either IP\Samba or Debian\Samba where debian is the name of the Linux machine. What I'm missing is that Vista cannot find the shares unless I know they exists, i.e I cannot find that network and browse it using the network explorer. Since I can write Debian to connect I guess WINS is somewhat working. What more do I need to configure for Vista to be able to browse the network connected with the VPN. Is it something with workgroups? I do not want to change to workgroup on vista and I think it should be possible to browse other workgroups as long as you belong to the same subnet. Any ideas on this? /Bengt Werstén -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Samba with more than one Active Directory
We have more than ten different domains in our network but we don't want to use more than ten servers for this. Is there no possibility to use only one server for all domains? F. Niedernolte -Ursprüngliche Nachricht- Von: Ryan Bair [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 18. Oktober 2008 00:41 An: Niedernolte, Frederik, D-CS-IT ICS Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba with more than one Active Directory Typically you would want the two domains to trust each other and you would only be a member of one. If you had multiple Sambas running you might be able to join two domains, but it wouldn't be pretty. On Fri, Oct 17, 2008 at 3:25 AM, [EMAIL PROTECTED] wrote: I want to use Samba together with freeRADIUS in an Active Directory network. I successfully followed these instructions for that: http://deployingradius.com/documents/configuration/active_directory.html Now my question is: How can I use Samba with more than one Active Directory? Because it must work with A D Example 1, Example 2 etc. and not only with Example 1. Thanks for help. Best regards, F. Niedernolte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Newbie question for samba 3.0.28 configuration
Hello everyone, I am new to samba so after some trial, I got stuck with my setup, so I decide to post here to look for your assist, so thank you first! and below is my installation requirement: I have 01 server ( running CentOS 5.2) and I will use it as file server for 20 workstations that running Windows XP. The setup look easy at requested that: - 01 Directory will permit EVERYBODY in office access with read/write permission, I name it PUBLIC - 01 Directory only permit some persons in office access with read/write, another will not permited. I name it ADMINISTRATIVE I can make it work with the PUBLIC directory but how can I configure it to limit access on ADMINISTRATIVE directory I tried security = user and guest ok = yes in [global] section of configuration file and put guest ok = no in section [ADMINISTRATIVE] but when I put an user name I not permit to write on ADMINISTRATIVE directory when asked, it still can write to it. So what am I wrong and which permission I need to set on that directory ? I've used Windows XP to test access to it My samba version is 3.0.28 (which shipped by CentOS 5.2) Thank you for your assist! regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote: My questions are: 1) What is required for the smb.conf to get it talking to the windows 2k server? 2) What other environment configuration is required to get vampire to work correctly? My understanding is that vampire will NOT work with a Windows 2k server, only an NT4 server... :( -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Sorry, the binary would be much more helpful. I don't have Visual Studio installed anywhere. Volker pgpq8x6Ow0N4r.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? Thanks, Volker pgpYt7Xj6hzHI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On 2008-10-20 13:55, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 01:18:11PM +0200, Peter Rindfuss wrote: Hi, I have just set up a new 64bit server as PDC with opensuse 11 and samba 3.2.4. The configuration was taken over from suse 10 with samba 3.0.24. So far, everything on the new server works fine but this: I have a C++ utility program running under win xp which creates users and home directories usind win32 api calls. It worked fine with samba 3.0.24 and before, but causes a samba panic when it executes the CreateDirectory win32 api call for the home directory. A log file snippet is attached. My own testing shows that the panic only happens when CreateDirectory is called with a SECURITY_ATTRIBUTES structure in order to set the correct acls for the new directory: CreateDirectory(HomePath, security_attributes); - panic whereas CreateDirectory(HomePath, NULL); - ok I tried some variants like CreateDirectory ( HomePath, NULL ) ; - ok SetFileSecurity(Homepath, ..., security_descriptor); - panic and finally came up with this solution CreateDirectory(HomePath, NULL); - ok SetNamedSecurityInfo( ); - ok Strange thing is that in all variants I start out with the same SECURITY_DESCRIPTOR structure. Can you send me that utility or a sniff? Volker Hi Volker, attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Peter bool SeleneConnection::TestDACL ( void ) { bool ok ; int needed ; int status ; int i, n ; char *sddl ; volatile DWORD error ; static char path[] = selene\\wzbadmin\\samba\\user\\aaa ; static char sidnewstring[] = S-1-5-21-3308023661-3915791984-1724325443-61014 ; // some user static char groupsidstring[] = S-1-5-21-3308023661-3915791984-1724325443-513 ; // Domain Users (unix group 'users') // sddlfmt was obtained by means of the utility 'subinacl' static const char sddlfmt[] = O:%sG:%sD:(A;OICI;FA;;;%s)(A;OICIWD)(A;%s)(A;OICIIO;FA;;;CO)(A;OICIIOCG) ; PSECURITY_DESCRIPTOR secdes ; #ifdef createdir_alt SECURITY_ATTRIBUTES secattr ; #else PACL dacl ; PSID owner, group ; BOOL present, def ; #endif ok = false ; needed = (sizeof(sddlfmt) - 1) + ((lstrlen(sidnewstring) - 2) + (lstrlen(groupsidstring) - 2)) * 2 + 1 ; sddl = new char[needed] ; wsprintf ( sddl, sddlfmt, sidnewstring, groupsidstring, sidnewstring, groupsidstring ) ; ok = ConvertStringSecurityDescriptorToSecurityDescriptor ( sddl, SDDL_REVISION_1, secdes, NULL ) ; delete[] sddl ; if ( ! ok ) goto exit0 ; #ifdef createdir_alt // this does work in 3.0.24, but not in 3.2.4 secattr.nLength = sizeof ( SECURITY_ATTRIBUTES ) ; secattr.lpSecurityDescriptor = secdes ; secattr.bInheritHandle = false ; ok = CreateDirectory ( HomePath, secattr ) ; // -- panic error = GetLastError () ; #else // this does work in 3.2.4 ok = CreateDirectory ( path, NULL ) ; ok = okGetSecurityDescriptorDacl ( secdes, present, dacl, def ) ; ok = okGetSecurityDescriptorOwner ( secdes, owner, def ) ; ok = okGetSecurityDescriptorGroup ( secdes, group, def ) ; if ( ok ) { ok = (SetNamedSecurityInfo ( path, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, owner, group, dacl, NULL ) == ERROR_SUCCESS) ; error = GetLastError () ; } #endif LocalFree ( secdes ) ; if ( ! ok ) goto exit0 ; ok = true ; exit0: return ( ok ) ; } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On 2008-10-20 14:45, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Sorry, the binary would be much more helpful. I don't have Visual Studio installed anywhere. Volker It's Borland C++ 5, actually. I'd love to give you the executable but it is highly site-specific, does many non-samba things (needs libmySQL.dll, for instance), has an ini file that contains a sensitive password and so on. It will not work for you. If I find the time I'll put together a small program that just calls the test code. Cheers, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 01:18:11PM +0200, Peter Rindfuss wrote: Hi, I have just set up a new 64bit server as PDC with opensuse 11 and samba 3.2.4. The configuration was taken over from suse 10 with samba 3.0.24. So far, everything on the new server works fine but this: I have a C++ utility program running under win xp which creates users and home directories usind win32 api calls. It worked fine with samba 3.0.24 and before, but causes a samba panic when it executes the CreateDirectory win32 api call for the home directory. A log file snippet is attached. My own testing shows that the panic only happens when CreateDirectory is called with a SECURITY_ATTRIBUTES structure in order to set the correct acls for the new directory: CreateDirectory(HomePath, security_attributes); - panic whereas CreateDirectory(HomePath, NULL); - ok I tried some variants like CreateDirectory ( HomePath, NULL ) ; - ok SetFileSecurity(Homepath, ..., security_descriptor); - panic and finally came up with this solution CreateDirectory(HomePath, NULL); - ok SetNamedSecurityInfo( ); - ok Strange thing is that in all variants I start out with the same SECURITY_DESCRIPTOR structure. Can you send me that utility or a sniff? Volker pgpVjtQSXEVWa.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 03:04:06PM +0200, Peter Rindfuss wrote: On 2008-10-20 14:45, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Sorry, the binary would be much more helpful. I don't have Visual Studio installed anywhere. Volker It's Borland C++ 5, actually. I'd love to give you the executable but it is highly site-specific, does many non-samba things (needs libmySQL.dll, for instance), has an ini file that contains a sensitive password and so on. It will not work for you. If I find the time I'll put together a small program that just calls the test code. Good. Alternatively, smb.conf, sniff and debug level 10 log might also help. Volker pgpv8F101MvCF.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbie question for samba 3.0.28 configuration
Norberto Bensa wrote: On Monday October 20 2008 06:47:27 Lunix1618 wrote: I tried security = user and guest ok = yes in [global] try removing that and add guest ok = Yes in [PUBLIC]. Norberto, I success with anonymous access for PUBLIC, what I want is access control on ADMINISTRATIVE, any thoughts ? thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Different IPs on a samba server #2
Leonardo Boselli wrote: It occurred also to me, with a 100% win2000 (PDC and WS) network: wins is based on broadcasts. so these does not passed the routers, and yes, they need some time to propagate, even 4 or more hours ! the way i resolved was this: That must have been my problem. I emailed back later that day that it just started working and I had not done anything different (well, I had done one other thing, but then I removed what I did and then it started working). I guess it just took a few hours for it to propagate. Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? since you have no idea on what part of the message you are replying to. of course is a worse idea to quote the entire message, either top or bottom. Yep, I will agree. Thanks for the reply. -- Scott Mayo - System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Peter # Samba config file created using SWAT # from 193.174.6.50 (193.174.6.50) # Date: 2008/08/15 10:55:55 [global] display charset = UTF-8 workgroup = WZB server string = File Server interfaces = 127.0.0.1, 193.174.6.4 bind interfaces only = Yes passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/ guest account = guest passwd program = /usr/local/sbin/wzbpasswd -U -M -s -x %u passwd chat = *Enter*password* %n\n *Re-enter*password* %n\n *changed* username map = /etc/samba/smbusers unix password sync = Yes lanman auth = No syslog = 0 smb ports = 139 time server = Yes socket options = TCP_NODELAY SO_KEEPALIVE load printers = No printcap name = /dev/null add user script = /usr/local/sbin/wzbuseradd -q -I -y -c %u delete user script = /usr/local/sbin/wzbuserdel -q -d %u add group script = /usr/local/sbin/wzbgroupadd -q -y '%g' delete group script = /usr/local/sbin/wzbgroupdel -q '%g' add user to group script = /usr/local/sbin/wzbgroupmemberadd -q '%g' %u delete user from group script = /usr/local/sbin/wzbgroupmemberdel -q '%g' %u set primary group script = /usr/local/sbin/wzbgroupprim -q %u '%g' add machine script = /usr/local/sbin/wzbuseradd -q -y -x %m logon script = login.cmd logon path = logon home = \\selene\wzb domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes kernel oplocks = No ldap admin dn = cn=root,dc=wzb,dc=eu ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap suffix = ou=accounts,dc=wzb,dc=eu ldap ssl = no ldap user suffix = ou=users host msdfs = No vscan-fsav:config-file = /etc/samba/fsav.conf ldapsam:trusted = Yes admin users = @admins create mask = 0700 directory mask = 0700 hosts allow = 193.174.6.0/255.255.254.0 ea support = Yes map acl inherit = Yes cups options = raw hide unreadable = Yes map archive = No mangled names = No store dos attributes = Yes dos filemode = Yes [printers] comment = Network Printers path = /var/spool/cups create mask = 0600 hosts allow = 127.0.0.1, 193.174.6.0/23 hosts deny = 0.0.0.0 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @admins force group = @admins create mask = 0664 directory mask = 0775 available = No [netlogon] comment = Network Logon Service path = /wzb/netlogon valid users = @admins, @users, root admin users = @admins, root guest ok = Yes browseable = No [wzb] comment = WZB File Server path = /wzb/samba valid users = @admins, @users, root admin users = @admins, root read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes use sendfile = Yes hide dot files = No hide special files = Yes map readonly = permissions mangled names = Yes root preexec = /usr/local/sbin/wzbldapsettime %u sambaLogonTime root postexec = /usr/local/sbin/wzbldapsettime %u sambaLogoffTime [admin] comment = Zugriff auf Alles für die Admins path = / valid users = @admins, root admin users = @admins, root read only = No inherit acls = Yes inherit owner = Yes hide dot files = No hide unreadable = No mangled names = Yes browseable = No [wzbadmin] path = /wzb valid users = @admins read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes mangled names = Yes [pmail] comment = Pegasus Mail Share path = /wzb/pmail valid users = @admins, @users read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes hide special files = Yes
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Sure. Just set debug level = 10. Then all new connections will get the higher debuglevel. Alternatively, connect from your client, look at smbstatus output to find your smbd pid and issue smbcontrol smbd-pid debug 10 to make just that one smbd use that debuglevel. Volker pgpT3Ekk8e731.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
smbcontrol pid_of_daemon debug 10 --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 20/10/2008 15:11:41 : On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Peter # Samba config file created using SWAT # from 193.174.6.50 (193.174.6.50) # Date: 2008/08/15 10:55:55 [global] display charset = UTF-8 workgroup = WZB server string = File Server interfaces = 127.0.0.1, 193.174.6.4 bind interfaces only = Yes passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/ guest account = guest passwd program = /usr/local/sbin/wzbpasswd -U -M -s -x %u passwd chat = *Enter*password* %n\n *Re-enter*password* %n\n *changed* username map = /etc/samba/smbusers unix password sync = Yes lanman auth = No syslog = 0 smb ports = 139 time server = Yes socket options = TCP_NODELAY SO_KEEPALIVE load printers = No printcap name = /dev/null add user script = /usr/local/sbin/wzbuseradd -q -I -y -c %u delete user script = /usr/local/sbin/wzbuserdel -q -d %u add group script = /usr/local/sbin/wzbgroupadd -q -y '%g' delete group script = /usr/local/sbin/wzbgroupdel -q '%g' add user to group script = /usr/local/sbin/wzbgroupmemberadd -q '%g' %u delete user from group script = /usr/local/sbin/wzbgroupmemberdel-q '%g' %u set primary group script = /usr/local/sbin/wzbgroupprim -q %u '%g' add machine script = /usr/local/sbin/wzbuseradd -q -y -x %m logon script = login.cmd logon path = logon home = \\selene\wzb domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes kernel oplocks = No ldap admin dn = cn=root,dc=wzb,dc=eu ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap suffix = ou=accounts,dc=wzb,dc=eu ldap ssl = no ldap user suffix = ou=users host msdfs = No vscan-fsav:config-file = /etc/samba/fsav.conf ldapsam:trusted = Yes admin users = @admins create mask = 0700 directory mask = 0700 hosts allow = 193.174.6.0/255.255.254.0 ea support = Yes map acl inherit = Yes cups options = raw hide unreadable = Yes map archive = No mangled names = No store dos attributes = Yes dos filemode = Yes [printers] comment = Network Printers path = /var/spool/cups create mask = 0600 hosts allow = 127.0.0.1, 193.174.6.0/23 hosts deny = 0.0.0.0 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @admins force group = @admins create mask = 0664 directory mask = 0775 available = No [netlogon] comment = Network Logon Service path = /wzb/netlogon valid users = @admins, @users, root admin users = @admins, root guest ok = Yes browseable = No [wzb] comment = WZB File Server path = /wzb/samba valid users = @admins, @users, root admin users = @admins, root read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes use sendfile = Yes hide dot files = No hide special files = Yes map readonly = permissions mangled names = Yes root preexec = /usr/local/sbin/wzbldapsettime %u sambaLogonTime root postexec = /usr/local/sbin/wzbldapsettime %u sambaLogoffTime [admin] comment = Zugriff auf Alles für die Admins path = / valid users = @admins, root admin users = @admins, root read only = No inherit acls = Yes inherit owner = Yes hide dot files = No hide unreadable = No mangled names = Yes browseable = No [wzbadmin] path = /wzb valid users = @admins read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes mangled names = Yes [pmail] comment = Pegasus Mail Share path = /wzb/pmail valid users = @admins, @users read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes hide special files = Yes map readonly = permissions mangled names = Yes [antivirus] path = /wzb/antivirus valid users = @admins, @users read only = No inherit permissions =
