Re: [Samba] two rules for [homes]?
Hallo, Todd, Du meintest am 14.07.09: You could get creative with includes and make something unique about the two groups of people. [...] I am not finding anything in man smb.conf for includes. What do you mean? include = /path/to/include1.txt include = /path/to/u%-special.txt as examples. And if that special file doesn't exist samba doesn't mourn. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can not read file permissions via samba over gpfs
Hi, I am using samba samba3-3.3.4-39, with ctdb ctdb-1.0-69.x86_64, gpfs gpfs-3.2.1 on centos 5.3 x86_64. My problem is that from samba share I can't read file permissions and file ownership, although I'm in domain admins group, which has full permissions(rwx) via inherited acl (not user or group ownership). If I'm in a group that owns the file, I can read the permissions, all permissions for other users are none. Example: #owner:kavin #group:prod user::rwxc group:: other:: mask::rwxc group:media:rwx- group:editors:r-x- group:prod:rwx- group:domain admins:rwx- In this example, I can't see the file owner or permissions, if I add myself to prod group, I could. My question is, why can't I see those file permissions although I'm in domain admins group that has full permissions? With nfs client everything works file. I'm using nfsv3 only. I'm attaching samba configuration files. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.2.8 and the sticky Bit
Hello, I've just tested a share configuration like the following and it did not work as I've expected it. Maybe someone can explain me what I'm doing wrong. [Marktplatz] path = /marktplatz msdfs root = no writeable = yes browseable = yes public = no dos filemode = no hide unreadable = no create mode = 0644 directory mode = 1777 force create mode = 0644 force directory mode = 1777 security mask = 0777 directory security mask = 0777 force security mode = 0 force directory security mode = 0 locking = 1 blocking locks = 1 strict locking = 0 oplocks = 1 level2 oplocks = 1 fake oplocks = 0 csc policy = manual nt acl support = 1 inherit acls = 0 inherit owner = no inherit permissions = no admin users = @admins After creating the share I've set the sticky bit on the diretory /marktplatz. The expected result is, that everyone can create files, but just the owner of a file can delete it. This works as long as no user creates her own subdirectory. In that case the owner of the subdirectory can also delete files that does not belong to her. E.g.: drwxrwxrwt 7 root Guests 77 Jul 13 15:26 /marktplatz drwxrwxrwt 2 b Users 38 Jul 15 08:03 /marktplatz/alexandra -rw-r--r-- 1 b Users0 Jul 15 07:08 /marktplatz/alexandra/b.txt -rw-r--r-- 1 a Users0 Jul 15 08:03 /marktplatz/alexandra/a.txt In this case user b can delete file a.txt while user a can not delete b.txt. If I change the owner of the directory /marktplatz/alexandra to root, user a und b can just delete their own file. If I access the directory via linux the owner of the directory is not important, the sticky bit works as expect. Does anyone have an idea? best regards Andreas -- Andreas Büsching Open Source Software Engineer Univention GmbH Linux for your business Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 Fax : +49 421 22232-99 buesch...@univention.de http://www.univention.de Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ftp.samba.org still have old version
On Wed, Jul 15, 2009 at 10:18:25AM +0900, OPC oota wrote: ftp://ftp.samba.org (and rsync) have version 3.3.5 and not appear 3.3.6 and 3.4.0. it still old. Why? Forgotten? Dunno. Sorry for that and thanks for the hint, it's fixed now. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on RHEL issue
From: Shuaib Ilyas (shilyas) shil...@cisco.com [r...@usps-dc1-pc12 samba]# tail smbd.log bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use If you stop all the samba daemons, is there something listening on port 445...? JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
I'm adding the samba configuration file content, I think the attached file wasn't not sent :-(, sorry... [global] netbios name = atlas disable netbios = yes server string = ATLAS Storage Device(Linux-GPFS) realm = DOMAIN.COM workgroup = DOMAIN security = ADS password server = domainad encrypt passwords = yes hosts allow = 192.168.44.0/255.255.252.0 127. hosts deny = 0.0.0.0/0.0.0.0 guest account = nobody log file = /var/log/samba/samba.log unix charset = UTF8 username map = /etc/samba/user.map deadtime = 15 client schannel = no wins server = domainad printcap name = /dev/null load printers = no dns proxy = no obey pam restrictions = yes pam password change = yes winbind separator = / winbind use default domain = yes idmap backend = tdb2 idmap uid = 1-9 idmap gid = 1-9 idmap config DOMAIN : backend = ad idmap config DOMAIN : range = 1- clustering = yes #private dir = /gpfs/clusterprivdir/smb fileid:mapping = fsname vfs objects = gpfs fileid gpfs:sharemodes = No winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind nss info = sfu template shell = /bin/false valid users = @DOMAIN/Domain Users admin users = DOMAIN/administrator #== [public] path = /gpfs/filesets/public comment = Public browseable = yes writable = yes dos filemode = yes force create mode = 0775 create mask = 0775 security mask = 0775 directory security mask = 0775 force directory mode = 0775 admin users = DOAMIN/administrator administrator Administrator map acl inherit = yes David On Wed, Jul 15, 2009 at 10:00 AM, David david.p...@gmail.com wrote: Hi, I am using samba samba3-3.3.4-39, with ctdb ctdb-1.0-69.x86_64, gpfs gpfs-3.2.1 on centos 5.3 x86_64. My problem is that from samba share I can't read file permissions and file ownership, although I'm in domain admins group, which has full permissions(rwx) via inherited acl (not user or group ownership). If I'm in a group that owns the file, I can read the permissions, all permissions for other users are none. Example: #owner:kavin #group:prod user::rwxc group:: other:: mask::rwxc group:media:rwx- group:editors:r-x- group:prod:rwx- group:domain admins:rwx- In this example, I can't see the file owner or permissions, if I add myself to prod group, I could. My question is, why can't I see those file permissions although I'm in domain admins group that has full permissions? With nfs client everything works file. I'm using nfsv3 only. I'm attaching samba configuration files. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 11:48:27AM +0300, David wrote: I'm adding the samba configuration file content, I think the attached file wasn't not sent :-(, sorry... The GPFS module was mainly tested with NFSv4 ACLs. Not sure it works with posix acls at all... Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
Thanks, so the gpfs module in the vfs object option can safely removed? I suspected that, cause on other samba servers I don't such behavior and I couldn't find any docs about that. David On Wed, Jul 15, 2009 at 11:53 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Wed, Jul 15, 2009 at 11:48:27AM +0300, David wrote: I'm adding the samba configuration file content, I think the attached file wasn't not sent :-(, sorry... The GPFS module was mainly tested with NFSv4 ACLs. Not sure it works with posix acls at all... Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdmPQACgkQbsgDfmnSbrbTrgCeKI10t2qv/Qa1GXgUZRmRYuO7 nGsAn1iis9zrIWRWrJVxZbPm7KO8u7NK =nZqF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Security Policy.
Hello everyone, I'm actually sharing using samba three folders with some important content inside of it. I would like to know if it's possible to log every file read, write, delete, etc. I've been looking on the web and found that SELinux maybe is the answer, I've already installed everything but I have no clue on how to work with this. Does anybody alreay have experience with this ? Thanks a lot, A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
On Wed, Jul 15, 2009 at 11:51:52AM +0200, Agustin Eguia wrote: I'm actually sharing using samba three folders with some important content inside of it. I would like to know if it's possible to log every file read, write, delete, etc. I've been looking on the web and found that SELinux maybe is the answer, I've already installed everything but I have no clue on how to work with this. Does anybody alreay have experience with this ? Look at the full_audit VFS module. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmap problem
Hi, I configured a SaMBa PDC and a BDC with a master and a slave OpenLDAP. I set up TLS, because I wanted secure syncrepl. Slapd runs with -h ldap:// 127.0.0.1/ ldaps.///. I successfully joined an XP client to the servers' domain, I see shares (but I havent logged in as a domain user, because I have to create a default profile first). My problem is in the log.winbindd-idmap log file: [2009/07/15 09:24:23, 1] winbindd/idmap.c:idmap_init(385) Initializing idmap domains [2009/07/15 09:24:23, 0] winbindd/idmap.c:idmap_init(396) idmap_init: Ignoring domain MYDOMAIN [2009/07/15 09:24:23, 0] winbindd/idmap.c:idmap_init(549) ERROR: Could not get methods for backend ldapsam [2009/07/15 09:24:23, 0] winbindd/idmap.c:idmap_init(801) Aborting IDMAP Initialization ... smb.conf: netbios name = SRV3 dos charset = CP852 unix charset = UTF8 workgroup = MYDOMAIN interfaces = 127.0.0.0/8, eth0 bind interfaces only = Yes passdb backend = ldapsam:ldap://127.0.0.1:389; passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /etc/samba/username.map unix password sync = Yes log level = 1 idmap:10 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 139 name resolve order = wins host bcast time server = Yes . . . domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = cn=adm,dc=mydomain,dc=site ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=site ldap user suffix = ou=People eventlog list = Security, Application, Syslog usershare max shares = 0 usershare path = /home/samba/usershares panic action = /usr/share/samba/panic-action %d idmap backend = ldapsam:ldap://127.0.0.1:389 idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes veto oplock files = /*.pdf/*.pst/ /etc/ldap/ldap.conf: host 127.0.0.1 base dc=mydomain,dc=site logdir /var/lib/ldap/log TLS_REQCERT hard TLS_CACERT /etc/ssl/certs/cacert.pem slapd.conf: ### # Global Directives: # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include/etc/ldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args loglevelconns stats filter idletimeout30 modulepath/usr/lib/ldap moduleloadback_hdb moduleloadsyncprov sizelimit unlimited tool-threads 1 TLSCertificateFile /etc/ssl/certs/srv3cert.pem TLSCertificateKeyFile /etc/ssl/private/srv3key.pem TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSVerifyClient never ### # Specific Backend Directives for hdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backendhdb databasehdb suffixdc=mydomain,dc=site rootdn cn=adm,dc=mydomain,dc=site rootpw {SSHA}... directory /var/lib/ldap dbconfig set_cachesize 0 1 1 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 524288 dbconfig set_lg_dir /var/lib/ldap/log dbconfig set_flags DB_LOG_AUTOREMOVE index objectClasseq index cnpres,sub,eq index snpres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub index sambaSIDList eq index sambaGroupTypeeq index entryCSN,entryUUID eq lastmod on checkpoint 512 30 access to * by dn.exact=cn=replicator,dc=mydomain,dc=site tls_ssf=128 read by * break access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdCanChange by dn=cn=admin,dc=mydomain,dc=site write by dn=cn=replicator,dc=mydomain,dc=site read by anonymous auth by self write by * none access to dn.base= by * read access to * by dn=cn=admin,dc=mydomain,dc=site write by dn=cn=replicator,dc=mydomain,dc=site read by self write by * read overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 libnss-ldap.conf: host 127.0.0.1 base dc=mydomain,dc=site timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 nss_base_passwd
