Re: [Samba] most common way to implement 'net time' privileges
On Wed, Aug 26, 2009 at 08:55:18AM +0300, Liutauras Adomaitis wrote: On Mon, Aug 24, 2009 at 4:25 PM, Hoover, Tonyhoo...@sal.ksu.edu wrote: Use user manager for domains from the NT admin tools. select the correct domain (if not already selected). Select Policy - User Rights Select the right: Change the system time Click Add... then select Domain Users I followed your advice. Downloaded usrmgr.msi from M$ site. Installed. Launching usrmgr.exe I get a list of users and groups in my domain. I select Policies - User rights, but it gives me an error A device attached to the system is not functioning What could be a problem? What Samba version? And, please send a debug level 10 log of smbd while doing this. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] most common way to implement 'net time' privileges
On Wed, Aug 26, 2009 at 11:07:02AM +0300, Liutauras Adomaitis wrote: What Samba version? And, please send a debug level 10 log of smbd while doing this. Samba Version 3.3.2 + LDAP Mandriva 2009.1 log file attached My log settings in smb.conf arre: log file = /var/log/samba/%m.log max log size = 500 log level = 10 syslog = 0 That does not seem to contain the error, sorry. Can you increase the max log size considerably and upload the logfile somewhere for me to download it? Thanks, Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject
Hi All, Ok I think I have isolated the problem a little more. I did not know the user in question was using a MAC as she is a remote user I have never seen. It seems this issue is only happening with MAC's I did not think that could happen as she is still using the smb protocol. Below is a dir listing of newly created dir's from win, linux and mac clients all using the smb protocol. drwxrwxr-x 2 bbaumann isovera 48 2009-08-26 09:07 ben --windows drwxrwxr-x 2 crusso isovera 48 2009-08-26 09:07 chris---linux (ubunutu) drwxr-xr-x 2 efogel isovera 48 2009-08-26 09:08 erin ---MAC (Newest Version) As you can see the only one not respecting my config of a 775 dir is the mac client. Has anyone seen this before? Any help is greatly appreciated. Thanks, Shaun -- Shaun Martin Systems Administrator Akaza Research smar...@akazaresearch.com www.akazaresearch.com http://www.akazaresearch.com/ www.openclinica.org http://www.openclinica.org/ Open Source Platform for Clinical Research From: Jeremy Allison j...@samba.org Reply-To: Jeremy Allison j...@samba.org Date: Tue, 18 Aug 2009 11:55:03 -0700 To: Shaun Martin smar...@akazaresearch.com Cc: Adam Williams awill...@mdah.state.ms.us, samba@lists.samba.org Subject: Re: [Samba] Permission Issues - Email found in subject - Email found in subject - Email found in subject On Tue, Aug 18, 2009 at 11:38:21AM -0400, Shaun Martin wrote: Hi, Thank you for noticting that, although it did not fix my issue. My current config is below. And below that is ls lah on the new directories I made after I killed and restarted samba. PLEASE HELP :) [shared] delete readonly = yes writeable = yes path = /shared force directory mode = 0775 force create mode = 0775 comment = Shared Files public = no create mask = 0775 directory mask = 0775 force directory security mask = 0775 directory security mask = 0775 force security mode = 0775 security mask = 0775 browseable = yes I created both shaun and the sub-directory new. Still has 755 permissions. I want 775 permissions. root# ls -lah |grep shaun drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 shaun root# ls -lah shaun/ total 1.0K drwxr-xr-x 3 smartin akaza 72 2009-08-18 11:35 . drwxrwx--- 21 smartin isovera 1.3K 2009-08-18 11:35 .. drwxr-xr-x 2 smartin akaza 48 2009-08-18 11:35 new I just tested this using the latest released 3.4.0 code and it works fine. I suggest you upgrade to the latest version from 3.2.0. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems with smb-ldap tools
Hey All I am needing to write a script for my end users to be able to reset their passwords when they expire. When I run smbldap-passwd as a user I get the following error messages below. Execute permissions are set correctly on smbldap-passwd. Failed to modify SMB password: Insufficient access at /usr/local/sbin/smbldap-passwd line 238, STDIN line 3. Failed to modify UNIX password: Insufficient access at /usr/local/sbin/smbldap-passwd line 285, STDIN line 3. John Allgood Senior Systems Administrator Turbo, division of OHL 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878 jallg...@ohl.commailto:jallg...@ohl.com www.ohl.comhttp://www.ohl.com __ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: most common way to implement 'net time' privileges
On Wed, Aug 26, 2009 at 06:05:35PM +0300, Liutauras Adomaitis wrote: now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Normally a Device is not functioning (or so) means an NT_STATUS_UNSUCCESSFUL error message. I don't see any such error message in the logs. When *exactly* did the error happen when you took the log? Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4wins BDC
