[Samba] Samba 3.4.0 - Multiple groups Multiple users
Hi, Do you know how to assign in Samba 3.4.0 multiple AD groups and/or multiple AD users to a samba resource ? Thank you, Edgardo Ghibaudo --http://www.provincia.biella.it-- Vuoi rimanere sempre aggiornato sulle nostre attivita'? Visita la pagina dei feed RSS sul nostro sito ed iscriviti alla sezione di interesse. --Avviso-- Questo messaggio e i suoi allegati sono riservati esclusivamente alle persone in indirizzo e possono contenere informazioni confidenziali. Se questo messaggio vi e' pervenuto per errore, vi informiamo che ogni suo uso e'proibito. In questo caso rispedite immediatamente il messaggio al mittente e cancellatelo. Per ogni chiarimento contattateci scrivendo a c...@provincia.biella.it. Grazie -Il Webmaster. --Warning- This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to c...@provincia.biella.it. The Webmaster. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.4.0 - Error 64 from Xp clients
Hi, Using Samba 3.4.0 from Xp clients during the “net use” command we obtain: System Error 64 The network name specified is not available Edgardo Ghibaudo --http://www.provincia.biella.it-- Vuoi rimanere sempre aggiornato sulle nostre attivita'? Visita la pagina dei feed RSS sul nostro sito ed iscriviti alla sezione di interesse. --Avviso-- Questo messaggio e i suoi allegati sono riservati esclusivamente alle persone in indirizzo e possono contenere informazioni confidenziali. Se questo messaggio vi e' pervenuto per errore, vi informiamo che ogni suo uso e'proibito. In questo caso rispedite immediatamente il messaggio al mittente e cancellatelo. Per ogni chiarimento contattateci scrivendo a c...@provincia.biella.it. Grazie -Il Webmaster. --Warning- This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to c...@provincia.biella.it. The Webmaster. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Share access problem from 3.4.0 (solved)
Hi Bill, Due to my upcoming holiday i will not be able to work on the CTDB project. ;-) I will contact you again in September, somewhere from the 21st of September ongoing. Cheers Volker -Ursprüngliche Nachricht- Von: William Jojo [mailto:w.j...@hvcc.edu] Gesendet: Montag, 27. Juli 2009 17:57 An: Arendt, Volker Cc: volker.lende...@sernet.de; samba@lists.samba.org Betreff: Re: AW: AW: [Samba] Share access problem from 3.4.0 (solved) Arendt, Volker wrote: Hi Bill, please let me know when your AMP bundle is done and you have the 3.4.0 ctdb-samba version packaged. Then we could go to work and find out how a best practice for setting up a clustered samba on AIX needs to look like. :-) Ok, perhaps we could add/supplement to these docs? http://pware.hvcc.edu/AIX-Samba.pdf These also need to be updated to include some additional backends that have been released since 3.2. But everything listed there works very nicely. Cheers, Bill regards Volker -Ursprüngliche Nachricht- Von: William Jojo [mailto:w.j...@hvcc.edu] Gesendet: Mo 27.07.2009 17:26 An: Arendt, Volker Cc: volker.lende...@sernet.de; samba@lists.samba.org Betreff: Re: AW: [Samba] Share access problem from 3.4.0 (solved) Arendt, Volker wrote: Hi all, as it happens very often the problem sits about 30 centimeters from the monitor (thanks for that, Volker)! I incorrectly assumed that i can access the same directory on a GPFS file system from two different nodes. As such my current problem is solved. Currently we have to isolate access to a directory on GPFS to a single node. My next steps would be to setup CTDB and SAMBA on AIX. But the documentation is not suited for a AIX install as it is very linux based. I would be willing to cooperate to build the documentation and a reference installation for AIX. How about you, Bill? Shall we give it a try?! ;-) Indeed I would. :-) I have passed some patches back upstream for AIX, but I am completing a test for broken libgpfs.a before they can be included. In the meantime, I've been successful with a pware53{-64}.clustered-samba.rte 3.3.4.0 (32- and 64-bit). I can work on the 3.4 version later today since my patch set is against this level. I'm finishing up an AMP refresh I can't wait to get off my plate. :-) Cheers, Bill Kind regards Volker -Ursprüngliche Nachricht- Von: Volker Lendecke [mailto:volker.lende...@sernet.de] Gesendet: Mo 27.07.2009 15:47 An: Arendt, Volker Cc: samba@lists.samba.org Betreff: Re: [Samba] Share access problem from 3.4.0 On Mon, Jul 27, 2009 at 03:19:15PM +0200, Arendt, Volker wrote: Hi all, we have a public share for all of our users. The share definition is as follows: [public] comment = browseable = yes writeable = yes path = /gpfs/fbb/apps/public force group = @BUILTIN+Users valid users = @BUILTIN+Users write list = @BUILTIN+Users All of our data resides on a GPFS file system. The share is defined and accessed on a AIX 5.3.10 node with samba 3.0.26a. Here users do not have any problem. A second node with AIX 5.3.10 and samba 3.4.0 provides the same share. Users cannot access the public share via this system. What could be the problem? No idea without logfiles. Just to make 100% sure: The path= you're pointing to is different from the 3.0.26a node, right? Otherwise you're forcing your users to destroy their data. You might want to take a look at ctdb.samba.org. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Users created by smbpasswd not a member of any ntgroup
Hi Guys, Ubuntu 8.04 Server 64-bit Edition Samba 3.0.28a I have configured samba as a PDC with winbind. I DO NOT have a windows NT server on the network, but i need winbind for squid and other purposes. r...@sunbox:/usr/lib/squid# net rpc group list Password: Domain Users Domain Admins Administrators Users My question is, if we configured samba as a PDC, when users are created using smbpasswd command, the users should be a member of one of the above groups right? But, when i checked, #net rpc user info user1 -Uroot%secret None Is this by default and should i add all samba users to windows groups manually?? How does this work? Thanks Avinash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA 3.3.7 - (SMBntcreateX) NT_STATUS_ACCESS_DENIED
