[Samba] Join fails with 'SPNEGO login failed: invalid parameter'
Hi, I am running Samba 3.2.4 on a Solaris 10 SPARC machine. The config is pretty simple (see below). Security is set to 'domain'. The PDC and BDC are running 3.0.30 without problems. When joining the machine to the domain with 'net rpc join', it fails with: Could not connect to server 130.37.79.2 Connection failed: NT_STATUS_INVALID_PARAMETER when running the net command with -d10, messages appear like: [2008/11/02 21:00:54, 1] libsmb/ntlmssp.c:(326) Failed to parse NTLMSSP packet, could not extract NTLMSSP command [2008/11/02 21:00:54, 3] libsmb/cliconnect.c:(1036) SPNEGO login failed: Invalid parameter [2008/11/02 21:00:54, 1] libsmb/cliconnect.c:(1737) failed session setup with NT_STATUS_INVALID_PARAMETER What's keeping Samba from joining the domain correctly? I would have added the -d10 output as well, but that'll exceed the 64KB size limit on the list, so I left it out, except for the last lines. Regards, Remy Zandwijk -- smb.conf [global]-section: global] netbios name= MEGAPTERAFALW workgroup = ALW server string = ALW %L log file= /var/log/samba/%m.log log level = 3 max log size= 1 security= domain password server = 130.37.79.3 130.37.79.2 encrypt passwords = yes wins server = 130.37.79.8 host msdfs = yes disable spoolss = yes load printers = no printing= bsd printcap name = /dev/null winbind separator = + winbind enum users = no winbind enum groups = no winbind nested groups = yes winbind use default domain = yes idmap domains = ALW idmap config ALW:backend= nss idmap config ALW:readonly = yes net rcp join -d10 output: [2008/11/02 21:08:07, 10] libsmb/credentials.c:(316) creds_client_init: seed : A3C7F33910594013 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\130.37.79.2' account_name : 'MEGAPTERAFALW$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name: 'MEGAPTERAFALW' credentials : * credentials: struct netr_Credential data : a3c7f33910594013 negotiate_flags : * negotiate_flags : 0x (0) 0: NETLOGON_NEG_ACCOUNT_LOCKOUT 0: NETLOGON_NEG_PERSISTENT_SAMREPL 0: NETLOGON_NEG_ARCFOUR 0: NETLOGON_NEG_PROMOTION_COUNT 0: NETLOGON_NEG_CHANGELOG_BDC 0: NETLOGON_NEG_FULL_SYNC_REPL 0: NETLOGON_NEG_MULTIPLE_SIDS 0: NETLOGON_NEG_REDO 0: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 0: NETLOGON_NEG_SCHANNEL [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(88) 00 smb_io_rpc_hdr hdr [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) major : 05 [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) 0001 minor : 00 [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) 0002 pkt_type : 00 [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) 0003 flags : 03 [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) 0004 pack_type0: 10 [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) 0005 pack_type1: 00 [2008/11/02 21:08:07, 5] rpc_parse/parse_prs.c:(624) 0006 pack_type2: 00 [2008/11/02 21:08:07, 5]
Re: [Samba] NFS and Samba not working since Samba 3.0.24 ?
Hi, Here we had the same problem. We solved by installing the package lockdev (centos 5). Jorge C. On Fri, 31 Oct 2008 11:28:28 -0300, Anand Kumria [EMAIL PROTECTED] wrote: Hi, I have an NFS share on a NAS device which is mounted on my Samba server. I then share this using Samba. Client who connect are not able to obtain read-write locks. This setup works fine when the Samba version is 3.0.24 (Debian version 3.0.24-6etch9) but anything later and it fails. All systems are running Linux 2.6.18 (or later) in case anyone is wondering. Has anyone else seen the same failure sceanario? Thanks, Anand -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mac still wont follow symbolic link
I have received a few responses to the problem I am facing with some Mac OS 10.5.5 computers not being able to follow the symbolic link to the /var/www directory on a red hat 5.2 el server. The Mac computers can follow any other symbolic link, even to directories inside the /var/www directory. The Mac computers just can't seem to follow a symbolic link to /var/www directory. PC/windows computers can follow the symbolic link to the /vaw/www directory. These same Mac computers can follow a symbolic link to the /var/www on our fedora core 5 server. On both servers, the red hat and fedora core 5, the smb.conf file has no entry for unix extensions = no thus both are using the default unix extensions = yes Why can't these Mac OS 10.5.5 computers follow the symbolic link to the /var/www directory when windows machines can, and why CAN these Mac computers follow symbolic links to directories inside the /var/www/ directory? Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Removing printer settings
Hello, I have a printer on my samba 3.0.22 (I can't upgrade because of some changes in never version, making trouble here), that worked fine until now. Some days ago I would like to change some default settings of the printer. When I open the properties of the printer, I get a Function address 0x2d04193 caused a protection fault. error message. I found one old posting http://www.mail-archive.com/samba@lists.samba.org/msg96143.html about that. My big question is: How can I delete my local printer connection and the corresponding entry in ntprinters.tdb? Meanwhile I tried creating a new samba printer with the same underlaying information in lpd. This one I can configure and use. But I want to have it clean. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems mixing public / private shares on windows
Hi guys, I'm trying to have some shares available for everyone and some other only available to authenticated users, here's an excerpt from my config file: [global] workgroup = WORKGROUP server string = Server log file = /var/log/samba/log.%m max log size = 50 guest account = nobody map to guest = bad user security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no dos charset = 852 unix charset = UTF-8 [mnt] path = /mnt/%U public = no write list = %U valid users = @group It's all fine when I use smbclient or nautilus through gvfs - when I try to access anonymous shares, it opens without a password prompt, when I try to access the 'mnt' share it asks for a username / password and opens the correct /mnt/username dir. On windows, however, I can't access the authenticated share - windows says that 'You might not have access to the share' and that 'You can't use different users to access different shares' - maybe that's a problem? What am I doing wrong? Or is it impossible to do like that? -- Michal Sawicz [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems mixing public / private shares on windows
On Mon, Nov 3, 2008 at 12:12 PM, Mike Gallamore [EMAIL PROTECTED] wrote: In my experience you are correct. Windows seems to treat authentication as a per server bases. Once you've logged in as one user it will try to use that users credentials for the next share from that server. I haven't figured out a workaround but it would be great if someone knows one. This is buy design. You can not connect to the same server with 2 different sets of credentials. Probably a workaround is to have samba assingn a nebios alias to the server and use that to connect using a second set of credentials. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems mixing public / private shares on windows
