Re: [Samba] How does the guest account param work?

2008-10-20 Thread Kyle

Just to close this off.  Thanks to all for the assistance.

I do have DHCP handing out the samba WINS server. What I have found is;

1. Despite the claim being so, Windows cannot network neighbourhood 
browse without using port 139. At least my XP SP2 boxes (5) can't. So 
using 'smb ports = 445' doesn't work.


2. I have 'map to guest = Bad User' set and have been trying to browse 
the Workgroup My Network Places - Entire Network - Microsoft Windows 
Network -  workgroup_name on an XP host under my user name. But this 
particular machine has no passwd for my user.


As I am set up in Samba as a user and with a passwd, from those machines 
where my username has a passwd which matches the registered samba 
passwd, I have no problems. However on the machine where I have no 
passwd set, unlike the other XP boxes, I am unable to browse the 
Workgroup at all. If I know the share I can connect as a guest, but I 
can't browse the Workgroup the way it is possible to do with Windows 
Hosts.


In fact, it appears that with Samba unless you are a recognised user, 
you cannot browse the workgroup at all. You can log on to a share, IF 
you know the name of that share, but it appears Samba does not allow you 
to browse a workgroup for which it is the master.



Kind Regards

Kyle



Michael Heydon wrote:
Theoretically this should all just happen automatically, in the real 
world the broadcast method of finding hosts and workgroups is pretty 
flakey. MS worked around this by creating WINS, which is sort of like 
DNS for SMB. All MS servers since way back when have handed out WINS 
settings via DHCP out of the box. Under *nix, you need to tell your 
DHCP server to hand out a WINS server (or specify it on each machine 
manually).


On an unrelated note, your smb.conf is overly complex, you are 
specifying a lot of settings where the defaults are most likely 
entirely suitable. You might find it easier in the long term to start 
over again with the standard config that ships with samba and only add 
settings that you actually need. (e.g. messing with buffer settings 
has been depreciated for quite some years).




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Browsning problems from Vista

2008-10-20 Thread Bengt Werstén
I have a setup where a Vista machine that is behind a NAT connects to a Linux 
(debian) machine to access SMB shares on that machine. The connection is made 
with VPN using L2TP/IPSec. I have configured the Linux machine to act as WINS 
server and PPP will give the Vista machine a new IP on the same subnet and also 
tell Vista that the WINS server is the Linux machine. 

 

I have added one share named samba and I can connect it using either IP\Samba 
or Debian\Samba where debian is the name of the Linux machine. What I'm missing 
is that Vista cannot find the shares unless I know they exists, i.e I cannot 
find that network and browse it using the network explorer. Since I can write 
Debian to connect I guess WINS is somewhat working. What more do I need to 
configure for Vista to be able to browse the network connected with the VPN. Is 
it something with workgroups? I do not want to change to workgroup on vista and 
I think it should be possible to browse other workgroups as long as you belong 
to the same subnet. Any ideas on this?

 

/Bengt Werstén

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


AW: [Samba] Samba with more than one Active Directory

2008-10-20 Thread Frederik.Niedernolte
We have more than ten different domains in our network but we don't want to use 
more than ten servers for this.
Is there no possibility to use only one server for all domains?

F. Niedernolte


-Ursprüngliche Nachricht-
Von: Ryan Bair [mailto:[EMAIL PROTECTED] 
Gesendet: Samstag, 18. Oktober 2008 00:41
An: Niedernolte, Frederik, D-CS-IT ICS
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Samba with more than one Active Directory

Typically you would want the two domains to trust each other and you
would only be a member of one. If you had multiple Sambas running you
might be able to join two domains, but it wouldn't be pretty.

On Fri, Oct 17, 2008 at 3:25 AM,  [EMAIL PROTECTED] wrote:
 I want to use Samba together with freeRADIUS in an Active Directory
 network.

 I successfully followed these instructions for that:
 http://deployingradius.com/documents/configuration/active_directory.html

 Now my question is: How can I use Samba with more than one Active
 Directory?

 Because it must work with A D Example 1, Example 2 etc. and not only
 with Example 1.
 Thanks for help.

 Best regards,



 F. Niedernolte

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Newbie question for samba 3.0.28 configuration

2008-10-20 Thread Lunix1618

Hello everyone,

I am new to samba so after some trial, I got stuck with my setup, so I 
decide to post here to look for your assist, so thank you first! and 
below is my installation requirement:


I have 01 server ( running CentOS 5.2) and I will use it as file server 
for 20 workstations that running Windows XP. The setup look easy at 
requested that:
- 01 Directory will permit EVERYBODY in office access with read/write 
permission, I name it PUBLIC
- 01 Directory only permit some persons in office access with 
read/write, another will not permited. I name it ADMINISTRATIVE


I can make it work with the PUBLIC directory but how can I configure it 
to limit access on ADMINISTRATIVE directory


I tried security = user and guest ok = yes in [global] section of 
configuration file and put guest ok = no in section [ADMINISTRATIVE] 
but when I put an user name I not permit to write on ADMINISTRATIVE 
directory when asked, it still can write to it.

So what am I wrong and which permission I need to set on that directory ?
I've used Windows XP to test access to it
My samba version is 3.0.28 (which shipped by CentOS 5.2)

Thank you for your assist!
regards.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos

2008-10-20 Thread Charles Marcus
On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote:
 My questions are:
 1) What is required for the smb.conf to get it talking to the windows
2k server?
 2) What other environment configuration is required to get vampire to
work correctly?

My understanding is that vampire will NOT work with a Windows 2k server,
only an NT4 server...

:(

-- 

Best regards,

Charles
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Volker Lendecke
On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
 attached is the subroutine that I used for testing.
 The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
 with 3.2.4. The #else part works with 3.2.4. Both versions are based 
 upon the same security descriptor structure.

Sorry, the binary would be much more helpful. I don't have
Visual Studio installed anywhere.

Volker


pgpq8x6Ow0N4r.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Volker Lendecke
On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
 attached is the subroutine that I used for testing.
 The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
 with 3.2.4. The #else part works with 3.2.4. Both versions are based 
 upon the same security descriptor structure.

Can you also send your smb.conf and a debug level 10 log
leading to this error?

Thanks,

Volker


pgpYt7Xj6hzHI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Peter Rindfuss

On 2008-10-20 13:55, Volker Lendecke wrote:

On Mon, Oct 20, 2008 at 01:18:11PM +0200, Peter Rindfuss wrote:

Hi,

I have just set up a new 64bit server as PDC with opensuse 11 and samba 
3.2.4. The configuration was taken over from suse 10 with samba 3.0.24.


So far, everything on the new server works fine but this:

I have a C++ utility program running under win xp which creates users 
and home directories usind win32 api calls. It worked fine with samba 
3.0.24 and before, but causes a samba panic when it executes the 
CreateDirectory win32 api call for the home directory. A log file 
snippet is attached.


My own testing shows that the panic only happens when CreateDirectory is 
called with a SECURITY_ATTRIBUTES structure in order to set the correct 
acls for the new directory:


CreateDirectory(HomePath, security_attributes); - panic

whereas
CreateDirectory(HomePath, NULL); - ok

I tried some variants like
CreateDirectory ( HomePath, NULL ) ; - ok
SetFileSecurity(Homepath, ..., security_descriptor); - panic

and finally came up with this solution
CreateDirectory(HomePath, NULL); - ok
SetNamedSecurityInfo(  ); - ok

Strange thing is that in all variants I start out with the same 
SECURITY_DESCRIPTOR structure.


Can you send me that utility or a sniff?

Volker


Hi Volker,

attached is the subroutine that I used for testing.
The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
with 3.2.4. The #else part works with 3.2.4. Both versions are based 
upon the same security descriptor structure.


Peter
bool SeleneConnection::TestDACL ( void )
{
  bool ok ;
  int needed ;
  int status ;
  int i, n ;
  char *sddl ;
  volatile DWORD error ;
  static char path[]  =  selene\\wzbadmin\\samba\\user\\aaa ;
  static char sidnewstring[]  =  
S-1-5-21-3308023661-3915791984-1724325443-61014 ;  // some user
  static char groupsidstring[]  =  
S-1-5-21-3308023661-3915791984-1724325443-513 ;  // Domain Users (unix 
group 'users')

  // sddlfmt was obtained by means of the utility 'subinacl'
  static const char sddlfmt[]  =
   
O:%sG:%sD:(A;OICI;FA;;;%s)(A;OICIWD)(A;%s)(A;OICIIO;FA;;;CO)(A;OICIIOCG)
 ;


  PSECURITY_DESCRIPTOR secdes ;

#ifdef createdir_alt
  SECURITY_ATTRIBUTES secattr ;
#else
  PACL dacl ;
  PSID owner, group ;
  BOOL present, def ;
#endif



  ok  =  false ;


  needed  =  (sizeof(sddlfmt) - 1)  +
 ((lstrlen(sidnewstring) - 2)  +
  (lstrlen(groupsidstring) - 2)) * 2  +  1 ;

  sddl  =  new char[needed] ;

  wsprintf ( sddl, sddlfmt,
 sidnewstring, groupsidstring, sidnewstring, groupsidstring ) ;

  ok  =  ConvertStringSecurityDescriptorToSecurityDescriptor
  ( sddl, SDDL_REVISION_1, secdes, NULL ) ;

  delete[] sddl ;

  if ( ! ok )  goto exit0 ;


#ifdef createdir_alt

  // this does work in 3.0.24, but not in 3.2.4

  secattr.nLength  =  sizeof ( SECURITY_ATTRIBUTES ) ;
  secattr.lpSecurityDescriptor  =  secdes ;
  secattr.bInheritHandle  =  false ;

  ok  =  CreateDirectory ( HomePath, secattr ) ; // -- panic
  error  =  GetLastError () ;

#else

  // this does work in 3.2.4

  ok  =  CreateDirectory ( path, NULL ) ;

  ok  =  okGetSecurityDescriptorDacl ( secdes, present, dacl, def ) ;
  ok  =  okGetSecurityDescriptorOwner ( secdes, owner, def ) ;
  ok  =  okGetSecurityDescriptorGroup ( secdes, group, def ) ;

  if ( ok )
  {
ok  =  (SetNamedSecurityInfo ( path, SE_FILE_OBJECT, 
OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
 owner, group, dacl, NULL )  ==  ERROR_SUCCESS) ;
error  =  GetLastError () ;
  }

#endif


  LocalFree ( secdes ) ;

  if ( ! ok )  goto exit0 ;


  ok  =  true ;


  exit0:
  return ( ok ) ;
}
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Peter Rindfuss

On 2008-10-20 14:45, Volker Lendecke wrote:

On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:

attached is the subroutine that I used for testing.
The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
with 3.2.4. The #else part works with 3.2.4. Both versions are based 
upon the same security descriptor structure.


Sorry, the binary would be much more helpful. I don't have
Visual Studio installed anywhere.

Volker



It's Borland C++ 5, actually.

I'd love to give you the executable but it is highly site-specific, does 
many non-samba things (needs libmySQL.dll, for instance), has an ini 
file that contains a sensitive password and so on. It will not work for 
you. If I find the time I'll put together a small program that just 
calls the test code.


Cheers, Peter

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Volker Lendecke
On Mon, Oct 20, 2008 at 01:18:11PM +0200, Peter Rindfuss wrote:
 Hi,
 
 I have just set up a new 64bit server as PDC with opensuse 11 and samba 
 3.2.4. The configuration was taken over from suse 10 with samba 3.0.24.
 
 So far, everything on the new server works fine but this:
 
 I have a C++ utility program running under win xp which creates users 
 and home directories usind win32 api calls. It worked fine with samba 
 3.0.24 and before, but causes a samba panic when it executes the 
 CreateDirectory win32 api call for the home directory. A log file 
 snippet is attached.
 
 My own testing shows that the panic only happens when CreateDirectory is 
 called with a SECURITY_ATTRIBUTES structure in order to set the correct 
 acls for the new directory:
 
 CreateDirectory(HomePath, security_attributes); - panic
 
 whereas
 CreateDirectory(HomePath, NULL); - ok
 
 I tried some variants like
 CreateDirectory ( HomePath, NULL ) ; - ok
 SetFileSecurity(Homepath, ..., security_descriptor); - panic
 
 and finally came up with this solution
 CreateDirectory(HomePath, NULL); - ok
 SetNamedSecurityInfo(  ); - ok
 
 Strange thing is that in all variants I start out with the same 
 SECURITY_DESCRIPTOR structure.

Can you send me that utility or a sniff?

Volker


pgpVjtQSXEVWa.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Volker Lendecke
On Mon, Oct 20, 2008 at 03:04:06PM +0200, Peter Rindfuss wrote:
 On 2008-10-20 14:45, Volker Lendecke wrote:
 On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
 attached is the subroutine that I used for testing.
 The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
 with 3.2.4. The #else part works with 3.2.4. Both versions are based 
 upon the same security descriptor structure.
 
 Sorry, the binary would be much more helpful. I don't have
 Visual Studio installed anywhere.
 
 Volker
 
 
 It's Borland C++ 5, actually.
 
 I'd love to give you the executable but it is highly site-specific, does 
 many non-samba things (needs libmySQL.dll, for instance), has an ini 
 file that contains a sensitive password and so on. It will not work for 
 you. If I find the time I'll put together a small program that just 
 calls the test code.

Good. Alternatively, smb.conf, sniff and debug level 10 log
might also help.

Volker


pgpv8F101MvCF.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Newbie question for samba 3.0.28 configuration

2008-10-20 Thread Lunix1618

Norberto Bensa wrote:

On Monday October 20 2008 06:47:27 Lunix1618 wrote:
  
I tried security = user and guest ok = yes in [global] 



try removing that and add guest ok = Yes in [PUBLIC].

  

Norberto,
I success with anonymous access for PUBLIC, what I want is access 
control on ADMINISTRATIVE, any thoughts ?

thanks,

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Different IPs on a samba server #2

2008-10-20 Thread sgmayo

Leonardo Boselli wrote:
 It occurred also to me, with a 100% win2000 (PDC and WS) network:
 wins is based on broadcasts. so these does not passed the routers, and
 yes, they need some time to propagate, even 4 or more hours !
 the way i resolved was this:

That must have been my problem.  I emailed back later that day that it
just started working and I had not done anything different (well, I had
done one other thing, but then I removed what I did and then it started
working).  I guess it just took a few hours for it to propagate.

 Question: Because it reverses the logical flow of conversation.
 Answer: Why is putting a reply at the top of the message frowned upon?

 since you have no idea on what part of the message you are replying to.
 of course is a worse idea to quote the entire message, either top or
 bottom.


Yep, I will agree.  Thanks for the reply.

-- 
Scott Mayo - System Administrator
Bloomfield Schools
PH: 573-568-5669  FA: 573-568-4565

Question: Because it reverses the logical flow of conversation.
Answer: Why is putting a reply at the top of the message frowned upon?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Peter Rindfuss

On 2008-10-20 15:02, Volker Lendecke wrote:

On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:

attached is the subroutine that I used for testing.
The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
with 3.2.4. The #else part works with 3.2.4. Both versions are based 
upon the same security descriptor structure.


Can you also send your smb.conf and a debug level 10 log
leading to this error?



smb.conf is attached.

Is it possible to turn on level 10 logging without restarting the 
daemon? It is our production server and I'm not willing to disturb any 
existing connection.


Peter
# Samba config file created using SWAT
# from 193.174.6.50 (193.174.6.50)
# Date: 2008/08/15 10:55:55

[global]
display charset = UTF-8
workgroup = WZB
server string = File Server
interfaces = 127.0.0.1, 193.174.6.4
bind interfaces only = Yes
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/
guest account = guest
passwd program = /usr/local/sbin/wzbpasswd -U -M -s -x %u
passwd chat = *Enter*password* %n\n *Re-enter*password* %n\n *changed*
username map = /etc/samba/smbusers
unix password sync = Yes
lanman auth = No
syslog = 0
smb ports = 139
time server = Yes
socket options = TCP_NODELAY SO_KEEPALIVE
load printers = No
printcap name = /dev/null
add user script = /usr/local/sbin/wzbuseradd -q -I -y -c %u
delete user script = /usr/local/sbin/wzbuserdel -q -d %u
add group script = /usr/local/sbin/wzbgroupadd -q -y '%g'
delete group script = /usr/local/sbin/wzbgroupdel -q '%g'
add user to group script = /usr/local/sbin/wzbgroupmemberadd -q '%g' %u
delete user from group script = /usr/local/sbin/wzbgroupmemberdel -q 
'%g' %u
set primary group script = /usr/local/sbin/wzbgroupprim -q %u '%g'
add machine script = /usr/local/sbin/wzbuseradd -q -y -x %m
logon script = login.cmd
logon path = 
logon home = \\selene\wzb
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
kernel oplocks = No
ldap admin dn = cn=root,dc=wzb,dc=eu
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap suffix = ou=accounts,dc=wzb,dc=eu
ldap ssl = no
ldap user suffix = ou=users
host msdfs = No
vscan-fsav:config-file = /etc/samba/fsav.conf
ldapsam:trusted = Yes
admin users = @admins
create mask = 0700
directory mask = 0700
hosts allow = 193.174.6.0/255.255.254.0
ea support = Yes
map acl inherit = Yes
cups options = raw
hide unreadable = Yes
map archive = No
mangled names = No
store dos attributes = Yes
dos filemode = Yes

[printers]
comment = Network Printers
path = /var/spool/cups
create mask = 0600
hosts allow = 127.0.0.1, 193.174.6.0/23
hosts deny = 0.0.0.0
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @admins
force group = @admins
create mask = 0664
directory mask = 0775
available = No

[netlogon]
comment = Network Logon Service
path = /wzb/netlogon
valid users = @admins, @users, root
admin users = @admins, root
guest ok = Yes
browseable = No

[wzb]
comment = WZB File Server
path = /wzb/samba
valid users = @admins, @users, root
admin users = @admins, root
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
use sendfile = Yes
hide dot files = No
hide special files = Yes
map readonly = permissions
mangled names = Yes
root preexec = /usr/local/sbin/wzbldapsettime %u sambaLogonTime
root postexec = /usr/local/sbin/wzbldapsettime %u sambaLogoffTime

[admin]
comment = Zugriff auf Alles für die Admins
path = /
valid users = @admins, root
admin users = @admins, root
read only = No
inherit acls = Yes
inherit owner = Yes
hide dot files = No
hide unreadable = No
mangled names = Yes
browseable = No

[wzbadmin]
path = /wzb
valid users = @admins
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
mangled names = Yes

[pmail]
comment = Pegasus Mail Share
path = /wzb/pmail
valid users = @admins, @users
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
hide special files = Yes
  

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Volker Lendecke
On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote:
 On 2008-10-20 15:02, Volker Lendecke wrote:
 On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
 attached is the subroutine that I used for testing.
 The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
 with 3.2.4. The #else part works with 3.2.4. Both versions are based 
 upon the same security descriptor structure.
 
 Can you also send your smb.conf and a debug level 10 log
 leading to this error?
 
 
 smb.conf is attached.
 
 Is it possible to turn on level 10 logging without restarting the 
 daemon? It is our production server and I'm not willing to disturb any 
 existing connection.

Sure. Just set debug level = 10. Then all new connections
will get the higher debuglevel. Alternatively, connect from
your client, look at smbstatus output to find your smbd
pid and issue

smbcontrol smbd-pid debug 10

to make just that one smbd use that debuglevel.

Volker


pgpT3Ekk8e731.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Stéphane PURNELLE
smbcontrol pid_of_daemon debug 10

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
20/10/2008 15:11:41 :

 On 2008-10-20 15:02, Volker Lendecke wrote:
  On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
  attached is the subroutine that I used for testing.
  The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 

  with 3.2.4. The #else part works with 3.2.4. Both versions are based 
  upon the same security descriptor structure.
  
  Can you also send your smb.conf and a debug level 10 log
  leading to this error?
  
 
 smb.conf is attached.
 