I just compiled Samba 3.3.7 on Ubuntu 8.04. I copied the new libnss_winbind.so.2 library under /lib and the “getent group” command works fine. The “net use” of the resource is OK. I’m verifying the problem (SMBntcreateX) NT_STATUS_ACCESS_DENIED reported in the log.smbd file when I try to create a folder or to move a file in the samba resource. The same operation on Samba 3.2.14 is OK. Regards, Edgardo Ghibaudo --http://www.provincia.biella.it-- Vuoi rimanere sempre aggiornato sulle nostre attivita'? Visita la pagina dei feed RSS sul nostro sito ed iscriviti alla sezione di interesse. --Avviso-- Questo messaggio e i suoi allegati sono riservati esclusivamente alle persone in indirizzo e possono contenere informazioni confidenziali. Se questo messaggio vi e' pervenuto per errore, vi informiamo che ogni suo uso e'proibito. In questo caso rispedite immediatamente il messaggio al mittente e cancellatelo. Per ogni chiarimento contattateci scrivendo a c...@provincia.biella.it. Grazie -Il Webmaster. --Warning- This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to c...@provincia.biella.it. The Webmaster. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] password policy
hi, How can I configure a policy for: 1 - the password be diferent of login, name, phone 2 - contain at least 3 character to 12,$%,ab,AB sorry for my english -- Daniel Theodoro 9399-3364 (LPIC-1) Junior Level Linux Professional (LPIC-2) Advanced Level Linux Professional -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password policy
How can I configure a policy for: 1 - the password be diferent of login, name, phone 2 - contain at least 3 character to 12,$%,ab,AB sorry for my english Are you using ldap? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Veto files question
Andrew Masterson wrote: hide unreadable = yes is the closest I can think of. You could then set perms to something like 400 and only owners will be able to read their own files. -=Andrew Thank you, Andrew. Changing the perms is not the solution. This is what I want to do: I have a public share. Everybody can read,write and modify files within this share. This works perfect. * I want to create another 'share' in smb.conf pointing to the same folder. * When a user mounts this share, he will only see the files belongs to his. I think Samba should have the power to filter it. Any idea? Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] password policy
yes On Tue, Aug 25, 2009 at 10:33 AM, John Drescher dresche...@gmail.comwrote: How can I configure a policy for: 1 - the password be diferent of login, name, phone 2 - contain at least 3 character to 12,$%,ab,AB sorry for my english Are you using ldap? John -- Daniel Theodoro 9399-3364 (LPIC-1) Junior Level Linux Professional (LPIC-2) Advanced Level Linux Professional -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba + ldap issues
Hey All I am having a problems with using openldap and samba. We have been having issues with samba passwords expiring and I have tried several things to resolve the issues. The ldap server was setup using the smbldap-tools. When the password expires the only thing I have been able to do is to reset the password. I have tried the smbldap-usemod -B -1 username to disable the SambaPwdMustChange. Also tried to set the SambaAcctFlags to UX. We set this ldap server up in hurry and did not have a chance to implement a proper password policy. This is using the stock version of Samba and LDAP that came with RHEL5. John Allgood Senior Systems Administrator Turbo, division of OHL 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878 jallg...@ohl.commailto:jallg...@ohl.com www.ohl.comhttp://www.ohl.com __ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Veto files question
Turning it on its head then, set ACLS for the full read-write share, and set the local perms to 700. Then set the flags on the original mount to honour acls, and the flags on the second mount to *not* honour acls. Then set hide unreadable=yes for the second mount. Maybe the nt acl support option will help. Maybe a different way to approach the problem. YMMV -=Andrew -Original Message- From: Allen Chen [mailto:ac...@harbourfrontcentre.com] Sent: Tuesday, August 25, 2009 7:40 AM To: Andrew Masterson Cc: samba@lists.samba.org Subject: Re: [Samba] Veto files question Andrew Masterson wrote: hide unreadable = yes is the closest I can think of. You could then set perms to something like 400 and only owners will be able to read their own files. -=Andrew Thank you, Andrew. Changing the perms is not the solution. This is what I want to do: I have a public share. Everybody can read,write and modify files within this share. This works perfect. * I want to create another 'share' in smb.conf pointing to the same folder. * When a user mounts this share, he will only see the files belongs to his. I think Samba should have the power to filter it. Any idea? Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange SMB Log Entries on Server
I have a file server running Samba v3.0.33 on RHEL 5.3 am running to the following entries in my /var/log/messages: Aug 25 02:03:56 lt2fs1 smbd[13595]: [2009/08/25 02:03:56, 0] smbd/service.c:set_current_service(184) Aug 25 02:03:56 lt2fs1 smbd[13595]: chdir (/share/ctia) failed Aug 25 02:03:56 lt2fs1 smbd[13595]: [2009/08/25 02:03:56, 0] smbd/service.c:set_current_service(184) Aug 25 02:03:56 lt2fs1 smbd[13595]: chdir (/share/ctia) failed Aug 25 09:25:00 lt2fs1 smbd[13785]: [2009/08/25 09:25:00, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) Aug 25 09:25:00 lt2fs1 smbd[13785]: call_nt_transact_ioctl(0x9005c): Currently not implemented. Aug 25 09:48:26 lt2fs1 smbd[13449]: [2009/08/25 09:48:26, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) Aug 25 09:48:26 lt2fs1 smbd[13449]: call_nt_transact_ioctl(0x9009c): Currently not implemented. Aug 25 11:17:14 lt2fs1 smbd[13872]: [2009/08/25 11:17:14, 0] lib/util_sock.c:read_data(534) Aug 25 11:17:14 lt2fs1 smbd[13872]: read_data: read failure for 4 bytes to client 10.1.10.176. Error = Connection reset by peer Aug 25 11:52:34 lt2fs1 smbd[13875]: [2009/08/25 11:52:34, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) Aug 25 11:52:34 lt2fs1 smbd[13875]: call_nt_transact_ioctl(0x940cf): Currently not implemented. I am confused as to what the following logs mean... Does anyone know why I am seeing this flood my logs on my server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migrating DOS attributes