Connect to the netbios name for one share. Connect to the ip address for the other share. This will allow different credentials. Don't know if you need more than two -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Gallamore Sent: Monday, November 03, 2008 9:12 AM To: samba@lists.samba.org Subject: Re: [Samba] Problems mixing public / private shares on windows In my experience you are correct. Windows seems to treat authentication as a per server bases. Once you've logged in as one user it will try to use that users credentials for the next share from that server. I haven't figured out a workaround but it would be great if someone knows one. Sometimes Windows doesn't even show that you are connected to a share and the client has to be rebooted before you'll get the login prompt again to pick a different login name from what I've seen. Definitely not ideal behavior. On Nov 3, 2008, at 5:28 PM, Michal Sawicz wrote: Hi guys, I'm trying to have some shares available for everyone and some other only available to authenticated users, here's an excerpt from my config file: [global] workgroup = WORKGROUP server string = Server log file = /var/log/samba/log.%m max log size = 50 guest account = nobody map to guest = bad user security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no dos charset = 852 unix charset = UTF-8 [mnt] path = /mnt/%U public = no write list = %U valid users = @group It's all fine when I use smbclient or nautilus through gvfs - when I try to access anonymous shares, it opens without a password prompt, when I try to access the 'mnt' share it asks for a username / password and opens the correct /mnt/username dir. On windows, however, I can't access the authenticated share - windows says that 'You might not have access to the share' and that 'You can't use different users to access different shares' - maybe that's a problem? What am I doing wrong? Or is it impossible to do like that? -- Michal Sawicz [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help with ATSVC
Hello All, I'ma developer from Brazil and I'm studying samba sources. Now I'm trying to build a sample application with samba 4 sources. It's quite simple, I just want to pick the time from a given remote windows machine, and then schedule a job 2 minutes after that using atsvc. I think I'm messing up because I simply don't understand completely the meaning of the parameters of dcerpc_pipe_connect. Wich context should I use? I saw some samples in the ./torture/rpc tests folder, and I'm using then to study, but it's very confusing for me. :P Need help! Thanks for the great work you guys have been doing for all these years. my best regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: join fails samba 3.2 ADS 2003R2 SP2
Marc-Andre Vallee Marc-Andre.Vallee at complys.com writes: Hi, SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1) When I try to join (net ads join -U Administrator), I get : Failed to join domain: failed to set machine spn: Can't contact LDAP server Any news on this one? I have the same problem with a slightly different setup. I'm using a Samba 3.2.4 running on SLES 10 SP2 and try to join an AD running on a Windows 2008. Here's my output: # net ads join -U Administrator -d 3 [2008/11/03 19:35:42, 3] param/loadparm.c:lp_load_ex(8754) lp_load_ex: refreshing parameters [2008/11/03 19:35:42, 3] param/loadparm.c:init_globals(4597) Initialising global parameters [2008/11/03 19:35:42, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2008/11/03 19:35:42, 3] param/loadparm.c:do_section(7417) Processing section [global] [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=fe80::214:5eff:fed8:9816%eth0 bcast=fe80:::::%eth0 netmask=::::: [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth1 ip=fe80::214:5eff:fed8:9818%eth1 bcast=fe80:::::%eth1 netmask=::::: [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.28 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.195 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth1 ip=10.168.1.195 bcast=10.168.1.255 netmask=255.255.255.0 Enter Administrator's password: [2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1770) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'SR-HOME-1' domain_name : * domain_name : 'VERLAG.VN.IDOWA.DE' account_ou : NULL admin_account: 'Administrator' admin_password : * machine_password : NULL join_flags : 0x0023 (35) 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config: 0x00 (0) ads : NULL debug: 0x01 (1) secure_channel_type : SEC_CHAN_WKSTA (2) [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_start_connection(1632) Connecting to host=sr-dc-1.verlag.vn.idowa.de [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_lmhosts(1162) resolve_lmhosts: Attempting lmhosts lookup for name sr-dc-1.verlag.vn.idowa.de0x20 [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1026) resolve_wins: Attempting wins lookup for name sr-dc-1.verlag.vn.idowa.de0x20 [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1030) resolve_wins: WINS server resolution selected and no WINS servers listed. [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_hosts(1244) resolve_hosts: Attempting host lookup for name sr-dc-1.verlag.vn.idowa.de0x20 [2008/11/03 19:35:46, 3] lib/util_sock.c:open_socket_out(1331) Connecting to 192.168.1.82 at port 445 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=124) [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 48018 1 2 2 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 3 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 3 6 1 4 1 311 2 2 10 [2008/11/03 19:35:46, 3]
Re: [Samba] Problems mixing public / private shares on windows
In my experience you are correct. Windows seems to treat authentication as a per server bases. Once you've logged in as one user it will try to use that users credentials for the next share from that server. I haven't figured out a workaround but it would be great if someone knows one. Sometimes Windows doesn't even show that you are connected to a share and the client has to be rebooted before you'll get the login prompt again to pick a different login name from what I've seen. Definitely not ideal behavior. On Nov 3, 2008, at 5:28 PM, Michal Sawicz wrote: Hi guys, I'm trying to have some shares available for everyone and some other only available to authenticated users, here's an excerpt from my config file: [global] workgroup = WORKGROUP server string = Server log file = /var/log/samba/log.%m max log size = 50 guest account = nobody map to guest = bad user security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no dos charset = 852 unix charset = UTF-8 [mnt] path = /mnt/%U public = no write list = %U valid users = @group It's all fine when I use smbclient or nautilus through gvfs - when I try to access anonymous shares, it opens without a password prompt, when I try to access the 'mnt' share it asks for a username / password and opens the correct /mnt/username dir. On windows, however, I can't access the authenticated share - windows says that 'You might not have access to the share' and that 'You can't use different users to access different shares' - maybe that's a problem? What am I doing wrong? Or is it impossible to do like that? -- Michal Sawicz [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbtorture : Unknown operation mkdir
Hi, I got problem while using smbtorture with the NBENCH test. The error happens on the Mkdir operation. I'm using the file client.txt from dbench-3.04. There are Mkdir operations, but in the file torture.c, this operation is not handled. Few other operations are not handled. I did compare operations from run_netbench and those that are present in torture.c : dbench-3.04$ cat client.txt | awk {'print $1'} | sort | uniq Close : ok Deltree : ok FIND_FIRST : ok Flush : ok NTCreateX : ok QUERY_FILE_INFORMATION : ok QUERY_FS_INFORMATION : ok QUERY_PATH_INFORMATION : ok ReadX : ok Rename : ok Unlink : ok WriteX : ok LockX : Missing Mkdir : Missing SET_FILE_INFORMATION : Missing UnlockX : Missing dbench-3.04 samba-3.2.3 Should I use another test case file? Or maybe I don't have the right version of smbtorture? Have a nice day, Francis -- Francis Giraldeau, Ing jr. Analyste Infrastructure Directeur Qualité Téléphone : (819) 780-8955 poste Sans frais : 1-800-996-8955 Télécopieur : (819) 780-8871 Revolution Linux Inc. 2100 King ouest - bureau 260 Sherbrooke (Québec) J1J 2E8 CANADA http://www.revolutionlinux.com Toutes les opinions et les prises de position exprimees dans ce courriel sont celles de son auteur et ne representent pas necessairement celles de Revolution Linux Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba DC
Im having an issue with Domain Admins not being added to the Administrators group on windows... I have done net groupmap add ntgroup=Domain Admins type=d unixgroup=wheel and still nothing any recommendations? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Remove old password in Windows