 Is it possible to turn on level 10 logging without restarting the 
 daemon? It is our production server and I'm not willing to disturb any 
 existing connection.
 
 Peter
 # Samba config file created using SWAT
 # from 193.174.6.50 (193.174.6.50)
 # Date: 2008/08/15 10:55:55
 
 [global]
display charset = UTF-8
workgroup = WZB
server string = File Server
interfaces = 127.0.0.1, 193.174.6.4
bind interfaces only = Yes
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/
guest account = guest
passwd program = /usr/local/sbin/wzbpasswd -U -M -s -x %u
passwd chat = *Enter*password* %n\n *Re-enter*password* %n\n 
*changed*
username map = /etc/samba/smbusers
unix password sync = Yes
lanman auth = No
syslog = 0
smb ports = 139
time server = Yes
socket options = TCP_NODELAY SO_KEEPALIVE
load printers = No
printcap name = /dev/null
add user script = /usr/local/sbin/wzbuseradd -q -I -y -c %u
delete user script = /usr/local/sbin/wzbuserdel -q -d %u
add group script = /usr/local/sbin/wzbgroupadd -q -y '%g'
delete group script = /usr/local/sbin/wzbgroupdel -q '%g'
add user to group script = /usr/local/sbin/wzbgroupmemberadd -q '%g' 
%u
delete user from group script = /usr/local/sbin/wzbgroupmemberdel-q 
'%g' %u
set primary group script = /usr/local/sbin/wzbgroupprim -q %u '%g'
add machine script = /usr/local/sbin/wzbuseradd -q -y -x %m
logon script = login.cmd
logon path = 
logon home = \\selene\wzb
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
kernel oplocks = No
ldap admin dn = cn=root,dc=wzb,dc=eu
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap suffix = ou=accounts,dc=wzb,dc=eu
ldap ssl = no
ldap user suffix = ou=users
host msdfs = No
vscan-fsav:config-file = /etc/samba/fsav.conf
ldapsam:trusted = Yes
admin users = @admins
create mask = 0700
directory mask = 0700
hosts allow = 193.174.6.0/255.255.254.0
ea support = Yes
map acl inherit = Yes
cups options = raw
hide unreadable = Yes
map archive = No
mangled names = No
store dos attributes = Yes
dos filemode = Yes
 
 [printers]
comment = Network Printers
path = /var/spool/cups
create mask = 0600
hosts allow = 127.0.0.1, 193.174.6.0/23
hosts deny = 0.0.0.0
printable = Yes
browseable = No
 
 [print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @admins
force group = @admins
create mask = 0664
directory mask = 0775
available = No
 
 [netlogon]
comment = Network Logon Service
path = /wzb/netlogon
valid users = @admins, @users, root
admin users = @admins, root
guest ok = Yes
browseable = No
 
 [wzb]
comment = WZB File Server
path = /wzb/samba
valid users = @admins, @users, root
admin users = @admins, root
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
use sendfile = Yes
hide dot files = No
hide special files = Yes
map readonly = permissions
mangled names = Yes
root preexec = /usr/local/sbin/wzbldapsettime %u sambaLogonTime
root postexec = /usr/local/sbin/wzbldapsettime %u sambaLogoffTime
 
 [admin]
comment = Zugriff auf Alles für die Admins
path = /
valid users = @admins, root
admin users = @admins, root
read only = No
inherit acls = Yes
inherit owner = Yes
hide dot files = No
hide unreadable = No
mangled names = Yes
browseable = No
 
 [wzbadmin]
path = /wzb
valid users = @admins
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
mangled names = Yes
 
 [pmail]
comment = Pegasus Mail Share
path = /wzb/pmail
valid users = @admins, @users
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
hide special files = Yes
map readonly = permissions
mangled names = Yes
 
 [antivirus]
path = /wzb/antivirus
valid users = @admins, @users
read only = No
inherit permissions = 

[Samba] Samba 3.2.4

2008-10-20 Thread Jesse D Hernandez II (AIX Support)
I have downloaded the source code to my AIX 5.3 server and have compiled it. 
I'm trying to mount some dfs windows shares to my unix/AIX server using samba. 
However, I think I'm looking for a smbmount command so that I can mount these 
shares on my AIX server. I ran the configure command with the -with-smbmount 
option, but I just don't see the smbmount command at all. What am I missing or 
what other options do I need?


Jesse D Hernandez II | Sr. System Administrator | Blue Cross Blue Shield of 
Kansas City | Phone 816.349.6041 | [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] 
| http://www.bcbskc.com


The BCBSKC Mail System made the following annotations:

CONFIDENTIALITY NOTICE: This email message and any
attachments are for the sole use of the intended
recipient(s) and may contain proprietary, confidential,
trade secret or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited
and may be a violation of law.  If you are not the
intended recipient or a person responsible for
delivering this message to an intended recipient, please
contact the sender by reply email and destroy all copies
of the original message.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Peter Rindfuss

On 2008-10-20 15:17, Volker Lendecke wrote:

On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote:

On 2008-10-20 15:02, Volker Lendecke wrote:

On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:

attached is the subroutine that I used for testing.
The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not 
with 3.2.4. The #else part works with 3.2.4. Both versions are based 
upon the same security descriptor structure.

Can you also send your smb.conf and a debug level 10 log
leading to this error?


smb.conf is attached.

Is it possible to turn on level 10 logging without restarting the 
daemon? It is our production server and I'm not willing to disturb any 
existing connection.


Sure. Just set debug level = 10. Then all new connections
will get the higher debuglevel. Alternatively, connect from
your client, look at smbstatus output to find your smbd
pid and issue

smbcontrol smbd-pid debug 10

to make just that one smbd use that debuglevel.

Volker


Here comes the log; I went to the CreateDirectory call in the debugger,
turned level 10 on and stepped over the call.

Second try; gzipped now.

Peter


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Jorge Concha C.

Yes, it is possible.

You must have multiple sambaDomainName entries, all with same SID value.

I have this, and works very good.

Jorge C.
PD. Sorry for my bad english.


On Mon, 20 Oct 2008 02:27:39 -0300, Mohammad Reza Hosseini  
[EMAIL PROTECTED] wrote:



hello

Is it possible to have multiple samba servers so multiple samba PDC  
domains
but just one ldap server ? (so users in ldap can login to diffrent  
domains

but we add them just one time)
if yes how?

thanks.




--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: samba4/Win2008: error - directory property cannot be found in the cache

2008-10-20 Thread Joel Reed

Joel Reed wrote:
I setup a samba4 pdc and successfully added a Windows 2008 machine to 
the domain.


When I start up the Active Directory Users and Computers tool, I get 
a Naming information cannot be located because: directory property 
cannot be found in the cache error. 
I tried this with Windows 2003 as well. The computer can be successfully 
added to the domain, but the dsa.msc tool fails on load with a similar 
error about naming information cannot be located.


Are there some dns records required for these tools that are not 
required for domain join operations?


I've also successfully joined a linux box running winbind to this domain 
as well.


jr
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Newbie question for samba 3.0.28 configuration

2008-10-20 Thread Norberto Bensa
On Monday October 20 2008 06:47:27 Lunix1618 wrote:
 I tried security = user and guest ok = yes in [global] 

try removing that and add guest ok = Yes in [PUBLIC].

Regards,

-- 
Norberto Bensa

Linux 2.6.27-gentoo Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
 09:01:17 up 18:46,  1 user,  load average: 0.01, 0.07, 0.08
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Norberto Bensa

Quoting Jorge Concha C. [EMAIL PROTECTED]:


You must have multiple sambaDomainName entries, all with same SID value.


What sambaSID do your users have?

What does net getdomainsid return on your domains?

I'm asking because I have 4 domains (long history, don't ask) and I'm  
currently moving them from tdbsam to ldapsam.


I have no problems with my users because no user is repeated in two  
domains except for one soporte. I need this user soporte to be  
able to log in my 4 domains.


Thanks,
Norberto




This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Peter Rindfuss

Hi,

I have just set up a new 64bit server as PDC with opensuse 11 and samba 
3.2.4. The configuration was taken over from suse 10 with samba 3.0.24.


So far, everything on the new server works fine but this:

I have a C++ utility program running under win xp which creates users 
and home directories usind win32 api calls. It worked fine with samba 
3.0.24 and before, but causes a samba panic when it executes the 
CreateDirectory win32 api call for the home directory. A log file 
snippet is attached.


My own testing shows that the panic only happens when CreateDirectory is 
called with a SECURITY_ATTRIBUTES structure in order to set the correct 
acls for the new directory:


CreateDirectory(HomePath, security_attributes); - panic

whereas
CreateDirectory(HomePath, NULL); - ok

I tried some variants like
CreateDirectory ( HomePath, NULL ) ; - ok
SetFileSecurity(Homepath, ..., security_descriptor); - panic

and finally came up with this solution
CreateDirectory(HomePath, NULL); - ok
SetNamedSecurityInfo(  ); - ok

Strange thing is that in all variants I start out with the same 
SECURITY_DESCRIPTOR structure.



Peter Rindfuss
[2008/10/19 19:23:44,  0] lib/fault.c:fault_report(40)
  ===
[2008/10/19 19:23:44,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 5515 (3.2.4-0.1.130-1906-SUSE-SL11.0)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2008/10/19 19:23:44,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2008/10/19 19:23:44,  0] lib/fault.c:fault_report(44)
  ===
[2008/10/19 19:23:44,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 5515): internal error
[2008/10/19 19:23:44,  0] lib/util.c:log_stack_trace(1767)
  BACKTRACE: 18 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7fb621ea]
   #1 /usr/sbin/smbd(smb_panic+0x1f) [0x7fb622bf]
   #2 /usr/sbin/smbd [0x7fb621feb000]
   #3 /lib64/libpthread.so.0 [0x7fb61fbb1b30]
   #4 /usr/sbin/smbd(sid_compare+0x28) [0x7fb621ff91d8]
   #5 /usr/sbin/smbd(add_sid_to_array_unique+0x4d) [0x7fb621ff98ad]
   #6 /usr/sbin/smbd(create_token_from_username+0x4a6) [0x7fb622045b56]
   #7 /usr/sbin/smbd(user_in_group_sid+0x5a) [0x7fb62204630a]
   #8 /usr/sbin/smbd [0x7fb621e7104e]
   #9 /usr/sbin/smbd(set_nt_acl+0xab5) [0x7fb621e76265]
   #10 /usr/sbin/smbd [0x7fb621e8ae01]
   #11 /usr/sbin/smbd [0x7fb621e31fbc]
   #12 /usr/sbin/smbd(reply_nttrans+0x75c) [0x7fb621e32f8c]
   #13 /usr/sbin/smbd [0x7fb621e788ce]
   #14 /usr/sbin/smbd(smbd_process+0x263) [0x7fb621e7ab93]
   #15 /usr/sbin/smbd(main+0x1fa2) [0x7fb6221f9ad2]
   #16 /lib64/libc.so.6(__libc_start_main+0xe6) [0x7fb61e173436]
   #17 /usr/sbin/smbd [0x7fb621e01aa9]
[2008/10/19 19:23:44,  0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/smbd-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] heimdal and windows compatibility up-to-date informations

2008-10-20 Thread Guillaume Rousse

Pascal Levy a écrit :

Thanks for your input.

Yet additional few questions, now I'm trying it...

I'm understanding the users are supposed to autenticate against the 
kerberos realm, not against he AD domain. But this only appears in the 
connection dialog once once you ran ksetup on the windows host. Is there 
a way to automatically configure this when the host join the domain, 
rather than manually on each host (/me is a total AD newbie) ?


And is there a way to prevent the display of the AD realm in this 
dialog, to prevent user confusion ?

--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] strange message in a samba log

2008-10-20 Thread Stéphane PURNELLE
Hi all,

A user contact me because I cannot open some file on the server.
And when I look her log file I can read : 

[2008/10/20 16:21:03,  0] smbd/notify_inotify.c:inotify_setup(283)
  Failed to init inotify - Trop de fichiers ouverts (too many open file)

What's happening ?

Stéphane Purnelle


---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Logon Script Via Group

2008-10-20 Thread Jeff L
Hello, 

In order to use Samba and migrate our Windows domain we need to be able to map 
users to a drive based on the Unix groups they are a member of.

IE:

If user is a member of finance, map drive f:\ finance
If user is a a member of domainusers, run logon script logon.bat


I tried placing differnet logon scripts in a directory named after the 
groupname and using the %g variable in Samba but it did not work.
It only looks up the FIRST group ignoring the rest. 

Please let us know a easy way to do this. 

Thanks





=
New York Film Academy
Study Abroad Filmmaking  Acting. London, Paris, Florence, USA.
http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294


-- 
Powered by Outblaze
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Jorge Concha C.


All my users can log in at all my 3 domains.

Responses:
All sambaDomainName entries:
sambaSID=S-1-5-21-3209642587-1536209094-3825437934
same for all domains.

users:
user1 = S-1-5-21-3209642587-1536209094-3825437934-4801
user2 = S-1-5-21-3209642587-1536209094-3825437934-4802
user3 = S-1-5-21-3209642587-1536209094-3825437934-4803
etc.

net getdomainsid @ all machines:
SID for domain SAMBA1 is: S-1-5-21-3209642587-1536209094-3825437934
SID for domain DOMAIN1 is: S-1-5-21-3209642587-1536209094-3825437934

SID for domain SAMBA2 is: S-1-5-21-3209642587-1536209094-3825437934
SID for domain DOMAIN2 is: S-1-5-21-3209642587-1536209094-3825437934

SID for domain SAMBA3 is: S-1-5-21-3209642587-1536209094-3825437934
SID for domain DOMAIN3 is: S-1-5-21-3209642587-1536209094-3825437934



On Mon, 20 Oct 2008 11:42:45 -0300, Norberto Bensa [EMAIL PROTECTED]  
wrote:



Quoting Jorge Concha C. [EMAIL PROTECTED]:


You must have multiple sambaDomainName entries, all with same SID value.


What sambaSID do your users have?

What does net getdomainsid return on your domains?

I'm asking because I have 4 domains (long history, don't ask) and I'm  
currently moving them from tdbsam to ldapsam.


I have no problems with my users because no user is repeated in two  
domains except for one soporte. I need this user soporte to be able  
to log in my 4 domains.


Thanks,
Norberto




This message was sent using IMP, the Internet Messaging Program.






--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba 3.2.4

2008-10-20 Thread Volker Lendecke
On Mon, Oct 20, 2008 at 09:05:58AM -0500, Jesse D Hernandez II (AIX Support) 
wrote:
 I have downloaded the source code to my AIX 5.3 server and
 have compiled it. I'm trying to mount some dfs windows
 shares to my unix/AIX server using samba. However, I think
 I'm looking for a smbmount command so that I can mount
 these shares on my AIX server. I ran the configure command
 with the -with-smbmount option, but I just don't see the
 smbmount command at all. What am I missing or what other
 options do I need?

smbmount is a kernel option that is only supported on Linux,
and even there it is replaced with mount.cifs. You might
want to contact your IBM support if there is kernel support
for SMB in AIX (which I doubt).

Volker


pgpaCbIn6mAkx.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon Script Via Group

2008-10-20 Thread Robert Schetterer
Jeff L schrieb:
 Hello, 
 
 In order to use Samba and migrate our Windows domain we need to be able to 
 map users to a drive based on the Unix groups they are a member of.
 
 IE:
 
 If user is a member of finance, map drive f:\ finance
 If user is a a member of domainusers, run logon script logon.bat
 
 
 I tried placing differnet logon scripts in a directory named after the 
 groupname and using the %g variable in Samba but it did not work.
 It only looks up the FIRST group ignoring the rest. 
 
 Please let us know a easy way to do this. 
 
 Thanks
 
 
 
 
 
 =
 New York Film Academy
 Study Abroad Filmmaking  Acting. London, Paris, Florence, USA.
 http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294
 
 
Hi,
you might give all users a default.bat
in this you may split running
other scripts by hostname username groupname
group can be matched with the ifmember.exe util
i.e default.bat

@echo off
REM default login script [EMAIL PROTECTED]
REM
---
REM exec bat for logged in machine ( maybe software status for machine )
echo %COMPUTERNAME%
call %COMPUTERNAME%.bat
REM
---
REM exec bat for login user
echo %USERNAME%
call %USERNAME%.bat
REM
-
REM exec bat for different groups
REM ifmember.exe must be in the netlogon share download it at m$
REM be aware that ifmember will give result in the current win language
REM unlike normal dos
REM positive result from ifmember will match in errorlevel 1
ifmember /v /l DOMAINNAME\Domain Users
if errorlevel 1 call domainusers.bat
ifmember /v /l DOMAINNAME\Domain Admins
if errorlevel 1 call domainadmins.bat

and domainusers.bat

@echo off
REM install the pdfprinter drivers must allready be uploaded
REM typical use with cups-pdf
rundll32 printui.dll,PrintUIEntry /dn /n \\YOUR-PDC-NAME\pdfprinter /q
rundll32 printui.dll,PrintUIEntry /in /n \\YOUR-PDC-NAME\pdfprinter
net use z: \\YOUR-PDC-NAME\users /persistent:no

with such logic you should be able to solve
login stuff NT Group related

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba 3.2.4

2008-10-20 Thread John P Janosik
 On Mon, Oct 20, 2008 at 09:05:58AM -0500, Jesse D Hernandez II (AIX
 Support) wrote:
  I have downloaded the source code to my AIX 5.3 server and
  have compiled it. I'm trying to mount some dfs windows
  shares to my unix/AIX server using samba. However, I think
  I'm looking for a smbmount command so that I can mount
  these shares on my AIX server. I ran the configure command
  with the -with-smbmount option, but I just don't see the
  smbmount command at all. What am I missing or what other
  options do I need?

 smbmount is a kernel option that is only supported on Linux,
 and even there it is replaced with mount.cifs. You might
 want to contact your IBM support if there is kernel support
 for SMB in AIX (which I doubt).


There is kernel support for SMB in AIX.  I've never tested it against MS
DFS shares.  Here is a link to the AIX 5.3 doc for it:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.commadmn/doc/commadmndita/smbfs_intro.htm


John Janosik
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Norberto Bensa

Quoting Jorge Concha C. [EMAIL PROTECTED]:



All my users can log in at all my 3 domains.



Of course. All your domains have the same SID...

Why did you chose this setup instead of domain trusts?

Wouldn't a two-way trust give the same functionality?


Thanks!
Norberto




This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Closing sessions and smbstatus

2008-10-20 Thread Steve Rippl
Hi,

When are client sessions closed?  

Let me explain what I'm trying to do...  we're in a School district and
we try to stop kids logging more than once.  They way I did this before
was to dump the active sessions from our previous Server2003 fileserver
into a file once a minute and process it with a Perl script to check who
was connected from where, rebooting machines remotely as needed!  This
work well enough with the odd 'hung' session causing minor problems.

So now I'm trying to do the same thing with our new Samba (3.0.31)
fileserver using the output from smbstatus.  However, in many cases
sessions are still in there long after the user has logged out of the
machine.  I'm even seeing two sessions for different people on the same
machine with the same pid number!  How is this working?  Why are not all
sessions ending when the user logs off?  Am I going to be able to use
this for what I'm trying to do?!!


The fileserver itself is working great, we have over 2000 users happily
using it with less problems than we had on the Windows box.  I really
appreciate all the work the Samba team does!

Many thanks,

Steve Rippl
Woodland School District
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Change of server - Backup Help

2008-10-20 Thread Iarly Selbir
I go change my Samba/Ldap server.


I will make a backup of the following files

The files:

/etc/samba/* /etc/openldap/*

and

# slapcat  ldap_db.ldf

There are other files to backup?

Missing something?

-- 

Thanks, advance

--
Iarly Selbir ( Ski0s )
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Jeremy Allison
On Mon, Oct 20, 2008 at 04:09:57PM +0200, Peter Rindfuss wrote:
 On 2008-10-20 15:17, Volker Lendecke wrote:
 On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote:
 On 2008-10-20 15:02, Volker Lendecke wrote:
 On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
 attached is the subroutine that I used for testing.
 The part enclosed in #ifdef createdir_alt worked with 3.0.24, but 
 not with 3.2.4. The #else part works with 3.2.4. Both versions 
 are based upon the same security descriptor structure.
 Can you also send your smb.conf and a debug level 10 log
 leading to this error?

 smb.conf is attached.