[Samba] Samba 3.2.4
I have downloaded the source code to my AIX 5.3 server and have compiled it. I'm trying to mount some dfs windows shares to my unix/AIX server using samba. However, I think I'm looking for a smbmount command so that I can mount these shares on my AIX server. I ran the configure command with the -with-smbmount option, but I just don't see the smbmount command at all. What am I missing or what other options do I need? Jesse D Hernandez II | Sr. System Administrator | Blue Cross Blue Shield of Kansas City | Phone 816.349.6041 | [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] | http://www.bcbskc.com The BCBSKC Mail System made the following annotations: CONFIDENTIALITY NOTICE: This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary, confidential, trade secret or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited and may be a violation of law. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender by reply email and destroy all copies of the original message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On 2008-10-20 15:17, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Sure. Just set debug level = 10. Then all new connections will get the higher debuglevel. Alternatively, connect from your client, look at smbstatus output to find your smbd pid and issue smbcontrol smbd-pid debug 10 to make just that one smbd use that debuglevel. Volker Here comes the log; I went to the CreateDirectory call in the debugger, turned level 10 on and stepped over the call. Second try; gzipped now. Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Yes, it is possible. You must have multiple sambaDomainName entries, all with same SID value. I have this, and works very good. Jorge C. PD. Sorry for my bad english. On Mon, 20 Oct 2008 02:27:39 -0300, Mohammad Reza Hosseini [EMAIL PROTECTED] wrote: hello Is it possible to have multiple samba servers so multiple samba PDC domains but just one ldap server ? (so users in ldap can login to diffrent domains but we add them just one time) if yes how? thanks. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba4/Win2008: error - directory property cannot be found in the cache
Joel Reed wrote: I setup a samba4 pdc and successfully added a Windows 2008 machine to the domain. When I start up the Active Directory Users and Computers tool, I get a Naming information cannot be located because: directory property cannot be found in the cache error. I tried this with Windows 2003 as well. The computer can be successfully added to the domain, but the dsa.msc tool fails on load with a similar error about naming information cannot be located. Are there some dns records required for these tools that are not required for domain join operations? I've also successfully joined a linux box running winbind to this domain as well. jr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbie question for samba 3.0.28 configuration
On Monday October 20 2008 06:47:27 Lunix1618 wrote: I tried security = user and guest ok = yes in [global] try removing that and add guest ok = Yes in [PUBLIC]. Regards, -- Norberto Bensa Linux 2.6.27-gentoo Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz 09:01:17 up 18:46, 1 user, load average: 0.01, 0.07, 0.08 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Quoting Jorge Concha C. [EMAIL PROTECTED]: You must have multiple sambaDomainName entries, all with same SID value. What sambaSID do your users have? What does net getdomainsid return on your domains? I'm asking because I have 4 domains (long history, don't ask) and I'm currently moving them from tdbsam to ldapsam. I have no problems with my users because no user is repeated in two domains except for one soporte. I need this user soporte to be able to log in my 4 domains. Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.2.4 CreateDirectory panic
Hi, I have just set up a new 64bit server as PDC with opensuse 11 and samba 3.2.4. The configuration was taken over from suse 10 with samba 3.0.24. So far, everything on the new server works fine but this: I have a C++ utility program running under win xp which creates users and home directories usind win32 api calls. It worked fine with samba 3.0.24 and before, but causes a samba panic when it executes the CreateDirectory win32 api call for the home directory. A log file snippet is attached. My own testing shows that the panic only happens when CreateDirectory is called with a SECURITY_ATTRIBUTES structure in order to set the correct acls for the new directory: CreateDirectory(HomePath, security_attributes); - panic whereas CreateDirectory(HomePath, NULL); - ok I tried some variants like CreateDirectory ( HomePath, NULL ) ; - ok SetFileSecurity(Homepath, ..., security_descriptor); - panic and finally came up with this solution CreateDirectory(HomePath, NULL); - ok SetNamedSecurityInfo( ); - ok Strange thing is that in all variants I start out with the same SECURITY_DESCRIPTOR structure. Peter Rindfuss [2008/10/19 19:23:44, 0] lib/fault.c:fault_report(40) === [2008/10/19 19:23:44, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 5515 (3.2.4-0.1.130-1906-SUSE-SL11.0) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/10/19 19:23:44, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/10/19 19:23:44, 0] lib/fault.c:fault_report(44) === [2008/10/19 19:23:44, 0] lib/util.c:smb_panic(1663) PANIC (pid 5515): internal error [2008/10/19 19:23:44, 0] lib/util.c:log_stack_trace(1767) BACKTRACE: 18 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7fb621ea] #1 /usr/sbin/smbd(smb_panic+0x1f) [0x7fb622bf] #2 /usr/sbin/smbd [0x7fb621feb000] #3 /lib64/libpthread.so.0 [0x7fb61fbb1b30] #4 /usr/sbin/smbd(sid_compare+0x28) [0x7fb621ff91d8] #5 /usr/sbin/smbd(add_sid_to_array_unique+0x4d) [0x7fb621ff98ad] #6 /usr/sbin/smbd(create_token_from_username+0x4a6) [0x7fb622045b56] #7 /usr/sbin/smbd(user_in_group_sid+0x5a) [0x7fb62204630a] #8 /usr/sbin/smbd [0x7fb621e7104e] #9 /usr/sbin/smbd(set_nt_acl+0xab5) [0x7fb621e76265] #10 /usr/sbin/smbd [0x7fb621e8ae01] #11 /usr/sbin/smbd [0x7fb621e31fbc] #12 /usr/sbin/smbd(reply_nttrans+0x75c) [0x7fb621e32f8c] #13 /usr/sbin/smbd [0x7fb621e788ce] #14 /usr/sbin/smbd(smbd_process+0x263) [0x7fb621e7ab93] #15 /usr/sbin/smbd(main+0x1fa2) [0x7fb6221f9ad2] #16 /lib64/libc.so.6(__libc_start_main+0xe6) [0x7fb61e173436] #17 /usr/sbin/smbd [0x7fb621e01aa9] [2008/10/19 19:23:44, 0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/smbd-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] heimdal and windows compatibility up-to-date informations
Pascal Levy a écrit : Thanks for your input. Yet additional few questions, now I'm trying it... I'm understanding the users are supposed to autenticate against the kerberos realm, not against he AD domain. But this only appears in the connection dialog once once you ran ksetup on the windows host. Is there a way to automatically configure this when the host join the domain, rather than manually on each host (/me is a total AD newbie) ? And is there a way to prevent the display of the AD realm in this dialog, to prevent user confusion ? -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strange message in a samba log
Hi all, A user contact me because I cannot open some file on the server. And when I look her log file I can read : [2008/10/20 16:21:03, 0] smbd/notify_inotify.c:inotify_setup(283) Failed to init inotify - Trop de fichiers ouverts (too many open file) What's happening ? Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon Script Via Group
Hello, In order to use Samba and migrate our Windows domain we need to be able to map users to a drive based on the Unix groups they are a member of. IE: If user is a member of finance, map drive f:\ finance If user is a a member of domainusers, run logon script logon.bat I tried placing differnet logon scripts in a directory named after the groupname and using the %g variable in Samba but it did not work. It only looks up the FIRST group ignoring the rest. Please let us know a easy way to do this. Thanks = New York Film Academy Study Abroad Filmmaking Acting. London, Paris, Florence, USA. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294 -- Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
All my users can log in at all my 3 domains. Responses: All sambaDomainName entries: sambaSID=S-1-5-21-3209642587-1536209094-3825437934 same for all domains. users: user1 = S-1-5-21-3209642587-1536209094-3825437934-4801 user2 = S-1-5-21-3209642587-1536209094-3825437934-4802 user3 = S-1-5-21-3209642587-1536209094-3825437934-4803 etc. net getdomainsid @ all machines: SID for domain SAMBA1 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain DOMAIN1 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain SAMBA2 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain DOMAIN2 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain SAMBA3 is: S-1-5-21-3209642587-1536209094-3825437934 SID for domain DOMAIN3 is: S-1-5-21-3209642587-1536209094-3825437934 On Mon, 20 Oct 2008 11:42:45 -0300, Norberto Bensa [EMAIL PROTECTED] wrote: Quoting Jorge Concha C. [EMAIL PROTECTED]: You must have multiple sambaDomainName entries, all with same SID value. What sambaSID do your users have? What does net getdomainsid return on your domains? I'm asking because I have 4 domains (long history, don't ask) and I'm currently moving them from tdbsam to ldapsam. I have no problems with my users because no user is repeated in two domains except for one soporte. I need this user soporte to be able to log in my 4 domains. Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4
On Mon, Oct 20, 2008 at 09:05:58AM -0500, Jesse D Hernandez II (AIX Support) wrote: I have downloaded the source code to my AIX 5.3 server and have compiled it. I'm trying to mount some dfs windows shares to my unix/AIX server using samba. However, I think I'm looking for a smbmount command so that I can mount these shares on my AIX server. I ran the configure command with the -with-smbmount option, but I just don't see the smbmount command at all. What am I missing or what other options do I need? smbmount is a kernel option that is only supported on Linux, and even there it is replaced with mount.cifs. You might want to contact your IBM support if there is kernel support for SMB in AIX (which I doubt). Volker pgpaCbIn6mAkx.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon Script Via Group
Jeff L schrieb: Hello, In order to use Samba and migrate our Windows domain we need to be able to map users to a drive based on the Unix groups they are a member of. IE: If user is a member of finance, map drive f:\ finance If user is a a member of domainusers, run logon script logon.bat I tried placing differnet logon scripts in a directory named after the groupname and using the %g variable in Samba but it did not work. It only looks up the FIRST group ignoring the rest. Please let us know a easy way to do this. Thanks = New York Film Academy Study Abroad Filmmaking Acting. London, Paris, Florence, USA. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294 Hi, you might give all users a default.bat in this you may split running other scripts by hostname username groupname group can be matched with the ifmember.exe util i.e default.bat @echo off REM default login script [EMAIL PROTECTED] REM --- REM exec bat for logged in machine ( maybe software status for machine ) echo %COMPUTERNAME% call %COMPUTERNAME%.bat REM --- REM exec bat for login user echo %USERNAME% call %USERNAME%.bat REM - REM exec bat for different groups REM ifmember.exe must be in the netlogon share download it at m$ REM be aware that ifmember will give result in the current win language REM unlike normal dos REM positive result from ifmember will match in errorlevel 1 ifmember /v /l DOMAINNAME\Domain Users if errorlevel 1 call domainusers.bat ifmember /v /l DOMAINNAME\Domain Admins if errorlevel 1 call domainadmins.bat and domainusers.bat @echo off REM install the pdfprinter drivers must allready be uploaded REM typical use with cups-pdf rundll32 printui.dll,PrintUIEntry /dn /n \\YOUR-PDC-NAME\pdfprinter /q rundll32 printui.dll,PrintUIEntry /in /n \\YOUR-PDC-NAME\pdfprinter net use z: \\YOUR-PDC-NAME\users /persistent:no with such logic you should be able to solve login stuff NT Group related -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4
On Mon, Oct 20, 2008 at 09:05:58AM -0500, Jesse D Hernandez II (AIX Support) wrote: I have downloaded the source code to my AIX 5.3 server and have compiled it. I'm trying to mount some dfs windows shares to my unix/AIX server using samba. However, I think I'm looking for a smbmount command so that I can mount these shares on my AIX server. I ran the configure command with the -with-smbmount option, but I just don't see the smbmount command at all. What am I missing or what other options do I need? smbmount is a kernel option that is only supported on Linux, and even there it is replaced with mount.cifs. You might want to contact your IBM support if there is kernel support for SMB in AIX (which I doubt). There is kernel support for SMB in AIX. I've never tested it against MS DFS shares. Here is a link to the AIX 5.3 doc for it: http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.commadmn/doc/commadmndita/smbfs_intro.htm John Janosik [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
Quoting Jorge Concha C. [EMAIL PROTECTED]: All my users can log in at all my 3 domains. Of course. All your domains have the same SID... Why did you chose this setup instead of domain trusts? Wouldn't a two-way trust give the same functionality? Thanks! Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Closing sessions and smbstatus
Hi, When are client sessions closed? Let me explain what I'm trying to do... we're in a School district and we try to stop kids logging more than once. They way I did this before was to dump the active sessions from our previous Server2003 fileserver into a file once a minute and process it with a Perl script to check who was connected from where, rebooting machines remotely as needed! This work well enough with the odd 'hung' session causing minor problems. So now I'm trying to do the same thing with our new Samba (3.0.31) fileserver using the output from smbstatus. However, in many cases sessions are still in there long after the user has logged out of the machine. I'm even seeing two sessions for different people on the same machine with the same pid number! How is this working? Why are not all sessions ending when the user logs off? Am I going to be able to use this for what I'm trying to do?!! The fileserver itself is working great, we have over 2000 users happily using it with less problems than we had on the Windows box. I really appreciate all the work the Samba team does! Many thanks, Steve Rippl Woodland School District -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Change of server - Backup Help
I go change my Samba/Ldap server. I will make a backup of the following files The files: /etc/samba/* /etc/openldap/* and # slapcat ldap_db.ldf There are other files to backup? Missing something? -- Thanks, advance -- Iarly Selbir ( Ski0s ) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 04:09:57PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:17, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Sure. Just set debug level = 10. Then all new connections will get the higher debuglevel. Alternatively, connect from your client, look at smbstatus output to find your smbd pid and issue smbcontrol smbd-pid debug 10 to make just that one smbd use that debuglevel. Volker Here comes the log; I went to the CreateDirectory call in the debugger, turned level 10 on and stepped over the call. Second try; gzipped now. No log attached to this message I'm afraid. Can you try again please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
Jeremy Allison wrote: On Mon, Oct 20, 2008 at 04:09:57PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:17, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Sure. Just set debug level = 10. Then all new connections will get the higher debuglevel. Alternatively, connect from your client, look at smbstatus output to find your smbd pid and issue smbcontrol smbd-pid debug 10 to make just that one smbd use that debuglevel. Volker Here comes the log; I went to the CreateDirectory call in the debugger, turned level 10 on and stepped over the call. Second try; gzipped now. No log attached to this message I'm afraid. Can you try again please ? Sure. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 CreateDirectory panic