I have Samba running as File Server. Most workstation uses Windows XP and I usually map the samba drive to Windows. When I change password, users doesn't prompt to re-enter their password. It seems the password was cache on Windows and even though I already change the password, since they have previous connection, they have already granted access to that directory despite of the new password. Is there a way that Windows Users will be force to re-enter their new password? Also, after changing the password of the user in samba, I restart samba service (service smb restart). However, Windows XP users was prompt of Logon failure: unknown user name or bad password. It seems it still using the old password but since I have change their password, Windows still using the old password. I have visited control panel---user account--manage my network password but didn't see any password save. Please advise if their are other people experience the same thing. -- Nelson Serafica http://nelsontux.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: join fails samba 3.2 ADS 2003R2 SP2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roland Hebertinger wrote: Marc-Andre Vallee Marc-Andre.Vallee at complys.com writes: Hi, SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1) When I try to join (net ads join -U Administrator), I get : Failed to join domain: failed to set machine spn: Can't contact LDAP server Any news on this one? I have the same problem with a slightly different setup. I'm using a Samba 3.2.4 running on SLES 10 SP2 and try to join an AD running on a Windows 2008. Here's my output: # net ads join -U Administrator -d 3 [2008/11/03 19:35:42, 3] param/loadparm.c:lp_load_ex(8754) lp_load_ex: refreshing parameters [2008/11/03 19:35:42, 3] param/loadparm.c:init_globals(4597) Initialising global parameters [2008/11/03 19:35:42, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2008/11/03 19:35:42, 3] param/loadparm.c:do_section(7417) Processing section [global] [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=fe80::214:5eff:fed8:9816%eth0 bcast=fe80:::::%eth0 netmask=::::: [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth1 ip=fe80::214:5eff:fed8:9818%eth1 bcast=fe80:::::%eth1 netmask=::::: [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.28 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.195 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth1 ip=10.168.1.195 bcast=10.168.1.255 netmask=255.255.255.0 Enter Administrator's password: [2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1770) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'SR-HOME-1' domain_name : * domain_name : 'VERLAG.VN.IDOWA.DE' account_ou : NULL admin_account: 'Administrator' admin_password : * machine_password : NULL join_flags : 0x0023 (35) 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config: 0x00 (0) ads : NULL debug: 0x01 (1) secure_channel_type : SEC_CHAN_WKSTA (2) [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_start_connection(1632) Connecting to host=sr-dc-1.verlag.vn.idowa.de [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_lmhosts(1162) resolve_lmhosts: Attempting lmhosts lookup for name sr-dc-1.verlag.vn.idowa.de0x20 [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1026) resolve_wins: Attempting wins lookup for name sr-dc-1.verlag.vn.idowa.de0x20 [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1030) resolve_wins: WINS server resolution selected and no WINS servers listed. [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_hosts(1244) resolve_hosts: Attempting host lookup for name sr-dc-1.verlag.vn.idowa.de0x20 [2008/11/03 19:35:46, 3] lib/util_sock.c:open_socket_out(1331) Connecting to 192.168.1.82 at port 445 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=124) [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 48018 1 2 2 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
[Samba] Trusted to work PDC howto
I have already setup a Samba PDC out of version 3.0.x but it's basically rigged together because I had to use like 3 howtos together to finally figure out what they were actually doing. I have tried much Google searching to find a way better guide, but no luck. Is there a tried and test guide that is referred to all who ask the question? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to set file/folder permission flexibly in Samba
On Mon, Nov 03, 2008 at 01:59:29PM +0800, Andy Zhou/ICILSZX wrote: Hi All, I am using Samba 3.0.10 on IBM server with REHL 4 Os. The detailed infromation as below. - [EMAIL PROTECTED] samba]# uname -a Linux ufhkglx02 2.6.9-67.ELsmp #1 SMP Wed Nov 7 13:58:04 EST 2007 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] samba]# cat /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 6) [EMAIL PROTECTED] samba]# smbstatus -V Version 3.0.25b-0.4E.6 Currently, we are planning to migration NT domain to Samba domain, and the file/folders controlled by NT domain controller on NT server will be migrated to Linux server with Samba domain. But the problem is: How to restore the permission for file/folders. Because in Nt domain, there are some files/folders with special permissions, for example: UserA and UserB just read folderA UserC and UserD can read/write folderA. In Nt domian, it's easy to do so, we can set such permission by click Security' button in folder A's Property. But with Samba, it's so difficulty. Because folderA will be migrated to a root directory in Linux server, such as /Dept, that is: --Dept --A --.. --.. And we require all users can read/access folder Dept, but cannot access folder A except User A, B, C and D (with special permission). Maybe it can set group to meet such requirement, but we don't like to do so, because it's not flexible, we have large mounts of file/folders with special permission. Of course, we can set such settings in smb.conf: --- [Folder A] path = /folderA valid users = UserA, UserB, UserC, UserD writeable = yes read list = UserA, UserB write list = UserC, UserD create mask = 770 directory mask = 770 But with such setting, the folderA will under / directory, while not /Dept, because we have so many folders need to be shared with special permission, we don't like to set too many folders under / partition, we need to set those folders all under /Dept. Therefore, my questions are: 1. Is there any way to meet my requirement? 2. Is there any way to let user control the permissions by themselves? Because with Samba domain, user cannot change the permissin setting in folder's security button, even though we set nt acl support = Yes in Global setting in smb.conf. Does samba 3.0.25 support nt acl support? Any pointers will be very appreciated. Thank you. 3.0.25 is a little old. I suggest using 3.0.32 if you need to stay on a 3.0.x environment, change to 3.2.4 if not (only bugfixing is being done on the 3.0.x codebase, no new changes - all new fixes are being done on 3.2.x and 3.3.x). You should be able to allow users to change permissions using the NT ACL editor using Samba. Using posix acls on your backend filesystem should allow you to meet these needs. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] conceptual question regarding file ownership and uid
Hi, For a samba member server s1 that uses the built-in user mapping (ie, no winbind), if a domain user DOM\u1 creates a file on the server, it will be owned by the local u1 user on the server, right? What if a user is using explorer on a Windows client to view its ownership, will it appear as s1\u1 or DOM\u1? How to ensure that it is the latter? Thanks! - -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- View this message in context: http://www.nabble.com/conceptual-question-regarding-file-ownership-and-uid-tp20315417p20315417.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Remove old password in Windows