 Is it possible to turn on level 10 logging without restarting the  
 daemon? It is our production server and I'm not willing to disturb 
 any existing connection.

 Sure. Just set debug level = 10. Then all new connections
 will get the higher debuglevel. Alternatively, connect from
 your client, look at smbstatus output to find your smbd
 pid and issue

 smbcontrol smbd-pid debug 10

 to make just that one smbd use that debuglevel.

 Volker

 Here comes the log; I went to the CreateDirectory call in the debugger,
 turned level 10 on and stepped over the call.

 Second try; gzipped now.

No log attached to this message I'm afraid. Can you
try again please ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Peter Rindfuss
Jeremy Allison wrote:
 On Mon, Oct 20, 2008 at 04:09:57PM +0200, Peter Rindfuss wrote:
 On 2008-10-20 15:17, Volker Lendecke wrote:
 On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote:
 On 2008-10-20 15:02, Volker Lendecke wrote:
 On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
 attached is the subroutine that I used for testing.
 The part enclosed in #ifdef createdir_alt worked with 3.0.24, but 
 not with 3.2.4. The #else part works with 3.2.4. Both versions 
 are based upon the same security descriptor structure.
 Can you also send your smb.conf and a debug level 10 log
 leading to this error?

 smb.conf is attached.

 Is it possible to turn on level 10 logging without restarting the  
 daemon? It is our production server and I'm not willing to disturb 
 any existing connection.
 Sure. Just set debug level = 10. Then all new connections
 will get the higher debuglevel. Alternatively, connect from
 your client, look at smbstatus output to find your smbd
 pid and issue

 smbcontrol smbd-pid debug 10

 to make just that one smbd use that debuglevel.

 Volker
 Here comes the log; I went to the CreateDirectory call in the debugger,
 turned level 10 on and stepped over the call.

 Second try; gzipped now.
 
 No log attached to this message I'm afraid. Can you
 try again please ?
 


Sure.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.2.4 CreateDirectory panic

2008-10-20 Thread Jeremy Allison
On Mon, Oct 20, 2008 at 08:54:11PM +0200, Peter Rindfuss wrote:
 Jeremy Allison wrote:
  On Mon, Oct 20, 2008 at 04:09:57PM +0200, Peter Rindfuss wrote:
  On 2008-10-20 15:17, Volker Lendecke wrote:
  On Mon, Oct 20, 2008 at 03:11:41PM +0200, Peter Rindfuss wrote:
  On 2008-10-20 15:02, Volker Lendecke wrote:
  On Mon, Oct 20, 2008 at 02:34:23PM +0200, Peter Rindfuss wrote:
  attached is the subroutine that I used for testing.
  The part enclosed in #ifdef createdir_alt worked with 3.0.24, but 
  not with 3.2.4. The #else part works with 3.2.4. Both versions 
  are based upon the same security descriptor structure.
  Can you also send your smb.conf and a debug level 10 log
  leading to this error?
 
  smb.conf is attached.
 
  Is it possible to turn on level 10 logging without restarting the  
  daemon? It is our production server and I'm not willing to disturb 
  any existing connection.
  Sure. Just set debug level = 10. Then all new connections
  will get the higher debuglevel. Alternatively, connect from
  your client, look at smbstatus output to find your smbd
  pid and issue
 
  smbcontrol smbd-pid debug 10
 
  to make just that one smbd use that debuglevel.
 
  Volker
  Here comes the log; I went to the CreateDirectory call in the debugger,
  turned level 10 on and stepped over the call.
 
  Second try; gzipped now.
  
  No log attached to this message I'm afraid. Can you
  try again please ?

Still nothing attached to this message. Try a different
mailer ?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Vlastimil Šetka



Hi,

When are client sessions closed?  


Let me explain what I'm trying to do...  we're in a School district and
we try to stop kids logging more than once.  They way I did this before
was to dump the active sessions from our previous Server2003 fileserver
into a file once a minute and process it with a Perl script to check who
was connected from where, rebooting machines remotely as needed!  This
work well enough with the odd 'hung' session causing minor problems.
  
I'm in exactly the same situation. The school, PDC for ~100 computers, 
hundreds of users.
We need to track the logon / logoff. I can't find any usable tools so I 
made my own system.
I found that most reliable is the smbstatus output. Windows do strange 
thinks with connections during domain logons so use of preexec script is 
complicated.
By the Perl script I run smbstatus every 5 seconds, scan the changes 
from previous run and write it to the MySQL DB. That's all woks fine.

So now I'm trying to do the same thing with our new Samba (3.0.31)
fileserver using the output from smbstatus.  However, in many cases
sessions are still in there long after the user has logged out of the
machine.  I'm even seeing two sessions for different people on the same
machine with the same pid number!  How is this working?  Why are not all
sessions ending when the user logs off?  Am I going to be able to use
this for what I'm trying to do?!!
  

I have some problems with this too. See this thread:
 [Samba] smbstatus - switched off computers are sometimes showed
 http://lists.samba.org/archive/samba/2008-September/143701.html

Now I get some new experience with it. The main problem is that samba 
sometimes doesn't update the sessionid.tdb file when the process exits. 
This records is not showed in smbstatus output, because smbstatus checks 
if the PID exists. I patched the smbstatus so it showed me that there is 
the records with no related PID. Then, maybe after 1 day or so, this PID 
is used for other proccess and I can see the ghost logon in my 
tracking system (and in most cases logoff at next run - after 5 seconds).
On the list is now the thread [Samba] processes not closing where is 
described some self-repair function related do sessionid.tdf file. The 
samba process when writing to this file should check all records and 
delete it if the PID doesn't exist. It will be nice but In my situation 
it doesn't work. Maybe it's because of Samba version (3.0.24, official 
Debian Etch package).


The most strange think I've seen is that I get some fake logon records 
for one user day-by-day at the same time. Let say [EMAIL PROTECTED] - tracked 
logon at tuesday 14:10:12, then at the same time at wednesday and 
thursday. In fact the COMP1 is switched off or other user is loged on at 
the time. The USER1 were loged on the COMP1 at monday.

The fileserver itself is working great, we have over 2000 users happily
using it with less problems than we had on the Windows box.  I really
appreciate all the work the Samba team does!
  
The same experience. Samba-based solution with one PDC is rock-stable 
for us in comparsion with several Windows 2003 AD servers running before.

Many thanks,

Steve Rippl
Woodland School District
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Change of server - Backup Help

2008-10-20 Thread Norberto Bensa

Quoting Iarly Selbir [EMAIL PROTECTED]:



There are other files to backup?


*I* would also backup /var/{cache,lib,spool}/samba just in case.

Regards,
Norberto


This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Samba Nfs4 kerberos intergation

2008-10-20 Thread rmostert

Hi,
I have two linux machines whom are  currently  linked via nfs3. A 
directory form one machine is mounted on the other, and this directory 
is part of a samba share. This setup works fine, except for the 16 
groups limitation. To overcome this I have upgrades to nfs4, and use 
mit-kerberos.


How can I tell samba to kinit to the current user so that the mounted 
nfs4 share is read with the right permissions?


Thanks alot!
Reino Mostert

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Two questions

2008-10-20 Thread John Oliver
1) A lot (but not all) of my smbd / nmbd logs are going to
/var/log/messages instead of /var/log/samba/  I tried a couple of things
in syslog.conf, but just don't know the magic word for samba logs.

2) I'm getting lots of couldn't find service errors.  I had:

[data]
path = /data
read only = no
public = yes
browseable = yes
writeable = yes
force user = nfsnobody
force group = nfsnobody
guest ok = yes

The netbios name is stb-data, and it was complaining about couldn't
find service stb-data.  I changed the stanza to:

[stb-data]
path = /data
comment = STB Group file server
read only = no
public = yes
browseable = yes
writeable = yes
force user = nfsnobody
force group = nfsnobody
guest ok = yes

And now I get couldn't find service data  Everything seems to work OK,
but I get dozens of lines about this, and it would be nice to just not
have to see them.  How do I get rid of the couldn't find service
errors?

-- 
***
* John Oliver http://www.john-oliver.net/ *
* *
***
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Steve Rippl

On Mon, 2008-10-20 at 21:10 +0200, Vlastimil Šetka wrote:
  Hi,
 
  When are client sessions closed?  
 
  Let me explain what I'm trying to do...  we're in a School district and
  we try to stop kids logging more than once.  They way I did this before
  was to dump the active sessions from our previous Server2003 fileserver
  into a file once a minute and process it with a Perl script to check who
  was connected from where, rebooting machines remotely as needed!  This
  work well enough with the odd 'hung' session causing minor problems.

 I'm in exactly the same situation. The school, PDC for ~100 computers, 
 hundreds of users.
 We need to track the logon / logoff. I can't find any usable tools so I 
 made my own system.
 I found that most reliable is the smbstatus output. Windows do strange 
 thinks with connections during domain logons so use of preexec script is 
 complicated.
 By the Perl script I run smbstatus every 5 seconds, scan the changes 
 from previous run and write it to the MySQL DB. That's all woks fine.
  So now I'm trying to do the same thing with our new Samba (3.0.31)
  fileserver using the output from smbstatus.  However, in many cases
  sessions are still in there long after the user has logged out of the
  machine.  I'm even seeing two sessions for different people on the same
  machine with the same pid number!  How is this working?  Why are not all
  sessions ending when the user logs off?  Am I going to be able to use
  this for what I'm trying to do?!!

 I have some problems with this too. See this thread:
   [Samba] smbstatus - switched off computers are sometimes showed
   http://lists.samba.org/archive/samba/2008-September/143701.html
 
 Now I get some new experience with it. The main problem is that samba 
 sometimes doesn't update the sessionid.tdb file when the process exits. 
 This records is not showed in smbstatus output, because smbstatus checks 
 if the PID exists. I patched the smbstatus so it showed me that there is 
 the records with no related PID. Then, maybe after 1 day or so, this PID 
 is used for other proccess and I can see the ghost logon in my 
 tracking system (and in most cases logoff at next run - after 5 seconds).
 On the list is now the thread [Samba] processes not closing where is 
 described some self-repair function related do sessionid.tdf file. The 
 samba process when writing to this file should check all records and 
 delete it if the PID doesn't exist. It will be nice but In my situation 
 it doesn't work. Maybe it's because of Samba version (3.0.24, official 
 Debian Etch package).

But checking our server I find that the processes DO still exist!  So
I'm getting a user session in smbstatus with a specific PID and when I
ps -ef | grep PID there is the smbd process still running, yet the user
has long since logged out (days ago)?!  It's not just that the .tbd file
hasn't been updated, it's that the /usr/local/bin/smbd process is still
running.  A restart of Samba clears them all up immediately, but why are
they hanging around when the client is gone?  Is this just happening to
me on our particular setup or is this normal behavior?

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Vlastimil Šetka



But checking our server I find that the processes DO still exist!  So
I'm getting a user session in smbstatus with a specific PID and when I
ps -ef | grep PID there is the smbd process still running, yet the user
has long since logged out (days ago)?!  It's not just that the .tbd file
hasn't been updated, it's that the /usr/local/bin/smbd process is still
running.  A restart of Samba clears them all up immediately, but why are
they hanging around when the client is gone?  Is this just happening to
me on our particular setup or is this normal behavior?
  
We have ~400 logons per day. Sometimes (average 1 process per day) some 
processes hangs - the PID exists but user is several hours loged off. In 
this time other users were loged on this station... But there are some 
locked files connected with this PID - I think this is because the 
process isn'n closed.
Can you see some locked files connected with the bogus PID in smbstatus 
output?

Thanks.
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Jeremy Allison
On Mon, Oct 20, 2008 at 12:52:57PM -0700, Steve Rippl wrote:

 But checking our server I find that the processes DO still exist!  So
 I'm getting a user session in smbstatus with a specific PID and when I
 ps -ef | grep PID there is the smbd process still running, yet the user
 has long since logged out (days ago)?!  It's not just that the .tbd file
 hasn't been updated, it's that the /usr/local/bin/smbd process is still
 running.  A restart of Samba clears them all up immediately, but why are
 they hanging around when the client is gone?  Is this just happening to
 me on our particular setup or is this normal behavior?

No, that's not normal behavior, but it does explain why
the session id's are hanging around. Once the client
terminates the TCP session the smbd should die (and
clean up all resources such as session id's etc.).

When you find a process in this state attach using
strace -p pid (on Linux) to see what it's up to.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Logon Script Via Group

2008-10-20 Thread Rune Tønnesen

Please take a look here
http://lists.samba.org/archive/samba/2004-February/079796.html

--
Venlig Hilsen
Rune TønnesenQuoting Jeff L [EMAIL PROTECTED]:


Hello,

In order to use Samba and migrate our Windows domain we need to be  
able to map users to a drive based on the Unix groups they are a  
member of.


IE:

If user is a member of finance, map drive f:\ finance
If user is a a member of domainusers, run logon script logon.bat


I tried placing differnet logon scripts in a directory named after  
the groupname and using the %g variable in Samba but it did not

work.

It only looks up the FIRST group ignoring the rest.

Please let us know a easy way to do this.

Thanks





=
New York Film Academy
Study Abroad Filmmaking  Acting. London, Paris, Florence, USA.


http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=160d32aa7f559fb3e9e7cf46485a3294



--
Powered by Outblaze
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Two questions

2008-10-20 Thread Ryan Novosielski
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The first one I believe is in the manual, and/or it is a compile flag.
Look for syslog in the Samba manual.

John Oliver wrote:
 1) A lot (but not all) of my smbd / nmbd logs are going to
 /var/log/messages instead of /var/log/samba/  I tried a couple of things
 in syslog.conf, but just don't know the magic word for samba logs.
 
 2) I'm getting lots of couldn't find service errors.  I had:
 
 [data]
 path = /data
 read only = no
 public = yes
 browseable = yes
 writeable = yes
 force user = nfsnobody
 force group = nfsnobody
 guest ok = yes
 
 The netbios name is stb-data, and it was complaining about couldn't
 find service stb-data.  I changed the stanza to:
 
 [stb-data]
 path = /data
 comment = STB Group file server
 read only = no
 public = yes
 browseable = yes
 writeable = yes
 force user = nfsnobody
 force group = nfsnobody
 guest ok = yes
 
 And now I get couldn't find service data  Everything seems to work OK,
 but I get dozens of lines about this, and it would be nice to just not
 have to see them.  How do I get rid of the couldn't find service
 errors?
 

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI/OmJmb+gadEcsb4RArb6AKCXNjy/QxePvYaWfvVBMq39g0cUKQCg05rq
aSUz9QJ5b2oc69n8MnyGpXw=
=wuaV
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] one ldap server and multiple samba PDC domains

2008-10-20 Thread Jorge Concha C.
On Mon, 20 Oct 2008 14:20:16 -0300, Norberto Bensa [EMAIL PROTECTED]  
wrote:



Quoting Jorge Concha C. [EMAIL PROTECTED]:



All my users can log in at all my 3 domains.



Of course. All your domains have the same SID...

Why did you chose this setup instead of domain trusts?

Wouldn't a two-way trust give the same functionality?



I really do not know. I never thought in a configuration of two-way trust.

In addition, my system began as a single domain, then, because the great
load on the machine, I had to duplicate it and then tripled.

Jorge C.

PD. Tu hablas español ?



Thanks!


You are welcome.


Norberto





--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] inherit acls and inherit permissions = execute bit always set?

2008-10-20 Thread Ray Van Dolson
Hi all, I have a share set up as follows:

[images]
  path = /images
  read only = No
  create mask = 0660
  directory mask = 2770
  hide special files = yes
  hide files = /lost+found/
  acl group control = yes
  inherit acls = yes
  map acl inherit = yes
  inherit permissions = yes
  map archive = no
  security mask = 0111

When users create files or directories under this share, the ACL's set
at the top level are properly propagated, but the files always seem to
have the execute bit set.  I'm guessing this is a side-effect of
inherit permissions per the man page:

  New files inherit their read/write bits from the parent directory.
  Their execute bits continue to be determined by map archive, map
  hidden and map system as usual.

The files being created have neither archive flag, hidden or system
flag set, so I'm not sure why the execute is getting set unless it is
getting pulled directly from the directory permissions.

I also notice under the inherit acls entry:

 This parameter can be used to ensure that if default acls exist on
 parent directories, they are always honored when creating a new file
 or subdirectory in these parent directories. The default behavior is
 to use the unix mode specified when creating the directory. Enabling
 this option sets the unix mode to 0777, thus guaranteeing that default
 directory acls are propagated.

So I'm not sure which directive is to blame.

I attempted to use security mask to disable the setting of the execute
bit on any created files, but inherit permissions seems to override
all.

Any suggestions?  I want my files created without the execute bit set,
but want to be able to inherit ACL's.

Thanks,
Ray
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Two questions

2008-10-20 Thread John Oliver
On Mon, Oct 20, 2008 at 04:26:49PM -0400, Ryan Novosielski wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 The first one I believe is in the manual, and/or it is a compile flag.
 Look for syslog in the Samba manual.
 
 John Oliver wrote:
  1) A lot (but not all) of my smbd / nmbd logs are going to
  /var/log/messages instead of /var/log/samba/  I tried a couple of things
  in syslog.conf, but just don't know the magic word for samba logs.

That doesn't really help.

I'm using CentOS 5.2 and the Samba that comes with... 3.0.28  There's a
/var/log/samba/ which contains an smbd.log and an nmbd.log  Some stuff
is logged to them... other stuff is not.  The fact that those files
exist strongly suggests that all Samba-related logs are intended to go
to those files.  Using Samba is a five-year old book, and it's
reference to syslog is to do:

daemon.*/var/log/daemon.log

which is using a very heavy, very blunt instrument that doesn't really
do what it looks like newer OSes and versions of Samba ought to be able
to do.

-- 
***
* John Oliver http://www.john-oliver.net/ *
* *
***
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] valid users and file permissions

2008-10-20 Thread Kyle

Hi people,

I'd like to understand valid users and file permissions better. I have a 
share which is not behaving as I expect.


[family]
path = /home/shares/family
create mask = 0664
directory mask = 0775
force group = parental
guest ok = No
valid users = @parental, @family
writeable = Yes

in Group parental are mum  dad; in group family are mum, dad and offspring.

With file permissions of 0664 and force group parental, I would expect  
the offspring to be able to browse the share but not write to or delete 
from it. Unfortunately, they can both write and delete.


How do I achieve this please?
--

Kind Regards

Kyle

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Two questions

2008-10-20 Thread Kyle

John,

read the 'syslog' and 'syslog only' params in smb.conf on CentOS 5.2.

Basically set 'syslog = 0' to send everything to /var/log/samba

You'll still get a start up  line of some sort in /var/log/messages, but 
otherwise everything else will go to the samba specific logs



Kind Regards

Kyle

Tel: +61 (0)431 88 3978



John Oliver wrote:

On Mon, Oct 20, 2008 at 04:26:49PM -0400, Ryan Novosielski wrote:
  

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The first one I believe is in the manual, and/or it is a compile flag.
Look for syslog in the Samba manual.

John Oliver wrote:


1) A lot (but not all) of my smbd / nmbd logs are going to
/var/log/messages instead of /var/log/samba/  I tried a couple of things
in syslog.conf, but just don't know the magic word for samba logs.
  


That doesn't really help.

I'm using CentOS 5.2 and the Samba that comes with... 3.0.28  There's a
/var/log/samba/ which contains an smbd.log and an nmbd.log  Some stuff
is logged to them... other stuff is not.  The fact that those files
exist strongly suggests that all Samba-related logs are intended to go
to those files.  Using Samba is a five-year old book, and it's
reference to syslog is to do:

daemon.*/var/log/daemon.log

which is using a very heavy, very blunt instrument that doesn't really
do what it looks like newer OSes and versions of Samba ought to be able
to do.