On Mon, Oct 20, 2008 at 08:54:11PM +0200, Peter Rindfuss wrote: Jeremy Allison wrote: On Mon, Oct 20, 2008 at 04:09:57PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:17, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote: On 2008-10-20 15:02, Volker Lendecke wrote: On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote: attached is the subroutine that I used for testing. The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not with 3.2.4. The #else part works with 3.2.4. Both versions are based upon the same security descriptor structure. Can you also send your smb.conf and a debug level 10 log leading to this error? smb.conf is attached. Is it possible to turn on level 10 logging without restarting the daemon? It is our production server and I'm not willing to disturb any existing connection. Sure. Just set debug level = 10. Then all new connections will get the higher debuglevel. Alternatively, connect from your client, look at smbstatus output to find your smbd pid and issue smbcontrol smbd-pid debug 10 to make just that one smbd use that debuglevel. Volker Here comes the log; I went to the CreateDirectory call in the debugger, turned level 10 on and stepped over the call. Second try; gzipped now. No log attached to this message I'm afraid. Can you try again please ? Still nothing attached to this message. Try a different mailer ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Hi, When are client sessions closed? Let me explain what I'm trying to do... we're in a School district and we try to stop kids logging more than once. They way I did this before was to dump the active sessions from our previous Server2003 fileserver into a file once a minute and process it with a Perl script to check who was connected from where, rebooting machines remotely as needed! This work well enough with the odd 'hung' session causing minor problems. I'm in exactly the same situation. The school, PDC for ~100 computers, hundreds of users. We need to track the logon / logoff. I can't find any usable tools so I made my own system. I found that most reliable is the smbstatus output. Windows do strange thinks with connections during domain logons so use of preexec script is complicated. By the Perl script I run smbstatus every 5 seconds, scan the changes from previous run and write it to the MySQL DB. That's all woks fine. So now I'm trying to do the same thing with our new Samba (3.0.31) fileserver using the output from smbstatus. However, in many cases sessions are still in there long after the user has logged out of the machine. I'm even seeing two sessions for different people on the same machine with the same pid number! How is this working? Why are not all sessions ending when the user logs off? Am I going to be able to use this for what I'm trying to do?!! I have some problems with this too. See this thread: [Samba] smbstatus - switched off computers are sometimes showed http://lists.samba.org/archive/samba/2008-September/143701.html Now I get some new experience with it. The main problem is that samba sometimes doesn't update the sessionid.tdb file when the process exits. This records is not showed in smbstatus output, because smbstatus checks if the PID exists. I patched the smbstatus so it showed me that there is the records with no related PID. Then, maybe after 1 day or so, this PID is used for other proccess and I can see the ghost logon in my tracking system (and in most cases logoff at next run - after 5 seconds). On the list is now the thread [Samba] processes not closing where is described some self-repair function related do sessionid.tdf file. The samba process when writing to this file should check all records and delete it if the PID doesn't exist. It will be nice but In my situation it doesn't work. Maybe it's because of Samba version (3.0.24, official Debian Etch package). The most strange think I've seen is that I get some fake logon records for one user day-by-day at the same time. Let say [EMAIL PROTECTED] - tracked logon at tuesday 14:10:12, then at the same time at wednesday and thursday. In fact the COMP1 is switched off or other user is loged on at the time. The USER1 were loged on the COMP1 at monday. The fileserver itself is working great, we have over 2000 users happily using it with less problems than we had on the Windows box. I really appreciate all the work the Samba team does! The same experience. Samba-based solution with one PDC is rock-stable for us in comparsion with several Windows 2003 AD servers running before. Many thanks, Steve Rippl Woodland School District -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change of server - Backup Help
Quoting Iarly Selbir [EMAIL PROTECTED]: There are other files to backup? *I* would also backup /var/{cache,lib,spool}/samba just in case. Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Nfs4 kerberos intergation
Hi, I have two linux machines whom are currently linked via nfs3. A directory form one machine is mounted on the other, and this directory is part of a samba share. This setup works fine, except for the 16 groups limitation. To overcome this I have upgrades to nfs4, and use mit-kerberos. How can I tell samba to kinit to the current user so that the mounted nfs4 share is read with the right permissions? Thanks alot! Reino Mostert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two questions
1) A lot (but not all) of my smbd / nmbd logs are going to /var/log/messages instead of /var/log/samba/ I tried a couple of things in syslog.conf, but just don't know the magic word for samba logs. 2) I'm getting lots of couldn't find service errors. I had: [data] path = /data read only = no public = yes browseable = yes writeable = yes force user = nfsnobody force group = nfsnobody guest ok = yes The netbios name is stb-data, and it was complaining about couldn't find service stb-data. I changed the stanza to: [stb-data] path = /data comment = STB Group file server read only = no public = yes browseable = yes writeable = yes force user = nfsnobody force group = nfsnobody guest ok = yes And now I get couldn't find service data Everything seems to work OK, but I get dozens of lines about this, and it would be nice to just not have to see them. How do I get rid of the couldn't find service errors? -- *** * John Oliver http://www.john-oliver.net/ * * * *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
On Mon, 2008-10-20 at 21:10 +0200, Vlastimil Šetka wrote: Hi, When are client sessions closed? Let me explain what I'm trying to do... we're in a School district and we try to stop kids logging more than once. They way I did this before was to dump the active sessions from our previous Server2003 fileserver into a file once a minute and process it with a Perl script to check who was connected from where, rebooting machines remotely as needed! This work well enough with the odd 'hung' session causing minor problems. I'm in exactly the same situation. The school, PDC for ~100 computers, hundreds of users. We need to track the logon / logoff. I can't find any usable tools so I made my own system. I found that most reliable is the smbstatus output. Windows do strange thinks with connections during domain logons so use of preexec script is complicated. By the Perl script I run smbstatus every 5 seconds, scan the changes from previous run and write it to the MySQL DB. That's all woks fine. So now I'm trying to do the same thing with our new Samba (3.0.31) fileserver using the output from smbstatus. However, in many cases sessions are still in there long after the user has logged out of the machine. I'm even seeing two sessions for different people on the same machine with the same pid number! How is this working? Why are not all sessions ending when the user logs off? Am I going to be able to use this for what I'm trying to do?!! I have some problems with this too. See this thread: [Samba] smbstatus - switched off computers are sometimes showed http://lists.samba.org/archive/samba/2008-September/143701.html Now I get some new experience with it. The main problem is that samba sometimes doesn't update the sessionid.tdb file when the process exits. This records is not showed in smbstatus output, because smbstatus checks if the PID exists. I patched the smbstatus so it showed me that there is the records with no related PID. Then, maybe after 1 day or so, this PID is used for other proccess and I can see the ghost logon in my tracking system (and in most cases logoff at next run - after 5 seconds). On the list is now the thread [Samba] processes not closing where is described some self-repair function related do sessionid.tdf file. The samba process when writing to this file should check all records and delete it if the PID doesn't exist. It will be nice but In my situation it doesn't work. Maybe it's because of Samba version (3.0.24, official Debian Etch package). But checking our server I find that the processes DO still exist! So I'm getting a user session in smbstatus with a specific PID and when I ps -ef | grep PID there is the smbd process still running, yet the user has long since logged out (days ago)?! It's not just that the .tbd file hasn't been updated, it's that the /usr/local/bin/smbd process is still running. A restart of Samba clears them all up immediately, but why are they hanging around when the client is gone? Is this just happening to me on our particular setup or is this normal behavior? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
But checking our server I find that the processes DO still exist! So I'm getting a user session in smbstatus with a specific PID and when I ps -ef | grep PID there is the smbd process still running, yet the user has long since logged out (days ago)?! It's not just that the .tbd file hasn't been updated, it's that the /usr/local/bin/smbd process is still running. A restart of Samba clears them all up immediately, but why are they hanging around when the client is gone? Is this just happening to me on our particular setup or is this normal behavior? We have ~400 logons per day. Sometimes (average 1 process per day) some processes hangs - the PID exists but user is several hours loged off. In this time other users were loged on this station... But there are some locked files connected with this PID - I think this is because the process isn'n closed. Can you see some locked files connected with the bogus PID in smbstatus output? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
On Mon, Oct 20, 2008 at 12:52:57PM -0700, Steve Rippl wrote: But checking our server I find that the processes DO still exist! So I'm getting a user session in smbstatus with a specific PID and when I ps -ef | grep PID there is the smbd process still running, yet the user has long since logged out (days ago)?! It's not just that the .tbd file hasn't been updated, it's that the /usr/local/bin/smbd process is still running. A restart of Samba clears them all up immediately, but why are they hanging around when the client is gone? Is this just happening to me on our particular setup or is this normal behavior? No, that's not normal behavior, but it does explain why the session id's are hanging around. Once the client terminates the TCP session the smbd should die (and clean up all resources such as session id's etc.). When you find a process in this state attach using strace -p pid (on Linux) to see what it's up to. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon Script Via Group
Please take a look here http://lists.samba.org/archive/samba/2004-February/079796.html -- Venlig Hilsen Rune TønnesenQuoting Jeff L [EMAIL PROTECTED]: Hello, In order to use Samba and migrate our Windows domain we need to be able to map users to a drive based on the Unix groups they are a member of. IE: If user is a member of finance, map drive f:\ finance If user is a a member of domainusers, run logon script logon.bat I tried placing differnet logon scripts in a directory named after the groupname and using the %g variable in Samba but it did not work. It only looks up the FIRST group ignoring the rest. Please let us know a easy way to do this. Thanks = New York Film Academy Study Abroad Filmmaking Acting. London, Paris, Florence, USA. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294 -- Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The first one I believe is in the manual, and/or it is a compile flag. Look for syslog in the Samba manual. John Oliver wrote: 1) A lot (but not all) of my smbd / nmbd logs are going to /var/log/messages instead of /var/log/samba/ I tried a couple of things in syslog.conf, but just don't know the magic word for samba logs. 2) I'm getting lots of couldn't find service errors. I had: [data] path = /data read only = no public = yes browseable = yes writeable = yes force user = nfsnobody force group = nfsnobody guest ok = yes The netbios name is stb-data, and it was complaining about couldn't find service stb-data. I changed the stanza to: [stb-data] path = /data comment = STB Group file server read only = no public = yes browseable = yes writeable = yes force user = nfsnobody force group = nfsnobody guest ok = yes And now I get couldn't find service data Everything seems to work OK, but I get dozens of lines about this, and it would be nice to just not have to see them. How do I get rid of the couldn't find service errors? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI/OmJmb+gadEcsb4RArb6AKCXNjy/QxePvYaWfvVBMq39g0cUKQCg05rq aSUz9QJ5b2oc69n8MnyGpXw= =wuaV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] one ldap server and multiple samba PDC domains
On Mon, 20 Oct 2008 14:20:16 -0300, Norberto Bensa [EMAIL PROTECTED] wrote: Quoting Jorge Concha C. [EMAIL PROTECTED]: All my users can log in at all my 3 domains. Of course. All your domains have the same SID... Why did you chose this setup instead of domain trusts? Wouldn't a two-way trust give the same functionality? I really do not know. I never thought in a configuration of two-way trust. In addition, my system began as a single domain, then, because the great load on the machine, I had to duplicate it and then tripled. Jorge C. PD. Tu hablas español ? Thanks! You are welcome. Norberto -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] inherit acls and inherit permissions = execute bit always set?
Hi all, I have a share set up as follows: [images] path = /images read only = No create mask = 0660 directory mask = 2770 hide special files = yes hide files = /lost+found/ acl group control = yes inherit acls = yes map acl inherit = yes inherit permissions = yes map archive = no security mask = 0111 When users create files or directories under this share, the ACL's set at the top level are properly propagated, but the files always seem to have the execute bit set. I'm guessing this is a side-effect of inherit permissions per the man page: New files inherit their read/write bits from the parent directory. Their execute bits continue to be determined by map archive, map hidden and map system as usual. The files being created have neither archive flag, hidden or system flag set, so I'm not sure why the execute is getting set unless it is getting pulled directly from the directory permissions. I also notice under the inherit acls entry: This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a new file or subdirectory in these parent directories. The default behavior is to use the unix mode specified when creating the directory. Enabling this option sets the unix mode to 0777, thus guaranteeing that default directory acls are propagated. So I'm not sure which directive is to blame. I attempted to use security mask to disable the setting of the execute bit on any created files, but inherit permissions seems to override all. Any suggestions? I want my files created without the execute bit set, but want to be able to inherit ACL's. Thanks, Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions
On Mon, Oct 20, 2008 at 04:26:49PM -0400, Ryan Novosielski wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The first one I believe is in the manual, and/or it is a compile flag. Look for syslog in the Samba manual. John Oliver wrote: 1) A lot (but not all) of my smbd / nmbd logs are going to /var/log/messages instead of /var/log/samba/ I tried a couple of things in syslog.conf, but just don't know the magic word for samba logs. That doesn't really help. I'm using CentOS 5.2 and the Samba that comes with... 3.0.28 There's a /var/log/samba/ which contains an smbd.log and an nmbd.log Some stuff is logged to them... other stuff is not. The fact that those files exist strongly suggests that all Samba-related logs are intended to go to those files. Using Samba is a five-year old book, and it's reference to syslog is to do: daemon.*/var/log/daemon.log which is using a very heavy, very blunt instrument that doesn't really do what it looks like newer OSes and versions of Samba ought to be able to do. -- *** * John Oliver http://www.john-oliver.net/ * * * *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] valid users and file permissions