Hi! My samba4wins servers tell the clients always the pdc as logon server. How can I tell the samba4wins server the 2 BDC's on my system to get samba4wins telling the clients the 2 other logon servers (e.g. in case of PDC shutdown)? regards martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: most common way to implement 'net time' privileges
Resending my last mail to the list, Sorry -- Forwarded message -- From: Liutauras Adomaitis liutauras.adomai...@gmail.com Date: Wed, Aug 26, 2009 at 11:51 AM Subject: Re: [Samba] most common way to implement 'net time' privileges To: volker.lende...@sernet.de On Wed, Aug 26, 2009 at 11:44 AM, Volker Lendeckevolker.lende...@sernet.de wrote: On Wed, Aug 26, 2009 at 11:07:02AM +0300, Liutauras Adomaitis wrote: What Samba version? And, please send a debug level 10 log of smbd while doing this. Samba Version 3.3.2 + LDAP Mandriva 2009.1 log file attached My log settings in smb.conf arre: log file = /var/log/samba/%m.log max log size = 500 log level = 10 syslog = 0 That does not seem to contain the error, sorry. Can you increase the max log size considerably and upload the logfile somewhere for me to download it? now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind enum groups/users = no
After a bunch of reading, the most information I can find on turning these off is that they will speed up certain tasks, and this warning: Warning: Turning off group enumeration may cause some programs to behave oddly. Does anyone have any more information on what programs may behave oddly? Is this a server side odd-behaviour, client-side or both? (Using ls on some small directories seems to take a while presumably because it is busy getting the updated user/group information from the PDC, so I was wondering about turning these parameters off.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: most common way to implement 'net time' privileges
On Wed, Aug 26, 2009 at 6:11 PM, Volker Lendeckevolker.lende...@sernet.de wrote: On Wed, Aug 26, 2009 at 06:05:35PM +0300, Liutauras Adomaitis wrote: now size is few times larger. Try it now http://www.infosaitas.lt/logas.txt Normally a Device is not functioning (or so) means an NT_STATUS_UNSUCCESSFUL error message. I don't see any such error message in the logs. When *exactly* did the error happen when you took the log? My procedure: - change max log size to something very big - reload samba - tail -f the workstations.log file to some other file - go to that workstation and launch usrmgr.exe and go to policies - user rights - At this point I get the error - cancel tail -f process - send you a log file Maybe I should send you also smbd.log file? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ID mapping help
Hey all, I got a unique requirement of having AD groups map over to unix gid and existing perms of Unix only groups being granted. Reading through the man pages it seems this can be accomplished via idmap_nss. So my config looks like: [global] workgroup = SKUNKTEST realm = SKUNKTEST.LOCAL security = ads preferred master = no encrypt passwords = yes log level = 5 log file = /var/log/samba/%m max log size = 50 server string = Samba RnD Server winbind enum groups = yes idmap backend = tdb idmap uid = 100-199 idmap gid = 100-199 idmap config SKUNKTEST: backend = nss idmap config SKUNKTEST: range = 100-199 idmap config KRB: default = yes idmap config KRB: backend = tdb [foo] comment = A Shared Drive read only = no path = /samba/arwin When I do a getent group my winbindd-idmap.tdb populates with groups from AD with gid mappings, of course winbind is running. When I access a share via Windows and go to the security tab it will looks something like: Everyone arwin (Unix User\arwin) it_posix (Unix Group\it_posix) My problem arises here. If someone other than myself who is in the it_posix group (LDAP) tries to access the file (perms are rwx for group), they get access denied. So then apparently I should be able to net groupmap like: net groupmap add ntgroup=testing unixgroup=it_posix type=d Which results in: [r...@krb samba]# net groupmap list verbose testing SID : S-1-5-21-471262856-1245818307-3878391063-11805 Unix gid : 5402 Unix group: itr_posix Group type: Domain Group Comment : Domain Unix group Gid that is reported by Unix gid is good. Now the security tab looks like: Everyone arwin (Unix User\arwin) testing (KRB\testing) But people in that group still cannot access the file. It's only when I turn off winbind they can access the file, but I want winbind running so acls can be distributed for the groups in winbindd-idmap.tdb. Any help is appreciated. Thanks, Arwin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain not reachable.