I've decided to modernize my samba installation by switching to storing dos attributes as extended attributes on the linux file sytem. It would be nice to convert the dos attributes that are currently mapped into the new extended attributes. I found this page on the samba wiki: http://wiki.samba.org/index.php/Migration_Tools but the link to the perl script is dead and the author's email address is invalid. Does anyone have the perl script or an equivalent tool? If so, can you post it to the wiki or make it available some other way? Thanks, -- Mark Nienberg Sent from an invalid address. Please reply to the group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Veto files question
Andrew Masterson wrote: Turning it on its head then, set ACLS for the full read-write share, and set the local perms to 700. Then set the flags on the original mount to honour acls, and the flags on the second mount to *not* honour acls. ^^^ It does make sense. but How do you set up honour acls in smb.conf? I use Samba 3.0.22. Then set hide unreadable=yes for the second mount. Maybe the nt acl support option will help. Maybe a different way to approach the problem. YMMV -=Andrew -Original Message- From: Allen Chen [mailto:ac...@harbourfrontcentre.com] Sent: Tuesday, August 25, 2009 7:40 AM To: Andrew Masterson Cc: samba@lists.samba.org Subject: Re: [Samba] Veto files question Andrew Masterson wrote: hide unreadable = yes is the closest I can think of. You could then set perms to something like 400 and only owners will be able to read their own files. -=Andrew Thank you, Andrew. Changing the perms is not the solution. This is what I want to do: I have a public share. Everybody can read,write and modify files within this share. This works perfect. * I want to create another 'share' in smb.conf pointing to the same folder. * When a user mounts this share, he will only see the files belongs to his. I think Samba should have the power to filter it. Any idea? Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] most common way to implement 'net time' privileges
On Mon, Aug 24, 2009 at 4:25 PM, Hoover, Tonyhoo...@sal.ksu.edu wrote: Use user manager for domains from the NT admin tools. select the correct domain (if not already selected). Select Policy - User Rights Select the right: Change the system time Click Add... then select Domain Users I followed your advice. Downloaded usrmgr.msi from M$ site. Installed. Launching usrmgr.exe I get a list of users and groups in my domain. I select Policies - User rights, but it gives me an error A device attached to the system is not functioning What could be a problem? Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Tue Aug 25 06:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-08-24 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-08-25 00:00:03.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Mon Aug 24 06:00:02 2009 +Build status as of Tue Aug 25 06:00:02 2009 Build counts: Tree Total Broken Panic @@ -6,17 +6,17 @@ ccache 2 1 0 distcc 0 0 0 ldb 25 25 0 -libreplace 1 1 0 +libreplace 22 11 0 lorikeet 0 0 0 pidl 1 1 0 -ppp 1 0 0 +ppp 0 0 0 rsync24 10 0 samba-docs 0 0 0 samba-web0 0 0 samba_3_current 0 0 0 -samba_3_master 26 25 3 -samba_3_next 23 22 1 -samba_4_0_test 28 28 2 -talloc 1 1 0 -tdb 1 1 0 +samba_3_master 23 23 2 +samba_3_next 23 23 1 +samba_4_0_test 25 25 1 +talloc 23 23 0 +tdb 19 19 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1167-g436d8b6
The branch, master has been updated via 436d8b6e06c555b2f3dabad8218f08b713e7664c (commit) via 6542a084a5dee239866f7d327c47afe2fc3efc6a (commit) from 213546103749c30dbb3ad8472872b9a8fad34205 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 436d8b6e06c555b2f3dabad8218f08b713e7664c Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 25 16:27:20 2009 +1000 s4:python Fix the reprovision test by deleting 'deleted' objects too. We were failing because CN=Deleted Objects, which is marked as 'deleted' itself, could not be re-added in a reprovision. Andrew Bartlett commit 6542a084a5dee239866f7d327c47afe2fc3efc6a Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 25 16:25:55 2009 +1000 s4:dsdb Rework show_deleted module not to liniearise the LDAP filter Instead, use the fact that the ldb_parse_tree structure is public to construct the 'and not deleted' clause as a structure, and apply each filter tree to that template. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/show_deleted.c | 109 + source4/scripting/python/samba/__init__.py| 15 ++-- 2 files changed, 46 insertions(+), 78 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index b4f52d7..12ae590 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -2,7 +2,8 @@ ldb database library Copyright (C) Simo Sorce 2005 - Copyright (C) Stefa Metzmacher me...@samba.org 2007 + Copyright (C) Stefan Metzmacher me...@samba.org 2007 + Copyright (C) Andrew Bartlett abart...