Hi people, I'd like to understand valid users and file permissions better. I have a share which is not behaving as I expect. [family] path = /home/shares/family create mask = 0664 directory mask = 0775 force group = parental guest ok = No valid users = @parental, @family writeable = Yes in Group parental are mum dad; in group family are mum, dad and offspring. With file permissions of 0664 and force group parental, I would expect the offspring to be able to browse the share but not write to or delete from it. Unfortunately, they can both write and delete. How do I achieve this please? -- Kind Regards Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two questions
John, read the 'syslog' and 'syslog only' params in smb.conf on CentOS 5.2. Basically set 'syslog = 0' to send everything to /var/log/samba You'll still get a start up line of some sort in /var/log/messages, but otherwise everything else will go to the samba specific logs Kind Regards Kyle Tel: +61 (0)431 88 3978 John Oliver wrote: On Mon, Oct 20, 2008 at 04:26:49PM -0400, Ryan Novosielski wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The first one I believe is in the manual, and/or it is a compile flag. Look for syslog in the Samba manual. John Oliver wrote: 1) A lot (but not all) of my smbd / nmbd logs are going to /var/log/messages instead of /var/log/samba/ I tried a couple of things in syslog.conf, but just don't know the magic word for samba logs. That doesn't really help. I'm using CentOS 5.2 and the Samba that comes with... 3.0.28 There's a /var/log/samba/ which contains an smbd.log and an nmbd.log Some stuff is logged to them... other stuff is not. The fact that those files exist strongly suggests that all Samba-related logs are intended to go to those files. Using Samba is a five-year old book, and it's reference to syslog is to do: daemon.*/var/log/daemon.log which is using a very heavy, very blunt instrument that doesn't really do what it looks like newer OSes and versions of Samba ought to be able to do. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users and file permissions
On Mon, Oct 20, 2008 at 5:37 PM, Kyle [EMAIL PROTECTED] wrote: Hi people, I'd like to understand valid users and file permissions better. I have a share which is not behaving as I expect. [family] path = /home/shares/family create mask = 0664 directory mask = 0775 force group = parental guest ok = No valid users = @parental, @family writeable = Yes in Group parental are mum dad; in group family are mum, dad and offspring. With file permissions of 0664 and force group parental, I would expect the offspring to be able to browse the share but not write to or delete from it. Unfortunately, they can both write and delete. Since you are using the force group, I believe that means that everyone who connects to the share does that as the parental group so they get read and write permissions. How do I achieve this please? I would get rid of the force group and use acls on the *nux filesystem John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba integration with nfs4 and kerberos
The kerberos is used for auth of the nfs4 and not of the samba users. Thus , I wish samba to kinit for the user logged in to use the nfs4 share. Is this possible? Benjamin Coddington wrote: Since authenticating to samba is frequently done via ntlm, you don't have credentials (no password, no keys) to kinit. If you're willing to add additional keytypes, you can use kcrap (www.spock.org/kcrap/) to at least authenticate ntlm to samba to kerberos. This runs an additional daemon on your kdc which looks up the equivalent arcfour-hmac key. From there its just an extra step to have the daemon send a TGT, and save it in a cache for gssd to find. I could probably send you a patch to do just that -- without any claims of security or completeness. B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users and file permissions
Ah, of course. Thanks John. I had prepended the '+' to the group names, but for whatever reason got mixed up with the '+' functionality for 'valid users' and had removed it. Prepend the '+' to the group names again and all works as expected. Kind Regards Kyle John Drescher wrote: On Mon, Oct 20, 2008 at 5:37 PM, Kyle [EMAIL PROTECTED] wrote: Since you are using the force group, I believe that means that everyone who connects to the share does that as the parental group so they get read and write permissions. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
Quoting Charles Marcus [EMAIL PROTECTED]: On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote: My questions are: 1) What is required for the smb.conf to get it talking to the windows 2k server? My understanding is that vampire will NOT work with a Windows 2k server, only an NT4 server... That's my understanding too. Samba (3.x) can't act as a AD domain server. It can be a member of an AD domain, thou. Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to update SID using pdbedit
Since I have had trouble getting the net rpc vampire command to properly migrate passwords, I have been looking into stripping down the net rpc samdump results into a smbpasswd backend file, then importing from there into my tdbsam. The first problem I ran into is that the samdump produces RID values from the domain, whereas I need it to represent UIDs that already exist. No problem, since my local accounts already exist from the vampire command. Then I can just update the SID for each account using pdbedit -U after importing. The problem I'm having is that I am mostly unable to change the SID for users. I tried picking new SIDs at random, and I came across a few SIDs that would work, but it largely gives me this result: Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL! Unable to modify entry! I tried deleting the passdb.tdb, secrets.tdb, and winbindd_idmap.tdb files, then starting from scratch. I can create accounts which get incrementally assigned to 1000, 1001, etc. But I cannot seem to manually update the SID. What are the conditions for this command? I have tried running it in the following ways: pdbedit -U 1005 username pdbedit -U full SID username pdbedit -r -U full SID -u username Running the command with -d10 does not reveal anything interesting. So what's the deal with SID reassignment? There are obviously some significant restrictions that I'm not aware of. How exactly does the net rpc vampire command work? Why would it successfully import users and groups but not be able to set the password hashes properly in tdbsam? thanks, Cooper -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Hello list, On Monday October 20 2008 18:01:10 Jeremy Allison wrote: On Mon, Oct 20, 2008 at 12:52:57PM -0700, Steve Rippl wrote: Is this just happening to me on our particular setup or is this normal behavior? I'm having this problem too. Ubuntu 8.04.1. Samba 3.0.28A (IIRC) No, that's not normal behavior, ... [snip] ... When you find a process in this state attach using strace -p pid (on Linux) to see what it's up to. I'll do tomorrow. and I'll report back. Jeremy. Thanks! Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Quoting Jeremy Allison [EMAIL PROTECTED]: When you find a process in this state attach using strace -p pid (on Linux) to see what it's up to. [EMAIL PROTECTED]:~$ sudo smbstatus Unknown parameter encountered: change notify timeout Ignoring unknown parameter change notify timeout Samba version 3.0.28a PID Username Group Machine --- Service pid machine Connected at --- Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 747 4036 DENY_ALL 0x2019f RDWR NONE /home/mjoddone .Correo/retina/addr2a3a.pmr Thu Oct 16 17:44:15 2008 [EMAIL PROTECTED]:~$ sudo strace -p 747 attach: ptrace(PTRACE_ATTACH, ...): No such process I have no stale sessions. My problem seems different (my memory seems to be falling lately) I have stale locks. Is that normal? Thanks, Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
On Mon, Oct 20, 2008 at 10:03:46PM -0200, Norberto Bensa wrote: Quoting Jeremy Allison [EMAIL PROTECTED]: When you find a process in this state attach using strace -p pid (on Linux) to see what it's up to. [EMAIL PROTECTED]:~$ sudo smbstatus Unknown parameter encountered: change notify timeout Ignoring unknown parameter change notify timeout Samba version 3.0.28a PID Username Group Machine --- Service pid machine Connected at --- Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 747 4036 DENY_ALL 0x2019f RDWR NONE /home/mjoddone .Correo/retina/addr2a3a.pmr Thu Oct 16 17:44:15 2008 [EMAIL PROTECTED]:~$ sudo strace -p 747 attach: ptrace(PTRACE_ATTACH, ...): No such process I have no stale sessions. My problem seems different (my memory seems to be falling lately) I have stale locks. Is that normal? Nope. The call process_exists_by_pid() should filter out non-existant process id's before they get added into the list. In fact they are being so removed, which is why you don't see them under the PID title above, and yet the call to Ucrit_checkPid() is returning true for some reason (which it shouldn't if the pid hasn't been entered into the Ucrit_pid[] array). Can you gdb and break at print_share_mode() and see why the call at : if (Ucrit_checkPid(procid_to_pid(e-pid))) is returning true in your case ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Oct 21, 2008, at 10:49 AM, Norberto Bensa wrote: Quoting Charles Marcus [EMAIL PROTECTED]: On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote: My questions are: 1) What is required for the smb.conf to get it talking to the windows 2k server? My understanding is that vampire will NOT work with a Windows 2k server, only an NT4 server... That's my understanding too. Samba (3.x) can't act as a AD domain server. It can be a member of an AD domain, thou. Thanks for both of the replies. If the samba service is a member of the AD domain, is it possible to setup the server as a BDC and transfer the information that way. If that is possible, are there any documents as to how this can be done? Thanks, Matthew Delves -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with more than one Active Directory
There's no trusts between them? If not that's completely bizarre. On Mon, Oct 20, 2008 at 3:27 AM, [EMAIL PROTECTED] wrote: We have more than ten different domains in our network but we don't want to use more than ten servers for this. Is there no possibility to use only one server for all domains? F. Niedernolte -Ursprüngliche Nachricht- Von: Ryan Bair [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 18. Oktober 2008 00:41 An: Niedernolte, Frederik, D-CS-IT ICS Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba with more than one Active Directory Typically you would want the two domains to trust each other and you would only be a member of one. If you had multiple Sambas running you might be able to join two domains, but it wouldn't be pretty. On Fri, Oct 17, 2008 at 3:25 AM, [EMAIL PROTECTED] wrote: I want to use Samba together with freeRADIUS in an Active Directory network. I successfully followed these instructions for that: http://deployingradius.com/documents/configuration/active_directory.html Now my question is: How can I use Samba with more than one Active Directory? Because it must work with A D Example 1, Example 2 etc. and not only with Example 1. Thanks for help. Best regards, F. Niedernolte -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba4 on ubuntu intrepid, winbind success only in single process model
A brief rundown of my experiences with Samba4 http://wiki.samba.org/index.php/Samba4 on Ubuntu Intrepid: http://ropeonfire.blogspot.com/2008/10/samba4-on-ubuntu-intrepid.html One note in particular that might be helpful to developers: I could join a linux machine running winbind 2:3.2.3-1ubuntu3 to the domain only when running in single process mode. I'm still holding out hope that someone can shine a light on this previous question: http://lists.samba.org/archive/samba/2008-October/144305.html jr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Closing sessions and smbstatus
Quoting Jeremy Allison [EMAIL PROTECTED]: On Mon, Oct 20, 2008 at 10:03:46PM -0200, Norberto Bensa wrote: Locked files: Pid UidDenyMode Access R/WOplock SharePath Name Time -- 747 4036 DENY_ALL 0x2019f RDWR NONE /home/mjoddone .Correo/retina/addr2a3a.pmr Thu Oct 16 17:44:15 2008 Can you gdb and break at print_share_mode() and see why the call at : Hm. I'm affraid I don't know gdb good enough, and BTW, and correct me if I'm wrong, but shouldn't I be running a debug-enabled binary of smbstatus to do what you're asking me for? Thanks! Norberto This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users and file permissions
Simply removing force group and setting the dir's unix group owner to parental. This should leave the children to read only - Original Message - From: John Drescher [EMAIL PROTECTED] To: Kyle [EMAIL PROTECTED] Subject: Re: [Samba] valid users and file permissions Date: Mon, 20 Oct 2008 17:45:30 -0400 On Mon, Oct 20, 2008 at 5:37 PM, Kyle [EMAIL PROTECTED] wrote: Hi people, I'd like to understand valid users and file permissions better. I have a share which is not behaving as I expect. [family] path = /home/shares/family create mask = 0664 directory mask = 0775 force group = parental guest ok = No valid users = @parental, @family writeable = Yes in Group parental are mum dad; in group family are mum, dad and offspring. With file permissions of 0664 and force group parental, I would expect the offspring to be able to browse the share but not write to or delete from it. Unfortunately, they can both write and delete. Since you are using the force group, I believe that means that everyone who connects to the share does that as the parental group so they get read and write permissions. How do I achieve this please? I would get rid of the force group and use acls on the *nux filesystem John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba = -- Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Monday October 20 2008 22:38:56 Matthew Delves wrote: is it possible to setup the server as a BDC and transfer the information that way. Nope. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos
On Monday October 20 2008 22:38:56 Matthew Delves wrote: are there any documents as to how this can be done? http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html Active Directory Domain Control As of the release of MS Windows 2000 and Active Directory, this information is now stored in a directory that can be replicated and for which partial or full administrative control can be delegated. Samba-3 is not able to be a domain controller within an Active Directory tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot act as a BDC to an Active Directory domain controller. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch master updated - 221ea78e2e1688f2e79703784b3d1d1a68057604
The branch, master has been updated via 221ea78e2e1688f2e79703784b3d1d1a68057604 (commit) via c3d8f472e8acbfd73fdd4707f70a3d153f62f033 (commit) via 68bb6e56ba2ea4bda19c36193d7c366a04daf289 (commit) via 620a27bdf140e5e9091cc922f62b6fd12b12330e (commit) via e549759efe0b782106e6892685e0494376e592ff (commit) from c4dc548171ba27b741669e364839a3c8e507be96 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 221ea78e2e1688f2e79703784b3d1d1a68057604 Merge: c3d8f472e8acbfd73fdd4707f70a3d153f62f033 c4dc548171ba27b741669e364839a3c8e507be96 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 10:53:56 2008 +0200 Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypt commit c3d8f472e8acbfd73fdd4707f70a3d153f62f033 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 10:53:26 2008 +0200 Export variables correctly for blackbox tests (thanks metze). commit 68bb6e56ba2ea4bda19c36193d7c366a04daf289 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 10:45:42 2008 +0200 Rename BAD to BAD_DATA since the first is already defined on SunOS. commit 620a27bdf140e5e9091cc922f62b6fd12b12330e Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 10:38:03 2008 +0200 Don't assume crypt.h is present even if crypt() is. commit e549759efe0b782106e6892685e0494376e592ff Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 10:18:02 2008 +0200 Fix blackbox tests on IPv6-only hosts. --- Summary of changes: lib/replace/crypt.m4|1 + lib/replace/replace.h |2 + lib/zlib/infback.c | 26 lib/zlib/inffast.c | 10 +++--- lib/zlib/inflate.c | 44 +- lib/zlib/inflate.h |4 +- selftest/selftest.pl|1 + source4/scripting/python/samba/provision.py | 19 +-- source4/selftest/tests.sh |2 + source4/setup/provision.zone|4 +- 10 files changed, 65 insertions(+), 48 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/crypt.m4 b/lib/replace/crypt.m4 index 0b31ae4..047766d 100644 --- a/lib/replace/crypt.m4 +++ b/lib/replace/crypt.m4 @@ -1,5 +1,6 @@ ### # test for where we get crypt() from +AC_CHECK_HEADERS(crypt.h) AC_SEARCH_LIBS_EXT(crypt, [crypt], [test $ac_cv_search_crypt = none required || CRYPT_LIBS=-lcrypt AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function])], diff --git a/lib/replace/replace.h b/lib/replace/replace.h index 57ebeb5..af1208a 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -632,7 +632,9 @@ typedef int bool; char *ufc_crypt(const char *key, const char *salt); #define crypt ufc_crypt #else +#ifdef HAVE_CRYPT_H #include crypt.h #endif +#endif #endif /* _LIBREPLACE_REPLACE_H */ diff --git a/lib/zlib/infback.c b/lib/zlib/infback.c index 5680937..284d523 100644 --- a/lib/zlib/infback.c +++ b/lib/zlib/infback.c @@ -309,7 +309,7 @@ void FAR *out_desc; break; case 3: strm-msg = invalid block type; -state-mode = BAD; +state-mode = BAD_DATA; } DROPBITS(2); break; @@ -320,7 +320,7 @@ void FAR *out_desc; NEEDBITS(32); if ((hold 0x) != ((hold 16) ^ 0x)) { strm-msg = invalid stored block lengths; -state-mode = BAD; +state-mode = BAD_DATA; break; } state-length = (unsigned)hold 0x; @@ -358,7 +358,7 @@ void FAR *out_desc; #ifndef PKZIP_BUG_WORKAROUND if (state-nlen 286 || state-ndist 30) { strm-msg = too many length or distance symbols; -state-mode = BAD; +state-mode = BAD_DATA; break; } #endif @@ -380,7 +380,7 @@ void FAR *out_desc; (state-lenbits), state-work); if (ret) { strm-msg = invalid code lengths set; -state-mode = BAD; +state-mode = BAD_DATA; break; } Tracev((stderr, inflate: code lengths ok\n)); @@ -404,7 +404,7 @@ void FAR *out_desc; DROPBITS(this.bits); if (state-have == 0) { strm-msg = invalid bit length repeat; -state-mode = BAD; +state-mode = BAD_DATA; break; }