On Tue, 2008-11-04 at 08:07 +0800, Nelson Serafica wrote: I have Samba running as File Server. Most workstation uses Windows XP and I usually map the samba drive to Windows. When I change password, users doesn't prompt to re-enter their password. It seems the password was cache on Windows and even though I already change the password, since they have previous connection, they have already granted access to that directory despite of the new password. Is there a way that Windows Users will be force to re-enter their new password? Also, after changing the password of the user in samba, I restart samba service (service smb restart). However, Windows XP users was prompt of Logon failure: unknown user name or bad password. It seems it still using the old password but since I have change their password, Windows still using the old password. I have visited control panel---user account--manage my network password but didn't see any password save. Please advise if their are other people experience the same thing. -- Nelson Serafica http://nelsontux.blogspot.com Nelson, Windows caches your logon credentials after the initial login as a hash value. This is a 'feature' of the MS client systems. You can disable password caching on the Windows machines for any externally accessed resources. I don't believe this affects the current local user session. To disable password caching for new logins, open regedit and add the following keys as DWord values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Policies\Network\DisablePwdCaching = 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Network\DisablePwdCaching = 1 These entries does not exist by default - if you have many clients, you may want to script this into their logon scripts. Another topic to review that was posted recently: http://www.mail-archive.com/samba@lists.samba.org/msg96607.html The issues that making these changes would create is that every user would be prompted for their username and password on every connection. This is, perhaps, undesirable. Regards, Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] conceptual question regarding file ownership and uid
On Mon, Nov 03, 2008 at 06:59:01PM -0800, Kent Tong wrote: Hi, For a samba member server s1 that uses the built-in user mapping (ie, no winbind), if a domain user DOM\u1 creates a file on the server, it will be owned by the local u1 user on the server, right? What if a user is using explorer on a Windows client to view its ownership, will it appear as s1\u1 or DOM\u1? How to ensure that it is the latter? Run winbindd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba log file
Is there a way to monitor the uploading/downloading activity in samba. I want to know who is uploading the file or downloading the file. Also, is there a tool who has successfully access the samba? I tried to enable log in smb.conf and enable logging When I transfer a file, it shows [2008/11/04 16:53:42, 1] smbd/service.c:make_connection_snum(1033) packets (10.0.1.108) connect to service billing initially as user billing (uid=500, gid=500) (pid 1669) When I download a file, it shows nothing The entry in smb.conf is log file = /var/log/samba/smbd.log -- Nelson Serafica http://nelsontux.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with ATSVC
On Mon, 2008-11-03 at 10:02 -0800, [EMAIL PROTECTED] wrote: Hello All, I'ma developer from Brazil and I'm studying samba sources. I would suggest re-posting your question to samba-technical - your question would be quite on topic there, particularly regarding Samba4. Now I'm trying to build a sample application with samba 4 sources. It's quite simple, I just want to pick the time from a given remote windows machine, and then schedule a job 2 minutes after that using atsvc. I think I'm messing up because I simply don't understand completely the meaning of the parameters of dcerpc_pipe_connect. Wich context should I use? I saw some samples in the ./torture/rpc tests folder, and I'm using then to study, but it's very confusing for me. :P Need help! Thanks for the great work you guys have been doing for all these years. I'm sure I've already seen a patch for Samba4 implementing 'psexec' somewhere. Google brings up http://eol.ovh.org/winexe/ but some day it would be nice to have this actually in Samba4. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba log file
On Tue, Nov 4, 2008 at 2:36 PM, Nelson Serafica [EMAIL PROTECTED]wrote: Is there a way to monitor the uploading/downloading activity in samba. I want to know who is uploading the file or downloading the file. Also, is there a tool who has successfully access the samba? Maybe this will be of help. http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html See audit and ext_audit. Also, I have log level = 2 and this shows file open and closes. Cheers, Aaron I tried to enable log in smb.conf and enable logging When I transfer a file, it shows [2008/11/04 16:53:42, 1] smbd/service.c:make_connection_snum(1033) packets (10.0.1.108) connect to service billing initially as user billing (uid=500, gid=500) (pid 1669) When I download a file, it shows nothing The entry in smb.conf is log file = /var/log/samba/smbd.log -- Nelson Serafica http://nelsontux.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SCM] Samba Shared Repository - branch master updated - 17218df56714237d319673c17ddd2c75795d6285
On Sun, Nov 02, 2008 at 03:28:02PM -0600, Michael Adam wrote: The branch, master has been updated via 17218df56714237d319673c17ddd2c75795d6285 (commit) from f3e638bc9fad7d3a54a9b41de8857c126c656f5c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 17218df56714237d319673c17ddd2c75795d6285 Author: Michael Adam [EMAIL PROTECTED] Date: Thu Oct 30 16:38:07 2008 +0100 [s3]winbindd: speed up fill_grent_mem (i.e. winbindd_getgrent) a lot. With large groups, getgrent ran into timeouts because after each single user that was added to the expanded group list, the list was sorted and made unique. Now the list is sorted just once after all members have been added. Great work Michael, thanks a *lot* ! Jeremy.
[SCM] Samba Shared Repository - branch master updated - eb9656e75721d6738d8da0f0ec8386403aa4f5f8
The branch, master has been updated via eb9656e75721d6738d8da0f0ec8386403aa4f5f8 (commit) via 9a05c277ca0d460bc610fb295fbf572efa2275fb (commit) from c5a70cab25de3b0acd89ba12150b9077bb59cbb5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit eb9656e75721d6738d8da0f0ec8386403aa4f5f8 Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Nov 3 17:56:55 2008 +0100 Fix nonempty blank lines commit 9a05c277ca0d460bc610fb295fbf572efa2275fb Author: Volker Lendecke [EMAIL PROTECTED] Date: Mon Nov 3 17:49:38 2008 +0100 Make a comment match its function definition --- Summary of changes: source3/smbd/aio.c |2 +- source3/smbd/blocking.c | 28 ++-- 2 files changed, 15 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 4ed574c..4e56acf 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -132,7 +132,7 @@ static void delete_aio_ex(struct aio_extra *aio_ex) } / - Given the aiocb struct find the extended aio struct containing it. + Given the mid find the extended aio struct containing it. */ static struct aio_extra *find_aio_ex(uint16 mid) diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index a232249..78a63dc 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -2,17 +2,17 @@ Unix SMB/CIFS implementation. Blocking Locking functions Copyright (C) Jeremy Allison 1998-2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. */ @@ -340,7 +340,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, NTSTATUS status) data = (uint8_t *)smb_buf(inbuf) + ((large_file_format ? 20 : 10)*num_ulocks); - + /* * Data now points at the beginning of the list * of smb_lkrng structs. @@ -351,19 +351,19 @@ static void reply_lockingX_error(blocking_lock_record *blr, NTSTATUS status) * as under POSIX rules, if we have a lock already there, we * will delete it (and we shouldn't) . */ - + for(i = blr-lock_num - 1; i = 0; i--) { bool err; - + lock_pid = get_lock_pid( data, i, large_file_format); count = get_lock_count( data, i, large_file_format); offset = get_lock_offset( data, i, large_file_format, err); - + /* * We know err cannot be set as if it was the lock * request would never have been queued. JRA. */ - + do_unlock(smbd_messaging_context(), fsp, lock_pid, @@ -371,7 +371,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, NTSTATUS status) offset, WINDOWS_LOCK); } - + generic_blocking_lock_error(blr, status); } @@ -442,7 +442,7 @@ static bool process_lockingX(blocking_lock_record *blr) lock_pid = get_lock_pid( data, blr-lock_num, large_file_format); count = get_lock_count( data, blr-lock_num, large_file_format); offset = get_lock_offset( data, blr-lock_num, large_file_format, err); - + /* * We know err cannot be set as if it was the lock * request would never have been queued. JRA. @@ -471,7 +471,7 @@ static bool process_lockingX(blocking_lock_record *blr) /* * Success - we got all the locks. */ - + DEBUG(3,(process_lockingX file = %s, fnum=%d type=%d num_locks=%d\n, fsp-fsp_name, fsp-fnum, (unsigned int)locktype, num_locks) ); @@ -484,7 +484,7 @@ static bool process_lockingX(blocking_lock_record *blr) * error. Free any locks we had and return an error. * Return True so we get dequeued. */