  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] valid users and file permissions

2008-10-20 Thread John Drescher
On Mon, Oct 20, 2008 at 5:37 PM, Kyle [EMAIL PROTECTED] wrote:
 Hi people,

 I'd like to understand valid users and file permissions better. I have a
 share which is not behaving as I expect.

 [family]
 path = /home/shares/family
 create mask = 0664
 directory mask = 0775
 force group = parental
 guest ok = No
 valid users = @parental, @family
 writeable = Yes

 in Group parental are mum  dad; in group family are mum, dad and offspring.

 With file permissions of 0664 and force group parental, I would expect  the
 offspring to be able to browse the share but not write to or delete from it.
 Unfortunately, they can both write and delete.

Since you are using the force group, I believe that means that
everyone who connects to the share does that as the parental group so
they get read and write permissions.

 How do I achieve this please?

I would get rid of the force group and use acls on the *nux filesystem

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Samba integration with nfs4 and kerberos

2008-10-20 Thread rmostert

The kerberos is used for auth of the nfs4 and not of the samba users.
Thus , I wish samba to kinit for the user logged in to use the nfs4 share.

Is this possible?

Benjamin Coddington wrote:
Since authenticating to samba is frequently done via ntlm, you don't 
have credentials (no password, no keys) to kinit.  If you're willing 
to add additional keytypes, you can use kcrap (www.spock.org/kcrap/) 
to at least authenticate ntlm to samba to kerberos.  This runs an 
additional daemon on your kdc which looks up the equivalent 
arcfour-hmac key.


From there its just an extra step to have the daemon send a TGT, and 
save it in a cache for gssd to find.  I could probably send you a 
patch to do just that -- without any claims of security or completeness.


B




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] valid users and file permissions

2008-10-20 Thread Kyle

Ah, of course.

Thanks John.

I had prepended the '+' to the group names, but for whatever reason got 
mixed up with the '+' functionality for 'valid users' and had removed 
it.  Prepend the '+' to the group names again and all works as expected.



Kind Regards

Kyle



John Drescher wrote:

On Mon, Oct 20, 2008 at 5:37 PM, Kyle [EMAIL PROTECTED] wrote:
  
Since you are using the force group, I believe that means that

everyone who connects to the share does that as the parental group so
they get read and write permissions.
  
John
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos

2008-10-20 Thread Norberto Bensa

Quoting Charles Marcus [EMAIL PROTECTED]:


On 10/20/2008, Matthew Delves ([EMAIL PROTECTED]) wrote:

My questions are:
1) What is required for the smb.conf to get it talking to the windows
   2k server?


My understanding is that vampire will NOT work with a Windows 2k server,
only an NT4 server...


That's my understanding too. Samba (3.x) can't act as a AD domain  
server. It can be a member of an AD domain, thou.



Regards,
Norberto



This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] Unable to update SID using pdbedit

2008-10-20 Thread Cooper S. Blake
Since I have had trouble getting the net rpc vampire command to
properly migrate passwords, I have been looking into stripping down
the net rpc samdump results into a smbpasswd backend file, then
importing from there into my tdbsam.

The first problem I ran into is that the samdump produces RID values
from the domain, whereas I need it to represent UIDs that already
exist.  No problem, since my local accounts already exist from the
vampire command.  Then I can just update the SID for each account
using pdbedit -U after importing.

The problem I'm having is that I am mostly unable to change the SID
for users.  I tried picking new SIDs at random, and I came across
a few SIDs that would work, but it largely gives me this result:

Unable to modify TDB passwd: NT_STATUS_UNSUCCESSFUL!
Unable to modify entry!

I tried deleting the passdb.tdb, secrets.tdb, and winbindd_idmap.tdb
files, then starting from scratch.  I can create accounts which
get incrementally assigned to 1000, 1001, etc.  But I cannot seem
to manually update the SID.  What are the conditions for this
command?  I have tried running it in the following ways:

pdbedit -U 1005 username
pdbedit -U full SID username
pdbedit -r -U full SID -u username

Running the command with -d10 does not reveal anything interesting.
So what's the deal with SID reassignment?  There are obviously some
significant restrictions that I'm not aware of.

How exactly does the net rpc vampire command work?  Why would it
successfully import users and groups but not be able to set the
password hashes properly in tdbsam?

thanks,
Cooper


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Norberto Bensa
Hello list,

On Monday October 20 2008 18:01:10 Jeremy Allison wrote:
 On Mon, Oct 20, 2008 at 12:52:57PM -0700, Steve Rippl wrote:
  Is this just happening to
  me on our particular setup or is this normal behavior?

I'm having this problem too. Ubuntu 8.04.1. Samba 3.0.28A (IIRC)


 No, that's not normal behavior,  

... [snip] ...

 When you find a process in this state attach using
 strace -p pid (on Linux) to see what it's up to.

I'll do tomorrow. and I'll report back.


 Jeremy.

Thanks!

Regards,
Norberto
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Norberto Bensa

Quoting Jeremy Allison [EMAIL PROTECTED]:


When you find a process in this state attach using
strace -p pid (on Linux) to see what it's up to.


[EMAIL PROTECTED]:~$ sudo smbstatus
Unknown parameter encountered: change notify timeout
Ignoring unknown parameter change notify timeout

Samba version 3.0.28a
PID Username  Group Machine
---

Service  pid machine   Connected at
---

Locked files:
Pid  UidDenyMode   Access  R/WOplock
SharePath   Name   Time

--
747  4036   DENY_ALL   0x2019f RDWR   NONE  
/home/mjoddone   .Correo/retina/addr2a3a.pmr   Thu Oct 16  
17:44:15 2008



[EMAIL PROTECTED]:~$ sudo strace -p 747
attach: ptrace(PTRACE_ATTACH, ...): No such process


I have no stale sessions. My problem seems different (my memory seems  
to be falling lately) I have stale locks.


Is that normal?


Thanks,
Norberto


This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Jeremy Allison
On Mon, Oct 20, 2008 at 10:03:46PM -0200, Norberto Bensa wrote:
 Quoting Jeremy Allison [EMAIL PROTECTED]:

 When you find a process in this state attach using
 strace -p pid (on Linux) to see what it's up to.

 [EMAIL PROTECTED]:~$ sudo smbstatus
 Unknown parameter encountered: change notify timeout
 Ignoring unknown parameter change notify timeout

 Samba version 3.0.28a
 PID Username  Group Machine
 ---

 Service  pid machine   Connected at
 ---

 Locked files:
 Pid  UidDenyMode   Access  R/WOplock  
  SharePath   Name   Time
 --
 747  4036   DENY_ALL   0x2019f RDWR   NONE
  /home/mjoddone   .Correo/retina/addr2a3a.pmr   Thu Oct 16 17:44:15 2008


 [EMAIL PROTECTED]:~$ sudo strace -p 747
 attach: ptrace(PTRACE_ATTACH, ...): No such process


 I have no stale sessions. My problem seems different (my memory seems to 
 be falling lately) I have stale locks.

 Is that normal?

Nope. The call process_exists_by_pid() should filter out
non-existant process id's before they get added into the
list.

In fact they are being so removed, which is why you
don't see them under the PID title above, and yet
the call to Ucrit_checkPid() is returning true for
some reason (which it shouldn't if the pid hasn't
been entered into the Ucrit_pid[] array).

Can you gdb and break at print_share_mode()
and see why the call at :

 if (Ucrit_checkPid(procid_to_pid(e-pid)))

is returning true in your case ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos

2008-10-20 Thread Matthew Delves


On Oct 21, 2008, at 10:49 AM, Norberto Bensa wrote:


Quoting Charles Marcus [EMAIL PROTECTED]:

On 10/20/2008, Matthew Delves ([EMAIL PROTECTED])  
wrote:

My questions are:
1) What is required for the smb.conf to get it talking to the  
windows

  2k server?


My understanding is that vampire will NOT work with a Windows 2k  
server,

only an NT4 server...


That's my understanding too. Samba (3.x) can't act as a AD domain  
server. It can be a member of an AD domain, thou.


Thanks for both of the replies. If the samba service is a member of  
the AD domain, is it possible to setup the server as a BDC and  
transfer the information that way. If that is possible, are there any  
documents as to how this can be done?


Thanks,
Matthew Delves
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba with more than one Active Directory

2008-10-20 Thread Ryan Bair
There's no trusts between them? If not that's completely bizarre.

On Mon, Oct 20, 2008 at 3:27 AM,  [EMAIL PROTECTED] wrote:
 We have more than ten different domains in our network but we don't want to 
 use more than ten servers for this.
 Is there no possibility to use only one server for all domains?

 F. Niedernolte


 -Ursprüngliche Nachricht-
 Von: Ryan Bair [mailto:[EMAIL PROTECTED]
 Gesendet: Samstag, 18. Oktober 2008 00:41
 An: Niedernolte, Frederik, D-CS-IT ICS
 Cc: samba@lists.samba.org
 Betreff: Re: [Samba] Samba with more than one Active Directory

 Typically you would want the two domains to trust each other and you
 would only be a member of one. If you had multiple Sambas running you
 might be able to join two domains, but it wouldn't be pretty.

 On Fri, Oct 17, 2008 at 3:25 AM,  [EMAIL PROTECTED] wrote:
 I want to use Samba together with freeRADIUS in an Active Directory
 network.

 I successfully followed these instructions for that:
 http://deployingradius.com/documents/configuration/active_directory.html

 Now my question is: How can I use Samba with more than one Active
 Directory?

 Because it must work with A D Example 1, Example 2 etc. and not only
 with Example 1.
 Thanks for help.

 Best regards,



 F. Niedernolte

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] samba4 on ubuntu intrepid, winbind success only in single process model

2008-10-20 Thread Joel Reed
A brief rundown of my experiences with Samba4 
http://wiki.samba.org/index.php/Samba4 on Ubuntu Intrepid:


 http://ropeonfire.blogspot.com/2008/10/samba4-on-ubuntu-intrepid.html

One note in particular that might be helpful to developers: I could join 
a linux machine running winbind 2:3.2.3-1ubuntu3 to the domain only when 
running in single process mode.


I'm still holding out hope that someone can shine a light on this 
previous question:


 http://lists.samba.org/archive/samba/2008-October/144305.html

jr
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Closing sessions and smbstatus

2008-10-20 Thread Norberto Bensa

Quoting Jeremy Allison [EMAIL PROTECTED]:


On Mon, Oct 20, 2008 at 10:03:46PM -0200, Norberto Bensa wrote:

Locked files:
Pid  UidDenyMode   Access  R/WOplock
 SharePath   Name   Time
--
747  4036   DENY_ALL   0x2019f RDWR   NONE
 /home/mjoddone   .Correo/retina/addr2a3a.pmr   Thu Oct 16 17:44:15 2008


Can you gdb and break at print_share_mode()
and see why the call at :


Hm. I'm affraid I don't know gdb good enough, and BTW, and correct me  
if I'm wrong, but shouldn't I be running a debug-enabled binary of  
smbstatus to do what you're asking me for?


Thanks!
Norberto


This message was sent using IMP, the Internet Messaging Program.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] valid users and file permissions

2008-10-20 Thread Jeff L
Simply removing force group and setting the dir's unix group owner to 
parental. This should leave the children to read only 
 - Original Message -
 From: John Drescher [EMAIL PROTECTED]
 To: Kyle [EMAIL PROTECTED]
 Subject: Re: [Samba] valid users and file permissions
 Date: Mon, 20 Oct 2008 17:45:30 -0400
 
 
 On Mon, Oct 20, 2008 at 5:37 PM, Kyle [EMAIL PROTECTED] wrote:
  Hi people,
 
  I'd like to understand valid users and file permissions better. I have a
  share which is not behaving as I expect.
 
  [family]
  path = /home/shares/family
  create mask = 0664
  directory mask = 0775
  force group = parental
  guest ok = No
  valid users = @parental, @family
  writeable = Yes
 
  in Group parental are mum  dad; in group family are mum, dad and offspring.
 
  With file permissions of 0664 and force group parental, I would expect  the
  offspring to be able to browse the share but not write to or delete from it.
  Unfortunately, they can both write and delete.
 
 Since you are using the force group, I believe that means that
 everyone who connects to the share does that as the parental group so
 they get read and write permissions.
 
  How do I achieve this please?
 
 I would get rid of the force group and use acls on the *nux filesystem
 
 John
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba




=


-- 
Powered by Outblaze
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos

2008-10-20 Thread Norberto Bensa
On Monday October 20 2008 22:38:56 Matthew Delves wrote:
 is it possible to setup the server as a BDC and
 transfer the information that way. 

Nope. 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Question about switching from Windows 2k Server to SAMBA 3 under Centos

2008-10-20 Thread Norberto Bensa
On Monday October 20 2008 22:38:56 Matthew Delves wrote:
  are there any
 documents as to how this can be done?


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html

   Active Directory Domain Control

   As of the release of MS Windows 2000 and Active Directory, this information
   is now stored in a directory that can be replicated and for which partial
   or full administrative control can be delegated. Samba-3 is not able to be
   a domain controller within an Active Directory tree, and it cannot be an
   Active Directory server. This means that Samba-3 also cannot act as a BDC
   to an Active Directory domain controller.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[SCM] Samba Shared Repository - branch master updated - 221ea78e2e1688f2e79703784b3d1d1a68057604

2008-10-20 Thread Jelmer Vernooij
The branch, master has been updated
   via  221ea78e2e1688f2e79703784b3d1d1a68057604 (commit)
   via  c3d8f472e8acbfd73fdd4707f70a3d153f62f033 (commit)
   via  68bb6e56ba2ea4bda19c36193d7c366a04daf289 (commit)
   via  620a27bdf140e5e9091cc922f62b6fd12b12330e (commit)
   via  e549759efe0b782106e6892685e0494376e592ff (commit)
  from  c4dc548171ba27b741669e364839a3c8e507be96 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 221ea78e2e1688f2e79703784b3d1d1a68057604
Merge: c3d8f472e8acbfd73fdd4707f70a3d153f62f033 
c4dc548171ba27b741669e364839a3c8e507be96
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 10:53:56 2008 +0200

Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypt

commit c3d8f472e8acbfd73fdd4707f70a3d153f62f033
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 10:53:26 2008 +0200

Export variables correctly for blackbox tests (thanks metze).

commit 68bb6e56ba2ea4bda19c36193d7c366a04daf289
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 10:45:42 2008 +0200

Rename BAD to BAD_DATA since the first is already defined on SunOS.

commit 620a27bdf140e5e9091cc922f62b6fd12b12330e
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 10:38:03 2008 +0200

Don't assume crypt.h is present even if crypt() is.

commit e549759efe0b782106e6892685e0494376e592ff
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 10:18:02 2008 +0200

Fix blackbox tests on IPv6-only hosts.

---

Summary of changes:
 lib/replace/crypt.m4|1 +
 lib/replace/replace.h   |2 +
 lib/zlib/infback.c  |   26 
 lib/zlib/inffast.c  |   10 +++---
 lib/zlib/inflate.c  |   44 +-
 lib/zlib/inflate.h  |4 +-
 selftest/selftest.pl|1 +
 source4/scripting/python/samba/provision.py |   19 +--
 source4/selftest/tests.sh   |2 +
 source4/setup/provision.zone|4 +-
 10 files changed, 65 insertions(+), 48 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/replace/crypt.m4 b/lib/replace/crypt.m4
index 0b31ae4..047766d 100644
--- a/lib/replace/crypt.m4
+++ b/lib/replace/crypt.m4
@@ -1,5 +1,6 @@
 ###
 # test for where we get crypt() from
+AC_CHECK_HEADERS(crypt.h)
 AC_SEARCH_LIBS_EXT(crypt, [crypt],
   [test $ac_cv_search_crypt = none required || CRYPT_LIBS=-lcrypt
   AC_DEFINE(HAVE_CRYPT,1,[Whether the system has the crypt() function])],
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 57ebeb5..af1208a 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -632,7 +632,9 @@ typedef int bool;
 char *ufc_crypt(const char *key, const char *salt);
 #define crypt ufc_crypt
 #else
+#ifdef HAVE_CRYPT_H
 #include crypt.h
 #endif
+#endif
 
 #endif /* _LIBREPLACE_REPLACE_H */
diff --git a/lib/zlib/infback.c b/lib/zlib/infback.c
index 5680937..284d523 100644
--- a/lib/zlib/infback.c
+++ b/lib/zlib/infback.c
@@ -309,7 +309,7 @@ void FAR *out_desc;
 break;
 case 3:
 strm-msg = invalid block type;
-state-mode = BAD;
+state-mode = BAD_DATA;
 }
 DROPBITS(2);
 break;
@@ -320,7 +320,7 @@ void FAR *out_desc;
 NEEDBITS(32);
 if ((hold  0x) != ((hold  16) ^ 0x)) {
 strm-msg = invalid stored block lengths;
-state-mode = BAD;
+state-mode = BAD_DATA;
 break;
 }
 state-length = (unsigned)hold  0x;
@@ -358,7 +358,7 @@ void FAR *out_desc;
 #ifndef PKZIP_BUG_WORKAROUND
 if (state-nlen  286 || state-ndist  30) {
 strm-msg = too many length or distance symbols;
-state-mode = BAD;
+state-mode = BAD_DATA;
 break;
 }
 #endif
@@ -380,7 +380,7 @@ void FAR *out_desc;
 (state-lenbits), state-work);
 if (ret) {
 strm-msg = invalid code lengths set;
-state-mode = BAD;
+state-mode = BAD_DATA;
 break;
 }
 Tracev((stderr, inflate:   code lengths ok\n));
@@ -404,7 +404,7 @@ void FAR *out_desc;
 DROPBITS(this.bits);
 if (state-have == 0) {
 strm-msg = invalid bit length repeat;
-state-mode = BAD;
+state-mode = BAD_DATA;
 break;
 }

[SCM] Samba Shared Repository - branch master updated - a55afef6d3dbd40b938e19c7c077e3b0ca535bcc

2008-10-20 Thread Andrew Bartlett
The branch, master has been updated
   via  a55afef6d3dbd40b938e19c7c077e3b0ca535bcc (commit)
   via  85acd7eccca127ab701f1515a27747b8af089cab (commit)
   via  b789ff950f054ede2ef1dfaf94f8ddff062c092b (commit)
   via  3038bc484ebb1796e40e0eeb72155d9905ff36fa (commit)
   via  22eb64f05618db233b6aa63a2ae4e5216f65d179 (commit)
   via  c41cc6772203862e1015f7fc60ad0a06eca3051c (commit)
   via  71022daac2ad07bf48d42d016b15313727edcd08 (commit)
  from  221ea78e2e1688f2e79703784b3d1d1a68057604 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a55afef6d3dbd40b938e19c7c077e3b0ca535bcc
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Mon Oct 20 17:48:59 2008 +1100

Rework mkrelease.sh to exclude Samba3 files

This matches my proposal to samba-technical, and should allow a Samba4
release to be made shortly.

Andrew Bartlett

commit 85acd7eccca127ab701f1515a27747b8af089cab
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Mon Oct 20 16:12:37 2008 +1100

Make the updated RPC-LSA pass against Win2008, and Samba4 to match

commit b789ff950f054ede2ef1dfaf94f8ddff062c092b
Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED]
Date:   Mon Oct 20 15:50:07 2008 +1100

LSA Patch for User Manager

New (major) patch
=
- Enhances the lsa.idl file in the sense that it adds more values to
PolicyInformation to improve the lsa_QueryInfoPolicy* calls.
- Adds a minimal implementation for AuditEvents (also lsa_QueryInfoPolicy*
calls) to enable the Audit option in the User Manager for Domains (at 
least
readable).
- Adds to the lsa.idl file the system access mode flags needed for the 
calls
lsa_*SystemAccessAccount.
- Fill in the lsa_GetSystemAccessAccount for enabling the User Rights
option in the User Manager for Domains (at least readable).
- Merge the two similar torture tests of the lsa_QueryInfoPolicy* calls in
one using if's for a few separations.
- Add a torture test for lsa_GetSystemAccessAccount.
- Some cosmetic-only changes (unifications) in output strings in the LSA
torture test.