@samba.org 2009 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -36,92 +37,46 @@ #include ldb/include/ldb_module.h #include dsdb/samdb/samdb.h -/* search */ -struct show_deleted_search_request { - - struct ldb_module *module; - struct ldb_request *req; -}; - -static int show_deleted_search_callback(struct ldb_request *req, - struct ldb_reply *ares) -{ - struct show_deleted_search_request *ar; - - ar = talloc_get_type(req-context, struct show_deleted_search_request); - - if (!ares) { - return ldb_module_done(ar-req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); - } - if (ares-error != LDB_SUCCESS) { - return ldb_module_done(ar-req, ares-controls, - ares-response, ares-error); - } - - switch (ares-type) { - case LDB_REPLY_ENTRY: - - return ldb_module_send_entry(ar-req, ares-message, ares-controls); - - case LDB_REPLY_REFERRAL: - return ldb_module_send_referral(ar-req, ares-referral); - - case LDB_REPLY_DONE: - return ldb_module_done(ar-req, ares-controls, - ares-response, LDB_SUCCESS); - - } - return LDB_SUCCESS; -} static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; struct ldb_control *control; struct ldb_control **saved_controls; - struct show_deleted_search_request *ar; struct ldb_request *down_req; - char *old_filter; - char *new_filter; + struct ldb_parse_tree *nodeleted_tree; + struct ldb_parse_tree *new_tree = req-op.search.tree; int ret; ldb = ldb_module_get_ctx(module); - ar = talloc_zero(req, struct show_deleted_search_request); - if (ar == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ar-module = module; - ar-req = req; - /* check if there's a show deleted control */ control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - if ( ! control) { - old_filter = ldb_filter_from_tree(ar, req-op.search.tree); - new_filter = talloc_asprintf(ar, ((!(isDeleted=TRUE))%s), -old_filter); - - ret = ldb_build_search_req(down_req, ldb, ar, - req-op.search.base, - req-op.search.scope, - new_filter, - req-op.search.attrs, - req-controls, - ar, show_deleted_search_callback, - req); - - } else { - ret =
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1169-g61ca4c4
The branch, master has been updated via 61ca4c491e1c13eb7d97847f743b0f540f1117c4 (commit) via 3c7cbd60e5a63496a523086fdfcf5c43301e78f7 (commit) from 436d8b6e06c555b2f3dabad8218f08b713e7664c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 Author: Andrew Tridgell tri...@samba.org Date: Tue Aug 25 17:00:27 2009 +1000 fixed DRS rename of deleted objects The objectclass module checks that the target parent exists, and refuses renames if it doesn't exist. For this to work for deleted objects we have to do the search in the objectclass module with the show deleted control enabled. commit 3c7cbd60e5a63496a523086fdfcf5c43301e78f7 Author: Andrew Tridgell tri...@samba.org Date: Tue Aug 25 16:59:25 2009 +1000 fixed a double free bug on error in net export --- Summary of changes: source4/dsdb/samdb/ldb_modules/objectclass.c | 21 - source4/kdc/hdb-samba4.c |1 - 2 files changed, 20 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 4f01370..eb35ad0 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -997,6 +997,7 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req struct oc_context *ac; struct ldb_dn *parent_dn; int ret; + struct ldb_control **ctrl; ldb = ldb_module_get_ctx(module); @@ -1025,12 +1026,30 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OPERATIONS_ERROR; } + /* we have to add the show deleted control, as otherwise DRS + deletes will be refused as we will think the target parent + does not exist */ + ctrl = talloc_array(req, struct ldb_control, 2); + if (!ctrl) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ctrl[0] = talloc(ctrl, struct ldb_control); + if (!ctrl[0]) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ctrl[0]-oid = LDB_CONTROL_SHOW_DELETED_OID; + ctrl[0]-critical = 0; + ctrl[0]-data = NULL; + ctrl[1] = NULL; + /* note that the results of this search are kept and used to update the parentGUID in objectclass_rename_callback() */ ret = ldb_build_search_req(search_req, ldb, ac, parent_dn, LDB_SCOPE_BASE, (objectClass=*), - attrs, NULL, + attrs, ctrl, ac, get_search_callback, req); if (ret != LDB_SUCCESS) { diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index d782254..502b4e0 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -1348,7 +1348,6 @@ static krb5_error_code hdb_samba4_seq(krb5_context context, HDB *db, unsigned fl } if (ret != 0) { - talloc_free(priv); db-hdb_dbc = NULL; } else { talloc_free(mem_ctx); -- Samba Shared Repository
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1167-g436d8b6
Hi Andrew, static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; struct ldb_control *control; struct ldb_control **saved_controls; - struct show_deleted_search_request *ar; struct ldb_request *down_req; - char *old_filter; - char *new_filter; + struct ldb_parse_tree *nodeleted_tree; + struct ldb_parse_tree *new_tree = req-op.search.tree; int ret; ldb = ldb_module_get_ctx(module); - ar = talloc_zero(req, struct show_deleted_search_request); - if (ar == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ar-module = module; - ar-req = req; - /* check if there's a show deleted control */ control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - if ( ! control) { - old_filter = ldb_filter_from_tree(ar, req-op.search.tree); - new_filter = talloc_asprintf(ar, ((!(isDeleted=TRUE))%s), - old_filter); - - ret = ldb_build_search_req(down_req, ldb, ar, -req-op.search.base, -req-op.search.scope, -new_filter, -req-op.search.attrs, -req-controls, -ar, show_deleted_search_callback, -req); - - } else { - ret = ldb_build_search_req_ex(down_req, ldb, ar, - req-op.search.base, - req-op.search.scope, - req-op.search.tree, - req-op.search.attrs, - req-controls, - ar, show_deleted_search_callback, - req); + if (! control) { + nodeleted_tree = talloc_get_type(ldb_module_get_private(module), + struct ldb_parse_tree); + if (nodeleted_tree) { + new_tree = talloc(req, struct ldb_parse_tree); + if (!new_tree) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *new_tree = *nodeleted_tree; + /* Replace dummy part of 'and' with the old, tree, +without a parse step */ + new_tree-u.list.elements[0] = req-op.search.tree; + } } + + ret = ldb_build_search_req_ex(down_req, ldb, req, + req-op.search.base, + req-op.search.scope, + new_tree, + req-op.search.attrs, + req-controls, + req-context, req-callback, + req); if (ret != LDB_SUCCESS) { return ret; } @@ -138,10 +93,20 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re static int show_deleted_init(struct ldb_module *module) { struct ldb_context *ldb; + struct ldb_parse_tree *nodeleted_tree; int ret; ldb = ldb_module_get_ctx(module); + nodeleted_tree = ldb_parse_tree(module, ((replace=me)(!(isDeleted=TRUE; + if (!nodeleted_tree) { + ldb_debug(ldb, LDB_DEBUG_ERROR, + show_deleted: Unable to parse isDeleted master expression!\n); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_module_set_private(module, nodeleted_tree); Why do we need to keep that as a global variable? That doesn't play nicely together with multiple async searches. I'd prefer to let each search request build its own parse tree. metze signature.asc Description: OpenPGP digital signature