I am setting up a domain with MDS and all works well in some offices, but in others I get domain not reachable errors when trying to logon. Could this be a bad switch? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Auto mount home share in Vista
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Seems the only way I can get Vista to mount a share when a user logs in is using a netlogon script. My XP clients auto mount the home share on login just fine, but vista won't. Has anyone experience this with vista and if so what did you do to get passed this? I could use a netlogon script to rectify the issue, but since I have XP and vista clients in the domain its seems a waste of resources to script net use for XP clients since they do the mount ok. Any help would be appreciated. David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqVqcUACgkQ5B+8XEnAvqsL6ACfSKay2VtwNq6ykn1uiTKI/9Pk GwkAniv03OPrtEdTK/xUOhCm2f3grIjK =kQt+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] FAT32 format HDD recognizes as NTFS
Hi, The following are my steps: 1. Insert a FAT32 format HDD into usb port of Linux PC. 2. After HDD mounted successfully, configure and start samba to share the HDD. 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! -- Best Regards, Sallow Yang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
Quoting Sallow Yang sallow.y...@gmail.com: Hi, The following are my steps: 1. Insert a FAT32 format HDD into usb port of Linux PC. 2. After HDD mounted successfully, configure and start samba to share the HDD. 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Auto mount home share in Vista
David Christensen wrote: Seems the only way I can get Vista to mount a share when a user logs in is using a netlogon script. ... Has anyone experience this with vista and if so what did you do to get passed this? With Vista Ultimate 32-bit, I connected to the Samba server, told Windows to remember my username and password, mapped my Samba user home directory to the U: drive, and then changed the location of my Documents folder to U:\. HTH, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! My theory is that it has to do with the capabilities of the file system. Samba is presenting a FS that has ownership and permission capabilities, Windows only knows of one FS that supports those capabilities, therefore it must be NTFS. I doubt it has any real effect, it's not like Windows will try to run chkdsk on it or anything. Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. The client should really see it as a SMB or CIFS volume rather than NTFS. This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. I would have said it was closer to exporting an ext3 FS over NFS and the client reporting that it is reiser. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
2009/8/27 Jonathon Doran j...@doransw.com Quoting Sallow Yang sallow.y...@gmail.com: Hi, The following are my steps: 1. Insert a FAT32 format HDD into usb port of Linux PC. 2. After HDD mounted successfully, configure and start samba to share the HDD. 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. Why samba has this purpose? I think it shows right info that can make user more clearly. Is the display error easy to be fixed by samba? This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Thanks for your reply! -- Best Regards, Sallow Yang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