[SCM] Samba Shared Repository - branch master updated - 4f25c779243ba38fce26dea51feafcf28492d79b
The branch, master has been updated via 4f25c779243ba38fce26dea51feafcf28492d79b (commit) via 7ed352b0c9f79b288cac850b4e50a9feffd7b069 (commit) via 973d50a7ff39c14bf734f095e4bf57843ce80529 (commit) from eb9656e75721d6738d8da0f0ec8386403aa4f5f8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f25c779243ba38fce26dea51feafcf28492d79b Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Nov 3 17:31:32 2008 +0100 s3: proto.h: add missing sys_[g|s]et_quota_vfs() prototypes metze commit 7ed352b0c9f79b288cac850b4e50a9feffd7b069 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Nov 3 14:29:49 2008 +0100 s4:torture: PROVISION isn't used by all tests We should not pollute all torture object files with EXT_LIB_PYTHON_CFLAGS metze commit 973d50a7ff39c14bf734f095e4bf57843ce80529 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Nov 3 14:27:54 2008 +0100 s4:torture: fix names of defines metze --- Summary of changes: source3/include/proto.h |3 +++ source4/torture/config.mk |5 +++-- source4/torture/local/config.mk |3 ++- source4/torture/util.h |6 +++--- 4 files changed, 11 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 5ca5c77..254c33d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -955,6 +955,9 @@ int sys_set_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DI /* The following definitions come from lib/sysquotas_*.c */ +int sys_get_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp); +int sys_set_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp); + int sys_get_xfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp); int sys_set_xfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp); diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 211d097..8b12f36 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -1,5 +1,5 @@ [SUBSYSTEM::TORTURE_UTIL] -PRIVATE_DEPENDENCIES = LIBCLI_RAW LIBPYTHON smbcalls PROVISION +PRIVATE_DEPENDENCIES = LIBCLI_RAW PUBLIC_DEPENDENCIES = POPT_CREDENTIALS TORTURE_UTIL_OBJ_FILES = $(addprefix $(torturesrcdir)/, util_smb.o) @@ -212,7 +212,8 @@ INIT_FUNCTION = torture_net_init PRIVATE_DEPENDENCIES = \ LIBSAMBA-NET \ POPT_CREDENTIALS \ - torture_rpc + torture_rpc \ + PROVISION # End SUBSYSTEM TORTURE_NET # diff --git a/source4/torture/local/config.mk b/source4/torture/local/config.mk index def391b..46d5e38 100644 --- a/source4/torture/local/config.mk +++ b/source4/torture/local/config.mk @@ -14,7 +14,8 @@ PRIVATE_DEPENDENCIES = \ TORTURE_UTIL \ TORTURE_NDR \ share \ - torture_registry + torture_registry \ + PROVISION # End SUBSYSTEM TORTURE_LOCAL # diff --git a/source4/torture/util.h b/source4/torture/util.h index 9dc948a..f36d542 100644 --- a/source4/torture/util.h +++ b/source4/torture/util.h @@ -17,8 +17,8 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#ifndef _TORTURE_PROVISION_H_ -#define _TORTURE_PROVISION_H_ +#ifndef _TORTURE_UTIL_H_ +#define _TORTURE_UTIL_H_ #include torture/torture.h @@ -94,4 +94,4 @@ NTSTATUS torture_second_tcon(TALLOC_CTX *mem_ctx, -#endif /* _TORTURE_PROVISION_H_ */ +#endif /* _TORTURE_UTIL_H_ */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 2efacde8c4346130227728f11a98481ed1e01515
The branch, master has been updated via 2efacde8c4346130227728f11a98481ed1e01515 (commit) from 4f25c779243ba38fce26dea51feafcf28492d79b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2efacde8c4346130227728f11a98481ed1e01515 Author: Tim Prouty [EMAIL PROTECTED] Date: Mon Nov 3 12:36:34 2008 -0800 s3: fix a few shadows a global declaration warnings --- Summary of changes: source3/lib/popt_common.c |8 source3/nmbd/nmbd.c |8 source3/winbindd/winbindd.c | 18 +- source3/winbindd/winbindd_cm.c|8 source3/winbindd/winbindd_proto.h |2 +- 5 files changed, 22 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index 8ceac26..2e6d3b3 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -39,7 +39,7 @@ extern bool override_logfile; static void set_logfile(poptContext con, const char * arg) { - char *logfile = NULL; + char *lfile = NULL; const char *pname; /* Find out basename of current program */ @@ -50,11 +50,11 @@ static void set_logfile(poptContext con, const char * arg) else pname++; - if (asprintf(logfile, %s/log.%s, arg, pname) 0) { + if (asprintf(lfile, %s/log.%s, arg, pname) 0) { return; } - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } static bool PrintSambaVersionString; diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index adc331c..d1ab3aa 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -803,12 +803,12 @@ static bool open_sockets(bool isdaemon, int port) sys_srandom(time(NULL) ^ sys_getpid()); if (!override_logfile) { - char *logfile = NULL; - if (asprintf(logfile, %s/log.nmbd, get_dyn_LOGFILEBASE()) 0) { + char *lfile = NULL; + if (asprintf(lfile, %s/log.nmbd, get_dyn_LOGFILEBASE()) 0) { exit(1); } - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } fault_setup((void (*)(void *))fault_continue ); diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index ac2a87f..ce1a1fe 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -59,7 +59,7 @@ struct messaging_context *winbind_messaging_context(void) /* Reload configuration */ -static bool reload_services_file(const char *logfile) +static bool reload_services_file(const char *lfile) { bool ret; @@ -73,8 +73,8 @@ static bool reload_services_file(const char *logfile) /* if this is a child, restore the logfile to the special name - domain, idmap, etc. */ - if (logfile *logfile) { - lp_set_logfile(logfile); + if (lfile *lfile) { + lp_set_logfile(lfile); } reopen_logs(); @@ -792,14 +792,14 @@ static bool remove_idle_client(void) } /* check if HUP has been received and reload files */ -void winbind_check_sighup(const char *logfile) +void winbind_check_sighup(const char *lfile) { if (do_sighup) { DEBUG(3, (got SIGHUP\n)); flush_caches(); - reload_services_file(logfile); + reload_services_file(lfile); do_sighup = False; } @@ -1096,11 +1096,11 @@ int main(int argc, char **argv, char **envp) poptFreeContext(pc); if (!override_logfile) { - char *logfile = NULL; - if (asprintf(logfile,%s/log.winbindd, + char *lfile = NULL; + if (asprintf(lfile,%s/log.winbindd, get_dyn_LOGFILEBASE()) 0) { - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } } setup_logging(winbindd, log_stdout); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index b4490a0..3c69859 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -225,10 +225,10 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain) close_conns_after_fork(); if (!override_logfile) { - char *logfile; - if (asprintf(logfile, %s/log.winbindd-dc-connect, get_dyn_LOGFILEBASE()) 0) { - lp_set_logfile(logfile); - SAFE_FREE(logfile); + char