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1167-g436d8b6
On Tue, 2009-08-25 at 08:46 +0200, Stefan (metze) Metzmacher wrote: Hi Andrew, static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; struct ldb_control *control; struct ldb_control **saved_controls; - struct show_deleted_search_request *ar; struct ldb_request *down_req; - char *old_filter; - char *new_filter; + struct ldb_parse_tree *nodeleted_tree; + struct ldb_parse_tree *new_tree = req-op.search.tree; int ret; ldb = ldb_module_get_ctx(module); - ar = talloc_zero(req, struct show_deleted_search_request); - if (ar == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ar-module = module; - ar-req = req; - /* check if there's a show deleted control */ control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - if ( ! control) { - old_filter = ldb_filter_from_tree(ar, req-op.search.tree); - new_filter = talloc_asprintf(ar, ((!(isDeleted=TRUE))%s), -old_filter); - - ret = ldb_build_search_req(down_req, ldb, ar, - req-op.search.base, - req-op.search.scope, - new_filter, - req-op.search.attrs, - req-controls, - ar, show_deleted_search_callback, - req); - - } else { - ret = ldb_build_search_req_ex(down_req, ldb, ar, - req-op.search.base, - req-op.search.scope, - req-op.search.tree, - req-op.search.attrs, - req-controls, - ar, show_deleted_search_callback, - req); + if (! control) { + nodeleted_tree = talloc_get_type(ldb_module_get_private(module), +struct ldb_parse_tree); + if (nodeleted_tree) { + new_tree = talloc(req, struct ldb_parse_tree); + if (!new_tree) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *new_tree = *nodeleted_tree; + /* Replace dummy part of 'and' with the old, tree, + without a parse step */ + new_tree-u.list.elements[0] = req-op.search.tree; + } } + + ret = ldb_build_search_req_ex(down_req, ldb, req, + req-op.search.base, + req-op.search.scope, + new_tree, + req-op.search.attrs, + req-controls, + req-context, req-callback, + req); if (ret != LDB_SUCCESS) { return ret; } @@ -138,10 +93,20 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re static int show_deleted_init(struct ldb_module *module) { struct ldb_context *ldb; + struct ldb_parse_tree *nodeleted_tree; int ret; ldb = ldb_module_get_ctx(module); + nodeleted_tree = ldb_parse_tree(module, ((replace=me)(!(isDeleted=TRUE; + if (!nodeleted_tree) { + ldb_debug(ldb, LDB_DEBUG_ERROR, + show_deleted: Unable to parse isDeleted master expression!\n); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_module_set_private(module, nodeleted_tree); Why do we need to keep that as a global variable? That doesn't play nicely together with multiple async searches. I'd prefer to let each search request build its own parse tree. We use structure assignment to create a local copy of this that we then insert the original tree into. I'll see about using a deep copy of the template if that would make you happier. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1167-g436d8b6
Andrew Bartlett schrieb: On Tue, 2009-08-25 at 08:46 +0200, Stefan (metze) Metzmacher wrote: Hi Andrew, static int show_deleted_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; struct ldb_control *control; struct ldb_control **saved_controls; - struct show_deleted_search_request *ar; struct ldb_request *down_req; - char *old_filter; - char *new_filter; + struct ldb_parse_tree *nodeleted_tree; + struct ldb_parse_tree *new_tree = req-op.search.tree; int ret; ldb = ldb_module_get_ctx(module); - ar = talloc_zero(req, struct show_deleted_search_request); - if (ar == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ar-module = module; - ar-req = req; - /* check if there's a show deleted control */ control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - if ( ! control) { - old_filter = ldb_filter_from_tree(ar, req-op.search.tree); - new_filter = talloc_asprintf(ar, ((!(isDeleted=TRUE))%s), -old_filter); - - ret = ldb_build_search_req(down_req, ldb, ar, - req-op.search.base, - req-op.search.scope, - new_filter, - req-op.search.attrs, - req-controls, - ar, show_deleted_search_callback, - req); - - } else { - ret = ldb_build_search_req_ex(down_req, ldb, ar, - req-op.search.base, - req-op.search.scope, - req-op.search.tree, - req-op.search.attrs, - req-controls, - ar, show_deleted_search_callback, - req); + if (! control) { + nodeleted_tree = talloc_get_type(ldb_module_get_private(module), +struct ldb_parse_tree); + if (nodeleted_tree) { + new_tree = talloc(req, struct ldb_parse_tree); + if (!new_tree) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *new_tree = *nodeleted_tree; + /* Replace dummy part of 'and' with the old, tree, + without a parse step */ + new_tree-u.list.elements[0] = req-op.search.tree; + } } + + ret = ldb_build_search_req_ex(down_req, ldb, req, + req-op.search.base, + req-op.search.scope, + new_tree, + req-op.search.attrs, + req-controls, + req-context, req-callback, + req); if (ret != LDB_SUCCESS) { return ret; } @@ -138,10 +93,20 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re static int show_deleted_init(struct ldb_module *module) { struct ldb_context *ldb; + struct ldb_parse_tree *nodeleted_tree; int ret; ldb = ldb_module_get_ctx(module); + nodeleted_tree = ldb_parse_tree(module, ((replace=me)(!(isDeleted=TRUE; + if (!nodeleted_tree) { + ldb_debug(ldb, LDB_DEBUG_ERROR, + show_deleted: Unable to parse isDeleted master expression!\n); + return LDB_ERR_OPERATIONS_ERROR; + } + + ldb_module_set_private(module, nodeleted_tree); Why do we need to keep that as a global variable? That doesn't play nicely together with multiple async searches. I'd prefer to let each search request build its own parse tree. We use structure assignment to create a local copy of this that we then insert the original tree into. I'll see about using a deep copy of the template if that would make you happier. Ah, sorry I haven't noticed that, I think it's fine then. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1170-gd896fb2