[SCM] Samba Shared Repository - branch master updated - a55afef6d3dbd40b938e19c7c077e3b0ca535bcc
The branch, master has been updated via a55afef6d3dbd40b938e19c7c077e3b0ca535bcc (commit) via 85acd7eccca127ab701f1515a27747b8af089cab (commit) via b789ff950f054ede2ef1dfaf94f8ddff062c092b (commit) via 3038bc484ebb1796e40e0eeb72155d9905ff36fa (commit) via 22eb64f05618db233b6aa63a2ae4e5216f65d179 (commit) via c41cc6772203862e1015f7fc60ad0a06eca3051c (commit) via 71022daac2ad07bf48d42d016b15313727edcd08 (commit) from 221ea78e2e1688f2e79703784b3d1d1a68057604 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a55afef6d3dbd40b938e19c7c077e3b0ca535bcc Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 20 17:48:59 2008 +1100 Rework mkrelease.sh to exclude Samba3 files This matches my proposal to samba-technical, and should allow a Samba4 release to be made shortly. Andrew Bartlett commit 85acd7eccca127ab701f1515a27747b8af089cab Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 20 16:12:37 2008 +1100 Make the updated RPC-LSA pass against Win2008, and Samba4 to match commit b789ff950f054ede2ef1dfaf94f8ddff062c092b Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Mon Oct 20 15:50:07 2008 +1100 LSA Patch for User Manager New (major) patch = - Enhances the lsa.idl file in the sense that it adds more values to PolicyInformation to improve the lsa_QueryInfoPolicy* calls. - Adds a minimal implementation for AuditEvents (also lsa_QueryInfoPolicy* calls) to enable the Audit option in the User Manager for Domains (at least readable). - Adds to the lsa.idl file the system access mode flags needed for the calls lsa_*SystemAccessAccount. - Fill in the lsa_GetSystemAccessAccount for enabling the User Rights option in the User Manager for Domains (at least readable). - Merge the two similar torture tests of the lsa_QueryInfoPolicy* calls in one using if's for a few separations. - Add a torture test for lsa_GetSystemAccessAccount. - Some cosmetic-only changes (unifications) in output strings in the LSA torture test. The work has been done using the Microsoft WSPP docs. Signed-off-by: Andrew Bartlett [EMAIL PROTECTED] commit 3038bc484ebb1796e40e0eeb72155d9905ff36fa Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 20 15:19:01 2008 +1100 Mark clearTextPassword as a privilaged attribute commit 22eb64f05618db233b6aa63a2ae4e5216f65d179 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 20 14:22:37 2008 +1100 Actually test the kpasswd server This uses kpasswd operated as a blackbox, assisted by the newly imported rkpty tool. Andrew Bartlett commit c41cc6772203862e1015f7fc60ad0a06eca3051c Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 20 14:21:21 2008 +1100 Ensure the hdb_method structure is not on the stack. We supply this to krb5 as a plugin, so we must keep it around as long as the krb5_context. Andrew Bartlett commit 71022daac2ad07bf48d42d016b15313727edcd08 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 20 12:18:01 2008 +1100 Add samba4kpasswd and rkpty binaries smaba4kpasswd will be used to test the kpasswdd componet of the KDC (which is up until now untested), and rkpty is an expect-like wrapper we can use to blackbox that utility. Andrew Bartlett --- Summary of changes: source4/heimdal/kpasswd/kpasswd.c | 247 +++ source4/heimdal/kpasswd/kpasswd_locl.h | 104 ++ source4/heimdal/lib/krb5/prog_setup.c | 66 +++ source4/heimdal/lib/roken/rkpty.c | 336 source4/heimdal_build/internal.m4 |8 + source4/heimdal_build/internal.mk | 35 +++- source4/kdc/kdc.c | 10 +- source4/librpc/idl/lsa.idl | 32 +++- source4/rpc_server/lsa/dcesrv_lsa.c| 40 - source4/script/mkrelease.sh| 16 ++- source4/setup/provision_init.ldif |1 + source4/torture/rpc/lsa.c | 230 +- testprogs/blackbox/test_kinit.sh | 44 - 13 files changed, 1045 insertions(+), 124 deletions(-) create mode 100644 source4/heimdal/kpasswd/kpasswd.c create mode 100644 source4/heimdal/kpasswd/kpasswd_locl.h create mode 100644 source4/heimdal/lib/krb5/prog_setup.c create mode 100644 source4/heimdal/lib/roken/rkpty.c Changeset truncated at 500 lines: diff --git a/source4/heimdal/kpasswd/kpasswd.c b/source4/heimdal/kpasswd/kpasswd.c new file mode 100644 index 000..b844628 --- /dev/null +++ b/source4/heimdal/kpasswd/kpasswd.c @@ -0,0 +1,247 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology,
[SCM] Samba Shared Repository - branch master updated - d78f3be238c93a07ff16ead29d7d006de8f92605
The branch, master has been updated via d78f3be238c93a07ff16ead29d7d006de8f92605 (commit) via a8707a43d03d884e625e28dddcd1d43d613a520f (commit) via 5b52964b15ba33fdc2e931ea34428b5a382063c8 (commit) from 640847b4fc74c93dd74b2325b4ac92a001a81c92 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d78f3be238c93a07ff16ead29d7d006de8f92605 Merge: a8707a43d03d884e625e28dddcd1d43d613a520f 640847b4fc74c93dd74b2325b4ac92a001a81c92 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 12:19:57 2008 +0200 Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypt commit a8707a43d03d884e625e28dddcd1d43d613a520f Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 12:19:01 2008 +0200 Regenerate pidl output. commit 5b52964b15ba33fdc2e931ea34428b5a382063c8 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 11:53:20 2008 +0200 Share winreg.idl. --- Summary of changes: {source4/librpc = librpc}/idl/winreg.idl |2 +- source3/Makefile.in |2 +- source3/include/proto.h |1 - source3/librpc/gen_ndr/cli_winreg.c |2 +- source3/librpc/gen_ndr/cli_winreg.h |2 +- source3/librpc/gen_ndr/ndr_winreg.c | 89 +-- source3/librpc/gen_ndr/ndr_winreg.h |1 - source3/librpc/gen_ndr/winreg.h | 10 +- source3/librpc/idl/winreg.idl | 410 - source3/utils/net_rpc_registry.c |2 +- source4/lib/registry/rpc.c|4 +- 11 files changed, 18 insertions(+), 507 deletions(-) rename {source4/librpc = librpc}/idl/winreg.idl (99%) delete mode 100644 source3/librpc/idl/winreg.idl Changeset truncated at 500 lines: diff --git a/source4/librpc/idl/winreg.idl b/librpc/idl/winreg.idl similarity index 99% rename from source4/librpc/idl/winreg.idl rename to librpc/idl/winreg.idl index 643dc9e..9216f98 100644 --- a/source4/librpc/idl/winreg.idl +++ b/librpc/idl/winreg.idl @@ -228,7 +228,7 @@ import lsa.idl, security.idl; [in,out,ref] winreg_String *classname, [out,ref] uint32 *num_subkeys, [out,ref] uint32 *max_subkeylen, - [out,ref] uint32 *max_subkeysize, + [out,ref] uint32 *max_classlen, [out,ref] uint32 *num_values, [out,ref] uint32 *max_valnamelen, [out,ref] uint32 *max_valbufsize, diff --git a/source3/Makefile.in b/source3/Makefile.in index 6fe26d3..eddcaaa 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1208,7 +1208,7 @@ modules:: SHOWFLAGS $(MODULES) samba3-idl:: @PIDL_ARGS=$(PIDL_ARGS) CPP=$(CPP) PIDL=../pidl/pidl \ srcdir=$(srcdir) $(srcdir)/script/build_idl.sh librpc/idl/lsa.idl \ - ../librpc/idl/dfs.idl ../librpc/idl/echo.idl librpc/idl/winreg.idl \ + ../librpc/idl/dfs.idl ../librpc/idl/echo.idl ../librpc/idl/winreg.idl \ ../librpc/idl/initshutdown.idl librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \ ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \ ../librpc/idl/notify.idl ../librpc/idl/epmapper.idl librpc/idl/messaging.idl \ diff --git a/source3/include/proto.h b/source3/include/proto.h index 18bbd11..ad2c719 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3538,7 +3538,6 @@ _PUBLIC_ void ndr_print_KeySecurityData(struct ndr_print *ndr, const char *name, _PUBLIC_ void ndr_print_winreg_SecBuf(struct ndr_print *ndr, const char *name, const struct winreg_SecBuf *r); _PUBLIC_ void ndr_print_winreg_CreateAction(struct ndr_print *ndr, const char *name, enum winreg_CreateAction r); _PUBLIC_ void ndr_print_winreg_StringBuf(struct ndr_print *ndr, const char *name, const struct winreg_StringBuf *r); -_PUBLIC_ void ndr_print_winreg_ValNameBuf(struct ndr_print *ndr, const char *name, const struct winreg_ValNameBuf *r); _PUBLIC_ void ndr_print_KeySecurityAttribute(struct ndr_print *ndr, const char *name, const struct KeySecurityAttribute *r); _PUBLIC_ void ndr_print_QueryMultipleValue(struct ndr_print *ndr, const char *name, const struct QueryMultipleValue *r); _PUBLIC_ void ndr_print_winreg_OpenHKCR(struct ndr_print *ndr, const char *name, int flags, const struct winreg_OpenHKCR *r); diff --git a/source3/librpc/gen_ndr/cli_winreg.c b/source3/librpc/gen_ndr/cli_winreg.c index d558a5a..17b7281 100644 --- a/source3/librpc/gen_ndr/cli_winreg.c +++ b/source3/librpc/gen_ndr/cli_winreg.c @@ -497,7 +497,7 @@ NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t
[SCM] Samba Shared Repository - branch master updated - db90d9ad1693b3c8f388dbff63a79707ef4842cd
The branch, master has been updated via db90d9ad1693b3c8f388dbff63a79707ef4842cd (commit) from d78f3be238c93a07ff16ead29d7d006de8f92605 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit db90d9ad1693b3c8f388dbff63a79707ef4842cd Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 12:20:53 2008 +0200 Also move wireshark conformance file. --- Summary of changes: {source4/librpc = librpc}/idl/winreg.cnf |0 1 files changed, 0 insertions(+), 0 deletions(-) rename {source4/librpc = librpc}/idl/winreg.cnf (100%) Changeset truncated at 500 lines: diff --git a/source4/librpc/idl/winreg.cnf b/librpc/idl/winreg.cnf similarity index 100% rename from source4/librpc/idl/winreg.cnf rename to librpc/idl/winreg.cnf -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 93e52145a887b1865d41ae5272047423bbfb33b3
The branch, master has been updated via 93e52145a887b1865d41ae5272047423bbfb33b3 (commit) via 6b82b2ff130a1217e3d4f0df645a7a7e1678b62b (commit) via 5424c68b3d93eb3ea2f5f3ac853a85925242aa5b (commit) via e0905c30908b4d621030689d33de28a13c04a690 (commit) from 29838debb3d350aaee0bf9744f1a7371b8b06736 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 93e52145a887b1865d41ae5272047423bbfb33b3 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 13:24:16 2008 +0200 Provide two symbols to allow ndrdump compiled by Samba 3 to be used for Samba 4. commit 6b82b2ff130a1217e3d4f0df645a7a7e1678b62b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 13:21:43 2008 +0200 Fix merged build; use full libroken rather than just a couple of object files. commit 5424c68b3d93eb3ea2f5f3ac853a85925242aa5b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 13:21:29 2008 +0200 Add missing asn1 object. commit e0905c30908b4d621030689d33de28a13c04a690 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 13:19:39 2008 +0200 Use tables in Samba 3 ndrdump. --- Summary of changes: lib/util/debug.c |1 + librpc/ndr/ndr_table.c| 135 + librpc/ndr/ndr_table.h| 13 librpc/tables.pl | 89 librpc/tools/ndrdump.c| 20 +- source3/Makefile.in | 12 +++- source3/librpc/gen_ndr/tables.c | 83 +++ source4/heimdal_build/internal.mk | 11 +--- source4/lib/charset/util_unistr.c |2 +- source4/librpc/config.mk |6 +- source4/librpc/ndr/ndr_table.c| 134 source4/librpc/tables.pl | 89 12 files changed, 339 insertions(+), 256 deletions(-) create mode 100644 librpc/ndr/ndr_table.c create mode 100644 librpc/ndr/ndr_table.h create mode 100644 librpc/tables.pl create mode 100644 source3/librpc/gen_ndr/tables.c delete mode 100644 source4/librpc/ndr/ndr_table.c delete mode 100644 source4/librpc/tables.pl Changeset truncated at 500 lines: diff --git a/lib/util/debug.c b/lib/util/debug.c index faec52a..98aabc5 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -37,6 +37,7 @@ static int debug_all_class_hack = 1; int *DEBUGLEVEL_CLASS = debug_all_class_hack; /* For samba 3 */ static bool debug_all_class_isset_hack = true; bool*DEBUGLEVEL_CLASS_ISSET = debug_all_class_isset_hack; /* For samba 3 */ +XFILE *dbf = NULL; /* For Samba 3*/ /* the registered mutex handlers */ static struct { diff --git a/librpc/ndr/ndr_table.c b/librpc/ndr/ndr_table.c new file mode 100644 index 000..f7c381f --- /dev/null +++ b/librpc/ndr/ndr_table.c @@ -0,0 +1,135 @@ +/* + Unix SMB/CIFS implementation. + + dcerpc utility functions + + Copyright (C) Andrew Tridgell 2003 + Copyright (C) Jelmer Vernooij 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include ../lib/util/dlinklist.h +#include librpc/ndr/libndr.h +#include librpc/ndr/ndr_table.h +#undef strcasecmp + +static struct ndr_interface_list *ndr_interfaces; + +/* + register a ndr interface table +*/ +NTSTATUS ndr_table_register(const struct ndr_interface_table *table) +{ + struct ndr_interface_list *l; + + for (l = ndr_interfaces; l; l = l-next) { + if (GUID_equal(table-syntax_id.uuid, l-table-syntax_id.uuid)) { + DEBUG(0, (Attempt to register interface %s which has the + same UUID as already registered interface %s\n, + table-name, l-table-name)); + return NT_STATUS_OBJECT_NAME_COLLISION; + } + } + + l = talloc(talloc_autofree_context(), struct ndr_interface_list); + l-table = table; + + DLIST_ADD(ndr_interfaces, l); + + return NT_STATUS_OK; +} + +/* + find the pipe name for a local IDL interface +*/ +const char *ndr_interface_name(const struct GUID *uuid, uint32_t if_version) +{ + const struct ndr_interface_list *l; +
[SCM] Samba Shared Repository - branch master updated - 61db229c08a601780da09ee4f2f4f1eb32ec3aa0
The branch, master has been updated via 61db229c08a601780da09ee4f2f4f1eb32ec3aa0 (commit) from 93e52145a887b1865d41ae5272047423bbfb33b3 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61db229c08a601780da09ee4f2f4f1eb32ec3aa0 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 15:47:46 2008 +0200 s4: fix the build after winreg idl changes. Guenther --- Summary of changes: source4/lib/registry/rpc.c |4 ++-- source4/torture/ndr/winreg.c |2 +- source4/torture/rpc/winreg.c |4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c index 3a16ae1..bcf5c8d 100644 --- a/source4/lib/registry/rpc.c +++ b/source4/lib/registry/rpc.c @@ -32,7 +32,7 @@ struct rpc_key { const char* classname; uint32_t num_subkeys; uint32_t max_subkeylen; - uint32_t max_classlen; + uint32_t max_subkeysize; uint32_t num_values; uint32_t max_valnamelen; uint32_t max_valbufsize; @@ -380,7 +380,7 @@ static WERROR rpc_query_key(TALLOC_CTX *mem_ctx, const struct registry_key *k) r.out.classname = classname; r.out.num_subkeys = mykeydata-num_subkeys; r.out.max_subkeylen = mykeydata-max_subkeylen; - r.out.max_classlen = mykeydata-max_classlen; + r.out.max_subkeysize = mykeydata-max_subkeysize; r.out.num_values = mykeydata-num_values; r.out.max_valnamelen = mykeydata-max_valnamelen; r.out.max_valbufsize = mykeydata-max_valbufsize; diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c index de804b7..60a3230 100644 --- a/source4/torture/ndr/winreg.c +++ b/source4/torture/ndr/winreg.c @@ -417,7 +417,7 @@ static bool queryinfokey_out_check(struct torture_context *tctx, struct winreg_Q torture_assert_str_equal(tctx, r-out.classname-name, , class out name); torture_assert_int_equal(tctx, *r-out.num_subkeys, 0, num subkeys); torture_assert_int_equal(tctx, *r-out.max_subkeylen, 0, subkey length); - torture_assert_int_equal(tctx, *r-out.max_classlen, 140, subkey size); + torture_assert_int_equal(tctx, *r-out.max_subkeysize, 140, subkey size); torture_assert_werr_ok(tctx, r-out.result, return code); return true; } diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 08ec8f5..bd897f0 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -1396,7 +1396,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, struct policy_handle *handle, char *class) { struct winreg_QueryInfoKey r; - uint32_t num_subkeys, max_subkeylen, max_classlen, + uint32_t num_subkeys, max_subkeylen, max_subkeysize, num_values, max_valnamelen, max_valbufsize, secdescsize; NTTIME last_changed_time; @@ -1405,7 +1405,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, r.in.handle = handle; r.out.num_subkeys = num_subkeys; r.out.max_subkeylen = max_subkeylen; - r.out.max_classlen = max_classlen; + r.out.max_subkeysize = max_subkeysize; r.out.num_values = num_values; r.out.max_valnamelen = max_valnamelen; r.out.max_valbufsize = max_valbufsize; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - e08e5a0f3fa58a08532bb6d9a613985305e31c4f