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 11:57:45AM +0300, David wrote: Thanks, so the gpfs module in the vfs object option can safely removed? I suspected that, cause on other samba servers I don't such behavior and I couldn't find any docs about that. Well, you won't see acls then either, because gpfs requires special API calls for them. You will see the posix permissions mapped correctly (probably...) Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
So how can I resolve this issue? How come I can't see this behavior on non gpfs shares? The only thing I can think off is to: changes gpfs filesystem authorization to nfsv4 or all(posix and nfsv4), and change samba configuration according. I don't have any nfsv4 clients, only Linux, MacOsx and windows XP which are nfsv3 and smb. David On Wed, Jul 15, 2009 at 1:23 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Jul 15, 2009 at 11:57:45AM +0300, David wrote: Thanks, so the gpfs module in the vfs object option can safely removed? I suspected that, cause on other samba servers I don't such behavior and I couldn't find any docs about that. Well, you won't see acls then either, because gpfs requires special API calls for them. You will see the posix permissions mapped correctly (probably...) Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdrjoACgkQbsgDfmnSbrYkOACdH8BEeNKJRuOJopyNIP+Mt/Wa U0QAn0llxhWWZ74KjhuXbYg1wKL/3lve =geWF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 02:01:43PM +0300, David wrote: So how can I resolve this issue? Add code to the gpfs module to also deal properly with posix acls :-) How come I can't see this behavior on non gpfs shares? Because other file systems don't need the special API calls to get/set acls. The only thing I can think off is to: changes gpfs filesystem authorization to nfsv4 or all(posix and nfsv4), and change samba configuration according. I don't have any nfsv4 clients, only Linux, MacOsx and windows XP which are nfsv3 and smb. Yes, NFSv4 acls would be one way to go. This is completely independent of whether you actually use NFSv4 as a protocol, those ACLs are a file system thing and not primarily a protocol thing. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
Hi Volker, Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... David On Wed, Jul 15, 2009 at 2:10 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Jul 15, 2009 at 02:01:43PM +0300, David wrote: So how can I resolve this issue? Add code to the gpfs module to also deal properly with posix acls :-) How come I can't see this behavior on non gpfs shares? Because other file systems don't need the special API calls to get/set acls. The only thing I can think off is to: changes gpfs filesystem authorization to nfsv4 or all(posix and nfsv4), and change samba configuration according. I don't have any nfsv4 clients, only Linux, MacOsx and windows XP which are nfsv3 and smb. Yes, NFSv4 acls would be one way to go. This is completely independent of whether you actually use NFSv4 as a protocol, those ACLs are a file system thing and not primarily a protocol thing. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpduTEACgkQbsgDfmnSbrYhSwCcCnbkwrIoLF6hqbKk6942AkfP L5YAoIqKDhUC/MZBi4+84C2pos09ILly =Usdh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 02:37:09PM +0300, David wrote: Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... I never used GPFS with posix ACLs, and I *thought* from the mere existence of the special ACL API in gpfs.h that these calls are required. If it works fine now, perfect. Sorry for the noise, just ignore me. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
So if you don't see any problems with this solution, I'll give it a try on the first chance that I have and update. Thanks for help and prompt replies! David On Wed, Jul 15, 2009 at 2:47 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Jul 15, 2009 at 02:37:09PM +0300, David wrote: Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... I never used GPFS with posix ACLs, and I *thought* from the mere existence of the special ACL API in gpfs.h that these calls are required. If it works fine now, perfect. Sorry for the noise, just ignore me. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdwe4ACgkQbsgDfmnSbrb4jwCggx7+RqxCcQjBk9ZWpjLBHdlD +wgAnj8Xg6yZdBvXAo4tbWs6bcHZK6Ol =wKTS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
Hello Volker, Can you be more explicit about this module ? I searched the net but found only confusing things about it. Can it log every file, folder read/write access on the share ? This is mostly for security purposes. I found that this is a samba module, but how do I use it, set it up, etc. Thanks, A. Le 15-juil.-09 à 11:57, Volker Lendecke a écrit : On Wed, Jul 15, 2009 at 11:51:52AM +0200, Agustin Eguia wrote: I'm actually sharing using samba three folders with some important content inside of it. I would like to know if it's possible to log every file read, write, delete, etc. I've been looking on the web and found that SELinux maybe is the answer, I've already installed everything but I have no clue on how to work with this. Does anybody alreay have experience with this ? Look at the full_audit VFS module. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote: Can you be more explicit about this module ? I searched the net but found only confusing things about it. Can it log every file, folder read/write access on the share ? This is mostly for security purposes. I found that this is a samba module, but how do I use it, set it up, etc. Yes, it can log every file operation that Samba ever does. man vfs_full_audit contains an example of its use. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
Already did that, What I don't get is where do I enable the module, is it in smb.conf ? I suppose it will run with the smbd daemon, and that I can define wich share will be logged... but I really don't know where to configure this. Thanks, A. Le 15-juil.-09 à 14:33, Volker Lendecke a écrit : On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote: Can you be more explicit about this module ? I searched the net but found only confusing things about it. Can it log every file, folder read/write access on the share ? This is mostly for security purposes. I found that this is a samba module, but how do I use it, set it up, etc. Yes, it can log every file operation that Samba ever does. man vfs_full_audit contains an example of its use. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba + ADS - Filepermissions home directories
I configured winbind, samba and pam.d to authenticate via our Windows Active Directory Server. Everything works fine, I can log on to the system using my Windows Account credentials, I am also able to access the samba home share, but I have no write permissions there. What I don't get is: When I give read-write-access to everybody (chmod 777 /home/%USER%), I am able to create and delete files. If I than create a new file (via the network share), the file is created by the owner of /home/%USER%. But If the system identifies myself as the owner, why was I not able to create the file before changig the file permissions? /etc/samba/smb.conf [global] workgroup = WORKGROUP realm = INT.WORKGROUP.COM server string = %h security = ADS winbind separator = + winbind cache time = 10 password server = 192.168.1.1 encrypt passwords = yes client use spnego = yes idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash template homedir = /home/%U winbind use default domain = yes winbind enum users = yes winbind enum groups = yes [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = WORKGROUP+%S after chmod 777: debian:/home/USER# ls -la -rwx-- 1 USER domain-user0 15. Jul 16:45 test -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Policy.
On Wed, Jul 15, 2009 at 8:38 AM, Agustin Eguia agustin.eg...@gmail.comwrote: Already did that, What I don't get is where do I enable the module, is it in smb.conf ? I suppose it will run with the smbd daemon, and that I can define wich share will be logged... but I really don't know where to configure this. Thanks, A. Le 15-juil.-09 à 14:33, Volker Lendecke a écrit : On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote: Can you be more explicit about this module ? I searched the net but found only confusing things about it. Can it log every file, folder read/write access on the share ? This is mostly for security purposes. I found that this is a samba module, but how do I use it, set it up, etc. Yes, it can log every file operation that Samba ever does. man vfs_full_audit contains an example of its use. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Yes. Its on smb.conf and part of samba already. You dont need to enable anything. Use smb.conf directive vfs objects = . [records] path = /data/records vfs objects = full_audit full_audit:prefix = %u|%I full_audit:success = open opendir full_audit:failure = all full_audit:facility = LOCAL7 full_audit:priority = ALERT If you have any questions, please RTFM again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] require a getent passwd for winbind to work first time
Hello, This may not be a problem but just want to check on something. I think I have a working config. I joined a domain successfully. However, after configuring ssh to use winbind, it does not work until I do a 'getent passwd'. It fails with this: Jul 15 14:53:46 omadvnfs01b sshd[25072]: Invalid user DOMAIN+user from 192.168.101.70 Jul 15 14:53:46 omadvnfs01b sshd[25073]: input_userauth_request: invalid user DOMAIN+user Is it just a timing issue? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + ADS - Filepermissions home directories
Mona Meyer wrote: I configured winbind, samba and pam.d to authenticate via our Windows Active Directory Server. Everything works fine, I can log on to the system using my Windows Account credentials, I am also able to access the samba home share, but I have no write permissions there. What I don't get is: When I give read-write-access to everybody (chmod 777 /home/%USER%), I am able to create and delete files. If I than create a new file (via the network share), the file is created by the owner of /home/%USER%. But If the system identifies myself as the owner, why was I not able to create the file before changig the file permissions? When I first setup our file server I remember running into something like that, I fixed it by writing a preexex script to set the permissions correctly. If you are interested I would be happy to send you our script. -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Configuring Samba to use MIT Kerberos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have found bits and pieces of howto's for configuring Windows XP clients to do Kerberos authentication but I have been unable to find anything regarding how to enable Samba to use Kerberos. Has anyone enabled Samba to use Kerberos and if so how the smb.conf file needs to be configured to support this? Thanks. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpeTWwACgkQ5B+8XEnAvqvB3gCgiE2COIyDofpnXoOq1E6tUBHP SF4An0Po8uszbX5C+uSaMNzSeNRHonNs =95kg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Tue, Jul 14, 2009 at 04:09:18PM +0200, Rene wrote: Hi there, got the same problem on a Samba 3.3.1 installation. winbindd log is filling up faster than logrotate is able to clean it, and my machine finally ends up with a full partition. Searched the Web now half the day and found that it should be solved in 3.2.8. Is there any other known Issue how this behavior can occur? No, this should be fixed in the latest 3.3.x (and 3.2.8 and above). Can you try upgrading to 3.3.6 (latest 3.3.x release) or 3.4.0 and let us know if the problem happens again please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can I embed shares?
Hi All, Can I share all three of these (two are embedded)? /data /data/a /data/b Or do I need to break up up as singles? Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can I embed shares?
Can I share all three of these (two are embedded)? /data /data/a /data/b Or do I need to break up up as singles? Of course you can! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can I embed shares?