The work has been done using the Microsoft WSPP docs.

Signed-off-by: Andrew Bartlett [EMAIL PROTECTED]

commit 3038bc484ebb1796e40e0eeb72155d9905ff36fa
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Mon Oct 20 15:19:01 2008 +1100

Mark clearTextPassword as a privilaged attribute

commit 22eb64f05618db233b6aa63a2ae4e5216f65d179
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Mon Oct 20 14:22:37 2008 +1100

Actually test the kpasswd server

This uses kpasswd operated as a blackbox, assisted by the newly
imported rkpty tool.

Andrew Bartlett

commit c41cc6772203862e1015f7fc60ad0a06eca3051c
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Mon Oct 20 14:21:21 2008 +1100

Ensure the hdb_method structure is not on the stack.

We supply this to krb5 as a plugin, so we must keep it around as long
as the krb5_context.

Andrew Bartlett

commit 71022daac2ad07bf48d42d016b15313727edcd08
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Mon Oct 20 12:18:01 2008 +1100

Add samba4kpasswd and rkpty binaries

smaba4kpasswd will be used to test the kpasswdd componet of the KDC
(which is up until now untested), and rkpty is an expect-like wrapper
we can use to blackbox that utility.

Andrew Bartlett

---

Summary of changes:
 source4/heimdal/kpasswd/kpasswd.c  |  247 +++
 source4/heimdal/kpasswd/kpasswd_locl.h |  104 ++
 source4/heimdal/lib/krb5/prog_setup.c  |   66 +++
 source4/heimdal/lib/roken/rkpty.c  |  336 
 source4/heimdal_build/internal.m4  |8 +
 source4/heimdal_build/internal.mk  |   35 +++-
 source4/kdc/kdc.c  |   10 +-
 source4/librpc/idl/lsa.idl |   32 +++-
 source4/rpc_server/lsa/dcesrv_lsa.c|   40 -
 source4/script/mkrelease.sh|   16 ++-
 source4/setup/provision_init.ldif  |1 +
 source4/torture/rpc/lsa.c  |  230 +-
 testprogs/blackbox/test_kinit.sh   |   44 -
 13 files changed, 1045 insertions(+), 124 deletions(-)
 create mode 100644 source4/heimdal/kpasswd/kpasswd.c
 create mode 100644 source4/heimdal/kpasswd/kpasswd_locl.h
 create mode 100644 source4/heimdal/lib/krb5/prog_setup.c
 create mode 100644 source4/heimdal/lib/roken/rkpty.c


Changeset truncated at 500 lines:

diff --git a/source4/heimdal/kpasswd/kpasswd.c 
b/source4/heimdal/kpasswd/kpasswd.c
new file mode 100644
index 000..b844628
--- /dev/null
+++ b/source4/heimdal/kpasswd/kpasswd.c
@@ -0,0 +1,247 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, 

[SCM] Samba Shared Repository - branch master updated - d78f3be238c93a07ff16ead29d7d006de8f92605

2008-10-20 Thread Jelmer Vernooij
The branch, master has been updated
   via  d78f3be238c93a07ff16ead29d7d006de8f92605 (commit)
   via  a8707a43d03d884e625e28dddcd1d43d613a520f (commit)
   via  5b52964b15ba33fdc2e931ea34428b5a382063c8 (commit)
  from  640847b4fc74c93dd74b2325b4ac92a001a81c92 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d78f3be238c93a07ff16ead29d7d006de8f92605
Merge: a8707a43d03d884e625e28dddcd1d43d613a520f 
640847b4fc74c93dd74b2325b4ac92a001a81c92
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 12:19:57 2008 +0200

Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypt

commit a8707a43d03d884e625e28dddcd1d43d613a520f
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 12:19:01 2008 +0200

Regenerate pidl output.

commit 5b52964b15ba33fdc2e931ea34428b5a382063c8
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 11:53:20 2008 +0200

Share winreg.idl.

---

Summary of changes:
 {source4/librpc = librpc}/idl/winreg.idl |2 +-
 source3/Makefile.in   |2 +-
 source3/include/proto.h   |1 -
 source3/librpc/gen_ndr/cli_winreg.c   |2 +-
 source3/librpc/gen_ndr/cli_winreg.h   |2 +-
 source3/librpc/gen_ndr/ndr_winreg.c   |   89 +--
 source3/librpc/gen_ndr/ndr_winreg.h   |1 -
 source3/librpc/gen_ndr/winreg.h   |   10 +-
 source3/librpc/idl/winreg.idl |  410 -
 source3/utils/net_rpc_registry.c  |2 +-
 source4/lib/registry/rpc.c|4 +-
 11 files changed, 18 insertions(+), 507 deletions(-)
 rename {source4/librpc = librpc}/idl/winreg.idl (99%)
 delete mode 100644 source3/librpc/idl/winreg.idl


Changeset truncated at 500 lines:

diff --git a/source4/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
similarity index 99%
rename from source4/librpc/idl/winreg.idl
rename to librpc/idl/winreg.idl
index 643dc9e..9216f98 100644
--- a/source4/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -228,7 +228,7 @@ import lsa.idl, security.idl;
[in,out,ref] winreg_String *classname,
[out,ref] uint32 *num_subkeys,
[out,ref] uint32 *max_subkeylen,
-   [out,ref] uint32 *max_subkeysize,
+   [out,ref] uint32 *max_classlen,
[out,ref] uint32 *num_values,
[out,ref] uint32 *max_valnamelen,
[out,ref] uint32 *max_valbufsize,
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 6fe26d3..eddcaaa 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1208,7 +1208,7 @@ modules:: SHOWFLAGS $(MODULES)
 samba3-idl::
@PIDL_ARGS=$(PIDL_ARGS) CPP=$(CPP) PIDL=../pidl/pidl \
 srcdir=$(srcdir) $(srcdir)/script/build_idl.sh librpc/idl/lsa.idl \
-   ../librpc/idl/dfs.idl ../librpc/idl/echo.idl 
librpc/idl/winreg.idl \
+   ../librpc/idl/dfs.idl ../librpc/idl/echo.idl 
../librpc/idl/winreg.idl \
../librpc/idl/initshutdown.idl librpc/idl/srvsvc.idl 
../librpc/idl/svcctl.idl \
../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl 
librpc/idl/netlogon.idl \
../librpc/idl/notify.idl ../librpc/idl/epmapper.idl 
librpc/idl/messaging.idl \
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 18bbd11..ad2c719 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3538,7 +3538,6 @@ _PUBLIC_ void ndr_print_KeySecurityData(struct ndr_print 
*ndr, const char *name,
 _PUBLIC_ void ndr_print_winreg_SecBuf(struct ndr_print *ndr, const char *name, 
const struct winreg_SecBuf *r);
 _PUBLIC_ void ndr_print_winreg_CreateAction(struct ndr_print *ndr, const char 
*name, enum winreg_CreateAction r);
 _PUBLIC_ void ndr_print_winreg_StringBuf(struct ndr_print *ndr, const char 
*name, const struct winreg_StringBuf *r);
-_PUBLIC_ void ndr_print_winreg_ValNameBuf(struct ndr_print *ndr, const char 
*name, const struct winreg_ValNameBuf *r);
 _PUBLIC_ void ndr_print_KeySecurityAttribute(struct ndr_print *ndr, const char 
*name, const struct KeySecurityAttribute *r);
 _PUBLIC_ void ndr_print_QueryMultipleValue(struct ndr_print *ndr, const char 
*name, const struct QueryMultipleValue *r);
 _PUBLIC_ void ndr_print_winreg_OpenHKCR(struct ndr_print *ndr, const char 
*name, int flags, const struct winreg_OpenHKCR *r);
diff --git a/source3/librpc/gen_ndr/cli_winreg.c 
b/source3/librpc/gen_ndr/cli_winreg.c
index d558a5a..17b7281 100644
--- a/source3/librpc/gen_ndr/cli_winreg.c
+++ b/source3/librpc/gen_ndr/cli_winreg.c
@@ -497,7 +497,7 @@ NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client 
*cli,
 TALLOC_CTX *mem_ctx,
 struct policy_handle *handle /* [in] [ref] */,
 uint32_t 

[SCM] Samba Shared Repository - branch master updated - db90d9ad1693b3c8f388dbff63a79707ef4842cd

2008-10-20 Thread Jelmer Vernooij
The branch, master has been updated
   via  db90d9ad1693b3c8f388dbff63a79707ef4842cd (commit)
  from  d78f3be238c93a07ff16ead29d7d006de8f92605 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit db90d9ad1693b3c8f388dbff63a79707ef4842cd
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 12:20:53 2008 +0200

Also move wireshark conformance file.

---

Summary of changes:
 {source4/librpc = librpc}/idl/winreg.cnf |0 
 1 files changed, 0 insertions(+), 0 deletions(-)
 rename {source4/librpc = librpc}/idl/winreg.cnf (100%)


Changeset truncated at 500 lines:

diff --git a/source4/librpc/idl/winreg.cnf b/librpc/idl/winreg.cnf
similarity index 100%
rename from source4/librpc/idl/winreg.cnf
rename to librpc/idl/winreg.cnf


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - 93e52145a887b1865d41ae5272047423bbfb33b3

2008-10-20 Thread Jelmer Vernooij
The branch, master has been updated
   via  93e52145a887b1865d41ae5272047423bbfb33b3 (commit)
   via  6b82b2ff130a1217e3d4f0df645a7a7e1678b62b (commit)
   via  5424c68b3d93eb3ea2f5f3ac853a85925242aa5b (commit)
   via  e0905c30908b4d621030689d33de28a13c04a690 (commit)
  from  29838debb3d350aaee0bf9744f1a7371b8b06736 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 93e52145a887b1865d41ae5272047423bbfb33b3
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 13:24:16 2008 +0200

Provide two symbols to allow ndrdump compiled by Samba 3 to be used for
Samba 4.

commit 6b82b2ff130a1217e3d4f0df645a7a7e1678b62b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 13:21:43 2008 +0200

Fix merged build; use full libroken rather than just a couple of object 
files.

commit 5424c68b3d93eb3ea2f5f3ac853a85925242aa5b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 13:21:29 2008 +0200

Add missing asn1 object.

commit e0905c30908b4d621030689d33de28a13c04a690
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 13:19:39 2008 +0200

Use tables in Samba 3 ndrdump.

---

Summary of changes:
 lib/util/debug.c  |1 +
 librpc/ndr/ndr_table.c|  135 +
 librpc/ndr/ndr_table.h|   13 
 librpc/tables.pl  |   89 
 librpc/tools/ndrdump.c|   20 +-
 source3/Makefile.in   |   12 +++-
 source3/librpc/gen_ndr/tables.c   |   83 +++
 source4/heimdal_build/internal.mk |   11 +---
 source4/lib/charset/util_unistr.c |2 +-
 source4/librpc/config.mk  |6 +-
 source4/librpc/ndr/ndr_table.c|  134 
 source4/librpc/tables.pl  |   89 
 12 files changed, 339 insertions(+), 256 deletions(-)
 create mode 100644 librpc/ndr/ndr_table.c
 create mode 100644 librpc/ndr/ndr_table.h
 create mode 100644 librpc/tables.pl
 create mode 100644 source3/librpc/gen_ndr/tables.c
 delete mode 100644 source4/librpc/ndr/ndr_table.c
 delete mode 100644 source4/librpc/tables.pl


Changeset truncated at 500 lines:

diff --git a/lib/util/debug.c b/lib/util/debug.c
index faec52a..98aabc5 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -37,6 +37,7 @@ static int debug_all_class_hack = 1;
 int *DEBUGLEVEL_CLASS = debug_all_class_hack; /* For samba 3 */
 static bool debug_all_class_isset_hack = true;
 bool*DEBUGLEVEL_CLASS_ISSET = debug_all_class_isset_hack; /* For samba 3 
*/
+XFILE *dbf = NULL; /* For Samba 3*/
 
 /* the registered mutex handlers */
 static struct {
diff --git a/librpc/ndr/ndr_table.c b/librpc/ndr/ndr_table.c
new file mode 100644
index 000..f7c381f
--- /dev/null
+++ b/librpc/ndr/ndr_table.c
@@ -0,0 +1,135 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   dcerpc utility functions
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Jelmer Vernooij 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see http://www.gnu.org/licenses/.
+*/
+
+#include includes.h
+#include ../lib/util/dlinklist.h
+#include librpc/ndr/libndr.h
+#include librpc/ndr/ndr_table.h
+#undef strcasecmp
+
+static struct ndr_interface_list *ndr_interfaces;
+
+/*
+  register a ndr interface table
+*/
+NTSTATUS ndr_table_register(const struct ndr_interface_table *table)
+{
+   struct ndr_interface_list *l;
+
+   for (l = ndr_interfaces; l; l = l-next) {
+   if (GUID_equal(table-syntax_id.uuid, 
l-table-syntax_id.uuid)) {
+   DEBUG(0, (Attempt to register interface %s which has 
the 
+ same UUID as already registered interface 
%s\n, 
+ table-name, l-table-name));
+   return NT_STATUS_OBJECT_NAME_COLLISION;
+   }
+   }
+
+   l = talloc(talloc_autofree_context(), struct ndr_interface_list);
+   l-table = table;
+
+   DLIST_ADD(ndr_interfaces, l);
+
+   return NT_STATUS_OK;
+}
+
+/*
+  find the pipe name for a local IDL interface
+*/
+const char *ndr_interface_name(const struct GUID *uuid, uint32_t if_version)
+{
+   const struct ndr_interface_list *l;
+   

[SCM] Samba Shared Repository - branch master updated - 61db229c08a601780da09ee4f2f4f1eb32ec3aa0

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  61db229c08a601780da09ee4f2f4f1eb32ec3aa0 (commit)
  from  93e52145a887b1865d41ae5272047423bbfb33b3 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 61db229c08a601780da09ee4f2f4f1eb32ec3aa0
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 15:47:46 2008 +0200

s4: fix the build after winreg idl changes.

Guenther

---

Summary of changes:
 source4/lib/registry/rpc.c   |4 ++--
 source4/torture/ndr/winreg.c |2 +-
 source4/torture/rpc/winreg.c |4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c
index 3a16ae1..bcf5c8d 100644
--- a/source4/lib/registry/rpc.c
+++ b/source4/lib/registry/rpc.c
@@ -32,7 +32,7 @@ struct rpc_key {
const char* classname;  
uint32_t num_subkeys;
uint32_t max_subkeylen;
-   uint32_t max_classlen;
+   uint32_t max_subkeysize;
uint32_t num_values;
uint32_t max_valnamelen;
uint32_t max_valbufsize;
@@ -380,7 +380,7 @@ static WERROR rpc_query_key(TALLOC_CTX *mem_ctx, const 
struct registry_key *k)
r.out.classname = classname;
r.out.num_subkeys = mykeydata-num_subkeys;
r.out.max_subkeylen = mykeydata-max_subkeylen;
-   r.out.max_classlen = mykeydata-max_classlen;
+   r.out.max_subkeysize = mykeydata-max_subkeysize;
r.out.num_values = mykeydata-num_values;
r.out.max_valnamelen = mykeydata-max_valnamelen;
r.out.max_valbufsize = mykeydata-max_valbufsize;
diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c
index de804b7..60a3230 100644
--- a/source4/torture/ndr/winreg.c
+++ b/source4/torture/ndr/winreg.c
@@ -417,7 +417,7 @@ static bool queryinfokey_out_check(struct torture_context 
*tctx, struct winreg_Q
torture_assert_str_equal(tctx, r-out.classname-name, , class out 
name);
torture_assert_int_equal(tctx, *r-out.num_subkeys, 0, num subkeys);
torture_assert_int_equal(tctx, *r-out.max_subkeylen, 0, subkey 
length);
-   torture_assert_int_equal(tctx, *r-out.max_classlen, 140, subkey 
size);
+   torture_assert_int_equal(tctx, *r-out.max_subkeysize, 140, subkey 
size);
torture_assert_werr_ok(tctx, r-out.result, return code);
return true;
 }
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index 08ec8f5..bd897f0 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -1396,7 +1396,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p,
  struct policy_handle *handle, char *class)
 {
struct winreg_QueryInfoKey r;
-   uint32_t num_subkeys, max_subkeylen, max_classlen,
+   uint32_t num_subkeys, max_subkeylen, max_subkeysize,
num_values, max_valnamelen, max_valbufsize,
secdescsize;
NTTIME last_changed_time;
@@ -1405,7 +1405,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p,
r.in.handle = handle;
r.out.num_subkeys = num_subkeys;
r.out.max_subkeylen = max_subkeylen;
-   r.out.max_classlen = max_classlen;
+   r.out.max_subkeysize = max_subkeysize;
r.out.num_values = num_values;
r.out.max_valnamelen = max_valnamelen;
r.out.max_valbufsize = max_valbufsize;


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - e08e5a0f3fa58a08532bb6d9a613985305e31c4f

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  e08e5a0f3fa58a08532bb6d9a613985305e31c4f (commit)
  from  61db229c08a601780da09ee4f2f4f1eb32ec3aa0 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e08e5a0f3fa58a08532bb6d9a613985305e31c4f
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 15:53:24 2008 +0200

Revert s4: fix the build after winreg idl changes.

This reverts commit 61db229c08a601780da09ee4f2f4f1eb32ec3aa0.

---

Summary of changes:
 source4/lib/registry/rpc.c   |4 ++--
 source4/torture/ndr/winreg.c |2 +-
 source4/torture/rpc/winreg.c |4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c
index bcf5c8d..3a16ae1 100644
--- a/source4/lib/registry/rpc.c
+++ b/source4/lib/registry/rpc.c
@@ -32,7 +32,7 @@ struct rpc_key {
const char* classname;  
uint32_t num_subkeys;
uint32_t max_subkeylen;
-   uint32_t max_subkeysize;
+   uint32_t max_classlen;
uint32_t num_values;
uint32_t max_valnamelen;
uint32_t max_valbufsize;
@@ -380,7 +380,7 @@ static WERROR rpc_query_key(TALLOC_CTX *mem_ctx, const 
struct registry_key *k)
r.out.classname = classname;
r.out.num_subkeys = mykeydata-num_subkeys;
r.out.max_subkeylen = mykeydata-max_subkeylen;
-   r.out.max_subkeysize = mykeydata-max_subkeysize;
+   r.out.max_classlen = mykeydata-max_classlen;
r.out.num_values = mykeydata-num_values;
r.out.max_valnamelen = mykeydata-max_valnamelen;
r.out.max_valbufsize = mykeydata-max_valbufsize;
diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c
index 60a3230..de804b7 100644
--- a/source4/torture/ndr/winreg.c
+++ b/source4/torture/ndr/winreg.c
@@ -417,7 +417,7 @@ static bool queryinfokey_out_check(struct torture_context 
*tctx, struct winreg_Q
torture_assert_str_equal(tctx, r-out.classname-name, , class out 
name);
torture_assert_int_equal(tctx, *r-out.num_subkeys, 0, num subkeys);
torture_assert_int_equal(tctx, *r-out.max_subkeylen, 0, subkey 
length);
-   torture_assert_int_equal(tctx, *r-out.max_subkeysize, 140, subkey 
size);
+   torture_assert_int_equal(tctx, *r-out.max_classlen, 140, subkey 
size);
torture_assert_werr_ok(tctx, r-out.result, return code);
return true;
 }
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index bd897f0..08ec8f5 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -1396,7 +1396,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p,
  struct policy_handle *handle, char *class)
 {
struct winreg_QueryInfoKey r;
-   uint32_t num_subkeys, max_subkeylen, max_subkeysize,
+   uint32_t num_subkeys, max_subkeylen, max_classlen,
num_values, max_valnamelen, max_valbufsize,
secdescsize;
NTTIME last_changed_time;
@@ -1405,7 +1405,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p,
r.in.handle = handle;
r.out.num_subkeys = num_subkeys;
r.out.max_subkeylen = max_subkeylen;
-   r.out.max_subkeysize = max_subkeysize;
+   r.out.max_classlen = max_classlen;
r.out.num_values = num_values;
r.out.max_valnamelen = max_valnamelen;
r.out.max_valbufsize = max_valbufsize;


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - fc8fadf1e93cffcf36bd56ba02894804018b9972

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  fc8fadf1e93cffcf36bd56ba02894804018b9972 (commit)
  from  a55afef6d3dbd40b938e19c7c077e3b0ca535bcc (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit fc8fadf1e93cffcf36bd56ba02894804018b9972
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 11:11:19 2008 +0200

idl: finally share krb5_pac.idl.