The branch, master has been updated via d896fb2dabaca650130ad6cea59eb3a66879470f (commit) from 61ca4c491e1c13eb7d97847f743b0f540f1117c4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d896fb2dabaca650130ad6cea59eb3a66879470f Author: Günther Deschner g...@samba.org Date: Tue Aug 25 11:10:53 2009 +0200 netlogon: give netlogon w7/w2k8r2 AES negotiate flag proper name (see bug #6099 for details). Guenther --- Summary of changes: librpc/gen_ndr/ndr_netlogon.c |2 +- librpc/gen_ndr/netlogon.h |2 +- librpc/idl/netlogon.idl |2 +- 3 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index 8bb22d8..e7a4121 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -6508,7 +6508,7 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_RODC_PASSTHROUGH, NETLOGON_NEG_RODC_PASSTHROUGH, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_SUPPORTS_AES_SHA2, NETLOGON_NEG_SUPPORTS_AES_SHA2, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_0x0100, NETLOGON_NEG_0x0100, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_SUPPORTS_AES, NETLOGON_NEG_SUPPORTS_AES, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), NETLOGON_NEG_AUTHENTICATED_RPC, NETLOGON_NEG_AUTHENTICATED_RPC, r); ndr-depth--; diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h index bc8ff12..9cf3828 100644 --- a/librpc/gen_ndr/netlogon.h +++ b/librpc/gen_ndr/netlogon.h @@ -754,7 +754,7 @@ union netr_CONTROL_DATA_INFORMATION { #define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x0010 ) #define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x0020 ) #define NETLOGON_NEG_SUPPORTS_AES_SHA2 ( 0x0040 ) -#define NETLOGON_NEG_0x0100 ( 0x0100 ) +#define NETLOGON_NEG_SUPPORTS_AES ( 0x0100 ) #define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x2000 ) #define NETLOGON_NEG_AUTHENTICATED_RPC ( 0x4000 ) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 2a2a6eb..8b74f14 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -961,7 +961,7 @@ interface netlogon NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x0010, NETLOGON_NEG_RODC_PASSTHROUGH = 0x0020, NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x0040, - NETLOGON_NEG_0x0100 = 0x0100, + NETLOGON_NEG_SUPPORTS_AES = 0x0100, NETLOGON_NEG_AUTHENTICATED_RPC_LSASS= 0x2000, NETLOGON_NEG_AUTHENTICATED_RPC = 0x4000 } netr_NegotiateFlags; -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag release-3-0-13 updated - release-3-0-13
The annotated tag, release-3-0-13 has been updated to 0466a4672b54458cb408c2245e0fdd7684a1ab8c (tag) from 8dc151c95bdbb2ce7ce4ae4f18a62c6ce0eb58b6 (which is now obsolete) tagging 794f35080f5881f01cba7e9232e5620bf431f8a9 (commit) replaces release-3-0-12 tagged by Karolin Seeger on Tue Aug 25 13:45:54 2009 +0200 - Log - tag release-3-0-13 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBKk88KbzORW2Vot+oRAuQRAKCnuKVHqA7jTBzxpcA8DluL3gCTiwCglS7z tCGjugV5+TJxG0ZTWbzGyMA= =R/rC -END PGP SIGNATURE- Gerald Carter (5): r5925: adding FindNext() fix from 3.0; setting version to 3.0.13 r5964: merging some fixes for 3.0.13 r5995: merging more changes from 3.0 tree. r5996: updating release notes and version r6003: merge BUG 2521 fix; should be ready for 3.0.13 now --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1172-g1df1892
The branch, master has been updated via 1df18922c613d2d3c8c23b919e435cb1de915eaa (commit) via 3176ee2632ddfc6a1fb6f7f3e255cd369c1f0907 (commit) from d896fb2dabaca650130ad6cea59eb3a66879470f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1df18922c613d2d3c8c23b919e435cb1de915eaa Author: Volker Lendecke v...@samba.org Date: Tue Aug 25 17:03:26 2009 +0200 Add some const to dsgetdcname commit 3176ee2632ddfc6a1fb6f7f3e255cd369c1f0907 Author: Volker Lendecke v...@samba.org Date: Tue Aug 25 17:02:53 2009 +0200 Do an early TALLOC_FREE --- Summary of changes: source3/include/proto.h |2 +- source3/libads/dns.c |3 ++- source3/libsmb/dsgetdcname.c | 10 +- 3 files changed, 8 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index c530ee5..44f6685 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3064,7 +3064,7 @@ void debug_dsdcinfo_flags(int lvl, uint32_t flags); NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, struct messaging_context *msg_ctx, const char *domain_name, -struct GUID *domain_guid, +const struct GUID *domain_guid, const char *site_name, uint32_t flags, struct netr_DsRGetDCNameInfo **info); diff --git a/source3/libads/dns.c b/source3/libads/dns.c index 5cf768d..0797eb1 100644 --- a/source3/libads/dns.c +++ b/source3/libads/dns.c @@ -985,7 +985,7 @@ NTSTATUS ads_dns_query_dcs_guid(TALLOC_CTX *ctx, /*_ldap._tcp.DomainGuid.domains._msdcs.DnsForestName */ const char *domains; - const char *guid_string; + char *guid_string; guid_string = GUID_string(ctx, domain_guid); if (!guid_string) { @@ -997,6 +997,7 @@ NTSTATUS ads_dns_query_dcs_guid(TALLOC_CTX *ctx, if (!domains) { return NT_STATUS_NO_MEMORY; } + TALLOC_FREE(guid_string); return ads_dns_query_internal(ctx, _ldap, domains, dns_forest_name, NULL, dclist, numdcs); diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 5279b8f..99d21eb 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -314,7 +314,7 @@ static bool check_cldap_reply_required_flags(uint32_t ret_flags, static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx, const char *domain_name, - struct GUID *domain_guid, + const struct GUID *domain_guid, uint32_t flags, const char *site_name, struct netr_DsRGetDCNameInfo **info_p) @@ -381,7 +381,7 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx, static NTSTATUS dsgetdcname_cached(TALLOC_CTX *mem_ctx, struct messaging_context *msg_ctx, const char *domain_name, - struct GUID *domain_guid, + const struct GUID *domain_guid, uint32_t flags, const char *site_name, struct netr_DsRGetDCNameInfo **info) @@ -527,7 +527,7 @@ static NTSTATUS discover_dc_netbios(TALLOC_CTX *mem_ctx, static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, const char *domain_name, - struct GUID *domain_guid, + const struct GUID *domain_guid, uint32_t flags, const char *site_name, struct ip_service_name **returned_dclist, @@ -1033,7 +1033,7 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx, struct messaging_context *msg_ctx, const char *domain_name, - struct GUID *domain_guid, + const struct GUID *domain_guid, uint32_t flags, const char *site_name, struct netr_DsRGetDCNameInfo **info) @@ -1114,7 +1114,7 @@ static bool is_closest_site(struct netr_DsRGetDCNameInfo *info) NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, struct messaging_context *msg_ctx, const char *domain_name, -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1173-g808a0d4