On Wed, Jul 15, 2009 at 6:33 PM, Miguel Medalha miguelmeda...@sapo.ptwrote: Can I share all three of these (two are embedded)? /data /data/a /data/b Or do I need to break up up as singles? Of course you can! Thank you! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ftp.samba.org still have old version
On Wed, Jul 15, 2009 at 10:31:39AM +0200, Volker Lendecke wrote: Forgotten? Dunno. Sorry for that and thanks for the hint, it's fixed now. not finished completely yet? samba-3.0.35,samba-3.2.13 is newest but found samba-3.0.34 and samba-3.2.12 -- ftp ls 229 Entering Extended Passive Mode (|||46272|) 150 Here comes the directory listing. drwxrwsr-x 12 592 592 4096 Nov 16 2006 Binary_Packages -rw-r--r--1 592 608 17982 May 04 1996 COPYING -rw-r--r--1 592 608 640 Jul 24 2002 DOWNLOADING drwxr-sr-x2 540 608 4096 Feb 25 2005 HOWTO -rw-r--r--1 592 608 0 May 09 2004 LATEST-IS-SAMBA-3-3-5 -rwxr-xr-x1 592 60868 Oct 21 2000 MIRRORS.txt -rw-r--r--1 603 608 5997 Dec 29 2003 README -rw-r--r--1 592 608 255 May 09 2004 README-BZIP2 -rw-r--r--1 592 0 380 Jul 24 2002 README.FTP drwxr-xr-x2 592 608 4096 Aug 19 1997 SMB-info -rw-r--r--1 592 0 964 Apr 30 2003 Samba_CA.crt -rw-r--r--1 592 0 189 Jun 11 2007 Samba_CA.crt.asc -rw-r--r--1 592 592 723 Nov 14 2005 UNOFFICIAL_MIRROR.txt drwxrwxr-x3 595 608 12288 Dec 10 2008 cifs-cvs drwxrwxr-x2 592 608 4096 Jul 04 2001 contributed drwxrwxr-x2 592 608 4096 Aug 17 2007 docs drwxr-sr-x2 592 608 4096 Jan 18 2007 expired-gpg-keys drwxr-xr-x2 592 608 4096 Jan 15 2000 logos drwxr-xr-x2 592 592 12288 Jul 03 12:20 old-versions drwxr-xr-x2 592 608 4096 Sep 11 2000 pam_ntdom drwxrwxr-x6 592 608 4096 Sep 06 2003 pam_smb drwxrwsr-x3 592 592 16384 Jul 03 12:27 patches drwxrwsr-x3 592 608 4096 May 14 2007 people drwxrwsr-x2 592 592 4096 Jun 19 11:14 pre drwxr-xr-x2 592 608 4096 Nov 01 2000 pwdump drwxrwsr-x2 592 592 4096 Jun 19 11:14 rc lrwxrwxrwx1 592 60827 Jan 20 07:43 samba-3.0.34.tar.asc - stable/samba-3.0.34.tar.asc lrwxrwxrwx1 592 60826 Jan 20 07:43 samba-3.0.34.tar.gz - stable/samba-3.0.34.tar.gz lrwxrwxrwx1 592 60827 Jun 16 10:38 samba-3.2.12.tar.asc - stable/samba-3.2.12.tar.asc lrwxrwxrwx1 592 60826 Jun 16 10:38 samba-3.2.12.tar.gz - stable/samba-3.2.12.tar.gz lrwxrwxrwx1 060826 Jul 15 08:27 samba-3.3.6.tar.asc - stable/samba-3.3.6.tar.asc lrwxrwxrwx1 060825 Jul 15 08:26 samba-3.3.6.tar.gz - stable/samba-3.3.6.tar.gz lrwxrwxrwx1 060826 Jul 15 08:27 samba-3.4.0.tar.asc - stable/samba-3.4.0.tar.asc lrwxrwxrwx1 060825 Jul 15 08:27 samba-3.4.0.tar.gz - stable/samba-3.4.0.tar.gz lrwxrwxrwx1 060826 Jul 15 08:27 samba-latest.tar.asc - stable/samba-3.4.0.tar.asc lrwxrwxrwx1 060825 Jul 15 08:27 samba-latest.tar.gz - stable/samba-3.4.0.tar.gz -- 太田 俊哉@NEC OSS開本 OSS推進センター (芝.港.東京) (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TYPO manpages: ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename, lbdsearch
This man page is correct for version 4.0 of the Samba suite. --- 3.4 (or 3.x)? -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Computers Software Operations Unit Shiba,Minato,Tokyo Open Source Software Platform Development Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Jul 15 06:00:01 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-07-14 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-07-15 00:00:02.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Tue Jul 14 06:00:01 2009 +Build status as of Wed Jul 15 06:00:01 2009 Build counts: Tree Total Broken Panic @@ -14,9 +14,9 @@ samba-docs 0 0 0 samba-web0 0 0 samba_3_current 30 16 0 -samba_3_master 32 26 5 +samba_3_master 32 30 5 samba_3_next 32 29 1 -samba_4_0_test 32 29 10 +samba_4_0_test 32 29 11 talloc 33 33 0 tdb 31 31 0
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-349-g5334b79
Hi Steven, - Log - commit 5334b79142e32c39c56cea2e9c0d5b08e2f217ca Author: Aravind aravind.sriniva...@isilon.com Date: Tue Jul 7 07:11:56 2009 -0700 torture/smb2: Adding SMB2 Directory enumeration torture tests. Is there anyone working on the server side of this? metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-353-g8cb4483
The branch, master has been updated via 8cb44830e0356804e21d9973382e0070f20b15be (commit) from 5927ca7067a0ead65c00042a62545b0d940f2b2a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8cb44830e0356804e21d9973382e0070f20b15be Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 10:49:41 2009 +0200 torture/smb2: fix crash bugs in the new SMB2-DIR tests metze --- Summary of changes: source4/torture/smb2/dir.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/smb2/dir.c b/source4/torture/smb2/dir.c index 79672ef..e090c31 100644 --- a/source4/torture/smb2/dir.c +++ b/source4/torture/smb2/dir.c @@ -1083,7 +1083,7 @@ done: static bool test_file_index(struct torture_context *tctx, struct smb2_tree *tree) { - TALLOC_CTX *mem_ctx = talloc_new(mem_ctx); + TALLOC_CTX *mem_ctx = talloc_new(tctx); const int num_files = 100; int resume_index = 4; int i; @@ -1201,7 +1201,7 @@ done: static bool test_large_files(struct torture_context *tctx, struct smb2_tree *tree) { - TALLOC_CTX *mem_ctx = talloc_new(mem_ctx); + TALLOC_CTX *mem_ctx = talloc_new(tctx); const int num_files = 2000; int i, j = 1, retry_count = 0; struct file_elem files[2000] = {}; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-362-g76705d1
The branch, master has been updated via 76705d10c626a66cc77f3ec294f4f98bef95aeb5 (commit) via 3d7dfc1197017c34bdb8dbc6e62460f19bd7d141 (commit) via 8a17cd810fa6cbe7b11139ff0f6f24e7bacd318b (commit) via ed87594e5fd3251f9cb3beaca06c8eee1dcd4ed2 (commit) via 3edcd55bf140d09833284ba5a0f04f86b04ef7dc (commit) via d936d1bd84e130aaff1de64cb1ecbd1f936dd9c4 (commit) via e5a34b2533720ebb9181c0edebad6774ceeff189 (commit) via 3e965d017d243f0a99e7838e6c92c37df270486c (commit) via 565046891f9f7725b5d93eefbc3be5b9c62176fd (commit) from 8cb44830e0356804e21d9973382e0070f20b15be (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 76705d10c626a66cc77f3ec294f4f98bef95aeb5 Author: Volker Lendecke v...@samba.org Date: Tue Jul 14 18:31:28 2009 +0200 Consolidate gencache also every 100 writes in a single process commit 3d7dfc1197017c34bdb8dbc6e62460f19bd7d141 Author: Volker Lendecke v...@samba.org Date: Tue Jul 14 11:33:04 2009 +0200 Consolidate string and data_blob routines in gencache commit 8a17cd810fa6cbe7b11139ff0f6f24e7bacd318b Author: Volker Lendecke v...@samba.org Date: Mon Jul 13 17:04:29 2009 +0200 Make gencache more stable This provides a compromise between stability and performance: gencache is a persistent database these days that for performance reasons can not use tdb transactions for all writes. This patch splits up gencache into gencache.tdb and gencache_notrans.tdb. gencache_notrans is used with CLEAR_IF_FIRST, writes to it don't use transactions. By default every 5 minutes and when a program exits, all entries from _notrans.tdb are transferred to gencache.tdb in one transaction. commit ed87594e5fd3251f9cb3beaca06c8eee1dcd4ed2 Author: Volker Lendecke v...@samba.org Date: Mon Jul 13 17:03:52 2009 +0200 Add tdb_data_cmp commit 3edcd55bf140d09833284ba5a0f04f86b04ef7dc Author: Volker Lendecke v...@samba.org Date: Fri Jul 10 12:24:56 2009 +0200 Remove gencache_init/shutdown gencache_get/set/del/iterate call gencache_init() internally anyway. And we've been very lazy calling gencache_shutdown, so this seems not really required. commit d936d1bd84e130aaff1de64cb1ecbd1f936dd9c4 Author: Volker Lendecke v...@samba.org Date: Fri Jul 10 12:12:30 2009 +0200 Fix some nonempty blank lines commit e5a34b2533720ebb9181c0edebad6774ceeff189 Author: Volker Lendecke v...@samba.org Date: Fri Jul 10 12:03:35 2009 +0200 Remove gencache_[un]lock_key commit 3e965d017d243f0a99e7838e6c92c37df270486c Author: Volker Lendecke v...@samba.org Date: Fri Jul 10 11:00:24 2009 +0200 TDB_CONTEXT - struct tdb_context commit 565046891f9f7725b5d93eefbc3be5b9c62176fd Author: Volker Lendecke v...@samba.org Date: Fri Jul 10 10:54:33 2009 +0200 Replace ASSERTs in gencache with return false It's a bit strong to panic here I think. --- Summary of changes: source3/include/proto.h |8 +- source3/include/util_tdb.h |2 + source3/lib/gencache.c | 529 +-- source3/lib/netapi/netapi.c |1 - source3/lib/util_tdb.c | 19 ++ source3/libads/dns.c|8 - source3/libsmb/dsgetdcname.c| 33 +-- source3/libsmb/libsmb_context.c |1 - source3/libsmb/namecache.c | 34 --- source3/libsmb/namequery.c | 12 - source3/libsmb/trustdom_cache.c | 67 ++ source3/nmbd/nmbd.c |2 + source3/smbd/server.c |1 + source3/torture/torture.c | 16 -- source3/utils/net.c |2 + source3/utils/net_cache.c | 27 ++- source3/winbindd/winbindd.c |2 + 17 files changed, 415 insertions(+), 349 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 0dd1e98..df78155 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -515,17 +515,15 @@ void pull_file_id_24(char *buf, struct file_id *id); /* The following definitions come from lib/gencache.c */ -bool gencache_init(void); -bool gencache_shutdown(void); bool gencache_set(const char *keystr, const char *value, time_t timeout); bool gencache_del(const char *keystr); bool gencache_get(const char *keystr, char **valstr, time_t *timeout); -bool gencache_get_data_blob(const char *keystr, DATA_BLOB *blob, bool *expired); +bool gencache_get_data_blob(const char *keystr, DATA_BLOB *blob, + time_t *timeout); +bool gencache_stabilize(void); bool gencache_set_data_blob(const char *keystr, const DATA_BLOB *blob, time_t timeout); void gencache_iterate(void (*fn)(const char* key, const char *value, time_t timeout, void* dptr), void* data, const char* keystr_pattern);