Build status as of Tue Nov 4 00:00:01 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-11-03 00:00:27.0 + +++ /home/build/master/cache/broken_results.txt 2008-11-04 00:00:48.0 + @@ -1,4 +1,4 @@ -Build status as of Mon Nov 3 00:00:02 2008 +Build status as of Tue Nov 4 00:00:01 2008 Build counts: Tree Total Broken Panic @@ -7,17 +7,17 @@ ctdb 0 0 0 distcc 1 0 0 ldb 33 32 0 -libreplace 31 12 0 -lorikeet-heimdal 28 20 0 +libreplace 32 12 0 +lorikeet-heimdal 29 20 0 pidl 19 2 0 ppp 13 13 0 rsync33 10 0 samba-docs 0 0 0 -samba-gtk6 6 0 +samba-gtk5 5 0 samba_3_X_devel 29 18 0 -samba_3_X_test 29 17 0 +samba_3_X_test 29 16 0 samba_4_0_test 31 27 1 smb-build31 7 0 talloc 33 32 0 -tdb 33 13 0 +tdb 33 12 0
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4328-g38234ec
The branch, v3-3-test has been updated via 38234ec8f3665bb867641a4d7a226e4aed6cd124 (commit) from 9ff54794f1a477cc294ddef6b218a5e68c894128 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 38234ec8f3665bb867641a4d7a226e4aed6cd124 Author: Tim Prouty [EMAIL PROTECTED] Date: Mon Nov 3 17:31:18 2008 -0800 s3: fix a few shadows a global declaration warnings --- Summary of changes: source/lib/popt_common.c |8 source/nmbd/nmbd.c |8 source/winbindd/winbindd.c | 18 +- source/winbindd/winbindd_cm.c|8 source/winbindd/winbindd_proto.h |2 +- 5 files changed, 22 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/popt_common.c b/source/lib/popt_common.c index 8ceac26..2e6d3b3 100644 --- a/source/lib/popt_common.c +++ b/source/lib/popt_common.c @@ -39,7 +39,7 @@ extern bool override_logfile; static void set_logfile(poptContext con, const char * arg) { - char *logfile = NULL; + char *lfile = NULL; const char *pname; /* Find out basename of current program */ @@ -50,11 +50,11 @@ static void set_logfile(poptContext con, const char * arg) else pname++; - if (asprintf(logfile, %s/log.%s, arg, pname) 0) { + if (asprintf(lfile, %s/log.%s, arg, pname) 0) { return; } - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } static bool PrintSambaVersionString; diff --git a/source/nmbd/nmbd.c b/source/nmbd/nmbd.c index d9f2af4..524423f 100644 --- a/source/nmbd/nmbd.c +++ b/source/nmbd/nmbd.c @@ -803,12 +803,12 @@ static bool open_sockets(bool isdaemon, int port) sys_srandom(time(NULL) ^ sys_getpid()); if (!override_logfile) { - char *logfile = NULL; - if (asprintf(logfile, %s/log.nmbd, get_dyn_LOGFILEBASE()) 0) { + char *lfile = NULL; + if (asprintf(lfile, %s/log.nmbd, get_dyn_LOGFILEBASE()) 0) { exit(1); } - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } fault_setup((void (*)(void *))fault_continue ); diff --git a/source/winbindd/winbindd.c b/source/winbindd/winbindd.c index 4af711c..81eb374 100644 --- a/source/winbindd/winbindd.c +++ b/source/winbindd/winbindd.c @@ -59,7 +59,7 @@ struct messaging_context *winbind_messaging_context(void) /* Reload configuration */ -static bool reload_services_file(const char *logfile) +static bool reload_services_file(const char *lfile) { bool ret; @@ -73,8 +73,8 @@ static bool reload_services_file(const char *logfile) /* if this is a child, restore the logfile to the special name - domain, idmap, etc. */ - if (logfile *logfile) { - lp_set_logfile(logfile); + if (lfile *lfile) { + lp_set_logfile(lfile); } reopen_logs(); @@ -792,14 +792,14 @@ static bool remove_idle_client(void) } /* check if HUP has been received and reload files */ -void winbind_check_sighup(const char *logfile) +void winbind_check_sighup(const char *lfile) { if (do_sighup) { DEBUG(3, (got SIGHUP\n)); flush_caches(); - reload_services_file(logfile); + reload_services_file(lfile); do_sighup = False; } @@ -1096,11 +1096,11 @@ int main(int argc, char **argv, char **envp) poptFreeContext(pc); if (!override_logfile) { - char *logfile = NULL; - if (asprintf(logfile,%s/log.winbindd, + char *lfile = NULL; + if (asprintf(lfile,%s/log.winbindd, get_dyn_LOGFILEBASE()) 0) { - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } } setup_logging(winbindd, log_stdout); diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c index b9ba486..953c345 100644 --- a/source/winbindd/winbindd_cm.c +++ b/source/winbindd/winbindd_cm.c @@ -225,10 +225,10 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain) close_conns_after_fork(); if (!override_logfile) { - char *logfile; - if (asprintf(logfile, %s/log.winbindd-dc-connect, get_dyn_LOGFILEBASE()) 0) { - lp_set_logfile(logfile); - SAFE_FREE(logfile); + char *lfile; +
[SCM] Samba Shared Repository - branch master updated - be5c79cbeca6e0671e0e210087cf06645be4194e
The branch, master has been updated via be5c79cbeca6e0671e0e210087cf06645be4194e (commit) via 9dd4abd780db9f6a219bd01b774836ea37b08221 (commit) from 2efacde8c4346130227728f11a98481ed1e01515 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit be5c79cbeca6e0671e0e210087cf06645be4194e Author: Günther Deschner [EMAIL PROTECTED] Date: Tue Nov 4 02:46:41 2008 +0100 s3-build: re-run make samba3-idl. Guenther commit 9dd4abd780db9f6a219bd01b774836ea37b08221 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Oct 30 09:29:17 2008 +0100 netlogon: fix IDL for netr_DatabaseRedo. Guenther --- Summary of changes: librpc/idl/netlogon.idl |6 +- source3/librpc/gen_ndr/cli_netlogon.c |6 +- source3/librpc/gen_ndr/cli_netlogon.h |6 +- source3/librpc/gen_ndr/ndr_netlogon.c | 75 + source3/librpc/gen_ndr/netlogon.h |6 +- source3/librpc/gen_ndr/srv_netlogon.c |2 +- 6 files changed, 61 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index c89cf37..0561f5b 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -961,11 +961,11 @@ interface netlogon NTSTATUS netr_DatabaseRedo( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], - [in] netr_Authenticator credential, + [in] netr_Authenticator *credential, [in,out,ref] netr_Authenticator *return_authenticator, - [in,unique][size_is(change_log_entry_size)] uint8 *change_log_entry, + [in,ref][size_is(change_log_entry_size)] uint8 *change_log_entry, [in] uint32 change_log_entry_size, - [out,ref]netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref]netr_DELTA_ENUM_ARRAY **delta_enum_array ); diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c index 2241d30..275c83a 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.c +++ b/source3/librpc/gen_ndr/cli_netlogon.c @@ -890,11 +890,11 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server /* [in] [charset(UTF16)] */, const char *computername /* [in] [charset(UTF16)] */, - struct netr_Authenticator credential /* [in] */, + struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [in,out] [ref] */, - uint8_t *change_log_entry /* [in] [unique,size_is(change_log_entry_size)] */, + uint8_t *change_log_entry /* [in] [ref,size_is(change_log_entry_size)] */, uint32_t change_log_entry_size /* [in] */, - struct netr_DELTA_ENUM_ARRAY *delta_enum_array /* [out] [ref] */) + struct netr_DELTA_ENUM_ARRAY **delta_enum_array /* [out] [ref] */) { struct netr_DatabaseRedo r; NTSTATUS status; diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h index 09484c8..5adf8e8 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.h +++ b/source3/librpc/gen_ndr/cli_netlogon.h @@ -156,11 +156,11 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server /* [in] [charset(UTF16)] */, const char *computername /* [in] [charset(UTF16)] */, - struct netr_Authenticator credential /* [in] */, + struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [in,out] [ref] */, - uint8_t *change_log_entry /* [in] [unique,size_is(change_log_entry_size)] */, + uint8_t *change_log_entry /* [in] [ref,size_is(change_log_entry_size)] */, uint32_t change_log_entry_size /* [in] */, - struct netr_DELTA_ENUM_ARRAY *delta_enum_array /* [out] [ref] */); + struct netr_DELTA_ENUM_ARRAY **delta_enum_array /* [out] [ref] */); NTSTATUS rpccli_netr_LogonControl2Ex(struct rpc_pipe_client *cli, TALLOC_CTX
[SCM] Samba Shared Repository - branch master updated - 31158c02568c28507a8a405328c457d144ac6829