2009/8/27 Michael Heydon micha...@jaswin.com.au 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! My theory is that it has to do with the capabilities of the file system. Samba is presenting a FS that has ownership and permission capabilities, Windows only knows of one FS that supports those capabilities, therefore it must be NTFS. But I think windows NTFS supports ownership and permission that is different from the samba's, am I right? How do they correspond? I doubt it has any real effect, it's not like Windows will try to run chkdsk on it or anything. I don't know if there is any effect or not. Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. The client should really see it as a SMB or CIFS volume rather than NTFS. This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. I would have said it was closer to exporting an ext3 FS over NFS and the client reporting that it is reiser. *Michael Heydon - IT Administrator * micha...@jaswin.com.au mailto:micha...@jaswin.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Thanks for your reply! -- Best Regards, Sallow Yang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
Why samba has this purpose? I think it shows right info that can make user more clearly. Is the display error easy to be fixed by samba? In my opinion the display error is on the windows side. It should not be guessing what filesystem type a remote server is using. -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
On 08/26/2009 08:58 PM, Jonathon Doran wrote: Quoting Sallow Yang sallow.y...@gmail.com: Hi, The following are my steps: 1. Insert a FAT32 format HDD into usb port of Linux PC. 2. After HDD mounted successfully, configure and start samba to share the HDD. 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. Please refer to the man page for smb.conf. Look up the parameter fstype. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] FAT32 format HDD recognizes as NTFS
2009/8/27 John H Terpstra - Samba Team j...@samba.org On 08/26/2009 08:58 PM, Jonathon Doran wrote: Quoting Sallow Yang sallow.y...@gmail.com: Hi, The following are my steps: 1. Insert a FAT32 format HDD into usb port of Linux PC. 2. After HDD mounted successfully, configure and start samba to share the HDD. 3. Using Map Network Drive of Windows XP to map the HDD to a windows network drive. 4.Open the mapped network drive, can see NTFS file system on the left details. It shows the wrong info, could anybody help me? Thanks in advance!! Samba allows a directory your Linux box to appear to be an NTFS volume. That is its purpose. It really doesn't matter what the original filesystem is: you can export an ext3 filesystem, ext4, xfs, FAT32... whatever the original filesystem is, the Samba clients (for example your XP machine) will see it as an NTFS volume. This isn't really all that different (in my opinion) from the way that NFS will make directories appear as NFS volumes. It didn't matter what the original filesystem was in that case either. Please refer to the man page for smb.conf. Look up the parameter fstype. fstype (S) This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by smbd (8) http://sepp.oetiker.ch/samba-3.0.23c-to/help/manpages/smbd.8.html when a client queries the filesystem type for a share. The default type is NTFSfor compatibility with Windows NT but this can be changed to other strings such as Samba or FAT if required. Default: *fstype = NTFS * Example: *fstype = Samba * When I set fstype = FAT32 in smb.conf, it can show FAT32 file system in the Windows side. It's the right result, thanks John T!! - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Best Regards, Sallow Yang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] SAMBA-CTDB repository - annotated tag 3.2.11-ctdb-64 created - 3.2.11-ctdb-64
The annotated tag, 3.2.11-ctdb-64 has been created at 369dba22211094c3cdbf6173d299bb4a752965ee (tag) tagging bd991fc0f7eb98cc9ba8fcea34b46aecf1de6019 (commit) replaces 3.2.11-ctdb-63 tagged by Michael Adam on Wed Aug 26 17:26:33 2009 +0200 - Log - tag release 3.2.11-ctdb-64 Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkqVVDgACgkQyU9JOBhPkDSA2wCfSKm8ZjI3unxErl5D09i/OZ9s LggAn1T+kImieMRXVoBZNJWbRRvTgvP6 =HyIN -END PGP SIGNATURE- Michael Adam (1): v3-2-ctdb: Bump the ctdb vendor patch level to 64. Volker Lendecke (1): Add a parameter to disable the automatic creation of krb5.conf files --- -- SAMBA-CTDB repository
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-64-1-g450d480