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-365-gd3be108
The branch, master has been updated via d3be108637f1ae5d2a07a87c700f42b8c26df6a0 (commit) via da737f2447c925726fb944fc08683ffaf6cf8a63 (commit) via af3444e6117de7d24bc2e3b61436f2804bfa1e4e (commit) from 76705d10c626a66cc77f3ec294f4f98bef95aeb5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d3be108637f1ae5d2a07a87c700f42b8c26df6a0 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 14 13:32:23 2009 +0200 SMB2-GETINFO: test SMB2_ALL_EAS metze commit da737f2447c925726fb944fc08683ffaf6cf8a63 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 12:25:40 2009 +0200 s4:libcli/smb2: add smb2_transport_credits_set_charge() to change the CreditsCharge value for the next request metze commit af3444e6117de7d24bc2e3b61436f2804bfa1e4e Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 8 10:09:54 2009 +0200 SMB2-CONNECT: unlink the test file at startup This is needed to get reproducable results... metze --- Summary of changes: source4/libcli/smb2/request.c | 10 ++ source4/libcli/smb2/smb2.h |1 + source4/libcli/smb2/transport.c |7 +++ source4/torture/smb2/connect.c |2 ++ source4/torture/smb2/getinfo.c |4 ++-- 5 files changed, 18 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index f3684ed..5d09a50 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -78,9 +78,11 @@ struct smb2_request *smb2_request_init(struct smb2_transport *transport, uint16_ req = talloc(transport, struct smb2_request); if (req == NULL) return NULL; - seqnum = transport-seqnum++; - if (seqnum == UINT64_MAX) { - seqnum = transport-seqnum++; + seqnum = transport-seqnum; + if (transport-credits.charge 0) { + transport-seqnum += transport-credits.charge; + } else { + transport-seqnum += 1; } req-state = SMB2_REQUEST_INIT; @@ -131,7 +133,7 @@ struct smb2_request *smb2_request_init(struct smb2_transport *transport, uint16_ SIVAL(req-out.hdr, 0, SMB2_MAGIC); SSVAL(req-out.hdr, SMB2_HDR_LENGTH,SMB2_HDR_BODY); - SSVAL(req-out.hdr, SMB2_HDR_EPOCH, 0); + SSVAL(req-out.hdr, SMB2_HDR_EPOCH, transport-credits.charge); SIVAL(req-out.hdr, SMB2_HDR_STATUS,0); SSVAL(req-out.hdr, SMB2_HDR_OPCODE,opcode); SSVAL(req-out.hdr, SMB2_HDR_CREDIT, transport-credits.ask_num); diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index eb23198..6372cd8 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -87,6 +87,7 @@ struct smb2_transport { } compound; struct { + uint16_t charge; uint16_t ask_num; } credits; diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index 6052237..dffd1ac 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -84,6 +84,7 @@ struct smb2_transport *smb2_transport_init(struct smbcli_socket *sock, transport-socket = talloc_steal(transport, sock); transport-options = *options; + transport-credits.charge = 0; transport-credits.ask_num = 1; /* setup the stream - packet parser */ @@ -552,6 +553,12 @@ void smb2_transport_credits_ask_num(struct smb2_transport *transport, transport-credits.ask_num = ask_num; } +void smb2_transport_credits_set_charge(struct smb2_transport *transport, + uint16_t charge) +{ + transport-credits.charge = charge; +} + static void idle_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *private_data) { diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c index bd1abce..fd32b52 100644 --- a/source4/torture/smb2/connect.c +++ b/source4/torture/smb2/connect.c @@ -200,6 +200,8 @@ bool torture_smb2_connect(struct torture_context *torture) return false; } + smb2_util_unlink(tree, test9.dat); + h1 = torture_smb2_createfile(tree, test9.dat); h2 = torture_smb2_createfile(tree, test9.dat); status = torture_smb2_write(torture, tree, h1); diff --git a/source4/torture/smb2/getinfo.c b/source4/torture/smb2/getinfo.c index c4ab31f..166c3f6 100644 --- a/source4/torture/smb2/getinfo.c +++ b/source4/torture/smb2/getinfo.c @@ -49,9 +49,9 @@ static struct { { LEVEL(RAW_FILEINFO_COMPRESSION_INFORMATION) }, { LEVEL(RAW_FILEINFO_NETWORK_OPEN_INFORMATION) }, {
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-366-gb4abb19
The branch, master has been updated via b4abb190a97456e5176088d9ab555c93fd5ea731 (commit) from d3be108637f1ae5d2a07a87c700f42b8c26df6a0 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b4abb190a97456e5176088d9ab555c93fd5ea731 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 11:54:07 2009 +0200 s3:make test: smbtorture from s3 needs to take the config file path via the SMB_CONF_PATH envvar metze --- Summary of changes: source3/script/tests/test_smbtorture_s3.sh |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_smbtorture_s3.sh b/source3/script/tests/test_smbtorture_s3.sh index 2894d7e..602433b 100755 --- a/source3/script/tests/test_smbtorture_s3.sh +++ b/source3/script/tests/test_smbtorture_s3.sh @@ -21,6 +21,9 @@ incdir=`dirname $0` . $incdir/test_functions.sh } +SMB_CONF_PATH=$CONFFILE +export SMB_CONF_PATH + tests=FDPASS LOCK1 LOCK2 LOCK3 LOCK4 LOCK5 LOCK6 LOCK7 #tests=$tests UNLINK BROWSE ATTR TRANS2 MAXFID TORTURE tests=$tests UNLINK BROWSE ATTR TRANS2 TORTURE -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-367-gfafe258
The branch, master has been updated via fafe2589e684e1946431722c8845d0dadd9ab525 (commit) from b4abb190a97456e5176088d9ab555c93fd5ea731 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fafe2589e684e1946431722c8845d0dadd9ab525 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 14 09:49:25 2009 +0200 s3:lib: map ENOSYS to NT_STATUS_NOT_SUPPORTED instead of NT_STATUS_ACCESS_DENIED Jeremy: please check and decide if we want to backport this. metze --- Summary of changes: source3/lib/errmap_unix.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c index 0c39a57..00c5475 100644 --- a/source3/lib/errmap_unix.c +++ b/source3/lib/errmap_unix.c @@ -40,6 +40,7 @@ const struct unix_error_map unix_dos_nt_errmap[] = { { EISDIR, ERRDOS, ERRnoaccess, NT_STATUS_FILE_IS_A_DIRECTORY}, { EMLINK, ERRDOS, ERRgeneral, NT_STATUS_TOO_MANY_LINKS }, { EINTR, ERRHRD, ERRgeneral, NT_STATUS_RETRY }, + { ENOSYS, ERRDOS, ERRunsup, NT_STATUS_NOT_SUPPORTED }, #ifdef ELOOP { ELOOP, ERRDOS, ERRbadpath, NT_STATUS_OBJECT_PATH_NOT_FOUND }, #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-368-g9e2c509
The branch, master has been updated via 9e2c50971ee309dfe2f36efa11f572e1d985d057 (commit) from fafe2589e684e1946431722c8845d0dadd9ab525 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9e2c50971ee309dfe2f36efa11f572e1d985d057 Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 14 09:47:46 2009 +0200 s3:smbd: check quota access against sec_initial_uid() instead of 0 And return an NTSTATUS mapped from errno. Instead of hardcoded values. metze --- Summary of changes: source3/smbd/trans2.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index a862c14..d1f2e7f 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2952,17 +2952,17 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)bsize, (unsigned fsp.fnum = -1; /* access check */ - if (conn-server_info-utok.uid != 0) { + if (conn-server_info-utok.uid != sec_initial_uid()) { DEBUG(0,(set_user_quota: access_denied service [%s] user [%s]\n, lp_servicename(SNUM(conn)), conn-server_info-unix_name)); - return NT_STATUS_DOS(ERRDOS, ERRnoaccess); + return NT_STATUS_ACCESS_DENIED; } if (vfs_get_ntquota(fsp, SMB_USER_FS_QUOTA_TYPE, NULL, quotas)!=0) { DEBUG(0,(vfs_get_ntquota() failed for service [%s]\n,lp_servicename(SNUM(conn; - return NT_STATUS_DOS(ERRSRV, ERRerror); + return map_nt_error_from_unix(errno); } data_len = 48; @@ -3446,12 +3446,12 @@ cap_low = 0x%x, cap_high = 0x%x\n, ZERO_STRUCT(quotas); /* access check */ - if ((conn-server_info-utok.uid != 0) + if ((conn-server_info-utok.uid != sec_initial_uid()) ||!CAN_WRITE(conn)) { DEBUG(0,(set_user_quota: access_denied service [%s] user [%s]\n, lp_servicename(SNUM(conn)), conn-server_info-unix_name)); - reply_doserror(req, ERRSRV, ERRaccess); + reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } @@ -3520,7 +3520,7 @@ cap_low = 0x%x, cap_high = 0x%x\n, /* now set the quotas */ if (vfs_set_ntquota(fsp, SMB_USER_FS_QUOTA_TYPE, NULL, quotas)!=0) { DEBUG(0,(vfs_set_ntquota() failed for service [%s]\n,lp_servicename(SNUM(conn; - reply_doserror(req, ERRSRV, ERRerror); + reply_nterror(req, map_nt_error_from_unix(errno)); return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-371-g722cd59