Guenther

---

Summary of changes:
 {source4/librpc = librpc}/idl/krb5pac.idl |   10 ++-
 source3/Makefile.in|2 +-
 source3/librpc/gen_ndr/krb5pac.h   |   23 -
 source3/librpc/gen_ndr/ndr_krb5pac.c   |  131 
 source3/librpc/gen_ndr/ndr_krb5pac.h   |8 ++-
 5 files changed, 147 insertions(+), 27 deletions(-)
 rename {source4/librpc = librpc}/idl/krb5pac.idl (95%)


Changeset truncated at 500 lines:

diff --git a/source4/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
similarity index 95%
rename from source4/librpc/idl/krb5pac.idl
rename to librpc/idl/krb5pac.idl
index bddba04..a498b79 100644
--- a/source4/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -29,7 +29,7 @@ interface krb5pac
netr_SamInfo3 info3;
dom_sid2 *res_group_dom_sid;
samr_RidWithAttributeArray res_groups;
-   } PAC_LOGON_INFO;
+   } PAC_LOGON_INFO;
 
typedef struct {
[value(2*strlen_m(upn_name))] uint16 upn_size;
@@ -46,7 +46,7 @@ interface krb5pac
 
typedef [public] struct {
PAC_LOGON_INFO *info;
-   } PAC_LOGON_INFO_CTR;
+   } PAC_LOGON_INFO_CTR;
 
typedef [public,v1_enum] enum {
PAC_TYPE_LOGON_INFO = 1,
@@ -126,5 +126,9 @@ interface krb5pac
[in] PAC_Validate pac_validate
);
 
-
+   /* used for samba3 netsamlogon cache */
+   typedef [public] struct {
+   time_t timestamp;
+   netr_SamInfo3 info3;
+   } netsamlogoncache_entry;
 }
diff --git a/source3/Makefile.in b/source3/Makefile.in
index bb81dd2..6fe26d3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1213,7 +1213,7 @@ samba3-idl::
../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl 
librpc/idl/netlogon.idl \
../librpc/idl/notify.idl ../librpc/idl/epmapper.idl 
librpc/idl/messaging.idl \
../librpc/idl/xattr.idl ../librpc/idl/misc.idl 
librpc/idl/samr.idl \
-   ../librpc/idl/security.idl ../librpc/idl/dssetup.idl 
librpc/idl/krb5pac.idl \
+   ../librpc/idl/security.idl ../librpc/idl/dssetup.idl 
../librpc/idl/krb5pac.idl \
../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl 
../librpc/idl/drsuapi.idl \
../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl
 
diff --git a/source3/librpc/gen_ndr/krb5pac.h b/source3/librpc/gen_ndr/krb5pac.h
index b3b29e5..7ec3e95 100644
--- a/source3/librpc/gen_ndr/krb5pac.h
+++ b/source3/librpc/gen_ndr/krb5pac.h
@@ -8,6 +8,7 @@
 #ifndef _HEADER_krb5pac
 #define _HEADER_krb5pac
 
+#define NETLOGON_GENERIC_KRB5_PAC_VALIDATE ( 3 )
 struct PAC_LOGON_NAME {
NTTIME logon_time;
uint16_t size;/* [value(2*strlen_m(account_name))] */
@@ -39,10 +40,6 @@ struct PAC_UNKNOWN_12 {
 };
 
 struct PAC_LOGON_INFO_CTR {
-   uint32_t unknown1;/* [value(0x00081001)] */
-   uint32_t unknown2;/* [value(0x)] */
-   uint32_t _ndr_size;/* 
[value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info,ndr-flags)+4,8))] */
-   uint32_t unknown3;/* [value(0x)] */
struct PAC_LOGON_INFO *info;/* [unique] */
 }/* [public] */;
 
@@ -72,7 +69,7 @@ struct DATA_BLOB_REM {
 };
 
 union PAC_INFO {
-   struct PAC_LOGON_INFO_CTR logon_info;/* [case(PAC_TYPE_LOGON_INFO)] */
+   struct PAC_LOGON_INFO_CTR logon_info;/* 
[subcontext(0xFC01),case(PAC_TYPE_LOGON_INFO)] */
struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */
struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */
struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */
@@ -105,6 +102,14 @@ struct PAC_DATA_RAW {
struct PAC_BUFFER_RAW *buffers;
 }/* [public] */;
 
+struct PAC_Validate {
+   uint32_t MessageType;/* [value(NETLOGON_GENERIC_KRB5_PAC_VALIDATE)] */
+   uint32_t ChecksumLength;
+   int32_t SignatureType;
+   uint32_t SignatureLength;
+   DATA_BLOB ChecksumAndSignature;/* [flag(LIBNDR_FLAG_REMAINING)] */
+}/* [public] */;
+
 struct netsamlogoncache_entry {
time_t timestamp;
struct netr_SamInfo3 info3;
@@ -134,4 +139,12 @@ struct decode_login_info {
 
 };
 
+
+struct decode_pac_validate {
+   struct {
+   struct PAC_Validate pac_validate;
+   } in;
+
+};
+
 #endif /* _HEADER_krb5pac */
diff --git 

[SCM] Samba Shared Repository - branch master updated - 29838debb3d350aaee0bf9744f1a7371b8b06736

2008-10-20 Thread Jelmer Vernooij
The branch, master has been updated
   via  29838debb3d350aaee0bf9744f1a7371b8b06736 (commit)
   via  6fb7fa8cc6c53626434530c796e532e80618253b (commit)
  from  db90d9ad1693b3c8f388dbff63a79707ef4842cd (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 29838debb3d350aaee0bf9744f1a7371b8b06736
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 12:28:13 2008 +0200

Fix names in winreg torture tests.

commit 6fb7fa8cc6c53626434530c796e532e80618253b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 12:28:07 2008 +0200

Also build all other Samba 4 binaries during merged build.

---

Summary of changes:
 source3/samba4-templates.mk  |5 ++---
 source4/torture/ndr/winreg.c |2 +-
 source4/torture/rpc/winreg.c |4 ++--
 3 files changed, 5 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/samba4-templates.mk b/source3/samba4-templates.mk
index 154c3aa..e691af5 100644
--- a/source3/samba4-templates.mk
+++ b/source3/samba4-templates.mk
@@ -25,8 +25,7 @@ $(1)4: $(2) $(LIBREPLACE_OBJ) ;
 clean::
@rm -f $(1)
 
-binaries:: $(1)
-
+everything:: $(1)4
 
 endef
 
@@ -40,7 +39,7 @@ $(1)4: $(2) $(LIBREPLACE_OBJ) ;
 clean::
rm -f $(1)
 
-binaries:: $(1)
+binaries:: $(1)4
 
 
 endef
diff --git a/source4/torture/ndr/winreg.c b/source4/torture/ndr/winreg.c
index 60a3230..de804b7 100644
--- a/source4/torture/ndr/winreg.c
+++ b/source4/torture/ndr/winreg.c
@@ -417,7 +417,7 @@ static bool queryinfokey_out_check(struct torture_context 
*tctx, struct winreg_Q
torture_assert_str_equal(tctx, r-out.classname-name, , class out 
name);
torture_assert_int_equal(tctx, *r-out.num_subkeys, 0, num subkeys);
torture_assert_int_equal(tctx, *r-out.max_subkeylen, 0, subkey 
length);
-   torture_assert_int_equal(tctx, *r-out.max_subkeysize, 140, subkey 
size);
+   torture_assert_int_equal(tctx, *r-out.max_classlen, 140, subkey 
size);
torture_assert_werr_ok(tctx, r-out.result, return code);
return true;
 }
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index bd897f0..08ec8f5 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -1396,7 +1396,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p,
  struct policy_handle *handle, char *class)
 {
struct winreg_QueryInfoKey r;
-   uint32_t num_subkeys, max_subkeylen, max_subkeysize,
+   uint32_t num_subkeys, max_subkeylen, max_classlen,
num_values, max_valnamelen, max_valbufsize,
secdescsize;
NTTIME last_changed_time;
@@ -1405,7 +1405,7 @@ static bool test_QueryInfoKey(struct dcerpc_pipe *p,
r.in.handle = handle;
r.out.num_subkeys = num_subkeys;
r.out.max_subkeylen = max_subkeylen;
-   r.out.max_subkeysize = max_subkeysize;
+   r.out.max_classlen = max_classlen;
r.out.num_values = num_values;
r.out.max_valnamelen = max_valnamelen;
r.out.max_valbufsize = max_valbufsize;


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - 640847b4fc74c93dd74b2325b4ac92a001a81c92

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  640847b4fc74c93dd74b2325b4ac92a001a81c92 (commit)
  from  fc8fadf1e93cffcf36bd56ba02894804018b9972 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 640847b4fc74c93dd74b2325b4ac92a001a81c92
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 11:21:45 2008 +0200

s3: forgot to remove old copy of krb5pac.idl.

Guenther

---

Summary of changes:
 source3/librpc/idl/krb5pac.idl |  120 
 1 files changed, 0 insertions(+), 120 deletions(-)
 delete mode 100644 source3/librpc/idl/krb5pac.idl


Changeset truncated at 500 lines:

diff --git a/source3/librpc/idl/krb5pac.idl b/source3/librpc/idl/krb5pac.idl
deleted file mode 100644
index c039502..000
--- a/source3/librpc/idl/krb5pac.idl
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
-  krb5 PAC
-*/
-
-#include idl_types.h
-
-import security.idl, netlogon.idl, samr.idl;
-
-[
-  uuid(12345778-1234-abcd--),
-  version(0.0),
-  pointer_default(unique),
-  helpstring(Active Directory KRB5 PAC)
-]
-interface krb5pac
-{
-   typedef struct {
-   NTTIME logon_time;
-   [value(2*strlen_m(account_name))] uint16 size;
-   [charset(UTF16)] uint8 account_name[size];
-   } PAC_LOGON_NAME;
-
-   typedef [public,flag(NDR_PAHEX)] struct {
-   uint32 type;
-   [flag(NDR_REMAINING)] DATA_BLOB signature;
-   } PAC_SIGNATURE_DATA;
-
-   typedef [gensize] struct {
-   netr_SamInfo3 info3;
-   dom_sid2 *res_group_dom_sid;
-   samr_RidWithAttributeArray res_groups;
-   } PAC_LOGON_INFO;
-
-   typedef struct {
-   [value(2*strlen_m(upn_name))] uint16 upn_size;
-   uint16 upn_offset;
-   [value(2*strlen_m(domain_name))] uint16 domain_size;
-   uint16 domain_offset;
-   uint16 unknown3; /* 0x01 */
-   uint16 unknown4;
-   uint32 unknown5;
-   [charset(UTF16)] uint8 upn_name[upn_size+2];
-   [charset(UTF16)] uint8 domain_name[domain_size+2];
-   uint32 unknown6; /* padding */
-   } PAC_UNKNOWN_12;
-
-   typedef [public] struct {
-   [value(0x00081001)] uint32 unknown1;
-   [value(0x)] uint32 unknown2;
-   [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info, 
ndr-flags)+4,8))] uint32 _ndr_size;
-   [value(0x)] uint32 unknown3;
-   PAC_LOGON_INFO *info;
-   } PAC_LOGON_INFO_CTR;
-
-   typedef [public,v1_enum] enum {
-   PAC_TYPE_LOGON_INFO = 1,
-   PAC_TYPE_SRV_CHECKSUM = 6,
-   PAC_TYPE_KDC_CHECKSUM = 7,
-   PAC_TYPE_LOGON_NAME = 10,
-   PAC_TYPE_CONSTRAINED_DELEGATION = 11,
-   PAC_TYPE_UNKNOWN_12 = 12
-   } PAC_TYPE;
-
-   typedef struct {
-   [flag(NDR_REMAINING)] DATA_BLOB remaining;
-   } DATA_BLOB_REM;
-
-   typedef [public,nodiscriminant,gensize] union {
-   [case(PAC_TYPE_LOGON_INFO)] PAC_LOGON_INFO_CTR logon_info;
-   [case(PAC_TYPE_SRV_CHECKSUM)]   PAC_SIGNATURE_DATA srv_cksum;
-   [case(PAC_TYPE_KDC_CHECKSUM)]   PAC_SIGNATURE_DATA kdc_cksum;
-   [case(PAC_TYPE_LOGON_NAME)] PAC_LOGON_NAME logon_name;
-   [default]   [subcontext(0)] DATA_BLOB_REM 
unknown;
-   /* [case(PAC_TYPE_UNKNOWN_12)]  PAC_UNKNOWN_12 unknown; */
-   } PAC_INFO;
-
-   typedef [public,nopush,nopull,noprint] struct {
-   PAC_TYPE type;
-   [value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
-   
[relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r,
 ndr-flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
-   [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
-   } PAC_BUFFER;
-
-   typedef [public] struct {
-   uint32 num_buffers;
-   uint32 version;
-   PAC_BUFFER buffers[num_buffers];
-   } PAC_DATA;
-
-   typedef [public] struct {
-   PAC_TYPE type;
-   uint32 ndr_size;
-   
[relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)]
 DATA_BLOB_REM *info;
-   [value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
-   } PAC_BUFFER_RAW;
-
-   typedef [public] struct {
-   uint32 num_buffers;
-   uint32 version;
-   PAC_BUFFER_RAW buffers[num_buffers];
-   } PAC_DATA_RAW;
-
-   void decode_pac(
-   [in] PAC_DATA pac
-   );
-
-   void decode_pac_raw(
-   [in] PAC_DATA_RAW pac
-   );
-
-   void 

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4269-ge3550c2

2008-10-20 Thread Volker Lendecke
The branch, v3-3-test has been updated
   via  e3550c235e6a59749c1e57b469289069f7e541d4 (commit)
  from  4833f678ba194665e9c0554f9da37ddca269714e (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit e3550c235e6a59749c1e57b469289069f7e541d4
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 18:25:13 2008 +0200

Fix a valgrind error in idmap_ad_sids_to_unixids()

We need to initialize all mappings in case we don't find anything.

Simo, please check!

Volker

---

Summary of changes:
 source/winbindd/idmap_ad.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/idmap_ad.c b/source/winbindd/idmap_ad.c
index 8144d87..60a2d86 100644
--- a/source/winbindd/idmap_ad.c
+++ b/source/winbindd/idmap_ad.c
@@ -517,6 +517,8 @@ again:
bidx = idx;
for (i = 0; (i  IDMAP_AD_MAX_IDS)  ids[idx]; i++, idx++) {
 
+   ids[idx]-status = ID_UNKNOWN;
+
sidstr = sid_binstring(ids[idx]-sid);
filter = talloc_asprintf_append_buffer(filter, 
(objectSid=%s), sidstr);



-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - 4b59ecb90319e6e574ff7444015078bac7da631a

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  4b59ecb90319e6e574ff7444015078bac7da631a (commit)
   via  c3f3271b82f22c8bfe36ed498b668ae4bf9d9a80 (commit)
  from  e08e5a0f3fa58a08532bb6d9a613985305e31c4f (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4b59ecb90319e6e574ff7444015078bac7da631a
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 19:21:10 2008 +0200

s3-build: no need to duplicate generated ndr_ prototypes.

Guenther

commit c3f3271b82f22c8bfe36ed498b668ae4bf9d9a80
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 18:29:57 2008 +0200

s3-build: no need to duplicate generated srv_ prototypes.

Guenther

---

Summary of changes:
 source3/include/includes.h|8 -
 source3/include/proto.h   | 1363 -
 source3/libads/authdata.c |1 +
 source3/libsmb/samlogon_cache.c   |1 +
 source3/rpc_server/srv_eventlog.c |1 +
 source3/rpc_server/srv_ntsvcs.c   |1 +
 source3/rpc_server/srv_svcctl.c   |1 +
 source3/utils/net_ads.c   |1 +
 8 files changed, 6 insertions(+), 1371 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/includes.h b/source3/include/includes.h
index ac5b2b2..9b45c40 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -716,14 +716,6 @@ enum flush_reason_enum {
 #include modules/nfs4_acls.h
 #include nsswitch/libwbclient/wbclient.h
 
-/* generated rpc server implementation functions */
-#include librpc/gen_ndr/srv_echo.h
-#include librpc/gen_ndr/srv_svcctl.h
-#include librpc/gen_ndr/srv_lsa.h
-#include librpc/gen_ndr/srv_eventlog.h
-#include librpc/gen_ndr/srv_winreg.h
-#include librpc/gen_ndr/srv_initshutdown.h
-
 /* automatically generated prototypes */
 #ifndef NO_PROTO_H
 #include proto.h
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ad2c719..0833e5e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2379,1369 +2379,6 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
const char *dn,
struct nt_user_token **token);
 
-/* The following definitions come from librpc/gen_ndr/ndr_dfs.c  */
-
-_PUBLIC_ void ndr_print_dfs_ManagerVersion(struct ndr_print *ndr, const char 
*name, enum dfs_ManagerVersion r);
-_PUBLIC_ void ndr_print_dfs_Info0(struct ndr_print *ndr, const char *name, 
const struct dfs_Info0 *r);
-_PUBLIC_ void ndr_print_dfs_Info1(struct ndr_print *ndr, const char *name, 
const struct dfs_Info1 *r);
-_PUBLIC_ enum ndr_err_code ndr_push_dfs_VolumeState(struct ndr_push *ndr, int 
ndr_flags, uint32_t r);
-_PUBLIC_ enum ndr_err_code ndr_pull_dfs_VolumeState(struct ndr_pull *ndr, int 
ndr_flags, uint32_t *r);
-_PUBLIC_ void ndr_print_dfs_VolumeState(struct ndr_print *ndr, const char 
*name, uint32_t r);
-_PUBLIC_ void ndr_print_dfs_Info2(struct ndr_print *ndr, const char *name, 
const struct dfs_Info2 *r);
-_PUBLIC_ enum ndr_err_code ndr_push_dfs_StorageState(struct ndr_push *ndr, int 
ndr_flags, uint32_t r);
-_PUBLIC_ enum ndr_err_code ndr_pull_dfs_StorageState(struct ndr_pull *ndr, int 
ndr_flags, uint32_t *r);
-_PUBLIC_ void ndr_print_dfs_StorageState(struct ndr_print *ndr, const char 
*name, uint32_t r);
-_PUBLIC_ void ndr_print_dfs_StorageInfo(struct ndr_print *ndr, const char 
*name, const struct dfs_StorageInfo *r);
-_PUBLIC_ void ndr_print_dfs_Info3(struct ndr_print *ndr, const char *name, 
const struct dfs_Info3 *r);
-_PUBLIC_ void ndr_print_dfs_Info4(struct ndr_print *ndr, const char *name, 
const struct dfs_Info4 *r);
-_PUBLIC_ enum ndr_err_code ndr_push_dfs_PropertyFlags(struct ndr_push *ndr, 
int ndr_flags, uint32_t r);
-_PUBLIC_ enum ndr_err_code ndr_pull_dfs_PropertyFlags(struct ndr_pull *ndr, 
int ndr_flags, uint32_t *r);
-_PUBLIC_ void ndr_print_dfs_PropertyFlags(struct ndr_print *ndr, const char 
*name, uint32_t r);
-_PUBLIC_ void ndr_print_dfs_Info5(struct ndr_print *ndr, const char *name, 
const struct dfs_Info5 *r);
-_PUBLIC_ void ndr_print_dfs_Target_PriorityClass(struct ndr_print *ndr, const 
char *name, enum dfs_Target_PriorityClass r);
-_PUBLIC_ void ndr_print_dfs_Target_Priority(struct ndr_print *ndr, const char 
*name, const struct dfs_Target_Priority *r);
-_PUBLIC_ void ndr_print_dfs_StorageInfo2(struct ndr_print *ndr, const char 
*name, const struct dfs_StorageInfo2 *r);
-_PUBLIC_ void ndr_print_dfs_Info6(struct ndr_print *ndr, const char *name, 
const struct dfs_Info6 *r);
-_PUBLIC_ void ndr_print_dfs_Info7(struct ndr_print *ndr, const char *name, 
const struct dfs_Info7 *r);
-_PUBLIC_ void ndr_print_dfs_Info100(struct ndr_print *ndr, const char *name, 
const struct dfs_Info100 *r);
-_PUBLIC_ void ndr_print_dfs_Info101(struct ndr_print *ndr, const char *name, 
const struct dfs_Info101 