The branch, v3-2-ctdb has been updated via 450d48035ed8fb52123386ff88f80d008434685b (commit) from bd991fc0f7eb98cc9ba8fcea34b46aecf1de6019 (commit) http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb - Log - commit 450d48035ed8fb52123386ff88f80d008434685b Author: Michael Adam ob...@samba.org Date: Wed Aug 26 17:27:14 2009 +0200 v3-2-ctdb: bump the vendor patch level to 65 for the next release Michael --- Summary of changes: source/VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/VERSION b/source/VERSION index fb8395c..cf102b3 100644 --- a/source/VERSION +++ b/source/VERSION @@ -96,4 +96,4 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT= # - CVS 3.0.0rc2-VendorVersion# SAMBA_VERSION_VENDOR_SUFFIX=ctdb -SAMBA_VERSION_VENDOR_PATCH=64 +SAMBA_VERSION_VENDOR_PATCH=65 -- SAMBA-CTDB repository
[SCM] SAMBA-CTDB repository - branch v3-4-ctdb updated - 3.4.0-ctdb-4-2-g4d64ca1
The branch, v3-4-ctdb has been updated
via 4d64ca1f39fcc58d95c86349451d17e711643992 (commit)
from 4ef75a3c5f3ac53905d3352614806bb1ae7ed66e (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-4-ctdb
- Log -
commit 4d64ca1f39fcc58d95c86349451d17e711643992
Author: Volker Lendecke v...@samba.org
Date: Wed Aug 26 14:56:41 2009 +0200
Add a parameter to disable the automatic creation of krb5.conf files
This is necessary because MIT 1.5 can't deal with certain types (Tree Root)
of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a krb5 conf include, but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
---
Summary of changes:
docs-xml/smbdotconf/winbind/createkrb5conf.xml | 24
source3/include/proto.h|1 +
source3/libads/kerberos.c |7 ++-
source3/param/loadparm.c | 12
4 files changed, 43 insertions(+), 1 deletions(-)
create mode 100644 docs-xml/smbdotconf/winbind/createkrb5conf.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/winbind/createkrb5conf.xml
b/docs-xml/smbdotconf/winbind/createkrb5conf.xml
new file mode 100644
index 000..3881824
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/createkrb5conf.xml
@@ -0,0 +1,24 @@
+samba:parameter name=create krb5 conf
+ context=G
+ type=string
+advanced=1 developer=0
+ xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
+description
+
+ para
+ Setting this paramter to value type=exampleno/value prevents
+ winbind from creating custom krb5.conf files. Winbind normally does
+ this because the krb5 libraries are not AD-site-aware and thus would
+ pick any domain controller out of potentially very many. Winbind
+ is site-aware and makes the krb5 libraries use a local DC by
+ creating its own krb5.conf files.
+ /para
+ para
+ Preventing winbind from doing this might become necessary if you
+ have to add special options into your system-krb5.conf that winbind
+ does not see.
+ /para
+
+/description
+value type=defaultyes/value
+/samba:parameter
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 93ad5dd..bee848e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3976,6 +3976,7 @@ bool lp_winbind_refresh_tickets(void);
bool lp_winbind_offline_logon(void);
bool lp_winbind_normalize_names(void);
bool lp_winbind_rpc_only(void);
+bool lp_create_krb5_conf(void);
const char **lp_idmap_domains(void);
const char *lp_idmap_backend(void);
char *lp_idmap_alloc_backend(void);
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c476f59..f2dc33a 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -817,7 +817,7 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
const char *sitename,
struct sockaddr_storage *pss)
{
- char *dname = lock_path(smb_krb5);
+ char *dname;
char *tmpname = NULL;
char *fname = NULL;
char *file_contents = NULL;
@@ -828,6 +828,11 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
char *realm_upper = NULL;
bool result = false;
+ if (!lp_create_krb5_conf()) {
+ return false;
+ }
+
+ dname = lock_path(smb_krb5);
if (!dname) {