The branch, master has been updated via 722cd5944f9b70c7f642ec1d510d54bf1592beb5 (commit) via d85cc986b85d3c8a6e40491f216c801a1cbde2ab (commit) via 9df1c8f2ad25a1875f2ca98df8c600aecf058144 (commit) from 9e2c50971ee309dfe2f36efa11f572e1d985d057 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 722cd5944f9b70c7f642ec1d510d54bf1592beb5 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 09:23:57 2009 +0200 s3:smbd: add support for SMB2 SetInfo File*Information metze commit d85cc986b85d3c8a6e40491f216c801a1cbde2ab Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 12:08:20 2009 +0200 s3:smbd: implement SMB2 GetInfo with Fs*Information metze commit 9df1c8f2ad25a1875f2ca98df8c600aecf058144 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 09:23:36 2009 +0200 s3:smbd: return NT_STATUS_INVALID_INFO_CLASS in SMB2 GetInfo metze --- Summary of changes: source3/smbd/smb2_getinfo.c | 57 ++- source3/smbd/smb2_setinfo.c | 129 ++- 2 files changed, 182 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index b6b7462..f8c2d41 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -297,7 +297,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, if (INFO_LEVEL_IS_UNIX(file_info_level)) { /* Always do lstat for UNIX calls. */ if (SMB_VFS_LSTAT(conn, smb_fname)) { - DEBUG(3,(call_trans2qfilepathinfo: + DEBUG(3,(smbd_smb2_getinfo_send: SMB_VFS_LSTAT of %s failed (%s)\n, smb_fname_str_dbg(smb_fname), @@ -307,7 +307,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } } else if (SMB_VFS_STAT(conn, smb_fname)) { - DEBUG(3,(call_trans2qfilepathinfo: + DEBUG(3,(smbd_smb2_getinfo_send: SMB_VFS_STAT of %s failed (%s)\n, smb_fname_str_dbg(smb_fname), strerror(errno))); @@ -324,7 +324,8 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, */ if (SMB_VFS_FSTAT(fsp, smb_fname-st) != 0) { - DEBUG(3, (fstat of fnum %d failed (%s)\n, + DEBUG(3, (smbd_smb2_getinfo_send: + fstat of fnum %d failed (%s)\n, fsp-fnum, strerror(errno))); status = map_nt_error_from_unix(errno); tevent_req_nterror(req, status); @@ -350,6 +351,56 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, data_size); if (!NT_STATUS_IS_OK(status)) { SAFE_FREE(data); + if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL)) { + status = NT_STATUS_INVALID_INFO_CLASS; + } + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } + if (data_size 0) { + state-out_output_buffer = data_blob_talloc(state, + data, + data_size); + SAFE_FREE(data); + if (tevent_req_nomem(state-out_output_buffer.data, req)) { + return tevent_req_post(req, ev); + } + } + SAFE_FREE(data); + break; + } + + case 0x02:/* SMB2_GETINFO_FS */ + { + uint16_t file_info_level; + char *data = NULL; + int data_size = 0; + NTSTATUS status; + SMB_STRUCT_STAT st; + + /* the levels directly map to the passthru levels */ + file_info_level = in_file_info_class + 1000; + + if (vfs_stat_smb_fname(conn,.,st)!=0) { + DEBUG(2,(call_trans2qfsinfo: stat of
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-372-gf49129e
The branch, master has been updated via f49129e59225f6ea84add8e845ffaeb03dc6c8da (commit) from 722cd5944f9b70c7f642ec1d510d54bf1592beb5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f49129e59225f6ea84add8e845ffaeb03dc6c8da Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 12:14:32 2009 +0200 torture/smb2: add missing new line to the new SMB2-DIR.FILE-INDEX test Without this the subunit formated output would be invalid and make test reports: UNEXPECTED(error): samba4.smb2.dir (dc).FILE-INDEX metze --- Summary of changes: source4/torture/smb2/dir.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/smb2/dir.c b/source4/torture/smb2/dir.c index e090c31..4b44a50 100644 --- a/source4/torture/smb2/dir.c +++ b/source4/torture/smb2/dir.c @@ -1182,7 +1182,7 @@ static bool test_file_index(struct torture_context *tctx, torture_comment(tctx, Not an error. Resuming using a file index is an optional feature of the - protocol.); + protocol.\n); goto done; } } -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-349-g5334b79
Hi Steven, The branch, master has been updated via 5334b79142e32c39c56cea2e9c0d5b08e2f217ca (commit) from 4b6401ab2cce8319abe0f8176bb460d51bd4a390 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5334b79142e32c39c56cea2e9c0d5b08e2f217ca Author: Aravind aravind.sriniva...@isilon.com Date: Tue Jul 7 07:11:56 2009 -0700 torture/smb2: Adding SMB2 Directory enumeration torture tests. Could you please do runtime tests before you push such patches? See 8cb44830e0356804e21d9973382e0070f20b15be and f49129e59225f6ea84add8e845ffaeb03dc6c8da for the reasons. It would be also nice to run 'make test' or 'make test TESTS=smb2' in s4. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-416-g5a525f7
The branch, master has been updated via 5a525f7f2855677531385874402e2d7a2f117944 (commit) via 78576117eb4292e4e2750928d5f84c2edc94192f (commit) via 92df5e4a0243bde6fbc5261bf6758090c4c35eee (commit) via dc0bcfa188cb24c5a34f592ece946682d5fb8afe (commit) via c52dd1d5b81ce71855a3215f1b23704ac450fdee (commit) via 109ea29b2c1a3bc752f9afda2c0010b9e675aa83 (commit) via 2d6dbcd0b13da469f8b7dc6ed65e51d91ce1ab9c (commit) via a48d8353c79685371dbd2cc73b6c9032c5166a5b (commit) via 5640598cbb66fb0e65413e53a11ff82a553caad6 (commit) via 8c7b9604931a787107bc01b359a231d376ed92c0 (commit) via 86d747e19f877c45ac32663ec2a3381ad03cdcf5 (commit) via f93c9e0d415b5c2e2fd73bb370db7b7e17ede9aa (commit) via 3eec829e2fa2106c8d52f31e3f3d7f45e6c81b24 (commit) via 14f593aa0f43127ab78aec848b0fe5933c0c28c9 (commit) via 1c65c98f3350951fe9f87a942b4c8a8094c8b781 (commit) via cf4f808b8b03c385b5b9e9f4a5e891ae92143001 (commit) via e6340963cf549cda261fc1ba9da4bc1b3a071241 (commit) via 302265aae1bc27244ffaa9d803a8be83947e0381 (commit) via 8a5b164b20c3d51df2422c1402ef31384b31472e (commit) via 95ebf534d2bc9904cc7c02bccdf5c01cc595ad7c (commit) via a00109e1e6c1063b560be85c43ef820d3446ae31 (commit) via 3189828087387686f63b3ae0b289c6e31f602a54 (commit) via 4c366a094693f050b2cadea771cd5c6eab29e278 (commit) via 6cb14409af5f708706f975143c7b40bb54c7a5c0 (commit) via 4eeacd6ef0e1bb813062c30ac280e542c6b007c8 (commit) via 355892c296f7f245e5a5dd9070e3e776bedbf09c (commit) via 3409a44da2ee6a0ca2caaf0455e0095f8e2f80a4 (commit) via 1dfaa371fa027351a0af6e56a04bc045c3b0dc73 (commit) via eb1958ca3d6cd30e292d2d013ff1ea63e65563fb (commit) via 589bacfbdb7541be5d339fcaf08272520bf6a1ac (commit) via db4f797e3533b97df844a50a92e8a27a9248092b (commit) via c01d955ac0b6ef686cf026cc90074cd52a1a30ae (commit) via a18a10c07a3e32644c31f4742805795998227e44 (commit) via 528bf38875b9e5412da0a2810b17f05b2c376312 (commit) via 86e927cb056b30be3b2eecc1375549de71419b1f (commit) via bd983dba6b308c28019c2e39f16de8b9e434e4f5 (commit) via ec6b6727d824bea1b4a7b320e7a3c1de38df6724 (commit) via 2b380c73a4796bdf69264e5ca6721ad0d67087e9 (commit) via d554c0d7a923f1194463481f0bd829042cee574a (commit) via 3071b0712211b17b464f62d544fa16da5a128b01 (commit) via 3b3125fc23dc4b7a403d17af2ad2d5c592d3d090 (commit) via 32a3275344819cfcbcb4540a1909617b8db6dc63 (commit) via 804d3f897be01e9088deefe807cd06fe194c5d58 (commit) via 5b594c695884aebdfbb199549901fea954122929 (commit) from f49129e59225f6ea84add8e845ffaeb03dc6c8da (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5a525f7f2855677531385874402e2d7a2f117944 Author: Michael Adam ob...@samba.org Date: Tue Jul 7 17:16:21 2009 +0200 s3:registry: db backend: add my C Michael commit 78576117eb4292e4e2750928d5f84c2edc94192f Author: Michael Adam ob...@samba.org Date: Wed Jul 15 12:50:55 2009 +0200 s3:registry: flush the provided subkey_ctr in regdb_fetch_keys_internal() This way, we always return what has really been read from the db, and not more. The callers assume exactly this, but one could hand in an already pre-filled subkey container... Michael commit 92df5e4a0243bde6fbc5261bf6758090c4c35eee Author: Michael Adam ob...@samba.org Date: Wed Jul 15 12:47:12 2009 +0200 s3:registry: add function regsubkey_ctr_reinit() This reinitializes an already allocated regsubkey_ctr structure, emptying out the subkey array and hash table. Michael commit dc0bcfa188cb24c5a34f592ece946682d5fb8afe Author: Michael Adam ob...@samba.org Date: Wed Jul 15 12:45:43 2009 +0200 s3:registry: turn regdb_fetch_keys_internal() from int to WERROR return type This way, more error information is propagated to the callers. Michael commit c52dd1d5b81ce71855a3215f1b23704ac450fdee Author: Michael Adam ob...@samba.org Date: Mon Jul 13 17:15:14 2009 +0200 s3:registry: use transaction wrapper in create_sorted_subkeys() Michael commit 109ea29b2c1a3bc752f9afda2c0010b9e675aa83 Author: Michael Adam ob...@samba.org Date: Thu Jul 9 12:54:16 2009 +0200 s3:registry: restructure logic of create_sorted_subkes() slightly This makes it clearer to me, and it also makes it easier to use the transaction retry wrapper in the next step. Michael commit 2d6dbcd0b13da469f8b7dc6ed65e51d91ce1ab9c Author: Michael Adam ob...@samba.org Date: Thu Jul 9 11:04:20 2009 +0200 s3:registry: use transaction wrapper in regdb_delete_subkey(). Michael commit a48d8353c79685371dbd2cc73b6c9032c5166a5b Author: Michael Adam
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-417-g7bd4699
The branch, master has been updated via 7bd4699228a1975573cb62550043c05b48e66361 (commit) from 5a525f7f2855677531385874402e2d7a2f117944 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7bd4699228a1975573cb62550043c05b48e66361 Author: Michael Adam ob...@samba.org Date: Wed Jul 15 16:59:07 2009 +0200 s3:dbwrap: fix embarrassing typo :-) Michael --- Summary of changes: source3/lib/dbwrap_util.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/dbwrap_util.c b/source3/lib/dbwrap_util.c index 6c95672..7dbeb63 100644 --- a/source3/lib/dbwrap_util.c +++ b/source3/lib/dbwrap_util.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. Utility functions for the dbwrap API Copyright (C) Volker Lendecke 2007 - Copyrithg (C) Michael Adam 2009 + Copyright (C) Michael Adam 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-349-g5334b79
On Wed, Jul 15, 2009 at 09:03:14AM +0200, Stefan (metze) Metzmacher wrote: Hi Steven, - Log - commit 5334b79142e32c39c56cea2e9c0d5b08e2f217ca Author: Aravind aravind.sriniva...@isilon.com Date: Tue Jul 7 07:11:56 2009 -0700 torture/smb2: Adding SMB2 Directory enumeration torture tests. Is there anyone working on the server side of this? On my list of things to do. Not got to it yet :-). If someone else does it first I won't be upset :-).