The branch, master has been updated via 31158c02568c28507a8a405328c457d144ac6829 (commit) via 2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a (commit) via 169f90640864fab9fcb10665c79879b161a56329 (commit) via 9381a78c391bcccd5eddc159a5d3a3e12d19fde3 (commit) via adf016e11946a354a140b1c0ed7789160e3af2aa (commit) from be5c79cbeca6e0671e0e210087cf06645be4194e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 31158c02568c28507a8a405328c457d144ac6829 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Tue Nov 4 15:48:10 2008 +1100 Use ldb_dn_from_ldb_val() to create a DN in the SAMR server The previous code incorrectly cast an ldb_val into a char *. Andrew Bartlett commit 2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a Author: Andrew Bartlett [EMAIL PROTECTED] Date: Tue Oct 28 21:07:52 2008 +1100 Re-add support for supporting the PAC over domain trusts. (This was not entered in lorikeet-heimdal.diff, so missed by metze's import). Andrew Bartlett commit 169f90640864fab9fcb10665c79879b161a56329 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 27 19:48:19 2008 +1100 Give a better error when ldb_dn_from_ldb_val fails commit 9381a78c391bcccd5eddc159a5d3a3e12d19fde3 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 27 13:32:23 2008 +1100 Use ldb_dn_from_ldb_val to avoid possible over-run of the value. The ldb_val is length-limited, and while normally NULL terminated, this avoids the chance that this particular value might not be, as well as avoiding a cast. Andrew Bartlett commit adf016e11946a354a140b1c0ed7789160e3af2aa Author: Andrew Bartlett [EMAIL PROTECTED] Date: Mon Oct 27 13:11:28 2008 +1100 Fix use of wrong union arm in linked_attributes module This bug occours frequenetly in ldb users because the union so happens to be layed out that this works. However, it is still incorrect usage... Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/linked_attributes.c | 22 ++- source4/dsdb/samdb/ldb_modules/normalise.c |2 +- source4/heimdal/kdc/krb5tgs.c | 36 +-- source4/lib/ldb/common/attrib_handlers.c |6 ++-- source4/lib/ldb/common/ldb_ldif.c |4 +- source4/lib/ldb/common/ldb_match.c |2 +- source4/lib/ldb/ldb_map/ldb_map.c |4 +- source4/rpc_server/samr/dcesrv_samr.c | 13 +-- 8 files changed, 47 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 190a66c..dd199c0 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -79,15 +79,17 @@ static struct la_context *linked_attributes_init(struct ldb_module *module, /* Common routine to handle reading the attributes and creating a * series of modify requests */ static int la_store_op(struct la_context *ac, - enum la_op op, char *dn, + enum la_op op, struct ldb_val *dn, const char *name, const char *value) { struct la_op_store *os, *tmp; struct ldb_dn *op_dn; - op_dn = ldb_dn_new(ac, ac-module-ldb, dn); + op_dn = ldb_dn_from_ldb_val(ac, ac-module-ldb, dn); if (!op_dn) { - return LDB_ERR_OPERATIONS_ERROR; + ldb_asprintf_errstring(ac-module-ldb, + could not parse attribute as a DN); + return LDB_ERR_INVALID_DN_SYNTAX; } /* optimize out del - add operations that would end up @@ -177,7 +179,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * int ret; int i, j; - if (ldb_dn_is_special(req-op.mod.message-dn)) { + if (ldb_dn_is_special(req-op.add.message-dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } @@ -233,7 +235,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * for (j = 0; j el-num_values; j++) { ret = la_store_op(ac, LA_OP_ADD, - (char *)el-values[j].data, + el-values[j], attr_name, attr_val); if (ret != LDB_SUCCESS) { return ret; @@ -327,7 +329,7 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are /*
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4330-ge63f1b2
The branch, v3-3-test has been updated via e63f1b2905340af79768a0333c03f56633c6a682 (commit) from adbab86c4c3adb6c0750f081efe4cba242761213 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e63f1b2905340af79768a0333c03f56633c6a682 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Nov 3 23:19:29 2008 -0800 Pass the directory versions of the RAW-ACL (still not inheritance). Refactor some common code between open_file_ntcreate() and open_directory(). Jeremy. --- Summary of changes: source/smbd/open.c | 126 ++-- 1 files changed, 83 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/open.c b/source/smbd/open.c index eda88fa..967e0c5 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -1125,6 +1125,65 @@ static void schedule_defer_open(struct share_mode_lock *lck, } / + Work out what access_mask to use from what the client sent us. +/ + +static NTSTATUS calculate_access_mask(connection_struct *conn, + const char *fname, + bool file_existed, + uint32_t access_mask, + uint32_t *access_mask_out) +{ + NTSTATUS status; + + /* +* Convert GENERIC bits to specific bits. +*/ + + se_map_generic(access_mask, file_generic_mapping); + + /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ + if (access_mask MAXIMUM_ALLOWED_ACCESS) { + if (file_existed) { + struct security_descriptor *sd; + uint32_t access_granted = 0; + + status = SMB_VFS_GET_NT_ACL(conn, fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION),sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, (calculate_access_mask: Could not get acl + on file %s: %s\n, + fname, + nt_errstr(status))); + return NT_STATUS_ACCESS_DENIED; + } + + status = se_access_check(sd, conn-server_info-ptok, + access_mask, access_granted); + + TALLOC_FREE(sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, (calculate_access_mask: Access denied on + file %s: when calculating maximum access\n, + fname)); + return NT_STATUS_ACCESS_DENIED; + } + + access_mask = access_granted; + } else { + access_mask = FILE_GENERIC_ALL; + } + } + + *access_mask_out = access_mask; + return NT_STATUS_OK; +} + +/ Open a file with a share mode. / @@ -1360,47 +1419,15 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } } - /* -* Convert GENERIC bits to specific bits. -*/ - - se_map_generic(access_mask, file_generic_mapping); - - /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ - if (access_mask MAXIMUM_ALLOWED_ACCESS) { - if (file_existed) { - struct security_descriptor *sd; - uint32_t access_granted = 0; - - status = SMB_VFS_GET_NT_ACL(conn, fname, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION),sd); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, (open_file_ntcreate: Could not get acl - on file %s: %s\n, - fname, - nt_errstr(status))); - return NT_STATUS_ACCESS_DENIED; - } - - status = se_access_check(sd, conn-server_info-ptok, -
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4329-gadbab86
The branch, v3-3-test has been updated via adbab86c4c3adb6c0750f081efe4cba242761213 (commit) from 38234ec8f3665bb867641a4d7a226e4aed6cd124 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit adbab86c4c3adb6c0750f081efe4cba242761213 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Nov 3 22:42:58 2008 -0800 Pass all the non-inherited S4 RAW-ACL tests. Jeremy. --- Summary of changes: source/lib/util_seaccess.c |7 +++ source/modules/vfs_acl_xattr.c |4 source/smbd/open.c | 18 -- 3 files changed, 15 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c index d7fdc9a..fdc10f2 100644 --- a/source/lib/util_seaccess.c +++ b/source/lib/util_seaccess.c @@ -164,10 +164,17 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, /* handle the maximum allowed flag */ if (access_desired SEC_FLAG_MAXIMUM_ALLOWED) { + uint32_t orig_access_desired = access_desired; + access_desired |= access_check_max_allowed(sd, token); access_desired = ~SEC_FLAG_MAXIMUM_ALLOWED; *access_granted = access_desired; bits_remaining = access_desired ~SEC_STD_DELETE; + + DEBUG(10,(se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n, + orig_access_desired, + *access_granted, + bits_remaining)); } #if 0 diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c index 79cf464..d62d4a6 100644 --- a/source/modules/vfs_acl_xattr.c +++ b/source/modules/vfs_acl_xattr.c @@ -442,6 +442,10 @@ static int open_acl_xattr(vfs_handle_struct *handle, fsp-access_mask, access_granted); if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,(open_acl_xattr: file %s open + refused with error %s\n, + fname, + nt_errstr(status) )); errno = map_errno_from_nt_status(status); return -1; } diff --git a/source/smbd/open.c b/source/smbd/open.c index 19b6b27..eda88fa 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -1205,15 +1205,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, create_disposition, create_options, unx_mode, oplock_request)); - if ((access_mask FILE_READ_DATA)||(access_mask FILE_WRITE_DATA)) { - DEBUG(10, (open_file_ntcreate: adding FILE_READ_ATTRIBUTES - to requested access_mask 0x%x, new mask 0x%x, - access_mask, - access_mask | FILE_READ_ATTRIBUTES )); - - access_mask |= FILE_READ_ATTRIBUTES; - } - if ((req == NULL) ((oplock_request INTERNAL_OPEN_ONLY) == 0)) { DEBUG(0, (No smb request but not an internal only open!\n)); return NT_STATUS_INTERNAL_ERROR; @@ -1407,10 +1398,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } access_mask = access_granted; - /* -* According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, -*/ - access_mask |= FILE_READ_ATTRIBUTES; } else { access_mask = FILE_GENERIC_ALL; } @@ -1855,7 +1842,10 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, /* Record the options we were opened with. */ fsp-share_access = share_access; fsp-fh-private_options = create_options; - fsp-access_mask = access_mask; + /* +* According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, +*/ + fsp-access_mask = access_mask | FILE_READ_ATTRIBUTES; if (file_existed) { /* stat opens on existing files don't get oplocks. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 4f8fac1b8e1d185f732c32f20e3b7060e3835435