The branch, master has been updated via e08e5a0f3fa58a08532bb6d9a613985305e31c4f (commit) from 61db229c08a601780da09ee4f2f4f1eb32ec3aa0 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e08e5a0f3fa58a08532bb6d9a613985305e31c4f Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 15:53:24 2008 +0200 Revert s4: fix the build after winreg idl changes. This reverts commit 61db229c08a601780da09ee4f2f4f1eb32ec3aa0. --- Summary of changes: source4/lib/registry/rpc.c |4 ++-- source4/torture/ndr/winreg.c |2 +- source4/torture/rpc/winreg.c |4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c index bcf5c8d..3a16ae1 100644 --- a/source4/lib/registry/rpc.c +++ b/source4/lib/registry/rpc.c @@ -32,7 +32,7 @@ struct rpc_key { const char* classname; uint32_t num_subkeys; uint32_t max_subkeylen; - uint32_t max_subkeysize; + uint32_t max_classlen; uint32_t num_values; uint32_t max_valnamelen; uint32_t max_valbufsize; @@ -380,7 +380,7 @@ static WERROR rpc_query_key(TALLOC_CTX *mem_ctx, const struct registry_key *k) r.out.classname = classname; r.out.num_subkeys = mykeydata-num_subkeys; r.out.max_subkeylen = mykeydata-max_subkeylen; - r.out.max_subkeysize = mykeydata-max_subkeysize; + r.out.max_classlen = mykeydata-max_classlen; r.out.num_values = mykeydata-num_values; r.out.max_valnamelen = mykeydata-max_valnamelen; r.out.max_valbufsize = mykeydata-max_valbufsize; diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c index 60a3230..de804b7 100644 --- a/source4/torture/ndr/winreg.c +++ b/source4/torture/ndr/winreg.c @@ -417,7 +417,7 @@ static bool queryinfokey_out_check(struct torture_context *tctx, struct winreg_Q torture_assert_str_equal(tctx, r-out.classname-name, , class out name); torture_assert_int_equal(tctx, *r-out.num_subkeys, 0, num subkeys); torture_assert_int_equal(tctx, *r-out.max_subkeylen, 0, subkey length); - torture_assert_int_equal(tctx, *r-out.max_subkeysize, 140, subkey size); + torture_assert_int_equal(tctx, *r-out.max_classlen, 140, subkey size); torture_assert_werr_ok(tctx, r-out.result, return code); return true; } diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index bd897f0..08ec8f5 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -1396,7 +1396,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, struct policy_handle *handle, char *class) { struct winreg_QueryInfoKey r; - uint32_t num_subkeys, max_subkeylen, max_subkeysize, + uint32_t num_subkeys, max_subkeylen, max_classlen, num_values, max_valnamelen, max_valbufsize, secdescsize; NTTIME last_changed_time; @@ -1405,7 +1405,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, r.in.handle = handle; r.out.num_subkeys = num_subkeys; r.out.max_subkeylen = max_subkeylen; - r.out.max_subkeysize = max_subkeysize; + r.out.max_classlen = max_classlen; r.out.num_values = num_values; r.out.max_valnamelen = max_valnamelen; r.out.max_valbufsize = max_valbufsize; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - fc8fadf1e93cffcf36bd56ba02894804018b9972
The branch, master has been updated via fc8fadf1e93cffcf36bd56ba02894804018b9972 (commit) from a55afef6d3dbd40b938e19c7c077e3b0ca535bcc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fc8fadf1e93cffcf36bd56ba02894804018b9972 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 11:11:19 2008 +0200 idl: finally share krb5_pac.idl. Guenther --- Summary of changes: {source4/librpc = librpc}/idl/krb5pac.idl | 10 ++- source3/Makefile.in|2 +- source3/librpc/gen_ndr/krb5pac.h | 23 - source3/librpc/gen_ndr/ndr_krb5pac.c | 131 source3/librpc/gen_ndr/ndr_krb5pac.h |8 ++- 5 files changed, 147 insertions(+), 27 deletions(-) rename {source4/librpc = librpc}/idl/krb5pac.idl (95%) Changeset truncated at 500 lines: diff --git a/source4/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl similarity index 95% rename from source4/librpc/idl/krb5pac.idl rename to librpc/idl/krb5pac.idl index bddba04..a498b79 100644 --- a/source4/librpc/idl/krb5pac.idl +++ b/librpc/idl/krb5pac.idl @@ -29,7 +29,7 @@ interface krb5pac netr_SamInfo3 info3; dom_sid2 *res_group_dom_sid; samr_RidWithAttributeArray res_groups; - } PAC_LOGON_INFO; + } PAC_LOGON_INFO; typedef struct { [value(2*strlen_m(upn_name))] uint16 upn_size; @@ -46,7 +46,7 @@ interface krb5pac typedef [public] struct { PAC_LOGON_INFO *info; - } PAC_LOGON_INFO_CTR; + } PAC_LOGON_INFO_CTR; typedef [public,v1_enum] enum { PAC_TYPE_LOGON_INFO = 1, @@ -126,5 +126,9 @@ interface krb5pac [in] PAC_Validate pac_validate ); - + /* used for samba3 netsamlogon cache */ + typedef [public] struct { + time_t timestamp; + netr_SamInfo3 info3; + } netsamlogoncache_entry; } diff --git a/source3/Makefile.in b/source3/Makefile.in index bb81dd2..6fe26d3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1213,7 +1213,7 @@ samba3-idl:: ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl librpc/idl/netlogon.idl \ ../librpc/idl/notify.idl ../librpc/idl/epmapper.idl librpc/idl/messaging.idl \ ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \ - ../librpc/idl/security.idl ../librpc/idl/dssetup.idl librpc/idl/krb5pac.idl \ + ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl diff --git a/source3/librpc/gen_ndr/krb5pac.h b/source3/librpc/gen_ndr/krb5pac.h index b3b29e5..7ec3e95 100644 --- a/source3/librpc/gen_ndr/krb5pac.h +++ b/source3/librpc/gen_ndr/krb5pac.h @@ -8,6 +8,7 @@ #ifndef _HEADER_krb5pac #define _HEADER_krb5pac +#define NETLOGON_GENERIC_KRB5_PAC_VALIDATE ( 3 ) struct PAC_LOGON_NAME { NTTIME logon_time; uint16_t size;/* [value(2*strlen_m(account_name))] */ @@ -39,10 +40,6 @@ struct PAC_UNKNOWN_12 { }; struct PAC_LOGON_INFO_CTR { - uint32_t unknown1;/* [value(0x00081001)] */ - uint32_t unknown2;/* [value(0x)] */ - uint32_t _ndr_size;/* [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info,ndr-flags)+4,8))] */ - uint32_t unknown3;/* [value(0x)] */ struct PAC_LOGON_INFO *info;/* [unique] */ }/* [public] */; @@ -72,7 +69,7 @@ struct DATA_BLOB_REM { }; union PAC_INFO { - struct PAC_LOGON_INFO_CTR logon_info;/* [case(PAC_TYPE_LOGON_INFO)] */ + struct PAC_LOGON_INFO_CTR logon_info;/* [subcontext(0xFC01),case(PAC_TYPE_LOGON_INFO)] */ struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */ struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */ struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */ @@ -105,6 +102,14 @@ struct PAC_DATA_RAW { struct PAC_BUFFER_RAW *buffers; }/* [public] */; +struct PAC_Validate { + uint32_t MessageType;/* [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] */ + uint32_t ChecksumLength; + int32_t SignatureType; + uint32_t SignatureLength; + DATA_BLOB ChecksumAndSignature;/* [flag(LIBNDR_FLAG_REMAINING)] */ +}/* [public] */; + struct netsamlogoncache_entry { time_t timestamp; struct netr_SamInfo3 info3; @@ -134,4 +139,12 @@ struct decode_login_info { }; + +struct decode_pac_validate { + struct { + struct PAC_Validate pac_validate; + } in; + +}; + #endif /* _HEADER_krb5pac */ diff --git
[SCM] Samba Shared Repository - branch master updated - 29838debb3d350aaee0bf9744f1a7371b8b06736
The branch, master has been updated via 29838debb3d350aaee0bf9744f1a7371b8b06736 (commit) via 6fb7fa8cc6c53626434530c796e532e80618253b (commit) from db90d9ad1693b3c8f388dbff63a79707ef4842cd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 29838debb3d350aaee0bf9744f1a7371b8b06736 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 12:28:13 2008 +0200 Fix names in winreg torture tests. commit 6fb7fa8cc6c53626434530c796e532e80618253b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 12:28:07 2008 +0200 Also build all other Samba 4 binaries during merged build. --- Summary of changes: source3/samba4-templates.mk |5 ++--- source4/torture/ndr/winreg.c |2 +- source4/torture/rpc/winreg.c |4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/samba4-templates.mk b/source3/samba4-templates.mk index 154c3aa..e691af5 100644 --- a/source3/samba4-templates.mk +++ b/source3/samba4-templates.mk @@ -25,8 +25,7 @@ $(1)4: $(2) $(LIBREPLACE_OBJ) ; clean:: @rm -f $(1) -binaries:: $(1) - +everything:: $(1)4 endef @@ -40,7 +39,7 @@ $(1)4: $(2) $(LIBREPLACE_OBJ) ; clean:: rm -f $(1) -binaries:: $(1) +binaries:: $(1)4 endef diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c index 60a3230..de804b7 100644 --- a/source4/torture/ndr/winreg.c +++ b/source4/torture/ndr/winreg.c @@ -417,7 +417,7 @@ static bool queryinfokey_out_check(struct torture_context *tctx, struct winreg_Q torture_assert_str_equal(tctx, r-out.classname-name, , class out name); torture_assert_int_equal(tctx, *r-out.num_subkeys, 0, num subkeys); torture_assert_int_equal(tctx, *r-out.max_subkeylen, 0, subkey length); - torture_assert_int_equal(tctx, *r-out.max_subkeysize, 140, subkey size); + torture_assert_int_equal(tctx, *r-out.max_classlen, 140, subkey size); torture_assert_werr_ok(tctx, r-out.result, return code); return true; } diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index bd897f0..08ec8f5 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -1396,7 +1396,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, struct policy_handle *handle, char *class) { struct winreg_QueryInfoKey r; - uint32_t num_subkeys, max_subkeylen, max_subkeysize, + uint32_t num_subkeys, max_subkeylen, max_classlen, num_values, max_valnamelen, max_valbufsize, secdescsize; NTTIME last_changed_time; @@ -1405,7 +1405,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p, r.in.handle = handle; r.out.num_subkeys = num_subkeys; r.out.max_subkeylen = max_subkeylen; - r.out.max_subkeysize = max_subkeysize; + r.out.max_classlen = max_classlen; r.out.num_values = num_values; r.out.max_valnamelen = max_valnamelen; r.out.max_valbufsize = max_valbufsize; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 640847b4fc74c93dd74b2325b4ac92a001a81c92
The branch, master has been updated via 640847b4fc74c93dd74b2325b4ac92a001a81c92 (commit) from fc8fadf1e93cffcf36bd56ba02894804018b9972 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 640847b4fc74c93dd74b2325b4ac92a001a81c92 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 11:21:45 2008 +0200 s3: forgot to remove old copy of krb5pac.idl. Guenther --- Summary of changes: source3/librpc/idl/krb5pac.idl | 120 1 files changed, 0 insertions(+), 120 deletions(-) delete mode 100644 source3/librpc/idl/krb5pac.idl Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/krb5pac.idl b/source3/librpc/idl/krb5pac.idl deleted file mode 100644 index c039502..000 --- a/source3/librpc/idl/krb5pac.idl +++ /dev/null @@ -1,120 +0,0 @@ -/* - krb5 PAC -*/ - -#include idl_types.h - -import security.idl, netlogon.idl, samr.idl; - -[ - uuid(12345778-1234-abcd--), - version(0.0), - pointer_default(unique), - helpstring(Active Directory KRB5 PAC) -] -interface krb5pac -{ - typedef struct { - NTTIME logon_time; - [value(2*strlen_m(account_name))] uint16 size; - [charset(UTF16)] uint8 account_name[size]; - } PAC_LOGON_NAME; - - typedef [public,flag(NDR_PAHEX)] struct { - uint32 type; - [flag(NDR_REMAINING)] DATA_BLOB signature; - } PAC_SIGNATURE_DATA; - - typedef [gensize] struct { - netr_SamInfo3 info3; - dom_sid2 *res_group_dom_sid; - samr_RidWithAttributeArray res_groups; - } PAC_LOGON_INFO; - - typedef struct { - [value(2*strlen_m(upn_name))] uint16 upn_size; - uint16 upn_offset; - [value(2*strlen_m(domain_name))] uint16 domain_size; - uint16 domain_offset; - uint16 unknown3; /* 0x01 */ - uint16 unknown4; - uint32 unknown5; - [charset(UTF16)] uint8 upn_name[upn_size+2]; - [charset(UTF16)] uint8 domain_name[domain_size+2]; - uint32 unknown6; /* padding */ - } PAC_UNKNOWN_12; - - typedef [public] struct { - [value(0x00081001)] uint32 unknown1; - [value(0x)] uint32 unknown2; - [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info, ndr-flags)+4,8))] uint32 _ndr_size; - [value(0x)] uint32 unknown3; - PAC_LOGON_INFO *info; - } PAC_LOGON_INFO_CTR; - - typedef [public,v1_enum] enum { - PAC_TYPE_LOGON_INFO = 1, - PAC_TYPE_SRV_CHECKSUM = 6, - PAC_TYPE_KDC_CHECKSUM = 7, - PAC_TYPE_LOGON_NAME = 10, - PAC_TYPE_CONSTRAINED_DELEGATION = 11, - PAC_TYPE_UNKNOWN_12 = 12 - } PAC_TYPE; - - typedef struct { - [flag(NDR_REMAINING)] DATA_BLOB remaining; - } DATA_BLOB_REM; - - typedef [public,nodiscriminant,gensize] union { - [case(PAC_TYPE_LOGON_INFO)] PAC_LOGON_INFO_CTR logon_info; - [case(PAC_TYPE_SRV_CHECKSUM)] PAC_SIGNATURE_DATA srv_cksum; - [case(PAC_TYPE_KDC_CHECKSUM)] PAC_SIGNATURE_DATA kdc_cksum; - [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name; - [default] [subcontext(0)] DATA_BLOB_REM unknown; - /* [case(PAC_TYPE_UNKNOWN_12)] PAC_UNKNOWN_12 unknown; */ - } PAC_INFO; - - typedef [public,nopush,nopull,noprint] struct { - PAC_TYPE type; - [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size; - [relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr-flags)),flag(NDR_ALIGN8)] PAC_INFO *info; - [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */ - } PAC_BUFFER; - - typedef [public] struct { - uint32 num_buffers; - uint32 version; - PAC_BUFFER buffers[num_buffers]; - } PAC_DATA; - - typedef [public] struct { - PAC_TYPE type; - uint32 ndr_size; - [relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info; - [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */ - } PAC_BUFFER_RAW; - - typedef [public] struct { - uint32 num_buffers; - uint32 version; - PAC_BUFFER_RAW buffers[num_buffers]; - } PAC_DATA_RAW; - - void decode_pac( - [in] PAC_DATA pac - ); - - void decode_pac_raw( - [in] PAC_DATA_RAW pac - ); - - void
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4269-ge3550c2
The branch, v3-3-test has been updated via e3550c235e6a59749c1e57b469289069f7e541d4 (commit) from 4833f678ba194665e9c0554f9da37ddca269714e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e3550c235e6a59749c1e57b469289069f7e541d4 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 18:25:13 2008 +0200 Fix a valgrind error in idmap_ad_sids_to_unixids() We need to initialize all mappings in case we don't find anything. Simo, please check! Volker --- Summary of changes: source/winbindd/idmap_ad.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/idmap_ad.c b/source/winbindd/idmap_ad.c index 8144d87..60a2d86 100644 --- a/source/winbindd/idmap_ad.c +++ b/source/winbindd/idmap_ad.c @@ -517,6 +517,8 @@ again: bidx = idx; for (i = 0; (i IDMAP_AD_MAX_IDS) ids[idx]; i++, idx++) { + ids[idx]-status = ID_UNKNOWN; + sidstr = sid_binstring(ids[idx]-sid); filter = talloc_asprintf_append_buffer(filter, (objectSid=%s), sidstr); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 4b59ecb90319e6e574ff7444015078bac7da631a
The branch, master has been updated via 4b59ecb90319e6e574ff7444015078bac7da631a (commit) via c3f3271b82f22c8bfe36ed498b668ae4bf9d9a80 (commit) from e08e5a0f3fa58a08532bb6d9a613985305e31c4f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4b59ecb90319e6e574ff7444015078bac7da631a Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 19:21:10 2008 +0200 s3-build: no need to duplicate generated ndr_ prototypes. Guenther commit c3f3271b82f22c8bfe36ed498b668ae4bf9d9a80 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 18:29:57 2008 +0200 s3-build: no need to duplicate generated srv_ prototypes. Guenther --- Summary of changes: source3/include/includes.h|8 - source3/include/proto.h | 1363 - source3/libads/authdata.c |1 + source3/libsmb/samlogon_cache.c |1 + source3/rpc_server/srv_eventlog.c |1 + source3/rpc_server/srv_ntsvcs.c |1 + source3/rpc_server/srv_svcctl.c |1 + source3/utils/net_ads.c |1 + 8 files changed, 6 insertions(+), 1371 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/includes.h b/source3/include/includes.h index ac5b2b2..9b45c40 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -716,14 +716,6 @@ enum flush_reason_enum { #include modules/nfs4_acls.h #include nsswitch/libwbclient/wbclient.h -/* generated rpc server implementation functions */ -#include librpc/gen_ndr/srv_echo.h -#include librpc/gen_ndr/srv_svcctl.h -#include librpc/gen_ndr/srv_lsa.h -#include librpc/gen_ndr/srv_eventlog.h -#include librpc/gen_ndr/srv_winreg.h -#include librpc/gen_ndr/srv_initshutdown.h - /* automatically generated prototypes */ #ifndef NO_PROTO_H #include proto.h diff --git a/source3/include/proto.h b/source3/include/proto.h index ad2c719..0833e5e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2379,1369 +2379,6 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, const char *dn, struct nt_user_token **token); -/* The following definitions come from librpc/gen_ndr/ndr_dfs.c */ - -_PUBLIC_ void ndr_print_dfs_ManagerVersion(struct ndr_print *ndr, const char *name, enum dfs_ManagerVersion r); -_PUBLIC_ void ndr_print_dfs_Info0(struct ndr_print *ndr, const char *name, const struct dfs_Info0 *r); -_PUBLIC_ void ndr_print_dfs_Info1(struct ndr_print *ndr, const char *name, const struct dfs_Info1 *r); -_PUBLIC_ enum ndr_err_code ndr_push_dfs_VolumeState(struct ndr_push *ndr, int ndr_flags, uint32_t r); -_PUBLIC_ enum ndr_err_code ndr_pull_dfs_VolumeState(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); -_PUBLIC_ void ndr_print_dfs_VolumeState(struct ndr_print *ndr, const char *name, uint32_t r); -_PUBLIC_ void ndr_print_dfs_Info2(struct ndr_print *ndr, const char *name, const struct dfs_Info2 *r); -_PUBLIC_ enum ndr_err_code ndr_push_dfs_StorageState(struct ndr_push *ndr, int ndr_flags, uint32_t r); -_PUBLIC_ enum ndr_err_code ndr_pull_dfs_StorageState(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); -_PUBLIC_ void ndr_print_dfs_StorageState(struct ndr_print *ndr, const char *name, uint32_t r); -_PUBLIC_ void ndr_print_dfs_StorageInfo(struct ndr_print *ndr, const char *name, const struct dfs_StorageInfo *r); -_PUBLIC_ void ndr_print_dfs_Info3(struct ndr_print *ndr, const char *name, const struct dfs_Info3 *r); -_PUBLIC_ void ndr_print_dfs_Info4(struct ndr_print *ndr, const char *name, const struct dfs_Info4 *r); -_PUBLIC_ enum ndr_err_code ndr_push_dfs_PropertyFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r); -_PUBLIC_ enum ndr_err_code ndr_pull_dfs_PropertyFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); -_PUBLIC_ void ndr_print_dfs_PropertyFlags(struct ndr_print *ndr, const char *name, uint32_t r); -_PUBLIC_ void ndr_print_dfs_Info5(struct ndr_print *ndr, const char *name, const struct dfs_Info5 *r); -_PUBLIC_ void ndr_print_dfs_Target_PriorityClass(struct ndr_print *ndr, const char *name, enum dfs_Target_PriorityClass r); -_PUBLIC_ void ndr_print_dfs_Target_Priority(struct ndr_print *ndr, const char *name, const struct dfs_Target_Priority *r); -_PUBLIC_ void ndr_print_dfs_StorageInfo2(struct ndr_print *ndr, const char *name, const struct dfs_StorageInfo2 *r); -_PUBLIC_ void ndr_print_dfs_Info6(struct ndr_print *ndr, const char *name, const struct dfs_Info6 *r); -_PUBLIC_ void ndr_print_dfs_Info7(struct ndr_print *ndr, const char *name, const struct dfs_Info7 *r); -_PUBLIC_ void ndr_print_dfs_Info100(struct ndr_print *ndr, const char *name, const struct dfs_Info100 *r); -_PUBLIC_ void ndr_print_dfs_Info101(struct ndr_print *ndr, const char *name, const struct dfs_Info101