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-419-g5236b36
The branch, master has been updated via 5236b3699da2b5cc55d55310de76e4ab65a8bb46 (commit) via 2df4550aae1e326511fe4e7e0d2d98be3e578caf (commit) from 7bd4699228a1975573cb62550043c05b48e66361 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5236b3699da2b5cc55d55310de76e4ab65a8bb46 Author: Björn Jacke b...@sernet.de Date: Wed Jul 15 17:24:14 2009 +0200 s3: make linking of rpcclient --as-needed safe commit 2df4550aae1e326511fe4e7e0d2d98be3e578caf Author: Peter Volkov p...@gentoo.org Date: Wed Jul 15 17:36:25 2009 +0200 s3: make linking of cifs.upcall --as-needed safe See http://www.gentoo.org/proj/en/qa/asneeded.xml for details. --- Summary of changes: source3/Makefile.in |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index bc00f6a..f6396ef 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1476,10 +1476,10 @@ bin/s...@exeext@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ bin/rpccli...@exeext@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_TARGET@ @echo Linking $@ - @$(CC) -o $@ $(LDFLAGS) $(PASSDB_LIBS) $(RPCCLIENT_OBJ) \ + @$(CC) -o $@ $(LDFLAGS) $(RPCCLIENT_OBJ) \ $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ - $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) + $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(PASSDB_LIBS) bin/smbcli...@exeext@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_TARGET@ @echo Linking $@ @@ -1517,7 +1517,7 @@ bin/umount.c...@exeext@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) bin/cifs.upc...@exeext@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_TARGET@ @echo Linking $@ @$(CC) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \ - -lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \ + $(LIBSMBCLIENT_OBJ1) $(LIBS) -lkeyutils $(KRB5LIBS) \ $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBWBCLIENT_LIBS) \ $(LIBTDB_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-420-gb08ca10
The branch, master has been updated via b08ca108ef8d483e77481ca3335599762cb2547c (commit) from 5236b3699da2b5cc55d55310de76e4ab65a8bb46 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b08ca108ef8d483e77481ca3335599762cb2547c Author: Björn Jacke b...@sernet.de Date: Wed Jul 15 18:32:58 2009 +0200 Ñ4:heimdal: teach heimdal that we have strnlen via libreplcae --- Summary of changes: source4/heimdal_build/roken.h |4 1 files changed, 4 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index 4eabbe2..5cb47e8 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -37,6 +37,10 @@ #define HAVE_SETEUID 1 #endif +#ifndef HAVE_STRNLEN +#define HAVE_STRNLEN +#endif + #ifndef HAVE_STRNDUP #define HAVE_STRNDUP #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-421-g382d5c8
The branch, master has been updated via 382d5c8f5bb3b54e7c1a2daaf9d0283b6275768a (commit) from b08ca108ef8d483e77481ca3335599762cb2547c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 382d5c8f5bb3b54e7c1a2daaf9d0283b6275768a Author: Björn Jacke b...@sernet.de Date: Wed Jul 15 18:40:57 2009 +0200 s4:heimdal: teach heimdal we have (v)aÑprintf in libreplace --- Summary of changes: source4/heimdal_build/roken.h |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index 5cb47e8..decce03 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -57,6 +57,14 @@ #define HAVE_STRCASECMP #endif +#ifndef HAVE_ASPRINTF +#define HAVE_ASPRINTF +#endif + +#ifndef HAVE_VASPRINTF +#define HAVE_VASPRINTF +#endif + #ifndef HAVE_MKSTEMP #define HAVE_MKSTEMP #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-423-g64ee445
The branch, master has been updated via 64ee4458cf8c8fb1dec5334cebbe63cfb0045ada (commit) via 5240b10eaa1f19dcf2dbc31e5e1f8868716bbc69 (commit) from 382d5c8f5bb3b54e7c1a2daaf9d0283b6275768a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 64ee4458cf8c8fb1dec5334cebbe63cfb0045ada Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 19:23:12 2009 +0200 s4:ntvfs/ipc: replace unnesessary talloc_reference() by a simple talloc_strdup() metze commit 5240b10eaa1f19dcf2dbc31e5e1f8868716bbc69 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 19:17:57 2009 +0200 s3:ntvfs/posix: avoid unnesessary talloc_reference() This caused the panics on the RAW-SETFILEINFO.RENAME test, because we returned an empty strings. The problem was: ERROR: talloc_steal with references at ntvfs/posix/pvfs_setfileinfo.c:215 reference at ntvfs/posix/pvfs_resolve.c:799 metze --- Summary of changes: source4/ntvfs/ipc/vfs_ipc.c|3 ++- source4/ntvfs/posix/pvfs_resolve.c |5 - 2 files changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c index 20b00f2..95ad1c5 100644 --- a/source4/ntvfs/ipc/vfs_ipc.c +++ b/source4/ntvfs/ipc/vfs_ipc.c @@ -258,7 +258,8 @@ static NTSTATUS ipc_open_generic(struct ntvfs_module_context *ntvfs, one of the interfaces attached to this pipe endpoint. */ ep_description-transport = NCACN_NP; - ep_description-endpoint = talloc_reference(ep_description, p-pipe_name); + ep_description-endpoint = talloc_strdup(ep_description, p-pipe_name); + NT_STATUS_HAVE_NO_MEMORY(ep_description-endpoint); /* The session info is refcount-increased in the * dcesrv_endpoint_search_connect() function diff --git a/source4/ntvfs/posix/pvfs_resolve.c b/source4/ntvfs/posix/pvfs_resolve.c index c333233..8e8da72 100644 --- a/source4/ntvfs/posix/pvfs_resolve.c +++ b/source4/ntvfs/posix/pvfs_resolve.c @@ -796,7 +796,10 @@ NTSTATUS pvfs_resolve_parent(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, (*name)-has_wildcard = false; /* we can't get the correct 'original_name', but for the purposes of this call this is close enough */ - (*name)-original_name = talloc_reference(*name, child-original_name); + (*name)-original_name = talloc_strdup(*name, child-original_name); + if ((*name)-original_name == NULL) { + return NT_STATUS_NO_MEMORY; + } (*name)-stream_name = NULL; (*name)-stream_id = 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-426-gb76ab51
The branch, master has been updated via b76ab511f7238820a4e6ac3a2ae17d103f2bf9b9 (commit) via 722765213bcda1de93d2fe7d64b89c8b7a37f29e (commit) via dea2e4690a188a5ff06c9df354befe65cbcb320c (commit) from 64ee4458cf8c8fb1dec5334cebbe63cfb0045ada (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b76ab511f7238820a4e6ac3a2ae17d103f2bf9b9 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 20:47:07 2009 +0200 s4:winbind: rename uint = uint32_t as uint isn't portable metze commit 722765213bcda1de93d2fe7d64b89c8b7a37f29e Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 20:45:53 2009 +0200 s4:libnet: rename uint = uint32_t because uint is not portable metze commit dea2e4690a188a5ff06c9df354befe65cbcb320c Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 20:43:23 2009 +0200 s4:heimdal_build: try to fix the build on Solaris We need the definition of 'struct flock'. metze --- Summary of changes: source4/heimdal_build/replace.c |4 +--- source4/libnet/libnet_group.c |2 +- source4/libnet/libnet_group.h |4 ++-- source4/libnet/libnet_user.c|2 +- source4/libnet/libnet_user.h|4 ++-- source4/winbind/wb_cmd_list_users.c |2 +- 6 files changed, 8 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/replace.c b/source4/heimdal_build/replace.c index ba43dd9..6842b11 100644 --- a/source4/heimdal_build/replace.c +++ b/source4/heimdal_build/replace.c @@ -21,11 +21,9 @@ */ #include config.h -#include stdio.h -#include unistd.h -#include fcntl.h #include err.h #include roken.h +#include system/filesys.h #ifndef HAVE_ERR void err(int eval, const char *format, ...) diff --git a/source4/libnet/libnet_group.c b/source4/libnet/libnet_group.c index b066964..9e7abe8 100644 --- a/source4/libnet/libnet_group.c +++ b/source4/libnet/libnet_group.c @@ -484,7 +484,7 @@ struct composite_context *libnet_GroupList_send(struct libnet_context *ctx, /* store the arguments in the state structure */ s-ctx = ctx; s-page_size= io-in.page_size; - s-resume_index = (uint32_t)io-in.resume_index; + s-resume_index = io-in.resume_index; s-domain_name = talloc_strdup(c, io-in.domain_name); s-monitor_fn = monitor; diff --git a/source4/libnet/libnet_group.h b/source4/libnet/libnet_group.h index b80d344..8ac4743 100644 --- a/source4/libnet/libnet_group.h +++ b/source4/libnet/libnet_group.h @@ -58,11 +58,11 @@ struct libnet_GroupList { struct { const char *domain_name; int page_size; - uint resume_index; + uint32_t resume_index; } in; struct { int count; - uint resume_index; + uint32_t resume_index; struct grouplist { const char *sid; diff --git a/source4/libnet/libnet_user.c b/source4/libnet/libnet_user.c index 8606d08..dd4d501 100644 --- a/source4/libnet/libnet_user.c +++ b/source4/libnet/libnet_user.c @@ -945,7 +945,7 @@ struct composite_context* libnet_UserList_send(struct libnet_context *ctx, /* store the arguments in the state structure */ s-ctx = ctx; s-page_size= r-in.page_size; - s-resume_index = (uint32_t)r-in.resume_index; + s-resume_index = r-in.resume_index; s-domain_name = talloc_strdup(c, r-in.domain_name); s-monitor_fn = monitor; diff --git a/source4/libnet/libnet_user.h b/source4/libnet/libnet_user.h index 4aad654..8203d14 100644 --- a/source4/libnet/libnet_user.h +++ b/source4/libnet/libnet_user.h @@ -140,11 +140,11 @@ struct libnet_UserList { struct { const char *domain_name; int page_size; - uint resume_index; + uint32_t resume_index; } in; struct { int count; - uint resume_index; + uint32_t resume_index; struct userlist { const char *sid; diff --git a/source4/winbind/wb_cmd_list_users.c b/source4/winbind/wb_cmd_list_users.c index f67f133..755d457 100644 --- a/source4/winbind/wb_cmd_list_users.c +++ b/source4/winbind/wb_cmd_list_users.c @@ -33,7 +33,7 @@ struct cmd_list_users_state { struct wbsrv_domain *domain; char *domain_name; - uint resume_index; + uint32_t resume_index; char *result; }; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-427-g1f5aec8