The branch, master has been updated via 808a0d44f84ed668c906eaa6777d2c0743351560 (commit) from 1df18922c613d2d3c8c23b919e435cb1de915eaa (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 808a0d44f84ed668c906eaa6777d2c0743351560 Author: Zach Loafman zachary.loaf...@isilon.com Date: Tue Aug 25 10:46:37 2009 -0700 Allow for name array strings that don't end in a slash Fix set_namearray to allow for strings that don't end in a slash. Also remove unnecessary strdup()s. Signed-off-by: Tim Prouty tpro...@samba.org --- Summary of changes: source3/lib/util.c | 29 + 1 files changed, 17 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util.c b/source3/lib/util.c index 74b7921..ae63082 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1691,7 +1691,7 @@ bool is_in_path(const char *name, name_compare_entry *namelist, bool case_sensit void set_namearray(name_compare_entry **ppname_array, const char *namelist) { char *name_end; - const char *nameptr = namelist; + char *nameptr = (char *)namelist; int num_entries = 0; int i; @@ -1711,12 +1711,14 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist) nameptr++; continue; } - /* find the next / */ - name_end = strchr_m(nameptr, '/'); + /* anything left? */ + if ( *nameptr == '\0' ) + break; - /* oops - the last check for a / didn't find one. */ + /* find the next '/' or consume remaining */ + name_end = strchr_m(nameptr, '/'); if (name_end == NULL) - break; + name_end = (char *)nameptr + strlen(nameptr); /* next segment please */ nameptr = name_end + 1; @@ -1732,7 +1734,7 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist) } /* Now copy out the names */ - nameptr = namelist; + nameptr = (char *)namelist; i = 0; while(*nameptr) { if ( *nameptr == '/' ) { @@ -1740,14 +1742,17 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist) nameptr++; continue; } - /* find the next / */ - if ((name_end = strchr_m(nameptr, '/')) != NULL) - *name_end = 0; - - /* oops - the last check for a / didn't find one. */ - if(name_end == NULL) + /* anything left? */ + if ( *nameptr == '\0' ) break; + /* find the next '/' or consume remaining */ + name_end = strchr_m(nameptr, '/'); + if (name_end) + *name_end = '\0'; + else + name_end = nameptr + strlen(nameptr); + (*ppname_array)[i].is_wild = ms_has_wild(nameptr); if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL) { DEBUG(0,(set_namearray: malloc fail (1)\n)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1176-ge460c21
The branch, master has been updated via e460c211b01f6642d9064e11432577fbb728cefb (commit) via 5b46e5985e0f0edc199408c713a02dbe37faa381 (commit) via 1a53b617710b1bf9555de6ab01afeaf6f9c1d42a (commit) from 808a0d44f84ed668c906eaa6777d2c0743351560 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e460c211b01f6642d9064e11432577fbb728cefb Author: Günther Deschner g...@samba.org Date: Tue Aug 25 18:47:15 2009 +0200 s3-netlogon: get rid of init_net_r_req_chal(). Guenther commit 5b46e5985e0f0edc199408c713a02dbe37faa381 Author: Günther Deschner g...@samba.org Date: Tue Aug 25 18:44:24 2009 +0200 s3-netlogon: let get_md4pw() return a struct samr_Password. (in preparation of credential merge). Guenther commit 1a53b617710b1bf9555de6ab01afeaf6f9c1d42a Author: Günther Deschner g...@samba.org Date: Tue Aug 25 18:36:28 2009 +0200 s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3. Guenther --- Summary of changes: source3/libsmb/credentials.c |4 +- source3/rpc_server/srv_netlog_nt.c | 87 +-- 2 files changed, 24 insertions(+), 67 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 9dc0b9f..d202409 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -104,9 +104,7 @@ static void creds_init_64(struct dcinfo *dc, unsigned char sum2[8]; /* Just in case this isn't already there */ - if (dc-mach_pw != mach_pw) { - memcpy(dc-mach_pw, mach_pw, 16); - } + memcpy(dc-mach_pw, mach_pw, 16); sum[0] = IVAL(clnt_chal_in-data, 0) + IVAL(srv_chal_in-data, 0); sum[1] = IVAL(clnt_chal_in-data, 4) + IVAL(srv_chal_in-data, 4); diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 8a93b20..81a4801 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -32,18 +32,6 @@ extern userdom_struct current_user_info; #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -/* - init_net_r_req_chal: - */ - -static void init_net_r_req_chal(struct netr_Credential *r, - struct netr_Credential *srv_chal) -{ - DEBUG(6,(init_net_r_req_chal: %d\n, __LINE__)); - - memcpy(r-data, srv_chal-data, sizeof(r-data)); -} - /*** Inits a netr_NETLOGON_INFO_1 structure. / @@ -296,7 +284,7 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p, gets a machine password entry. checks access rights of the host. **/ -static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, +static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct, uint16_t sec_chan_type, uint32_t *rid) { struct samu *sampass = NULL; @@ -390,8 +378,8 @@ static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, return NT_STATUS_LOGON_FAILURE; } - memcpy(md4pw, pass, 16); - dump_data(5, (uint8 *)md4pw, 16); + memcpy(md4pw-hash, pass, 16); + dump_data(5, md4pw-hash, 16); if (rid) { *rid = pdb_get_user_rid(sampass); @@ -432,7 +420,7 @@ NTSTATUS _netr_ServerReqChallenge(pipes_struct *p, generate_random_buffer(p-dc-srv_chal.data, 8); /* set up the LSA REQUEST CHALLENGE response */ - init_net_r_req_chal(r-out.return_credentials, p-dc-srv_chal); + *r-out.return_credentials = p-dc-srv_chal; p-dc-challenge_sent = True; @@ -447,56 +435,23 @@ NTSTATUS _netr_ServerReqChallenge(pipes_struct *p, NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, struct netr_ServerAuthenticate *r) { - NTSTATUS status; - struct netr_Credential srv_chal_out; - - if (!p-dc || !p-dc-challenge_sent) { - return NT_STATUS_ACCESS_DENIED; - } - - status = get_md4pw((char *)p-dc-mach_pw, - r-in.account_name, - r-in.secure_channel_type, - NULL); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,(_netr_ServerAuthenticate: get_md4pw failed. Failed to - get password for machine account %s - from client %s: %s\n, - r-in.account_name, - r-in.computer_name, -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1178-ga77b036