return false;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 7ed718f..91912fb 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -195,6 +195,7 @@ struct global {
bool bWinbindOfflineLogon;
bool bWinbindNormalizeNames;
bool bWinbindRpcOnly;
+ bool bCreateKrb5Conf;
char *szIdmapBackend;
char *szIdmapAllocBackend;
char *szAddShareCommand;
@@ -4559,6 +4560,15 @@ static struct parm_struct parm_table[] = {
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = create krb5 conf,
+ .type = P_BOOL,
+ .p_class= P_GLOBAL,
+ .ptr= Globals.bCreateKrb5Conf,
+ .special= NULL,
+
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1196-gd49ab92
The branch, master has been updated
via d49ab9226f849d1f08f7cf83956d35cf4950906e (commit)
from f2fa9e62466fa8a6cc6a53172da6c8b24d51874d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d49ab9226f849d1f08f7cf83956d35cf4950906e
Author: Volker Lendecke v...@samba.org
Date: Wed Aug 26 18:20:06 2009 +0200
s3:winbind: Fix Coverity ID 942: Resource Leak
---
Summary of changes:
source3/winbindd/winbindd_cache.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_cache.c
b/source3/winbindd/winbindd_cache.c
index a46aa0a..c947254 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2306,6 +2306,7 @@ NTSTATUS wcache_lookup_groupmem(struct winbindd_domain
*domain,
*num_names = centry_uint32(centry);
if (*num_names == 0) {
+ centry_free(centry);
return NT_STATUS_OK;
}
@@ -2317,6 +2318,7 @@ NTSTATUS wcache_lookup_groupmem(struct winbindd_domain
*domain,
TALLOC_FREE(*sid_mem);
TALLOC_FREE(*names);
TALLOC_FREE(*name_types);
+ centry_free(centry);
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1199-g17829cb
The branch, master has been updated
via 17829cbc82b8f647374712285492dbb3210fe346 (commit)
via 3ad9d108a7404d625454efda0d000e4caa543e7a (commit)
via 22ee1cd7dbcd07470c915343872ee83ae90e3511 (commit)
from d49ab9226f849d1f08f7cf83956d35cf4950906e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 17829cbc82b8f647374712285492dbb3210fe346
Author: tprouty tpro...@b72e2a10-2d34-0410-9a71-d3beadf02b57
Date: Wed Aug 26 01:38:17 2009 +
s3 onefs: Canonicalize the ACL in the correct order
commit 3ad9d108a7404d625454efda0d000e4caa543e7a
Author: tprouty tpro...@b72e2a10-2d34-0410-9a71-d3beadf02b57
Date: Wed Aug 26 01:38:14 2009 +
s3: Allow full_audit to play nice with smbd if it's using syslog
Explictly pass the facility from both smbd and full_audit to syslog.
Really the only major change is to not call openlog() in full_audit if
WITH_SYSLOG is defined, which implies that smbd is already using
syslog. This allows full audit to piggy-back on the same ident as
smbd, while still differentiating the logging via the facility.
commit 22ee1cd7dbcd07470c915343872ee83ae90e3511
Author: tprouty tpro...@b72e2a10-2d34-0410-9a71-d3beadf02b57
Date: Wed Aug 26 01:38:07 2009 +
s3 audit: Change create_file in full_audit to print whether a directory or
file was requested
full_audit will now print out whether the createfile was requested for
a file or directory. The create disposition is also printed out.
---
Summary of changes:
source3/lib/debug.c |6 +
source3/modules/onefs_acl.c | 12 +++---
source3/modules/vfs_full_audit.c | 42 +++--
3 files changed, 53 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index e7dcfb4..2e19f89 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -856,6 +856,12 @@ void check_log_size( void )
else
priority = priority_map[syslog_level];
+ /*
+* Specify the facility to interoperate with other syslog
+* callers (vfs_full_audit for example).
+*/
+ priority |= SYSLOG_FACILITY;
+
va_start(ap, format_str);
ret = vasprintf(msgbuf, format_str, ap);
va_end(ap);
diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c
index df4efd5..2593012 100644
--- a/source3/modules/onefs_acl.c
+++ b/source3/modules/onefs_acl.c
@@ -417,23 +417,27 @@ onefs_canon_acl(files_struct *fsp, struct
ifs_security_descriptor *sd)
* By walking down the list 3 separate times, we can avoid the need
* to create multiple temp buffers and extra copies.