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4272-gf1c0d56
The branch, v3-3-test has been updated via f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec (commit) via b6ce6dd1d82314ce3194dc450e67dec948e1a6b2 (commit) via 3c609efe12ee941dc0474e39b5e90ad39a075ff2 (commit) from e3550c235e6a59749c1e57b469289069f7e541d4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 11:05:45 2008 -0700 fn_new-fn in smb_messages[], we got beyond that :-) commit b6ce6dd1d82314ce3194dc450e67dec948e1a6b2 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 11:05:31 2008 -0700 Use a direct compare instead of calling strncmp in valid_smb_header commit 3c609efe12ee941dc0474e39b5e90ad39a075ff2 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 11:05:13 2008 -0700 Move the global hosts_allow() check out of the processing loop: --- Summary of changes: source/smbd/process.c | 53 +++- 1 files changed, 30 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/process.c b/source/smbd/process.c index 0b8ff4f..338f606 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -105,7 +105,11 @@ static bool valid_smb_header(const uint8_t *inbuf) if (is_encrypted_packet(inbuf)) { return true; } - return (strncmp(smb_base(inbuf),\377SMB,4) == 0); + /* +* This used to be (strncmp(smb_base(inbuf),\377SMB,4) == 0) +* but it just looks weird to call strncmp for this one. +*/ + return (IVAL(smb_base(inbuf), 0) == 0x424D53FF); } /* Socket functions for smbd packet processing. */ @@ -973,7 +977,7 @@ force write permissions on print services. */ static const struct smb_message_struct { const char *name; - void (*fn_new)(struct smb_request *req); + void (*fn)(struct smb_request *req); int flags; } smb_messages[256] = { @@ -1349,7 +1353,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in exit_server_cleanly(Non-SMB packet); } - if (smb_messages[type].fn_new == NULL) { + if (smb_messages[type].fn == NULL) { DEBUG(0,(Unknown message type %d!\n,type)); smb_dump(Unknown, 1, (char *)req-inbuf, size); reply_unknown_new(req, type); @@ -1471,7 +1475,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in return conn; } - smb_messages[type].fn_new(req); + smb_messages[type].fn(req); return req-conn; } @@ -1535,25 +1539,6 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool enc DO_PROFILE_INC(smb_count); - if (trans_num == 0) { - char addr[INET6_ADDRSTRLEN]; - - /* on the first packet, check the global hosts allow/ hosts - deny parameters before doing any parsing of the packet - passed to us by the client. This prevents attacks on our - parsing code from hosts not in the hosts allow list */ - - if (!check_access(smbd_server_fd(), lp_hostsallow(-1), - lp_hostsdeny(-1))) { - /* send a negative session response not listening on calling name */ - static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; - DEBUG( 1, ( Connection denied from %s\n, - client_addr(get_client_fd(),addr,sizeof(addr)) ) ); - (void)srv_send_smb(smbd_server_fd(),(char *)buf,false); - exit_server_cleanly(connection denied); - } - } - DEBUG( 6, ( got message type 0x%x of len 0x%x\n, msg_type, smb_len(inbuf) ) ); DEBUG( 3, ( Transaction %d of length %d (%u toread)\n, trans_num, @@ -1893,6 +1878,28 @@ void smbd_process(void) unsigned int num_smbs = 0; size_t unread_bytes = 0; + char addr[INET6_ADDRSTRLEN]; + + /* +* Before the first packet, check the global hosts allow/ hosts deny +* parameters before doing any parsing of packets passed to us by the +* client. This prevents attacks on our parsing code from hosts not in +* the hosts allow list. +*/ + + if (!check_access(smbd_server_fd(), lp_hostsallow(-1), + lp_hostsdeny(-1))) { + /* +* send a negative session response not listening on calling +* name +*/ + unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; + DEBUG( 1, (Connection denied from %s\n, +
[SCM] Samba Shared Repository - branch master updated - f3843e330f312b72a24563417309159b0d99dc50
The branch, master has been updated via f3843e330f312b72a24563417309159b0d99dc50 (commit) from 4b59ecb90319e6e574ff7444015078bac7da631a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f3843e330f312b72a24563417309159b0d99dc50 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 20:16:03 2008 +0200 s3-samr-server: be consistent when reporting we do password complexity. Guenther --- Summary of changes: source3/rpc_server/srv_samr_nt.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6cf90be..e527631 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2909,6 +2909,10 @@ static NTSTATUS samr_QueryDomainInfo_internal(const char *fn_name, unix_to_nt_time_abs(nt_expire, u_expire); unix_to_nt_time_abs(nt_min_age, u_min_age); + if (lp_check_password_script() *lp_check_password_script()) { + password_properties |= DOMAIN_PASSWORD_COMPLEX; + } + init_samr_DomInfo1(dom_info-info1, (uint16)min_pass_len, (uint16)pass_hist, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4273-g52d2212
The branch, v3-3-test has been updated via 52d22121fa2ea646535806103d86afe8d52001c9 (commit) from f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 52d22121fa2ea646535806103d86afe8d52001c9 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 20:16:03 2008 +0200 s3-samr-server: be consistent when reporting we do password complexity. Guenther --- Summary of changes: source/rpc_server/srv_samr_nt.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 6455f02..59728c6 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -2909,6 +2909,10 @@ static NTSTATUS samr_QueryDomainInfo_internal(const char *fn_name, unix_to_nt_time_abs(nt_expire, u_expire); unix_to_nt_time_abs(nt_min_age, u_min_age); + if (lp_check_password_script() *lp_check_password_script()) { + password_properties |= DOMAIN_PASSWORD_COMPLEX; + } + init_samr_DomInfo1(dom_info-info1, (uint16)min_pass_len, (uint16)pass_hist, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3099-g7c2831c
The branch, v3-2-test has been updated via 7c2831c5872ad26e1e0cd7df59d6c0b88d566760 (commit) from ef15ff6abec34377ab7fa75201e2799c0bb72aeb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 7c2831c5872ad26e1e0cd7df59d6c0b88d566760 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 20:16:03 2008 +0200 s3-samr-server: be consistent when reporting we do password complexity. Guenther --- Summary of changes: source/rpc_server/srv_samr_nt.c |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index a89e00f..c59a46c 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -2910,6 +2910,10 @@ static NTSTATUS samr_QueryDomainInfo_internal(const char *fn_name, unix_to_nt_time_abs(nt_expire, u_expire); unix_to_nt_time_abs(nt_min_age, u_min_age); + if (lp_check_password_script() *lp_check_password_script()) { + password_properties |= DOMAIN_PASSWORD_COMPLEX; + } + init_samr_DomInfo1(dom_info-info1, (uint16)min_pass_len, (uint16)pass_hist, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b
The branch, master has been updated via bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b (commit) from f3843e330f312b72a24563417309159b0d99dc50 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 18:25:13 2008 +0200 Fix a valgrind error in idmap_ad_sids_to_unixids() We need to initialize all mappings in case we don't find anything. Simo, please check! Volker --- Summary of changes: source3/winbindd/idmap_ad.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 8144d87..60a2d86 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -517,6 +517,8 @@ again: bidx = idx; for (i = 0; (i IDMAP_AD_MAX_IDS) ids[idx]; i++, idx++) { + ids[idx]-status = ID_UNKNOWN; + sidstr = sid_binstring(ids[idx]-sid); filter = talloc_asprintf_append_buffer(filter, (objectSid=%s), sidstr); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1
The branch, master has been updated via d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1 (commit) via 2c1b1255c2dc095013863a1d99b750e8506237fa (commit) via 7498f9a9d809af1213699b9349546ba51fd0d2b5 (commit) via 6d2d09348f8354bc7d906fba6f5b31d9bca0d664 (commit) via d59b2472f4dbca29d38232d38c9bb7fce9d80ecf (commit) via 41b02b7ac042fda700170c1e701de53d7e559e60 (commit) via 4b65445582c877aa90a51b97112d0047f51d37c7 (commit) via dc3828f06c8c77ca9fb683528096f2d412028b12 (commit) via 87ec1d2532eb17dfd7f98431bdfa4071be57f683 (commit) via 01a902f59978cebdab22aaee7d9e0c9bb78bc649 (commit) via 66b1c8b61a8fea309bf96df4c07a6f2c1b95041b (commit) via 0dfd5601a05d9cfc594604ccf3aae17b0b2c96de (commit) via 4a8c05a91b34370654e28a3b83ab00903748c7d4 (commit) via 05a0ccadb0cb262dd8b1138c983050b9477ea951 (commit) from bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1 Merge: 2c1b1255c2dc095013863a1d99b750e8506237fa bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 21:35:10 2008 +0200 Merge branch 'master' of git://git.samba.org/samba Conflicts: source3/include/proto.h commit 2c1b1255c2dc095013863a1d99b750e8506237fa Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 21:33:41 2008 +0200 Add source4/ to include path because librpc/gen_ndr is still in source?/ commit 7498f9a9d809af1213699b9349546ba51fd0d2b5 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 19:51:07 2008 +0200 Add missing prototypes for samba3-specific libndr/util.c commit 6d2d09348f8354bc7d906fba6f5b31d9bca0d664 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 19:50:49 2008 +0200 Sync syntax of srvsvc.idl with samba3. commit d59b2472f4dbca29d38232d38c9bb7fce9d80ecf Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 19:35:55 2008 +0200 Include generated header files rather than using manually written prototypes. commit 41b02b7ac042fda700170c1e701de53d7e559e60 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 19:20:12 2008 +0200 Move orpc to top-level directory. commit 4b65445582c877aa90a51b97112d0047f51d37c7 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 19:14:55 2008 +0200 Remove unused function str_list_match. commit dc3828f06c8c77ca9fb683528096f2d412028b12 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 19:14:47 2008 +0200 Move WMI support code to top-level. commit 87ec1d2532eb17dfd7f98431bdfa4071be57f683 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 18:59:51 2008 +0200 Make sure prototypes are always included, make some functions static and remove some unused functions. commit 01a902f59978cebdab22aaee7d9e0c9bb78bc649 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 18:59:45 2008 +0200 Fix crypto test. commit 66b1c8b61a8fea309bf96df4c07a6f2c1b95041b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 17:16:04 2008 +0200 Import comments about opcodes from Samba 3. commit 0dfd5601a05d9cfc594604ccf3aae17b0b2c96de Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 17:15:17 2008 +0200 Move discard_const hack to memory.hso it can be used by Samba 3. commit 4a8c05a91b34370654e28a3b83ab00903748c7d4 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 16:52:00 2008 +0200 Remove unused macro CONST_ADD. commit 05a0ccadb0cb262dd8b1138c983050b9477ea951 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Mon Oct 20 16:46:19 2008 +0200 Remove unused define for crypt (now in libreplace). --- Summary of changes: lib/crypto/crc32.c |1 + lib/crypto/md4.c |1 + lib/replace/crypt.m4 |2 +- lib/util/debug.h |4 + lib/util/memory.h | 25 +++ lib/util/time.h|7 +- lib/util/unix_privs.c |1 + lib/util/util.c|1 - lib/util/util.h| 38 +--- lib/util/xfile.h |2 + libcli/nbt/nbtsocket.c |1 + librpc/ndr/ndr_misc.c |9 - librpc/ndr/ndr_orpc.c | 173 librpc/ndr/ndr_table.c |2 - librpc/ndr/ndr_table.h |1 + librpc/ndr/ndr_wmi.c | 60 ++ librpc/ndr/ndr_wmi.h |3 + librpc/tools/ndrdump.c |
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4274-g2d9353e
The branch, v3-3-test has been updated via 2d9353eff15397b8971c9813312a9b6fe8dff930 (commit) from 52d22121fa2ea646535806103d86afe8d52001c9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 2d9353eff15397b8971c9813312a9b6fe8dff930 Author: Karolin Seeger [EMAIL PROTECTED] Date: Mon Oct 20 21:56:57 2008 +0200 WHATSNEW: Update changes since 3.3.0pre2. Karolin --- Summary of changes: WHATSNEW.txt |7 +++ 1 files changed, 7 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 52e0e5b..cd64f6d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -176,8 +176,10 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5080: Fix access to cups-printers with cups 1.3.4. * BUG 5814: Fix Winbind crash bug while doing rescan_trusted_domain. * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. +* BUG 5826: Fix truncated filenames when accessing old servers. * Correctly fix smbclient to terminate on eof from server. * Fix client timeout when searching for a large number of cups printers. +* Unify access checks for lsa server functions. o Gerald (Jerry) Carter [EMAIL PROTECTED] @@ -185,6 +187,10 @@ o Gerald (Jerry) Carter [EMAIL PROTECTED] * Make lwinet ads dns register honor the interfaces parameter. +o Günther Deschner [EMAIL PROTECTED] +* Ensure consistency when reporting password complexity. + + o Jeff Layton [EMAIL PROTECTED] * Have uppercase_string return success on NULL pointer in mount.cifs. * Make mount.cifs return codes match the return codes for /bin/mount. @@ -198,6 +204,7 @@ o Volker Lendecke [EMAIL PROTECTED] * Fix some missing error handlings. * Add workaround for domain joins using a netbios name which is different from the hostname. +* Fix a valgrind error in idmap_ad_sids_to_unixids(). o Derrell Lipman [EMAIL PROTECTED] -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - cefe4c66970b8ca243595cdb940a7c1a26765a08
The branch, master has been updated via cefe4c66970b8ca243595cdb940a7c1a26765a08 (commit) via 66b06e5a7faabc756899dd08564a24095f693a7e (commit) via bb36f3a342111ec42210ca1dd37a1952608f19b7 (commit) from d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cefe4c66970b8ca243595cdb940a7c1a26765a08 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 22:06:58 2008 +0200 s3-rpcclient: fix cmd_lsa build. Guenther commit 66b06e5a7faabc756899dd08564a24095f693a7e Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 22:06:44 2008 +0200 s3-build: re-run make samba3-idl. Guenther commit bb36f3a342111ec42210ca1dd37a1952608f19b7 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 22:05:04 2008 +0200 idl: merge from s4 lsa.idl to s3. Guenther --- Summary of changes: source3/librpc/gen_ndr/cli_lsa.c |4 +- source3/librpc/gen_ndr/cli_lsa.h |2 +- source3/librpc/gen_ndr/lsa.h | 52 +++ source3/librpc/gen_ndr/ndr_lsa.c | 133 -- source3/librpc/gen_ndr/ndr_lsa.h |3 + source3/librpc/idl/lsa.idl | 60 +++-- source3/rpcclient/cmd_lsarpc.c |4 +- source4/librpc/idl/lsa.idl | 25 8 files changed, 184 insertions(+), 99 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/gen_ndr/cli_lsa.c b/source3/librpc/gen_ndr/cli_lsa.c index 15ff462..e7775b1 100644 --- a/source3/librpc/gen_ndr/cli_lsa.c +++ b/source3/librpc/gen_ndr/cli_lsa.c @@ -503,7 +503,7 @@ NTSTATUS rpccli_lsa_EnumAccounts(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_CreateTrustedDomain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - struct policy_handle *handle /* [in] [ref] */, + struct policy_handle *policy_handle /* [in] [ref] */, struct lsa_DomainInfo *info /* [in] [ref] */, uint32_t access_mask /* [in] */, struct policy_handle *trustdom_handle /* [out] [ref] */) @@ -512,7 +512,7 @@ NTSTATUS rpccli_lsa_CreateTrustedDomain(struct rpc_pipe_client *cli, NTSTATUS status; /* In parameters */ - r.in.handle = handle; + r.in.policy_handle = policy_handle; r.in.info = info; r.in.access_mask = access_mask; diff --git a/source3/librpc/gen_ndr/cli_lsa.h b/source3/librpc/gen_ndr/cli_lsa.h index d6cb2fc..554182c 100644 --- a/source3/librpc/gen_ndr/cli_lsa.h +++ b/source3/librpc/gen_ndr/cli_lsa.h @@ -57,7 +57,7 @@ NTSTATUS rpccli_lsa_EnumAccounts(struct rpc_pipe_client *cli, uint32_t num_entries /* [in] [range(0,8192)] */); NTSTATUS rpccli_lsa_CreateTrustedDomain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - struct policy_handle *handle /* [in] [ref] */, + struct policy_handle *policy_handle /* [in] [ref] */, struct lsa_DomainInfo *info /* [in] [ref] */, uint32_t access_mask /* [in] */, struct policy_handle *trustdom_handle /* [out] [ref] */); diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h index bcf6dd6..d91cf4b 100644 --- a/source3/librpc/gen_ndr/lsa.h +++ b/source3/librpc/gen_ndr/lsa.h @@ -97,12 +97,11 @@ struct lsa_ObjectAttribute { struct lsa_AuditLogInfo { uint32_t percent_full; - uint32_t log_size; - NTTIME retention_time; + uint32_t maximum_log_size; + uint64_t retention_time; uint8_t shutdown_in_progress; - NTTIME time_to_shutdown; + uint64_t time_to_shutdown; uint32_t next_audit_record; - uint32_t unknown; }; enum lsa_PolicyAuditPolicy @@ -166,9 +165,21 @@ struct lsa_PDAccountInfo { struct lsa_String name; }; +enum lsa_Role +#ifndef USE_UINT_ENUMS + { + LSA_ROLE_BACKUP=2, + LSA_ROLE_PRIMARY=3 +} +#else + { __donnot_use_enum_lsa_Role=0x7FFF} +#define LSA_ROLE_BACKUP ( 2 ) +#define LSA_ROLE_PRIMARY ( 3 ) +#endif +; + struct lsa_ServerRole { - uint16_t unknown; - uint16_t role; + enum lsa_Role role; }; struct lsa_ReplicaSourceInfo { @@ -195,7 +206,6 @@ struct lsa_AuditFullSetInfo { }; struct lsa_AuditFullQueryInfo { - uint16_t unknown; uint8_t shutdown_on_full; uint8_t log_is_full; }; @@ -219,11 +229,12 @@ enum lsa_PolicyInfo LSA_POLICY_INFO_ROLE=6,