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4272-gf1c0d56

2008-10-20 Thread Jeremy Allison
The branch, v3-3-test has been updated
   via  f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec (commit)
   via  b6ce6dd1d82314ce3194dc450e67dec948e1a6b2 (commit)
   via  3c609efe12ee941dc0474e39b5e90ad39a075ff2 (commit)
  from  e3550c235e6a59749c1e57b469289069f7e541d4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 11:05:45 2008 -0700

fn_new-fn in smb_messages[], we got beyond that :-)

commit b6ce6dd1d82314ce3194dc450e67dec948e1a6b2
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 11:05:31 2008 -0700

Use a direct compare instead of calling strncmp in valid_smb_header

commit 3c609efe12ee941dc0474e39b5e90ad39a075ff2
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 11:05:13 2008 -0700

Move the global hosts_allow() check out of the processing loop:

---

Summary of changes:
 source/smbd/process.c |   53 +++-
 1 files changed, 30 insertions(+), 23 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/process.c b/source/smbd/process.c
index 0b8ff4f..338f606 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -105,7 +105,11 @@ static bool valid_smb_header(const uint8_t *inbuf)
if (is_encrypted_packet(inbuf)) {
return true;
}
-   return (strncmp(smb_base(inbuf),\377SMB,4) == 0);
+   /*
+* This used to be (strncmp(smb_base(inbuf),\377SMB,4) == 0)
+* but it just looks weird to call strncmp for this one.
+*/
+   return (IVAL(smb_base(inbuf), 0) == 0x424D53FF);
 }
 
 /* Socket functions for smbd packet processing. */
@@ -973,7 +977,7 @@ force write permissions on print services.
 */
 static const struct smb_message_struct {
const char *name;
-   void (*fn_new)(struct smb_request *req);
+   void (*fn)(struct smb_request *req);
int flags;
 } smb_messages[256] = {
 
@@ -1349,7 +1353,7 @@ static connection_struct *switch_message(uint8 type, 
struct smb_request *req, in
exit_server_cleanly(Non-SMB packet);
}
 
-   if (smb_messages[type].fn_new == NULL) {
+   if (smb_messages[type].fn == NULL) {
DEBUG(0,(Unknown message type %d!\n,type));
smb_dump(Unknown, 1, (char *)req-inbuf, size);
reply_unknown_new(req, type);
@@ -1471,7 +1475,7 @@ static connection_struct *switch_message(uint8 type, 
struct smb_request *req, in
return conn;
}
 
-   smb_messages[type].fn_new(req);
+   smb_messages[type].fn(req);
return req-conn;
 }
 
@@ -1535,25 +1539,6 @@ static void process_smb(char *inbuf, size_t nread, 
size_t unread_bytes, bool enc
 
DO_PROFILE_INC(smb_count);
 
-   if (trans_num == 0) {
-   char addr[INET6_ADDRSTRLEN];
-
-   /* on the first packet, check the global hosts allow/ hosts
-   deny parameters before doing any parsing of the packet
-   passed to us by the client.  This prevents attacks on our
-   parsing code from hosts not in the hosts allow list */
-
-   if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
- lp_hostsdeny(-1))) {
-   /* send a negative session response not listening on 
calling name */
-   static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
-   DEBUG( 1, ( Connection denied from %s\n,
-   client_addr(get_client_fd(),addr,sizeof(addr)) 
) );
-   (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
-   exit_server_cleanly(connection denied);
-   }
-   }
-
DEBUG( 6, ( got message type 0x%x of len 0x%x\n, msg_type,
smb_len(inbuf) ) );
DEBUG( 3, ( Transaction %d of length %d (%u toread)\n, trans_num,
@@ -1893,6 +1878,28 @@ void smbd_process(void)
unsigned int num_smbs = 0;
size_t unread_bytes = 0;
 
+   char addr[INET6_ADDRSTRLEN];
+
+   /*
+* Before the first packet, check the global hosts allow/ hosts deny
+* parameters before doing any parsing of packets passed to us by the
+* client. This prevents attacks on our parsing code from hosts not in
+* the hosts allow list.
+*/
+
+   if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
+ lp_hostsdeny(-1))) {
+   /*
+* send a negative session response not listening on calling
+* name
+*/
+   unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
+   DEBUG( 1, (Connection denied from %s\n,
+

[SCM] Samba Shared Repository - branch master updated - f3843e330f312b72a24563417309159b0d99dc50

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  f3843e330f312b72a24563417309159b0d99dc50 (commit)
  from  4b59ecb90319e6e574ff7444015078bac7da631a (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f3843e330f312b72a24563417309159b0d99dc50
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 20:16:03 2008 +0200

s3-samr-server: be consistent when reporting we do password complexity.

Guenther

---

Summary of changes:
 source3/rpc_server/srv_samr_nt.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 6cf90be..e527631 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2909,6 +2909,10 @@ static NTSTATUS samr_QueryDomainInfo_internal(const char 
*fn_name,
unix_to_nt_time_abs(nt_expire, u_expire);
unix_to_nt_time_abs(nt_min_age, u_min_age);
 
+   if (lp_check_password_script()  
*lp_check_password_script()) {
+   password_properties |= DOMAIN_PASSWORD_COMPLEX;
+   }
+
init_samr_DomInfo1(dom_info-info1,
   (uint16)min_pass_len,
   (uint16)pass_hist,


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4273-g52d2212

2008-10-20 Thread Günther Deschner
The branch, v3-3-test has been updated
   via  52d22121fa2ea646535806103d86afe8d52001c9 (commit)
  from  f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 52d22121fa2ea646535806103d86afe8d52001c9
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 20:16:03 2008 +0200

s3-samr-server: be consistent when reporting we do password complexity.

Guenther

---

Summary of changes:
 source/rpc_server/srv_samr_nt.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 6455f02..59728c6 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2909,6 +2909,10 @@ static NTSTATUS samr_QueryDomainInfo_internal(const char 
*fn_name,
unix_to_nt_time_abs(nt_expire, u_expire);
unix_to_nt_time_abs(nt_min_age, u_min_age);
 
+   if (lp_check_password_script()  
*lp_check_password_script()) {
+   password_properties |= DOMAIN_PASSWORD_COMPLEX;
+   }
+
init_samr_DomInfo1(dom_info-info1,
   (uint16)min_pass_len,
   (uint16)pass_hist,


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3099-g7c2831c

2008-10-20 Thread Günther Deschner
The branch, v3-2-test has been updated
   via  7c2831c5872ad26e1e0cd7df59d6c0b88d566760 (commit)
  from  ef15ff6abec34377ab7fa75201e2799c0bb72aeb (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 7c2831c5872ad26e1e0cd7df59d6c0b88d566760
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 20:16:03 2008 +0200

s3-samr-server: be consistent when reporting we do password complexity.

Guenther

---

Summary of changes:
 source/rpc_server/srv_samr_nt.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index a89e00f..c59a46c 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2910,6 +2910,10 @@ static NTSTATUS samr_QueryDomainInfo_internal(const char 
*fn_name,
unix_to_nt_time_abs(nt_expire, u_expire);
unix_to_nt_time_abs(nt_min_age, u_min_age);
 
+   if (lp_check_password_script()  
*lp_check_password_script()) {
+   password_properties |= DOMAIN_PASSWORD_COMPLEX;
+   }
+
init_samr_DomInfo1(dom_info-info1,
   (uint16)min_pass_len,
   (uint16)pass_hist,


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b

2008-10-20 Thread Volker Lendecke
The branch, master has been updated
   via  bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b (commit)
  from  f3843e330f312b72a24563417309159b0d99dc50 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 18:25:13 2008 +0200

Fix a valgrind error in idmap_ad_sids_to_unixids()

We need to initialize all mappings in case we don't find anything.

Simo, please check!

Volker

---

Summary of changes:
 source3/winbindd/idmap_ad.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 8144d87..60a2d86 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -517,6 +517,8 @@ again:
bidx = idx;
for (i = 0; (i  IDMAP_AD_MAX_IDS)  ids[idx]; i++, idx++) {
 
+   ids[idx]-status = ID_UNKNOWN;
+
sidstr = sid_binstring(ids[idx]-sid);
filter = talloc_asprintf_append_buffer(filter, 
(objectSid=%s), sidstr);



-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1

2008-10-20 Thread Jelmer Vernooij
The branch, master has been updated
   via  d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1 (commit)
   via  2c1b1255c2dc095013863a1d99b750e8506237fa (commit)
   via  7498f9a9d809af1213699b9349546ba51fd0d2b5 (commit)
   via  6d2d09348f8354bc7d906fba6f5b31d9bca0d664 (commit)
   via  d59b2472f4dbca29d38232d38c9bb7fce9d80ecf (commit)
   via  41b02b7ac042fda700170c1e701de53d7e559e60 (commit)
   via  4b65445582c877aa90a51b97112d0047f51d37c7 (commit)
   via  dc3828f06c8c77ca9fb683528096f2d412028b12 (commit)
   via  87ec1d2532eb17dfd7f98431bdfa4071be57f683 (commit)
   via  01a902f59978cebdab22aaee7d9e0c9bb78bc649 (commit)
   via  66b1c8b61a8fea309bf96df4c07a6f2c1b95041b (commit)
   via  0dfd5601a05d9cfc594604ccf3aae17b0b2c96de (commit)
   via  4a8c05a91b34370654e28a3b83ab00903748c7d4 (commit)
   via  05a0ccadb0cb262dd8b1138c983050b9477ea951 (commit)
  from  bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1
Merge: 2c1b1255c2dc095013863a1d99b750e8506237fa 
bc9bbda8b390a221d7b88fd6eb1b54efc8c91c6b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 21:35:10 2008 +0200

Merge branch 'master' of git://git.samba.org/samba

Conflicts:
source3/include/proto.h

commit 2c1b1255c2dc095013863a1d99b750e8506237fa
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 21:33:41 2008 +0200

Add source4/ to include path because librpc/gen_ndr is still in source?/

commit 7498f9a9d809af1213699b9349546ba51fd0d2b5
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 19:51:07 2008 +0200

Add missing prototypes for samba3-specific libndr/util.c

commit 6d2d09348f8354bc7d906fba6f5b31d9bca0d664
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 19:50:49 2008 +0200

Sync syntax of srvsvc.idl with samba3.

commit d59b2472f4dbca29d38232d38c9bb7fce9d80ecf
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 19:35:55 2008 +0200

Include generated header files rather than using manually written
prototypes.

commit 41b02b7ac042fda700170c1e701de53d7e559e60
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 19:20:12 2008 +0200

Move orpc to top-level directory.

commit 4b65445582c877aa90a51b97112d0047f51d37c7
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 19:14:55 2008 +0200

Remove unused function str_list_match.

commit dc3828f06c8c77ca9fb683528096f2d412028b12
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 19:14:47 2008 +0200

Move WMI support code to top-level.

commit 87ec1d2532eb17dfd7f98431bdfa4071be57f683
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 18:59:51 2008 +0200

Make sure prototypes are always included, make some functions static and
remove some unused functions.

commit 01a902f59978cebdab22aaee7d9e0c9bb78bc649
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 18:59:45 2008 +0200

Fix crypto test.

commit 66b1c8b61a8fea309bf96df4c07a6f2c1b95041b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 17:16:04 2008 +0200

Import comments about opcodes from Samba 3.

commit 0dfd5601a05d9cfc594604ccf3aae17b0b2c96de
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 17:15:17 2008 +0200

Move discard_const hack to memory.hso it can be used by Samba 3.

commit 4a8c05a91b34370654e28a3b83ab00903748c7d4
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 16:52:00 2008 +0200

Remove unused macro CONST_ADD.

commit 05a0ccadb0cb262dd8b1138c983050b9477ea951
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Mon Oct 20 16:46:19 2008 +0200

Remove unused define for crypt (now in libreplace).

---

Summary of changes:
 lib/crypto/crc32.c |1 +
 lib/crypto/md4.c   |1 +
 lib/replace/crypt.m4   |2 +-
 lib/util/debug.h   |4 +
 lib/util/memory.h  |   25 +++
 lib/util/time.h|7 +-
 lib/util/unix_privs.c  |1 +
 lib/util/util.c|1 -
 lib/util/util.h|   38 +---
 lib/util/xfile.h   |2 +
 libcli/nbt/nbtsocket.c |1 +
 librpc/ndr/ndr_misc.c  |9 -
 librpc/ndr/ndr_orpc.c  |  173 
 librpc/ndr/ndr_table.c |2 -
 librpc/ndr/ndr_table.h |1 +
 librpc/ndr/ndr_wmi.c   |   60 ++
 librpc/ndr/ndr_wmi.h   |3 +
 librpc/tools/ndrdump.c |

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4274-g2d9353e

2008-10-20 Thread Karolin Seeger
The branch, v3-3-test has been updated
   via  2d9353eff15397b8971c9813312a9b6fe8dff930 (commit)
  from  52d22121fa2ea646535806103d86afe8d52001c9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 2d9353eff15397b8971c9813312a9b6fe8dff930
Author: Karolin Seeger [EMAIL PROTECTED]
Date:   Mon Oct 20 21:56:57 2008 +0200

WHATSNEW: Update changes since 3.3.0pre2.

Karolin

---

Summary of changes:
 WHATSNEW.txt |7 +++
 1 files changed, 7 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 52e0e5b..cd64f6d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -176,8 +176,10 @@ o   Jeremy Allison [EMAIL PROTECTED]
 * BUG 5080: Fix access to cups-printers with cups 1.3.4.
 * BUG 5814: Fix Winbind crash bug while doing rescan_trusted_domain.
 * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
+* BUG 5826: Fix truncated filenames when accessing old servers.
 * Correctly fix smbclient to terminate on eof from server.
 * Fix client timeout when searching for a large number of cups printers.
+* Unify access checks for lsa server functions.
 
 
 o   Gerald (Jerry) Carter [EMAIL PROTECTED]
@@ -185,6 +187,10 @@ o   Gerald (Jerry) Carter [EMAIL PROTECTED]
 * Make lwinet ads dns register honor the interfaces parameter.
 
 
+o   Günther Deschner [EMAIL PROTECTED]
+* Ensure consistency when reporting password complexity.
+
+
 o   Jeff Layton [EMAIL PROTECTED]
 * Have uppercase_string return success on NULL pointer in mount.cifs.
 * Make mount.cifs return codes match the return codes for /bin/mount.
@@ -198,6 +204,7 @@ o   Volker Lendecke [EMAIL PROTECTED]
 * Fix some missing error handlings.
 * Add workaround for domain joins using a netbios name which is different
   from the hostname.
+* Fix a valgrind error in idmap_ad_sids_to_unixids().
 
 
 o   Derrell Lipman [EMAIL PROTECTED]


-- 
Samba Shared Repository


[SCM] Samba Shared Repository - branch master updated - cefe4c66970b8ca243595cdb940a7c1a26765a08

2008-10-20 Thread Günther Deschner
The branch, master has been updated
   via  cefe4c66970b8ca243595cdb940a7c1a26765a08 (commit)
   via  66b06e5a7faabc756899dd08564a24095f693a7e (commit)
   via  bb36f3a342111ec42210ca1dd37a1952608f19b7 (commit)
  from  d36edccc00452ff059a2e0ab5b7c4b68cb84eeb1 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit cefe4c66970b8ca243595cdb940a7c1a26765a08
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 22:06:58 2008 +0200

s3-rpcclient: fix cmd_lsa build.

Guenther

commit 66b06e5a7faabc756899dd08564a24095f693a7e
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 22:06:44 2008 +0200

s3-build: re-run make samba3-idl.

Guenther

commit bb36f3a342111ec42210ca1dd37a1952608f19b7
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 22:05:04 2008 +0200

idl: merge from s4 lsa.idl to s3.

Guenther

---

Summary of changes:
 source3/librpc/gen_ndr/cli_lsa.c |4 +-
 source3/librpc/gen_ndr/cli_lsa.h |2 +-
 source3/librpc/gen_ndr/lsa.h |   52 +++
 source3/librpc/gen_ndr/ndr_lsa.c |  133 --
 source3/librpc/gen_ndr/ndr_lsa.h |3 +
 source3/librpc/idl/lsa.idl   |   60 +++--
 source3/rpcclient/cmd_lsarpc.c   |4 +-
 source4/librpc/idl/lsa.idl   |   25 
 8 files changed, 184 insertions(+), 99 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/gen_ndr/cli_lsa.c b/source3/librpc/gen_ndr/cli_lsa.c
index 15ff462..e7775b1 100644
--- a/source3/librpc/gen_ndr/cli_lsa.c
+++ b/source3/librpc/gen_ndr/cli_lsa.c
@@ -503,7 +503,7 @@ NTSTATUS rpccli_lsa_EnumAccounts(struct rpc_pipe_client 
*cli,
 
 NTSTATUS rpccli_lsa_CreateTrustedDomain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
-   struct policy_handle *handle /* [in] 
[ref] */,
+   struct policy_handle *policy_handle /* 
[in] [ref] */,
struct lsa_DomainInfo *info /* [in] 
[ref] */,
uint32_t access_mask /* [in]  */,
struct policy_handle *trustdom_handle 
/* [out] [ref] */)
@@ -512,7 +512,7 @@ NTSTATUS rpccli_lsa_CreateTrustedDomain(struct 
rpc_pipe_client *cli,
NTSTATUS status;
 
/* In parameters */
-   r.in.handle = handle;
+   r.in.policy_handle = policy_handle;
r.in.info = info;
r.in.access_mask = access_mask;
 
diff --git a/source3/librpc/gen_ndr/cli_lsa.h b/source3/librpc/gen_ndr/cli_lsa.h
index d6cb2fc..554182c 100644
--- a/source3/librpc/gen_ndr/cli_lsa.h
+++ b/source3/librpc/gen_ndr/cli_lsa.h
@@ -57,7 +57,7 @@ NTSTATUS rpccli_lsa_EnumAccounts(struct rpc_pipe_client *cli,
 uint32_t num_entries /* [in] [range(0,8192)] 
*/);
 NTSTATUS rpccli_lsa_CreateTrustedDomain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
-   struct policy_handle *handle /* [in] 
[ref] */,
+   struct policy_handle *policy_handle /* 
[in] [ref] */,
struct lsa_DomainInfo *info /* [in] 
[ref] */,
uint32_t access_mask /* [in]  */,
struct policy_handle *trustdom_handle 
/* [out] [ref] */);
diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h
index bcf6dd6..d91cf4b 100644
--- a/source3/librpc/gen_ndr/lsa.h
+++ b/source3/librpc/gen_ndr/lsa.h
@@ -97,12 +97,11 @@ struct lsa_ObjectAttribute {
 
 struct lsa_AuditLogInfo {
uint32_t percent_full;
-   uint32_t log_size;
-   NTTIME retention_time;
+   uint32_t maximum_log_size;
+   uint64_t retention_time;
uint8_t shutdown_in_progress;
-   NTTIME time_to_shutdown;
+   uint64_t time_to_shutdown;
uint32_t next_audit_record;
-   uint32_t unknown;
 };
 
 enum lsa_PolicyAuditPolicy
@@ -166,9 +165,21 @@ struct lsa_PDAccountInfo {
struct lsa_String name;
 };
 
+enum lsa_Role
+#ifndef USE_UINT_ENUMS
+ {
+   LSA_ROLE_BACKUP=2,
+   LSA_ROLE_PRIMARY=3
+}
+#else
+ { __donnot_use_enum_lsa_Role=0x7FFF}
+#define LSA_ROLE_BACKUP ( 2 )
+#define LSA_ROLE_PRIMARY ( 3 )
+#endif
+;
+
 struct lsa_ServerRole {
-   uint16_t unknown;
-   uint16_t role;
+   enum lsa_Role role;
 };
 
 struct lsa_ReplicaSourceInfo {
@@ -195,7 +206,6 @@ struct lsa_AuditFullSetInfo {
 };
 
 struct lsa_AuditFullQueryInfo {
-   uint16_t unknown;
uint8_t shutdown_on_full;
uint8_t log_is_full;
 };
@@ -219,11 +229,12 @@ enum lsa_PolicyInfo
LSA_POLICY_INFO_ROLE=6,

[SCM] Samba Shared Repository - branch v3-3-stable updated - release-3-3-0pre2-67-g271d77c

2008-10-20 Thread Karolin Seeger
The branch, v3-3-stable has been updated
   via  271d77cc9d3543276ab88da140392b1bcbdc855d (commit)
   via  bbc0986c55d93a9de2373e089c88582c5e647dde (commit)
   via  38ce3cf984c1b9c9049a85f76fa7475a8fa80564 (commit)
   via  c861ff737ecd99a7a31313a2d32015e4a6018a91 (commit)
   via  76c3fd0e4e371f3535ca96163ec2c27798e3e6e7 (commit)
   via  2eef66be888241b7d28363a18505c2a83e0649e0 (commit)
   via  7cf64e7fd648fe88da807a82a9419a9b19c3c40f (commit)
   via  a788dd5e99c559fbbdae8c15de006b39c6ef2404 (commit)
   via  73640ebc8eeaf29f7cdd903c38079528ba3a5472 (commit)
  from  70027b247431194fe4a777aa0861bce65eead73c (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable


- Log -
commit 271d77cc9d3543276ab88da140392b1bcbdc855d
Author: Karolin Seeger [EMAIL PROTECTED]
Date:   Mon Oct 20 21:56:57 2008 +0200

WHATSNEW: Update changes since 3.3.0pre2.