The branch, master has been updated via 1f5aec877fc48ff96b14a0e95f01c68a29dd8718 (commit) from b76ab511f7238820a4e6ac3a2ae17d103f2bf9b9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1f5aec877fc48ff96b14a0e95f01c68a29dd8718 Author: Jeremy Allison j...@samba.org Date: Wed Jul 15 11:49:33 2009 -0700 Make cli_unlock and cli_unlock64 async. Fix POSIX lock test. Jeremy. --- Summary of changes: source3/include/proto.h | 18 +++- source3/libsmb/clifile.c| 270 +-- source3/torture/locktest.c |4 +- source3/torture/locktest2.c |2 +- source3/torture/torture.c | 44 5 files changed, 247 insertions(+), 91 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 7bbdc04..15e3f32 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2518,10 +2518,24 @@ NTSTATUS cli_locktype(struct cli_state *cli, uint16_t fnum, int timeout, unsigned char locktype); bool cli_lock(struct cli_state *cli, uint16_t fnum, uint32_t offset, uint32_t len, int timeout, enum brl_type lock_type); -bool cli_unlock(struct cli_state *cli, uint16_t fnum, uint32_t offset, uint32_t len); +struct tevent_req *cli_unlock_send(TALLOC_CTX *mem_ctx, +struct event_context *ev, +struct cli_state *cli, +uint16_t fnum, +uint64_t offset, +uint64_t len); +NTSTATUS cli_unlock_recv(struct tevent_req *req); +NTSTATUS cli_unlock(struct cli_state *cli, uint16_t fnum, uint32_t offset, uint32_t len); bool cli_lock64(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len, int timeout, enum brl_type lock_type); -bool cli_unlock64(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len); +struct tevent_req *cli_unlock64_send(TALLOC_CTX *mem_ctx, +struct event_context *ev, +struct cli_state *cli, +uint16_t fnum, +uint64_t offset, +uint64_t len); +NTSTATUS cli_unlock64_recv(struct tevent_req *req); +NTSTATUS cli_unlock64(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len); struct tevent_req *cli_posix_lock_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli, diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 0e2b364..5ea0579 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -1893,7 +1893,6 @@ struct tevent_req *cli_nt_delete_on_close_send(TALLOC_CTX *mem_ctx, SSVAL(state-setup, 0, TRANSACT2_SETFILEINFO); /* Setup param array. */ - memset(state-param, '\0', 6); SSVAL(state-param,0,fnum); SSVAL(state-param,2,SMB_SET_FILE_DISPOSITION_INFO); @@ -2010,6 +2009,7 @@ struct tevent_req *cli_ntcreate_send(TALLOC_CTX *mem_ctx, if (req == NULL) { return NULL; } + vwv = state-vwv; SCVAL(vwv+0, 0, 0xFF); @@ -2367,6 +2367,7 @@ struct tevent_req *cli_close_create(TALLOC_CTX *mem_ctx, if (req == NULL) { return NULL; } + SSVAL(state-vwv+0, 0, fnum); SIVALS(state-vwv+1, 0, -1); @@ -2708,42 +2709,114 @@ bool cli_lock(struct cli_state *cli, uint16_t fnum, Unlock a file. / -bool cli_unlock(struct cli_state *cli, uint16_t fnum, uint32_t offset, uint32_t len) +struct cli_unlock_state { + uint16_t vwv[8]; + uint8_t data[10]; +}; + +static void cli_unlock_done(struct tevent_req *subreq); + +struct tevent_req *cli_unlock_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct cli_state *cli, + uint16_t fnum, + uint64_t offset, + uint64_t len) + { - char *p; + struct tevent_req *req = NULL, *subreq = NULL; + struct cli_unlock_state *state = NULL; + uint8_t additional_flags = 0; - memset(cli-outbuf,'\0',smb_size); - memset(cli-inbuf,'\0',smb_size); + req = tevent_req_create(mem_ctx, state, struct cli_unlock_state); + if (req == NULL) { + return NULL; + } - cli_set_message(cli-outbuf,8,0,True); + SCVAL(state-vwv+0, 0, 0xFF); + SSVAL(state-vwv+2, 0, fnum); + SCVAL(state-vwv+3, 0, 0); + SIVALS(state-vwv+4, 0, 0); +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-429-g2fca950
The branch, master has been updated via 2fca950d68bff3641ed3ac4bdaee1d16f0cca88a (commit) via 8447600d98ebb7da47a4815194d29c77225c7bb5 (commit) from 1f5aec877fc48ff96b14a0e95f01c68a29dd8718 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2fca950d68bff3641ed3ac4bdaee1d16f0cca88a Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 20:58:11 2009 +0200 s3:libsmb: we need to include includes.h as first header to let code build on all platforms This should fix the Tru64 build. metze commit 8447600d98ebb7da47a4815194d29c77225c7bb5 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 20:54:01 2009 +0200 s3:tldap: fix the build - a void function should not return a value metze --- Summary of changes: source3/lib/tldap.c |6 +++--- source3/libsmb/libsmb_thread_posix.c |2 +- 2 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c index 451bc18..fa56763 100644 --- a/source3/lib/tldap.c +++ b/source3/lib/tldap.c @@ -1618,7 +1618,7 @@ struct tevent_req *tldap_add_send(TALLOC_CTX *mem_ctx, static void tldap_add_done(struct tevent_req *subreq) { - return tldap_simple_done(subreq, TLDAP_RES_ADD); + tldap_simple_done(subreq, TLDAP_RES_ADD); } int tldap_add_recv(struct tevent_req *req) @@ -1718,7 +1718,7 @@ struct tevent_req *tldap_modify_send(TALLOC_CTX *mem_ctx, static void tldap_modify_done(struct tevent_req *subreq) { - return tldap_simple_done(subreq, TLDAP_RES_MODIFY); + tldap_simple_done(subreq, TLDAP_RES_MODIFY); } int tldap_modify_recv(struct tevent_req *req) @@ -1795,7 +1795,7 @@ struct tevent_req *tldap_delete_send(TALLOC_CTX *mem_ctx, static void tldap_delete_done(struct tevent_req *subreq) { - return tldap_simple_done(subreq, TLDAP_RES_DELETE); + tldap_simple_done(subreq, TLDAP_RES_DELETE); } int tldap_delete_recv(struct tevent_req *req) diff --git a/source3/libsmb/libsmb_thread_posix.c b/source3/libsmb/libsmb_thread_posix.c index 411ffbd..6519659 100644 --- a/source3/libsmb/libsmb_thread_posix.c +++ b/source3/libsmb/libsmb_thread_posix.c @@ -17,8 +17,8 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#include pthread.h #include includes.h +#include pthread.h #include libsmbclient.h #include libsmb_internal.h -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-430-g377a975
The branch, master has been updated via 377a97579bc9b733c5a6363c71498e2ecf894f02 (commit) from 2fca950d68bff3641ed3ac4bdaee1d16f0cca88a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 377a97579bc9b733c5a6363c71498e2ecf894f02 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 15 21:02:42 2009 +0200 s3:smbd: try to fix a compiler warning on i386 : left shift count = width of type metze --- Summary of changes: source3/smbd/trans2.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d1f2e7f..06536f9 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -4105,7 +4105,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, I think this causes us to fail the IFSKIT BasicFileInformationTest. -tpot */ file_index = ((sbuf.st_ex_ino) UINT32_MAX); /* FileIndexLow */ - file_index |= ((sbuf.st_ex_dev) UINT32_MAX) 32; /* FileIndexHigh */ + file_index |= ((uint64_t)((sbuf.st_ex_dev) UINT32_MAX)) 32; /* FileIndexHigh */ switch (info_level) { case SMB_INFO_STANDARD: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-431-g48a07321
The branch, master has been updated via 48a07321479c14a6618bb21302d27fd9606efbdd (commit) from 377a97579bc9b733c5a6363c71498e2ecf894f02 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 48a07321479c14a6618bb21302d27fd9606efbdd Author: Jeremy Allison j...@samba.org Date: Wed Jul 15 13:59:11 2009 -0700 Fix bug #6551 - win98 clients cannot connect after server upgrade to samba-3.4.0. The values of vuid and tid were not being correctly updated in the struct smb_request when passed to chain_reply inside sessionsetupX and tconX. Jeremy. --- Summary of changes: source3/smbd/reply.c |2 ++ source3/smbd/sesssetup.c |1 + 2 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 4d0a2b8..a6e35c7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -856,6 +856,7 @@ void reply_tcon_and_X(struct smb_request *req) END_PROFILE(SMBtconX); + req-tid = conn-cnum; chain_reply(req); return; } @@ -2076,6 +2077,7 @@ void reply_ulogoffX(struct smb_request *req) DEBUG( 3, ( ulogoffX vuid=%d\n, req-vuid ) ); END_PROFILE(SMBulogoffX); + req-vuid = UID_FIELD_INVALID; chain_reply(req); } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 3988105..2d2e514 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1807,6 +1807,7 @@ void reply_sesssetup_and_X(struct smb_request *req) SSVAL(req-outbuf,smb_uid,sess_vuid); SSVAL(req-inbuf,smb_uid,sess_vuid); + req-vuid = sess_vuid; if (!sconn-smb1.sessions.done_sesssetup) { sconn-smb1.sessions.max_send = -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-437-ge16a2a1
The branch, master has been updated via e16a2a1fa941511a8eeefd05b397dd934a77c9f6 (commit) via 84dca625cab96f72123308d80a5aeed5fc42f0c5 (commit) via bc354fb1a6fd524629434c199e2ca260a8400bb4 (commit) via 271b5af92e9aada36adc648a6dd43a13c5aed340 (commit) via ba58edd0bc2d77c6ed1b6a76f33787da9031db5b (commit) via d6c44a704e9a138dba8398f45e9af2601826f659 (commit) from 48a07321479c14a6618bb21302d27fd9606efbdd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e16a2a1fa941511a8eeefd05b397dd934a77c9f6 Author: Andrew Bartlett abart...@samba.org Date: Thu Jul 16 08:29:43 2009 +1000 s4:gensec Rework gensec_krb5 mutual authentication defaults When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett commit 84dca625cab96f72123308d80a5aeed5fc42f0c5 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 14 13:22:38 2009 +1000 s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on AP_OPTS_MUTUAL_REQUIRED We had previously assumed it was unconditional. Samba3 didn't mind very much, but Samba4's samba3-like client did, and the behaviour differed to Win2008 behaviour. Andrew Bartlett commit bc354fb1a6fd524629434c199e2ca260a8400bb4 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 14 10:19:16 2009 +1000 s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5' This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett commit 271b5af92e9aada36adc648a6dd43a13c5aed340 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 14 08:15:50 2009 +1000 s4:dsdb Handle dc/domain/forest functional levels properly Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett commit ba58edd0bc2d77c6ed1b6a76f33787da9031db5b Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 14 08:00:09 2009 +1000 Add a way to set an opaque integer onto a samdb This will allow us to set some more flags into ldb during the provision. commit d6c44a704e9a138dba8398f45e9af2601826f659 Author: Timur I. Bakeyev ti...@freebsd.org Date: Sun Jul 12 23:36:08 2009 + Add ad-schema/*.txt and utils to the installmisc.sh Install other useful scripts from the setup/ directory, not only provisioning ones. Also install setup/ad-schema/*.txt files to the SETUPDIR. These are necessary for 'provision' to work properly. --- Summary of changes: source4/auth/gensec/gensec_krb5.c | 68 ++ source4/dsdb/samdb/ldb_modules/password_hash.c |7 +- source4/dsdb/samdb/ldb_modules/rootdse.c | 140 +++- .../heimdal/lib/gssapi/krb5/accept_sec_context.c |5 +- source4/script/installmisc.sh | 10 +- source4/scripting/python/pyglue.c | 65 + source4/scripting/python/samba/__init__.py |5 + source4/scripting/python/samba/provision.py| 24 +++- source4/scripting/python/samba/samdb.py|8 + source4/setup/provision_basedn_modify.ldif |4 +- source4/setup/provision_configuration.ldif |2 +- source4/setup/provision_rootdse_add.ldif |3 - source4/setup/provision_self_join.ldif |4 +- 13 files changed, 293 insertions(+), 52 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 09bdec5..f4ef36a 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -57,6 +57,7 @@ struct gensec_krb5_state { krb5_keyblock *keyblock; krb5_ticket *ticket; bool gssapi; + krb5_flags ap_req_options; }; static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state) @@ -88,7 +89,7 @@ static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state) return 0; } -static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool gssapi) { krb5_error_code ret; struct gensec_krb5_state *gensec_krb5_state; @@ -114,7 +115,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security