The branch, master has been updated via a77b036f3b823a1de9ee05bfe5c620550097d037 (commit) via 87ce535243dc660584c87f6835c583d7125462aa (commit) from e460c211b01f6642d9064e11432577fbb728cefb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a77b036f3b823a1de9ee05bfe5c620550097d037 Author: Günther Deschner g...@samba.org Date: Wed Aug 26 01:03:47 2009 +0200 s3-netlogon: fix default case when _netr_LogonSamLogon is called from other opcodes. Guenther commit 87ce535243dc660584c87f6835c583d7125462aa Author: Günther Deschner g...@samba.org Date: Wed Aug 26 01:01:43 2009 +0200 Revert s3: Fix uninitialized const char * Tim, I am reverting this as this eliminates _netr_LogonSamLogonEx from the debug messages completely. Followup fix to come immediately. This reverts commit add9b4afb14d3426d1f3bf5b8e7c86926f462578. --- Summary of changes: source3/rpc_server/srv_netlog_nt.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 81a4801..01b2398 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -825,10 +825,11 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, fn = _netr_LogonSamLogon; break; case NDR_NETR_LOGONSAMLOGONEX: + process_creds = false; fn = _netr_LogonSamLogonEx; + break; default: - fn = ; - process_creds = false; + return NT_STATUS_INTERNAL_ERROR; } if ( (lp_server_schannel() == True) (p-auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1184-g7421872
The branch, master has been updated via 74218726e89c297eb957b9df989dd42fd1601742 (commit) via a1da91174b8db082c42ec7e8a6438e11e0e56e91 (commit) via b9ec6bb1eb02121f43498681b99891dc17505512 (commit) via a52e7a2c65aef69a205a81b0c0c84abdd54e8f16 (commit) via 7e54b5e568ec630a85914cdc86ab62823190da9c (commit) via cda99a202dd2b9fbf230d35a32e2bc7a6b1d1f6d (commit) from a77b036f3b823a1de9ee05bfe5c620550097d037 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 74218726e89c297eb957b9df989dd42fd1601742 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 13:44:50 2009 +1000 s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc This changes dsdb_write_prefixes_from_schema_to_ldb() to use an internal talloc hirarchy, so we can safely give it a NULL context from the python. It also fixes manual construction of the ldb_message - we now use the right helper functions. Andrew Bartlett commit a1da91174b8db082c42ec7e8a6438e11e0e56e91 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 13:43:33 2009 +1000 s4:provison Add prefixes to ldb using same code a later modify will use This allows us to test out the code that will do the modify of the prefixMap, and to provide the bindings that may assist a future upgrade script. Andrew Bartlett commit b9ec6bb1eb02121f43498681b99891dc17505512 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 12:39:44 2009 +1000 s4:provision Only create references to our server DN after the self join This will ensure that the GUID can be filled in correctly, and assist us to validate DN targets in the future. Andrew Bartlett commit a52e7a2c65aef69a205a81b0c0c84abdd54e8f16 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 12:32:47 2009 +1000 s4:scheam quiet a 'const' warning commit 7e54b5e568ec630a85914cdc86ab62823190da9c Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 12:29:45 2009 +1000 s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema The aim is to create a function that is more easily wrapped for python, so that we can write the updated prefixMap in an upgrade script. Andrew Bartlett commit cda99a202dd2b9fbf230d35a32e2bc7a6b1d1f6d Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 11:01:27 2009 +1000 s4:dsdb Use helper function to add 'show deleted' control This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 to use ldb_request_add_control() instead of a manual construction. Andrew Bartlett --- Summary of changes: source4/dsdb/samdb/ldb_modules/objectclass.c | 30 --- source4/dsdb/schema/schema_init.c | 61 +++-- source4/scripting/python/pyglue.c | 26 + source4/scripting/python/samba/__init__.py|3 + source4/scripting/python/samba/provision.py | 24 +++-- source4/setup/provision.ldif |2 - source4/setup/provision_basedn_modify.ldif|3 - source4/setup/provision_configuration.ldif|2 - source4/setup/provision_schema_basedn_modify.ldif |5 -- source4/setup/provision_self_join_modify.ldif | 29 ++ 10 files changed, 120 insertions(+), 65 deletions(-) create mode 100644 source4/setup/provision_self_join_modify.ldif Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index eb35ad0..6dbafac 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -997,7 +997,6 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req struct oc_context *ac; struct ldb_dn *parent_dn; int ret; - struct ldb_control **ctrl; ldb = ldb_module_get_ctx(module); @@ -1026,36 +1025,27 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OPERATIONS_ERROR; } - /* we have to add the show deleted control, as otherwise DRS - deletes will be refused as we will think the target parent - does not exist */ - ctrl = talloc_array(req, struct ldb_control, 2); - if (!ctrl) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ctrl[0] = talloc(ctrl, struct ldb_control); - if (!ctrl[0]) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ctrl[0]-oid = LDB_CONTROL_SHOW_DELETED_OID; - ctrl[0]-critical = 0; - ctrl[0]-data = NULL; - ctrl[1] = NULL; -