*/
- for (cur = 0; cur sd-dacl-num_aces; cur++) {
- if (sd-dacl-aces[cur].flags IFS_ACE_FLAG_INHERITED_ACE)
- new_aces[new_aces_count++] = sd-dacl-aces[cur];
- }
+ /* Explict deny aces first */
for (cur = 0; cur sd-dacl-num_aces; cur++) {
if (!(sd-dacl-aces[cur].flags IFS_ACE_FLAG_INHERITED_ACE)
(sd-dacl-aces[cur].type == IFS_ACE_TYPE_ACCESS_DENIED))
new_aces[new_aces_count++] = sd-dacl-aces[cur];
}
+ /* Explict allow aces second */
for (cur = 0; cur sd-dacl-num_aces; cur++) {
if (!(sd-dacl-aces[cur].flags IFS_ACE_FLAG_INHERITED_ACE)
!(sd-dacl-aces[cur].type == IFS_ACE_TYPE_ACCESS_DENIED))
new_aces[new_aces_count++] = sd-dacl-aces[cur];
}
+ /* Inherited deny/allow aces third */
+ for (cur = 0; cur sd-dacl-num_aces; cur++) {
+ if ((sd-dacl-aces[cur].flags IFS_ACE_FLAG_INHERITED_ACE))
+ new_aces[new_aces_count++] = sd-dacl-aces[cur];
+ }
+
SMB_ASSERT(new_aces_count == sd-dacl-num_aces);
DEBUG(10, (Performed canonicalization of ACLs for file %s\n,
fsp_str_dbg(fsp)));
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 6930a55..0f6de79 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -510,6 +510,7 @@ static void do_log(vfs_op_type op, bool success,
vfs_handle_struct *handle,
char *audit_pre = NULL;
va_list ap;
char *op_msg = NULL;
+ int priority;
if (success (!log_success(handle, op)))
goto out;
@@ -530,8 +531,15 @@ static void do_log(vfs_op_type op, bool success,
vfs_handle_struct *handle,
goto out;
}
+ /*
+* Specify the facility to interoperate with other syslog callers
+* (smbd for
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1164-gc69f92d
Hi Jeremy, On Aug 24, 2009, at 8:58 PM, Jeremy Allison wrote: The branch, master has been updated via c69f92d16d57c2387d31b5dfd01aab0685a671d0 (commit) from 9a86f26a5f0b421f8cf259e579fe5946b39623f6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c69f92d16d57c2387d31b5dfd01aab0685a671d0 Author: Jeremy Allison j...@samba.org Date: Mon Aug 24 20:57:37 2009 -0700 Second attempt at fix for bug 6529 - Offline files conflict with Vista and Office 2003. Confirmation from reporter that this fixes the issue in master on ext3/ext4. Back-ports to follow. Jeremy. --- diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 2722352..38a972f 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -121,8 +121,9 @@ /* Changed to version 26 - Plumb struct smb_filename to SMB_VFS_CREATE_FILE, SMB_VFS_OPEN, SMB_VFS_STAT, SMB_VFS_LSTAT, SMB_VFS_RENAME, SMB_VFS_UNLINK, SMB_VFS_NTIMES. */ - -#define SMB_VFS_INTERFACE_VERSION 26 +/* Changed to version 27 - not yet released. Added enum timestamp_set_resolution + *return to fs_capabilities call. JRA. */ +#define SMB_VFS_INTERFACE_VERSION 27 This is minor, but you should be able to leave the interface version at 26 since there hasn't been a release since it was incremented to 26. -Tim
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1201-g32f9d20
The branch, master has been updated
via 32f9d20dff043cca5b81ff855c44a71bf18e41e4 (commit)
via 46184692adde9c052474bb4f6a0f9d6d0e1a9178 (commit)
from 17829cbc82b8f647374712285492dbb3210fe346 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 32f9d20dff043cca5b81ff855c44a71bf18e41e4
Author: Günther Deschner g...@samba.org
Date: Wed Aug 26 23:03:42 2009 +0200
s3-selftest: enable running RPC-NETLOGON-S3 against samba3.