[SCM] Samba Shared Repository - branch v3-3-stable updated - release-3-3-0pre2-67-g271d77c
The branch, v3-3-stable has been updated via 271d77cc9d3543276ab88da140392b1bcbdc855d (commit) via bbc0986c55d93a9de2373e089c88582c5e647dde (commit) via 38ce3cf984c1b9c9049a85f76fa7475a8fa80564 (commit) via c861ff737ecd99a7a31313a2d32015e4a6018a91 (commit) via 76c3fd0e4e371f3535ca96163ec2c27798e3e6e7 (commit) via 2eef66be888241b7d28363a18505c2a83e0649e0 (commit) via 7cf64e7fd648fe88da807a82a9419a9b19c3c40f (commit) via a788dd5e99c559fbbdae8c15de006b39c6ef2404 (commit) via 73640ebc8eeaf29f7cdd903c38079528ba3a5472 (commit) from 70027b247431194fe4a777aa0861bce65eead73c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log - commit 271d77cc9d3543276ab88da140392b1bcbdc855d Author: Karolin Seeger [EMAIL PROTECTED] Date: Mon Oct 20 21:56:57 2008 +0200 WHATSNEW: Update changes since 3.3.0pre2. Karolin (cherry picked from commit 2d9353eff15397b8971c9813312a9b6fe8dff930) commit bbc0986c55d93a9de2373e089c88582c5e647dde Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Oct 20 20:16:03 2008 +0200 s3-samr-server: be consistent when reporting we do password complexity. Guenther (cherry picked from commit 52d22121fa2ea646535806103d86afe8d52001c9) commit 38ce3cf984c1b9c9049a85f76fa7475a8fa80564 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 11:05:45 2008 -0700 fn_new-fn in smb_messages[], we got beyond that :-) (cherry picked from commit f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec) commit c861ff737ecd99a7a31313a2d32015e4a6018a91 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 11:05:31 2008 -0700 Use a direct compare instead of calling strncmp in valid_smb_header (cherry picked from commit b6ce6dd1d82314ce3194dc450e67dec948e1a6b2) commit 76c3fd0e4e371f3535ca96163ec2c27798e3e6e7 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 11:05:13 2008 -0700 Move the global hosts_allow() check out of the processing loop: (cherry picked from commit 3c609efe12ee941dc0474e39b5e90ad39a075ff2) commit 2eef66be888241b7d28363a18505c2a83e0649e0 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Oct 20 18:25:13 2008 +0200 Fix a valgrind error in idmap_ad_sids_to_unixids() We need to initialize all mappings in case we don't find anything. Simo, please check! Volker (cherry picked from commit e3550c235e6a59749c1e57b469289069f7e541d4) commit 7cf64e7fd648fe88da807a82a9419a9b19c3c40f Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Oct 17 15:24:51 2008 -0700 Unify access checks for lsa server functions. Jeremy. (cherry picked from commit 4833f678ba194665e9c0554f9da37ddca269714e) commit a788dd5e99c559fbbdae8c15de006b39c6ef2404 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Oct 16 21:03:19 2008 -0700 Cope with bad trans2mkdir requests from System i QNTC IBM SMB client. If total_data == 4 Windows doesn't care what values are placed in that field, it just ignores them. The System i QNTC IBM SMB client puts bad values here, so ignore them. Jeremy. (cherry picked from commit 218879cb9069046df2b7e49627aa48cb487098c8) commit 73640ebc8eeaf29f7cdd903c38079528ba3a5472 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Oct 16 15:39:17 2008 -0700 Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses old server. There was some code in pull_ucs2_base_talloc() to cope with this case which hadn't been added to pull_ascii_base_talloc(). The older Samba returns non unicode names which is why you are seeing this codepath being executed. Unify the logic in pull_ascii_base_talloc() and pull_ucs2_base_talloc(). Jeremy. (cherry picked from commit ca430d4730c1454cf003dab376bde8baf904d77d) --- Summary of changes: WHATSNEW.txt|7 + source/include/rpc_lsa.h|1 + source/lib/charcnv.c| 58 ++- source/rpc_server/srv_lsa_nt.c | 21 +++--- source/rpc_server/srv_samr_nt.c |4 +++ source/smbd/process.c | 53 --- source/smbd/trans2.c|7 +++-- source/winbindd/idmap_ad.c |2 + 8 files changed, 110 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 52e0e5b..cd64f6d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -176,8 +176,10 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5080: Fix access to cups-printers with cups 1.3.4. * BUG 5814: Fix Winbind crash bug while doing rescan_trusted_domain. * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. +* BUG 5826: Fix truncated filenames when accessing old servers. * Correctly
[SCM] Samba Shared Repository - branch master updated - 29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9
The branch, master has been updated via 29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9 (commit) via 6aba3516769b944e7960d27f10799bb8a8898d2d (commit) from cefe4c66970b8ca243595cdb940a7c1a26765a08 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9 Merge: 6aba3516769b944e7960d27f10799bb8a8898d2d cefe4c66970b8ca243595cdb940a7c1a26765a08 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Oct 20 16:38:25 2008 -0700 Merge branch 'master' of ssh://[EMAIL PROTECTED]/data/git/samba commit 6aba3516769b944e7960d27f10799bb8a8898d2d Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Oct 20 16:34:56 2008 -0700 Fix warnings. Jeremy. --- Summary of changes: source3/lib/netapi/tests/netfile.c | 22 -- source3/lib/netapi/tests/netgroup.c | 10 +- source3/lib/netapi/tests/netlocalgroup.c |6 +++--- source3/lib/netapi/tests/netshare.c |8 source3/lib/netapi/tests/netuser.c | 20 ++-- 5 files changed, 34 insertions(+), 32 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/netapi/tests/netfile.c b/source3/lib/netapi/tests/netfile.c index 36ee828..bee3c2e 100644 --- a/source3/lib/netapi/tests/netfile.c +++ b/source3/lib/netapi/tests/netfile.c @@ -37,8 +37,8 @@ static NET_API_STATUS test_netfileenum(const char *hostname, uint8_t *buffer = NULL; int i; - struct FILE_INFO_2 *i2; - struct FILE_INFO_3 *i3; + struct FILE_INFO_2 *i2 = NULL; + struct FILE_INFO_3 *i3 = NULL; printf(testing NetFileEnum level %d\n, level); @@ -98,8 +98,6 @@ NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx, const char *hostname) { NET_API_STATUS status = 0; - uint8_t *buffer = NULL; - uint32_t levels[] = { 2, 3 }; uint32_t enum_levels[] = { 2, 3 }; int i; @@ -118,14 +116,18 @@ NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx, /* basic queries */ #if 0 - for (i=0; iARRAY_SIZE(levels); i++) { + { + uint32_t levels[] = { 2, 3 }; + for (i=0; iARRAY_SIZE(levels); i++) { + uint8_t *buffer = NULL; - printf(testing NetFileGetInfo level %d\n, levels[i]); + printf(testing NetFileGetInfo level %d\n, levels[i]); - status = NetFileGetInfo(hostname, fid, levels[i], buffer); - if (status status != 124) { - NETAPI_STATUS(ctx, status, NetFileGetInfo); - goto out; + status = NetFileGetInfo(hostname, fid, levels[i], buffer); + if (status status != 124) { + NETAPI_STATUS(ctx, status, NetFileGetInfo); + goto out; + } } } #endif diff --git a/source3/lib/netapi/tests/netgroup.c b/source3/lib/netapi/tests/netgroup.c index a89a772..51a21b3 100644 --- a/source3/lib/netapi/tests/netgroup.c +++ b/source3/lib/netapi/tests/netgroup.c @@ -36,14 +36,14 @@ static NET_API_STATUS test_netgroupenum(const char *hostname, uint32_t total_entries = 0; uint32_t resume_handle = 0; int found_group = 0; - const char *current_name; + const char *current_name = NULL; uint8_t *buffer = NULL; int i; - struct GROUP_INFO_0 *info0; - struct GROUP_INFO_1 *info1; - struct GROUP_INFO_2 *info2; - struct GROUP_INFO_3 *info3; + struct GROUP_INFO_0 *info0 = NULL; + struct GROUP_INFO_1 *info1 = NULL; + struct GROUP_INFO_2 *info2 = NULL; + struct GROUP_INFO_3 *info3 = NULL; printf(testing NetGroupEnum level %d\n, level); diff --git a/source3/lib/netapi/tests/netlocalgroup.c b/source3/lib/netapi/tests/netlocalgroup.c index 0d82059..76c59c8 100644 --- a/source3/lib/netapi/tests/netlocalgroup.c +++ b/source3/lib/netapi/tests/netlocalgroup.c @@ -36,12 +36,12 @@ static NET_API_STATUS test_netlocalgroupenum(const char *hostname, uint32_t total_entries = 0; uint32_t resume_handle = 0; int found_group = 0; - const char *current_name; + const char *current_name = NULL; uint8_t *buffer = NULL; int i; - struct LOCALGROUP_INFO_0 *info0; - struct LOCALGROUP_INFO_1 *info1; + struct LOCALGROUP_INFO_0 *info0 = NULL; + struct LOCALGROUP_INFO_1 *info1 = NULL; printf(testing NetLocalGroupEnum level %d\n, level); diff --git a/source3/lib/netapi/tests/netshare.c b/source3/lib/netapi/tests/netshare.c index 9446c30..84af9e0 100644 --- a/source3/lib/netapi/tests/netshare.c +++
[SCM] Samba Shared Repository - branch master updated - f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4
The branch, master has been updated via f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4 (commit) from 29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Oct 20 16:51:37 2008 -0700 Remove the requirement for ldap call made as root. Add in security checks for all SAMR calls. Jeremy. --- Summary of changes: source3/lib/smbldap.c|7 source3/rpc_server/srv_samr_nt.c | 67 +++-- 2 files changed, 63 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f5e152b..f2161dc 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1025,13 +1025,6 @@ static int smbldap_open(struct smbldap_state *ldap_state) int rc, opt_rc; bool reopen = False; SMB_ASSERT(ldap_state); - -#ifndef NO_LDAP_SECURITY - if (geteuid() != 0) { - DEBUG(0, (smbldap_open: cannot access LDAP when not root\n)); - return LDAP_INSUFFICIENT_ACCESS; - } -#endif if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + SMBLDAP_DONT_PING_TIME) time(NULL))) { diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index e527631..261d77c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -825,6 +825,13 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, DEBUG(10,(_samr_QuerySecurity: querying security on SID: %s\n, sid_string_dbg(pol_sid))); + status = access_check_samr_function(acc_granted, + STD_RIGHT_READ_CONTROL_ACCESS, + _samr_QuerySecurity); + if (NT_STATUS_IS_OK(status)) { + return status; + } + /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */ @@ -1153,6 +1160,9 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info)) return NT_STATUS_INVALID_HANDLE; + DEBUG(5,(_samr_EnumDomainAliases: sid %s\n, +sid_string_dbg(info-sid))); + status = access_check_samr_function(info-acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, _samr_EnumDomainAliases); @@ -1160,9 +1170,6 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, return status; } - DEBUG(5,(_samr_EnumDomainAliases: sid %s\n, -sid_string_dbg(info-sid))); - samr_array = TALLOC_ZERO_P(p-mem_ctx, struct samr_SamArray); if (!samr_array) { return NT_STATUS_NO_MEMORY; @@ -1429,6 +1436,13 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info)) return NT_STATUS_INVALID_HANDLE; + status = access_check_samr_function(info-acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + _samr_QueryDisplayInfo); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + /* * calculate how many entries we will return. * based on @@ -2062,6 +2076,13 @@ NTSTATUS _samr_LookupRids(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r-in.domain_handle, pol_sid, acc_granted, NULL)) return NT_STATUS_INVALID_HANDLE; + status = access_check_samr_function(acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + _samr__LookupRids); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (num_rids 1000) { DEBUG(0, (Got asked for %d rids (more than 1000) -- according to samba4 idl this is not possible\n, num_rids)); @@ -2632,6 +2653,13 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r-in.user_handle, (void **)(void *)info)) return NT_STATUS_INVALID_HANDLE; + status = access_check_samr_function(info-acc_granted, + SA_RIGHT_DOMAIN_OPEN_ACCOUNT, + _samr_QueryUserInfo); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + domain_sid = info-sid;
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4275-g6873be9
The branch, v3-3-test has been updated via 6873be9cc7a6700a5b32c140738d40112d32c229 (commit) from 2d9353eff15397b8971c9813312a9b6fe8dff930 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 6873be9cc7a6700a5b32c140738d40112d32c229 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Oct 20 16:52:11 2008 -0700 Remove the requirement for ldap call made as root. Add in security checks for all SAMR calls. Jeremy. --- Summary of changes: source/lib/smbldap.c|7 source/rpc_server/srv_samr_nt.c | 67 -- 2 files changed, 63 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c index 93494d6..9c2ee3a 100644 --- a/source/lib/smbldap.c +++ b/source/lib/smbldap.c @@ -1025,13 +1025,6 @@ static int smbldap_open(struct smbldap_state *ldap_state) int rc, opt_rc; bool reopen = False; SMB_ASSERT(ldap_state); - -#ifndef NO_LDAP_SECURITY - if (geteuid() != 0) { - DEBUG(0, (smbldap_open: cannot access LDAP when not root\n)); - return LDAP_INSUFFICIENT_ACCESS; - } -#endif if ((ldap_state-ldap_struct != NULL) ((ldap_state-last_ping + SMBLDAP_DONT_PING_TIME) time(NULL))) { diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 59728c6..1e17338 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -825,6 +825,13 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p, DEBUG(10,(_samr_QuerySecurity: querying security on SID: %s\n, sid_string_dbg(pol_sid))); + status = access_check_samr_function(acc_granted, + STD_RIGHT_READ_CONTROL_ACCESS, + _samr_QuerySecurity); + if (NT_STATUS_IS_OK(status)) { + return status; + } + /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */ @@ -1153,6 +1160,9 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info)) return NT_STATUS_INVALID_HANDLE; + DEBUG(5,(_samr_EnumDomainAliases: sid %s\n, +sid_string_dbg(info-sid))); + status = access_check_samr_function(info-acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, _samr_EnumDomainAliases); @@ -1160,9 +1170,6 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, return status; } - DEBUG(5,(_samr_EnumDomainAliases: sid %s\n, -sid_string_dbg(info-sid))); - samr_array = TALLOC_ZERO_P(p-mem_ctx, struct samr_SamArray); if (!samr_array) { return NT_STATUS_NO_MEMORY; @@ -1429,6 +1436,13 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info)) return NT_STATUS_INVALID_HANDLE; + status = access_check_samr_function(info-acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + _samr_QueryDisplayInfo); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + /* * calculate how many entries we will return. * based on @@ -2062,6 +2076,13 @@ NTSTATUS _samr_LookupRids(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, r-in.domain_handle, pol_sid, acc_granted, NULL)) return NT_STATUS_INVALID_HANDLE; + status = access_check_samr_function(acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + _samr__LookupRids); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (num_rids 1000) { DEBUG(0, (Got asked for %d rids (more than 1000) -- according to samba4 idl this is not possible\n, num_rids)); @@ -2632,6 +2653,13 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r-in.user_handle, (void **)(void *)info)) return NT_STATUS_INVALID_HANDLE; + status = access_check_samr_function(info-acc_granted, + SA_RIGHT_DOMAIN_OPEN_ACCOUNT, + _samr_QueryUserInfo); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + domain_sid = info-sid;
Build status as of Tue Oct 21 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-10-20 00:00:24.0 + +++ /home/build/master/cache/broken_results.txt 2008-10-21 00:00:11.0 + @@ -1,23 +1,23 @@ -Build status as of Mon Oct 20 00:00:02 2008 +Build status as of Tue Oct 21 00:00:02 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 33 7 0 +ccache 32 7 0 ctdb 0 0 0 distcc 1 0 0 -ldb 32 32 0 -libreplace 31 12 0 +ldb 33 32 0 +libreplace 32 12 0 lorikeet-heimdal 29 20 0 pidl 19 3 0 ppp 13 13 0 rsync33 10 0 samba-docs 0 0 0 -samba-gtk8 8 0 -samba_3_X_devel 30 20 0 +samba-gtk7 7 0 +samba_3_X_devel 29 19 0 samba_3_X_test 29 17 0 -samba_4_0_test 32 28 1 -smb-build29 6 0 -talloc 32 32 0 -tdb 32 14 0 +samba_4_0_test 31 27 1 +smb-build31 6 0 +talloc 33 32 0 +tdb 33 12 0