RE: [SCM] Samba Shared Repository - branch master updated- release-4-0-0alpha8-349-g5334b79
On Wed, 2009-07-15 at 17:11 -0700, Steven Danneman wrote: Hey Metze, No one at Isilon is working on SMB2 server side implementation currently, but we are front loading a lot of test work so there will be a reasonable set of correctness tests already available when new code is written. Right now we're working on porting most of the RAW SMB tests to SMB2, including open, streams, share modes, acls, brl, and change notify. All of our testing has been against a W2K8 server, though I'll include a W2K8R2 server as well. Sorry, I made some last minute changes before pushing this patch and didn't re-run them. I'll be more careful next time. Though, several of the tests will fail against current HEAD because the features aren't implemented yet. Is it acceptable for the make test TESTS=smb2 to fail for a bit? Not without corresponding notations in the source{3,4}/selftest/knownfail files. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-442-g05bec77
The branch, master has been updated via 05bec77e00cc0f974d8521f781dce9dcff897f76 (commit) via 2260cdbb53e1bcc64adf1910c8986a02e3697a36 (commit) via f982c912f47d5bfd00b4736573c7e4219a31a6c8 (commit) via 33768fea073fb24763728c1da3424465ebabc1f0 (commit) via c3f461c35f9ca1b6a0e01efe53fbf439faaddad9 (commit) from e16a2a1fa941511a8eeefd05b397dd934a77c9f6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05bec77e00cc0f974d8521f781dce9dcff897f76 Author: Günther Deschner g...@samba.org Date: Thu Jul 16 02:48:34 2009 +0200 lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL. Guenther commit 2260cdbb53e1bcc64adf1910c8986a02e3697a36 Author: Günther Deschner g...@samba.org Date: Thu Jul 16 02:08:17 2009 +0200 s3-ldapsam: bring Fedora DS LDAP schema in line with OpenLDAP schema. Guenther commit f982c912f47d5bfd00b4736573c7e4219a31a6c8 Author: Günther Deschner g...@samba.org Date: Wed Jul 15 23:16:19 2009 +0200 s3-rpc_parse: remove more unused code. Guenther commit 33768fea073fb24763728c1da3424465ebabc1f0 Author: Günther Deschner g...@samba.org Date: Wed Jul 15 21:59:05 2009 +0200 s3-spoolss: make some of the command hooks static. Guenther commit c3f461c35f9ca1b6a0e01efe53fbf439faaddad9 Author: Günther Deschner g...@samba.org Date: Fri Jul 3 22:01:01 2009 +0200 s4-smbtorture: some work on getprinterdriver and getprinterdriver2 tests. Guenther --- Summary of changes: examples/LDAP/samba-schema-FDS.ldif |8 + librpc/gen_ndr/lsa.h|6 +- librpc/gen_ndr/ndr_lsa.c| 12 +- librpc/idl/lsa.idl |4 +- source3/include/proto.h | 19 -- source3/rpc_parse/parse_prs.c | 318 --- source3/rpc_server/srv_spoolss_nt.c |6 +- source4/rpc_server/lsa/dcesrv_lsa.c |2 +- source4/torture/rpc/spoolss.c | 69 +--- 9 files changed, 69 insertions(+), 375 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-schema-FDS.ldif b/examples/LDAP/samba-schema-FDS.ldif index e88559f..fb16486 100644 --- a/examples/LDAP/samba-schema-FDS.ldif +++ b/examples/LDAP/samba-schema-FDS.ldif @@ -115,6 +115,10 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Loc attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 = off, 0 = on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # refuse machine password change attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 = off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) ## ### ## objectClasses: used by Samba 3.0 schema ## @@ -154,3 +158,7 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCT ## DESC 'Samba Privilege' ## MUST ( sambaSID ) ## MAY ( sambaPrivilegeList ) ) +## +## Trusted Domain Relationships +## +objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) ) diff --git a/librpc/gen_ndr/lsa.h b/librpc/gen_ndr/lsa.h index 3c9a5d8..06fa445 100644 --- a/librpc/gen_ndr/lsa.h +++ b/librpc/gen_ndr/lsa.h @@ -445,7 +445,7 @@ enum lsa_TrustDomInfoEnum LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL=10, LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL=11, LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL=12, - LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES=13 + LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES=13 } #else { __donnot_use_enum_lsa_TrustDomInfoEnum=0x7FFF} @@ -461,7 +461,7 @@ enum lsa_TrustDomInfoEnum #define LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL ( 10 ) #define LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL ( 11 ) #define LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL ( 12 ) -#define LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRTYPION_TYPES ( 13 ) +#define LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES ( 13 ) #endif ; @@ -603,7 +603,7 @@ union
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-444-gc901f57
The branch, master has been updated via c901f57ce31cb6deaf2897e12b3b14a25fe9e12f (commit) via e25325539a86912ce620875ef07beff5bcde6060 (commit) from 05bec77e00cc0f974d8521f781dce9dcff897f76 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c901f57ce31cb6deaf2897e12b3b14a25fe9e12f Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 7 12:34:55 2009 +1000 s4:kdc Initialise new hdb function pointers. Soon we will add implementations for these. commit e25325539a86912ce620875ef07beff5bcde6060 Author: Andrew Bartlett abart...@samba.org Date: Thu Jul 16 09:53:14 2009 +1000 s4:heimdal: import lorikeet-heimdal-200907152325 (commit 2bef9cd5378c01e9c2a74d6221761883bd11a5c5) --- Summary of changes: source4/heimdal/kdc/kaserver.c | 16 +- source4/heimdal/kdc/kerberos5.c| 24 +- source4/heimdal/kdc/krb5tgs.c | 44 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 61 +- source4/heimdal/lib/gssapi/krb5/8003.c |2 - .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 13 +- source4/heimdal/lib/gssapi/krb5/acquire_cred.c |2 - source4/heimdal/lib/gssapi/krb5/add_cred.c |2 - source4/heimdal/lib/gssapi/krb5/aeap.c | 219 +- source4/heimdal/lib/gssapi/krb5/arcfour.c |2 - .../heimdal/lib/gssapi/krb5/canonicalize_name.c|2 - source4/heimdal/lib/gssapi/krb5/cfx.c | 773 +++- source4/heimdal/lib/gssapi/krb5/compare_name.c |2 - source4/heimdal/lib/gssapi/krb5/compat.c |3 - source4/heimdal/lib/gssapi/krb5/context_time.c |2 - source4/heimdal/lib/gssapi/krb5/copy_ccache.c |2 - source4/heimdal/lib/gssapi/krb5/decapsulate.c |2 - .../heimdal/lib/gssapi/krb5/delete_sec_context.c |2 - source4/heimdal/lib/gssapi/krb5/display_name.c |2 - source4/heimdal/lib/gssapi/krb5/display_status.c |2 - source4/heimdal/lib/gssapi/krb5/duplicate_name.c |2 - source4/heimdal/lib/gssapi/krb5/encapsulate.c |2 - source4/heimdal/lib/gssapi/krb5/export_name.c |2 - .../heimdal/lib/gssapi/krb5/export_sec_context.c |2 - source4/heimdal/lib/gssapi/krb5/external.c |2 - source4/heimdal/lib/gssapi/krb5/get_mic.c |2 - source4/heimdal/lib/gssapi/krb5/import_name.c |2 - .../heimdal/lib/gssapi/krb5/import_sec_context.c |2 - source4/heimdal/lib/gssapi/krb5/indicate_mechs.c |2 - source4/heimdal/lib/gssapi/krb5/init.c |2 - source4/heimdal/lib/gssapi/krb5/init_sec_context.c |4 +- source4/heimdal/lib/gssapi/krb5/inquire_context.c |2 - source4/heimdal/lib/gssapi/krb5/inquire_cred.c |2 - .../heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c |2 - .../heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c |2 - .../lib/gssapi/krb5/inquire_mechs_for_name.c |2 - .../lib/gssapi/krb5/inquire_names_for_mech.c |3 - .../lib/gssapi/krb5/inquire_sec_context_by_oid.c |2 - source4/heimdal/lib/gssapi/krb5/prf.c |2 - .../lib/gssapi/krb5/process_context_token.c|2 - source4/heimdal/lib/gssapi/krb5/release_buffer.c |2 - source4/heimdal/lib/gssapi/krb5/release_cred.c |2 - source4/heimdal/lib/gssapi/krb5/release_name.c |2 - source4/heimdal/lib/gssapi/krb5/sequence.c |2 - source4/heimdal/lib/gssapi/krb5/set_cred_option.c |2 - .../lib/gssapi/krb5/set_sec_context_option.c |2 - source4/heimdal/lib/gssapi/krb5/unwrap.c |2 - source4/heimdal/lib/gssapi/krb5/verify_mic.c |2 - source4/heimdal/lib/gssapi/krb5/wrap.c |4 +- source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c |2 +- source4/heimdal/lib/gssapi/mech/gss_aeap.c | 58 ++- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 66 +-- source4/heimdal/lib/hdb/db.c |3 +- source4/heimdal/lib/hdb/dbinfo.c |2 - source4/heimdal/lib/hdb/ext.c |2 - source4/heimdal/lib/hdb/hdb.asn1 |4 +- source4/heimdal/lib/hdb/hdb.c |1 - source4/heimdal/lib/hdb/hdb.h | 36 + source4/heimdal/lib/hdb/keys.c |2 - source4/heimdal/lib/hdb/keytab.c | 87 +-- source4/heimdal/lib/hdb/mkey.c |2 - source4/heimdal/lib/hdb/ndbm.c |3 +- source4/heimdal/lib/hx509/crypto.c |4 - source4/heimdal/lib/krb5/crypto.c | 277 +--- source4/heimdal/lib/krb5/get_addrs.c |2 - source4/heimdal/lib/krb5/init_creds_pw.c |2 +-
Re: [SCM] Samba Shared Repository - branch master updated- release-4-0-0alpha8-349-g5334b79
Hey Steven, No one at Isilon is working on SMB2 server side implementation currently, but we are front loading a lot of test work so there will be a reasonable set of correctness tests already available when new code is written. Right now we're working on porting most of the RAW SMB tests to SMB2, including open, streams, share modes, acls, brl, and change notify. All of our testing has been against a W2K8 server, though I'll include a W2K8R2 server as well. Sorry, I made some last minute changes before pushing this patch and didn't re-run them. I'll be more careful next time. Though, several of the tests will fail against current HEAD because the features aren't implemented yet. Is it acceptable for the make test TESTS=smb2 to fail for a bit? Not without corresponding notations in the source{3,4}/selftest/knownfail files. Yes, please make sure you use torture_comment() instead of printf() and all torture_assert* functions instead of just returning false in a test. Then make test reports them as failures instead of errors and it's easy to mark them as known failures. This makes sure that the server doesn't crash when the test runs against it. metze signature.asc Description: OpenPGP digital signature