The branch, master has been updated via 4f8fac1b8e1d185f732c32f20e3b7060e3835435 (commit) from 31158c02568c28507a8a405328c457d144ac6829 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f8fac1b8e1d185f732c32f20e3b7060e3835435 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Nov 3 22:42:53 2008 -0800 Pass all the non-inherited S4 RAW-ACL tests. Jeremy. --- Summary of changes: source3/lib/util_seaccess.c |7 +++ source3/modules/vfs_acl_xattr.c |4 source3/smbd/open.c | 18 -- 3 files changed, 15 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index d7fdc9a..fdc10f2 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -164,10 +164,17 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, /* handle the maximum allowed flag */ if (access_desired SEC_FLAG_MAXIMUM_ALLOWED) { + uint32_t orig_access_desired = access_desired; + access_desired |= access_check_max_allowed(sd, token); access_desired = ~SEC_FLAG_MAXIMUM_ALLOWED; *access_granted = access_desired; bits_remaining = access_desired ~SEC_STD_DELETE; + + DEBUG(10,(se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n, + orig_access_desired, + *access_granted, + bits_remaining)); } #if 0 diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index e465e8f..c3b27f8 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -442,6 +442,10 @@ static int open_acl_xattr(vfs_handle_struct *handle, fsp-access_mask, access_granted); if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,(open_acl_xattr: file %s open + refused with error %s\n, + fname, + nt_errstr(status) )); errno = map_errno_from_nt_status(status); return -1; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5836c43..dde1d0d 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1206,15 +1206,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, create_disposition, create_options, unx_mode, oplock_request)); - if ((access_mask FILE_READ_DATA)||(access_mask FILE_WRITE_DATA)) { - DEBUG(10, (open_file_ntcreate: adding FILE_READ_ATTRIBUTES - to requested access_mask 0x%x, new mask 0x%x, - access_mask, - access_mask | FILE_READ_ATTRIBUTES )); - - access_mask |= FILE_READ_ATTRIBUTES; - } - if ((req == NULL) ((oplock_request INTERNAL_OPEN_ONLY) == 0)) { DEBUG(0, (No smb request but not an internal only open!\n)); return NT_STATUS_INTERNAL_ERROR; @@ -1408,10 +1399,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } access_mask = access_granted; - /* -* According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, -*/ - access_mask |= FILE_READ_ATTRIBUTES; } else { access_mask = FILE_GENERIC_ALL; } @@ -1856,7 +1843,10 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, /* Record the options we were opened with. */ fsp-share_access = share_access; fsp-fh-private_options = create_options; - fsp-access_mask = access_mask; + /* +* According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, +*/ + fsp-access_mask = access_mask | FILE_READ_ATTRIBUTES; if (file_existed) { /* stat opens on existing files don't get oplocks. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - 6a37302b55dbf0bbb88247214b444a87e23e687a
The branch, master has been updated via 6a37302b55dbf0bbb88247214b444a87e23e687a (commit) from 4f8fac1b8e1d185f732c32f20e3b7060e3835435 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6a37302b55dbf0bbb88247214b444a87e23e687a Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Nov 3 23:18:43 2008 -0800 Pass the directory versions of the RAW-ACL (still not inheritance). Refactor some common code between open_file_ntcreate() and open_directory(). Jeremy. --- Summary of changes: source3/smbd/open.c | 126 +- 1 files changed, 83 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index dde1d0d..b134e8f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1126,6 +1126,65 @@ static void schedule_defer_open(struct share_mode_lock *lck, } / + Work out what access_mask to use from what the client sent us. +/ + +static NTSTATUS calculate_access_mask(connection_struct *conn, + const char *fname, + bool file_existed, + uint32_t access_mask, + uint32_t *access_mask_out) +{ + NTSTATUS status; + + /* +* Convert GENERIC bits to specific bits. +*/ + + se_map_generic(access_mask, file_generic_mapping); + + /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ + if (access_mask MAXIMUM_ALLOWED_ACCESS) { + if (file_existed) { + struct security_descriptor *sd; + uint32_t access_granted = 0; + + status = SMB_VFS_GET_NT_ACL(conn, fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION),sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, (calculate_access_mask: Could not get acl + on file %s: %s\n, + fname, + nt_errstr(status))); + return NT_STATUS_ACCESS_DENIED; + } + + status = se_access_check(sd, conn-server_info-ptok, + access_mask, access_granted); + + TALLOC_FREE(sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, (calculate_access_mask: Access denied on + file %s: when calculating maximum access\n, + fname)); + return NT_STATUS_ACCESS_DENIED; + } + + access_mask = access_granted; + } else { + access_mask = FILE_GENERIC_ALL; + } + } + + *access_mask_out = access_mask; + return NT_STATUS_OK; +} + +/ Open a file with a share mode. / @@ -1361,47 +1420,15 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } } - /* -* Convert GENERIC bits to specific bits. -*/ - - se_map_generic(access_mask, file_generic_mapping); - - /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ - if (access_mask MAXIMUM_ALLOWED_ACCESS) { - if (file_existed) { - struct security_descriptor *sd; - uint32_t access_granted = 0; - - status = SMB_VFS_GET_NT_ACL(conn, fname, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION),sd); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, (open_file_ntcreate: Could not get acl - on file %s: %s\n, - fname, - nt_errstr(status))); - return NT_STATUS_ACCESS_DENIED; - } - - status = se_access_check(sd, conn-server_info-ptok, -
[SCM] Samba Shared Repository - branch master updated - d98e48c7cb5a5f2765afa874f09ec3e6cf4dd7a5
The branch, master has been updated via d98e48c7cb5a5f2765afa874f09ec3e6cf4dd7a5 (commit) from 6a37302b55dbf0bbb88247214b444a87e23e687a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d98e48c7cb5a5f2765afa874f09ec3e6cf4dd7a5 Author: Jeremy Allison [EMAIL PROTECTED] Date: Mon Nov 3 23:54:05 2008 -0800 Be more verbose about a directory ACL error. Jeremy. --- Summary of changes: source4/torture/raw/acls.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index a07da8a..2a67bd9 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -1181,6 +1181,11 @@ static bool test_owner_bits(struct torture_context *tctx, CHECK_ACCESS_FLAGS(io.ntcreatex.out.file.fnum, bit | SEC_FILE_READ_ATTRIBUTE); smbcli_close(cli-tree, io.ntcreatex.out.file.fnum); } else { + if (NT_STATUS_IS_OK(status)) { + printf(open succeeded with access mask 0x%08x of + expected 0x%08x - should fail\n, + bit, expected_bits); + } CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); } } -- Samba Shared Repository