Karolin
(cherry picked from commit 2d9353eff15397b8971c9813312a9b6fe8dff930)

commit bbc0986c55d93a9de2373e089c88582c5e647dde
Author: Günther Deschner [EMAIL PROTECTED]
Date:   Mon Oct 20 20:16:03 2008 +0200

s3-samr-server: be consistent when reporting we do password complexity.

Guenther
(cherry picked from commit 52d22121fa2ea646535806103d86afe8d52001c9)

commit 38ce3cf984c1b9c9049a85f76fa7475a8fa80564
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 11:05:45 2008 -0700

fn_new-fn in smb_messages[], we got beyond that :-)
(cherry picked from commit f1c0d56e8230bb4a8c085ad885cf05cbcc8297ec)

commit c861ff737ecd99a7a31313a2d32015e4a6018a91
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 11:05:31 2008 -0700

Use a direct compare instead of calling strncmp in valid_smb_header
(cherry picked from commit b6ce6dd1d82314ce3194dc450e67dec948e1a6b2)

commit 76c3fd0e4e371f3535ca96163ec2c27798e3e6e7
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 11:05:13 2008 -0700

Move the global hosts_allow() check out of the processing loop:
(cherry picked from commit 3c609efe12ee941dc0474e39b5e90ad39a075ff2)

commit 2eef66be888241b7d28363a18505c2a83e0649e0
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Mon Oct 20 18:25:13 2008 +0200

Fix a valgrind error in idmap_ad_sids_to_unixids()

We need to initialize all mappings in case we don't find anything.

Simo, please check!

Volker
(cherry picked from commit e3550c235e6a59749c1e57b469289069f7e541d4)

commit 7cf64e7fd648fe88da807a82a9419a9b19c3c40f
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Fri Oct 17 15:24:51 2008 -0700

Unify access checks for lsa server functions.
Jeremy.
(cherry picked from commit 4833f678ba194665e9c0554f9da37ddca269714e)

commit a788dd5e99c559fbbdae8c15de006b39c6ef2404
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Oct 16 21:03:19 2008 -0700

Cope with bad trans2mkdir requests from System i QNTC IBM SMB client.
If total_data == 4 Windows doesn't care what values
are placed in that field, it just ignores them.
The System i QNTC IBM SMB client puts bad values here,
so ignore them.
Jeremy.
(cherry picked from commit 218879cb9069046df2b7e49627aa48cb487098c8)

commit 73640ebc8eeaf29f7cdd903c38079528ba3a5472
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Thu Oct 16 15:39:17 2008 -0700

Fix bug 5826 - Directory/Filenames get truncated when 3.2.0 client acesses 
old server.
There was some code in pull_ucs2_base_talloc() to cope with this case which
hadn't been added to pull_ascii_base_talloc(). The older Samba returns non
unicode names which is why you are seeing this codepath being executed.

Unify the logic in pull_ascii_base_talloc() and pull_ucs2_base_talloc().
Jeremy.
(cherry picked from commit ca430d4730c1454cf003dab376bde8baf904d77d)

---

Summary of changes:
 WHATSNEW.txt|7 +
 source/include/rpc_lsa.h|1 +
 source/lib/charcnv.c|   58 ++-
 source/rpc_server/srv_lsa_nt.c  |   21 +++---
 source/rpc_server/srv_samr_nt.c |4 +++
 source/smbd/process.c   |   53 ---
 source/smbd/trans2.c|7 +++--
 source/winbindd/idmap_ad.c  |2 +
 8 files changed, 110 insertions(+), 43 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 52e0e5b..cd64f6d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -176,8 +176,10 @@ o   Jeremy Allison [EMAIL PROTECTED]
 * BUG 5080: Fix access to cups-printers with cups 1.3.4.
 * BUG 5814: Fix Winbind crash bug while doing rescan_trusted_domain.
 * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
+* BUG 5826: Fix truncated filenames when accessing old servers.
 * Correctly 

[SCM] Samba Shared Repository - branch master updated - 29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9

2008-10-20 Thread Jeremy Allison
The branch, master has been updated
   via  29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9 (commit)
   via  6aba3516769b944e7960d27f10799bb8a8898d2d (commit)
  from  cefe4c66970b8ca243595cdb940a7c1a26765a08 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9
Merge: 6aba3516769b944e7960d27f10799bb8a8898d2d 
cefe4c66970b8ca243595cdb940a7c1a26765a08
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Mon Oct 20 16:38:25 2008 -0700

Merge branch 'master' of ssh://[EMAIL PROTECTED]/data/git/samba

commit 6aba3516769b944e7960d27f10799bb8a8898d2d
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Mon Oct 20 16:34:56 2008 -0700

Fix warnings.
Jeremy.

---

Summary of changes:
 source3/lib/netapi/tests/netfile.c   |   22 --
 source3/lib/netapi/tests/netgroup.c  |   10 +-
 source3/lib/netapi/tests/netlocalgroup.c |6 +++---
 source3/lib/netapi/tests/netshare.c  |8 
 source3/lib/netapi/tests/netuser.c   |   20 ++--
 5 files changed, 34 insertions(+), 32 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/netapi/tests/netfile.c 
b/source3/lib/netapi/tests/netfile.c
index 36ee828..bee3c2e 100644
--- a/source3/lib/netapi/tests/netfile.c
+++ b/source3/lib/netapi/tests/netfile.c
@@ -37,8 +37,8 @@ static NET_API_STATUS test_netfileenum(const char *hostname,
uint8_t *buffer = NULL;
int i;
 
-   struct FILE_INFO_2 *i2;
-   struct FILE_INFO_3 *i3;
+   struct FILE_INFO_2 *i2 = NULL;
+   struct FILE_INFO_3 *i3 = NULL;
 
printf(testing NetFileEnum level %d\n, level);
 
@@ -98,8 +98,6 @@ NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx,
   const char *hostname)
 {
NET_API_STATUS status = 0;
-   uint8_t *buffer = NULL;
-   uint32_t levels[] = { 2, 3 };
uint32_t enum_levels[] = { 2, 3 };
int i;
 
@@ -118,14 +116,18 @@ NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx,
 
/* basic queries */
 #if 0
-   for (i=0; iARRAY_SIZE(levels); i++) {
+   {
+   uint32_t levels[] = { 2, 3 };
+   for (i=0; iARRAY_SIZE(levels); i++) {
+   uint8_t *buffer = NULL;
 
-   printf(testing NetFileGetInfo level %d\n, levels[i]);
+   printf(testing NetFileGetInfo level %d\n, levels[i]);
 
-   status = NetFileGetInfo(hostname, fid, levels[i], buffer);
-   if (status  status != 124) {
-   NETAPI_STATUS(ctx, status, NetFileGetInfo);
-   goto out;
+   status = NetFileGetInfo(hostname, fid, levels[i], 
buffer);
+   if (status  status != 124) {
+   NETAPI_STATUS(ctx, status, NetFileGetInfo);
+   goto out;
+   }
}
}
 #endif
diff --git a/source3/lib/netapi/tests/netgroup.c 
b/source3/lib/netapi/tests/netgroup.c
index a89a772..51a21b3 100644
--- a/source3/lib/netapi/tests/netgroup.c
+++ b/source3/lib/netapi/tests/netgroup.c
@@ -36,14 +36,14 @@ static NET_API_STATUS test_netgroupenum(const char 
*hostname,
uint32_t total_entries = 0;
uint32_t resume_handle = 0;
int found_group = 0;
-   const char *current_name;
+   const char *current_name = NULL;
uint8_t *buffer = NULL;
int i;
 
-   struct GROUP_INFO_0 *info0;
-   struct GROUP_INFO_1 *info1;
-   struct GROUP_INFO_2 *info2;
-   struct GROUP_INFO_3 *info3;
+   struct GROUP_INFO_0 *info0 = NULL;
+   struct GROUP_INFO_1 *info1 = NULL;
+   struct GROUP_INFO_2 *info2 = NULL;
+   struct GROUP_INFO_3 *info3 = NULL;
 
printf(testing NetGroupEnum level %d\n, level);
 
diff --git a/source3/lib/netapi/tests/netlocalgroup.c 
b/source3/lib/netapi/tests/netlocalgroup.c
index 0d82059..76c59c8 100644
--- a/source3/lib/netapi/tests/netlocalgroup.c
+++ b/source3/lib/netapi/tests/netlocalgroup.c
@@ -36,12 +36,12 @@ static NET_API_STATUS test_netlocalgroupenum(const char 
*hostname,
uint32_t total_entries = 0;
uint32_t resume_handle = 0;
int found_group = 0;
-   const char *current_name;
+   const char *current_name = NULL;
uint8_t *buffer = NULL;
int i;
 
-   struct LOCALGROUP_INFO_0 *info0;
-   struct LOCALGROUP_INFO_1 *info1;
+   struct LOCALGROUP_INFO_0 *info0 = NULL;
+   struct LOCALGROUP_INFO_1 *info1 = NULL;
 
printf(testing NetLocalGroupEnum level %d\n, level);
 
diff --git a/source3/lib/netapi/tests/netshare.c 
b/source3/lib/netapi/tests/netshare.c
index 9446c30..84af9e0 100644
--- a/source3/lib/netapi/tests/netshare.c
+++ 

[SCM] Samba Shared Repository - branch master updated - f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4

2008-10-20 Thread Jeremy Allison
The branch, master has been updated
   via  f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4 (commit)
  from  29c9b88e2bb5d3f585e7aa591870e8b39a0d23c9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f0b1a1bc9b74372e2af2a48ce9b06802b2198eb4
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Mon Oct 20 16:51:37 2008 -0700

Remove the requirement for ldap call made as root. Add in security
checks for all SAMR calls.
Jeremy.

---

Summary of changes:
 source3/lib/smbldap.c|7 
 source3/rpc_server/srv_samr_nt.c |   67 +++--
 2 files changed, 63 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index f5e152b..f2161dc 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -1025,13 +1025,6 @@ static int smbldap_open(struct smbldap_state *ldap_state)
int rc, opt_rc;
bool reopen = False;
SMB_ASSERT(ldap_state);
-   
-#ifndef NO_LDAP_SECURITY
-   if (geteuid() != 0) {
-   DEBUG(0, (smbldap_open: cannot access LDAP when not root\n));
-   return  LDAP_INSUFFICIENT_ACCESS;
-   }
-#endif
 
if ((ldap_state-ldap_struct != NULL)  ((ldap_state-last_ping + 
SMBLDAP_DONT_PING_TIME)  time(NULL))) {
 
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index e527631..261d77c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -825,6 +825,13 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
DEBUG(10,(_samr_QuerySecurity: querying security on SID: %s\n,
  sid_string_dbg(pol_sid)));
 
+   status = access_check_samr_function(acc_granted,
+   STD_RIGHT_READ_CONTROL_ACCESS,
+   _samr_QuerySecurity);
+   if (NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, 
Group SID) */
 
/* To query the security of the SAM it self an invalid SID with S-0-0 
is passed to this function */
@@ -1153,6 +1160,9 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info))
return NT_STATUS_INVALID_HANDLE;
 
+   DEBUG(5,(_samr_EnumDomainAliases: sid %s\n,
+sid_string_dbg(info-sid)));
+
status = access_check_samr_function(info-acc_granted,
SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
_samr_EnumDomainAliases);
@@ -1160,9 +1170,6 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
return status;
}
 
-   DEBUG(5,(_samr_EnumDomainAliases: sid %s\n,
-sid_string_dbg(info-sid)));
-
samr_array = TALLOC_ZERO_P(p-mem_ctx, struct samr_SamArray);
if (!samr_array) {
return NT_STATUS_NO_MEMORY;
@@ -1429,6 +1436,13 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info))
return NT_STATUS_INVALID_HANDLE;
 
+   status = access_check_samr_function(info-acc_granted,
+   SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+   _samr_QueryDisplayInfo);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
/*
 * calculate how many entries we will return.
 * based on
@@ -2062,6 +2076,13 @@ NTSTATUS _samr_LookupRids(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r-in.domain_handle, pol_sid, 
acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
 
+   status = access_check_samr_function(acc_granted,
+   SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+   _samr__LookupRids);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
if (num_rids  1000) {
DEBUG(0, (Got asked for %d rids (more than 1000) -- according 
  to samba4 idl this is not possible\n, num_rids));
@@ -2632,6 +2653,13 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r-in.user_handle, (void **)(void *)info))
return NT_STATUS_INVALID_HANDLE;
 
+   status = access_check_samr_function(info-acc_granted,
+   SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+   _samr_QueryUserInfo);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
domain_sid = info-sid;
 

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4275-g6873be9

2008-10-20 Thread Jeremy Allison
The branch, v3-3-test has been updated
   via  6873be9cc7a6700a5b32c140738d40112d32c229 (commit)
  from  2d9353eff15397b8971c9813312a9b6fe8dff930 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 6873be9cc7a6700a5b32c140738d40112d32c229
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Mon Oct 20 16:52:11 2008 -0700

Remove the requirement for ldap call made as root. Add in security
checks for all SAMR calls.
Jeremy.

---

Summary of changes:
 source/lib/smbldap.c|7 
 source/rpc_server/srv_samr_nt.c |   67 --
 2 files changed, 63 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 93494d6..9c2ee3a 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -1025,13 +1025,6 @@ static int smbldap_open(struct smbldap_state *ldap_state)
int rc, opt_rc;
bool reopen = False;
SMB_ASSERT(ldap_state);
-   
-#ifndef NO_LDAP_SECURITY
-   if (geteuid() != 0) {
-   DEBUG(0, (smbldap_open: cannot access LDAP when not root\n));
-   return  LDAP_INSUFFICIENT_ACCESS;
-   }
-#endif
 
if ((ldap_state-ldap_struct != NULL)  ((ldap_state-last_ping + 
SMBLDAP_DONT_PING_TIME)  time(NULL))) {
 
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 59728c6..1e17338 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -825,6 +825,13 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
DEBUG(10,(_samr_QuerySecurity: querying security on SID: %s\n,
  sid_string_dbg(pol_sid)));
 
+   status = access_check_samr_function(acc_granted,
+   STD_RIGHT_READ_CONTROL_ACCESS,
+   _samr_QuerySecurity);
+   if (NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, 
Group SID) */
 
/* To query the security of the SAM it self an invalid SID with S-0-0 
is passed to this function */
@@ -1153,6 +1160,9 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info))
return NT_STATUS_INVALID_HANDLE;
 
+   DEBUG(5,(_samr_EnumDomainAliases: sid %s\n,
+sid_string_dbg(info-sid)));
+
status = access_check_samr_function(info-acc_granted,
SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
_samr_EnumDomainAliases);
@@ -1160,9 +1170,6 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
return status;
}
 
-   DEBUG(5,(_samr_EnumDomainAliases: sid %s\n,
-sid_string_dbg(info-sid)));
-
samr_array = TALLOC_ZERO_P(p-mem_ctx, struct samr_SamArray);
if (!samr_array) {
return NT_STATUS_NO_MEMORY;
@@ -1429,6 +1436,13 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r-in.domain_handle, (void **)(void *)info))
return NT_STATUS_INVALID_HANDLE;
 
+   status = access_check_samr_function(info-acc_granted,
+   SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+   _samr_QueryDisplayInfo);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
/*
 * calculate how many entries we will return.
 * based on
@@ -2062,6 +2076,13 @@ NTSTATUS _samr_LookupRids(pipes_struct *p,
if (!get_lsa_policy_samr_sid(p, r-in.domain_handle, pol_sid, 
acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
 
+   status = access_check_samr_function(acc_granted,
+   SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+   _samr__LookupRids);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
if (num_rids  1000) {
DEBUG(0, (Got asked for %d rids (more than 1000) -- according 
  to samba4 idl this is not possible\n, num_rids));
@@ -2632,6 +2653,13 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
if (!find_policy_by_hnd(p, r-in.user_handle, (void **)(void *)info))
return NT_STATUS_INVALID_HANDLE;
 
+   status = access_check_samr_function(info-acc_granted,
+   SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+   _samr_QueryUserInfo);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+
domain_sid = info-sid;
 

Build status as of Tue Oct 21 00:00:02 2008

2008-10-20 Thread build
URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2008-10-20 
00:00:24.0 +
+++ /home/build/master/cache/broken_results.txt 2008-10-21 00:00:11.0 
+
@@ -1,23 +1,23 @@
-Build status as of Mon Oct 20 00:00:02 2008
+Build status as of Tue Oct 21 00:00:02 2008
 
 Build counts:
 Tree Total  Broken Panic 
 build_farm   0  0  0 
-ccache   33 7  0 
+ccache   32 7  0 
 ctdb 0  0  0 
 distcc   1  0  0 
-ldb  32 32 0 
-libreplace   31 12 0 
+ldb  33 32 0 
+libreplace   32 12 0 
 lorikeet-heimdal 29 20 0 
 pidl 19 3  0 
 ppp  13 13 0 
 rsync33 10 0 
 samba-docs   0  0  0 
-samba-gtk8  8  0 
-samba_3_X_devel 30 20 0 
+samba-gtk7  7  0 
+samba_3_X_devel 29 19 0 
 samba_3_X_test 29 17 0 
-samba_4_0_test 32 28 1 
-smb-build29 6  0 
-talloc   32 32 0 
-tdb  32 14 0 
+samba_4_0_test 31 27 1 
+smb-build31 6  0 
+talloc   33 32 0 
+tdb  33 12 0