Guenther
commit 46184692adde9c052474bb4f6a0f9d6d0e1a9178
Author: Günther Deschner g...@samba.org
Date: Wed Aug 26 22:27:07 2009 +0200
s4-smbtorture: add RPC-NETLOGON-S3 to test samba3 netlogon server.
Guenther
---
Summary of changes:
source3/script/tests/test_posix_s3.sh |2 +-
source4/torture/rpc/netlogon.c| 18 ++
source4/torture/rpc/rpc.c |1 +
3 files changed, 20 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/script/tests/test_posix_s3.sh
b/source3/script/tests/test_posix_s3.sh
index b294bea..48ea2f6 100755
--- a/source3/script/tests/test_posix_s3.sh
+++ b/source3/script/tests/test_posix_s3.sh
@@ -44,7 +44,7 @@ rpc=$rpc RPC-SVCCTL RPC-SPOOLSS RPC-SPOOLSS-WIN RPC-NTSVCS
rpc=$rpc RPC-LSA-GETUSER RPC-LSA-LOOKUPSIDS RPC-LSA-LOOKUPNAMES
rpc=$rpc RPC-SAMR RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS
rpc=$rpc RPC-SAMR-PASSWORDS-PWDLASTSET RPC-SAMR-LARGE-DC
RPC-SAMR-MACHINE-AUTH
-rpc=$rpc RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1 RPC-JOIN
+rpc=$rpc RPC-NETLOGON-S3 RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1
RPC-JOIN
local=LOCAL-NSS-WRAPPER
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 980f213..f488a03 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -2634,3 +2634,21 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX
*mem_ctx)
return suite;
}
+
+struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite = torture_suite_create(mem_ctx,
NETLOGON-S3);
+ struct torture_rpc_tcase *tcase;
+
+ tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, netlogon,
+ ndr_table_netlogon,
TEST_MACHINE_NAME);
+
+ torture_rpc_tcase_add_test_creds(tcase, SamLogon, test_SamLogon);
+ torture_rpc_tcase_add_test_creds(tcase, SetPassword,
test_SetPassword);
+ torture_rpc_tcase_add_test(tcase, LogonControl, test_LogonControl);
+ torture_rpc_tcase_add_test(tcase, LogonControl2, test_LogonControl2);
+ torture_rpc_tcase_add_test(tcase, LogonControl2Ex,
test_LogonControl2Ex);
+ torture_rpc_tcase_add_test(tcase, NetrEnumerateTrustedDomains,
test_netr_NetrEnumerateTrustedDomains);
+
+ return suite;
+}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index ffdd748..736b037 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -451,6 +451,7 @@ NTSTATUS torture_rpc_init(void)
torture_suite_add_simple_test(suite, SAMR-USERS,
torture_rpc_samr_users);
torture_suite_add_simple_test(suite, SAMR-PASSWORDS,
torture_rpc_samr_passwords);
torture_suite_add_suite(suite, torture_rpc_netlogon(suite));
+ torture_suite_add_suite(suite, torture_rpc_netlogon_s3(suite));
torture_suite_add_suite(suite, torture_rpc_remote_pac(suite));
torture_suite_add_simple_test(suite, SAMLOGON, torture_rpc_samlogon);
torture_suite_add_simple_test(suite, SAMSYNC, torture_rpc_samsync);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1204-g6c55518
The branch, master has been updated
via 6c55518d471950d8ebaf0df47634116802d6f735 (commit)
via bc4b253b2c793a2fce6614ee7fadf1713f558776 (commit)
via 5469866242f0dfbdc7260c86cfca196b10e4af21 (commit)
from 32f9d20dff043cca5b81ff855c44a71bf18e41e4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 6c55518d471950d8ebaf0df47634116802d6f735
Author: Steven Danneman steven.danne...@isilon.com
Date: Wed Aug 26 16:17:38 2009 -0700
s3/smbd: open the share_info.tdb on startup instead of tconx
This is a small performance optimization. Instead of opening the tdb
on every smb connection in the forked child process, we now open it in
the parent and share the fd.
This also reduces the total fd usage in the system.
commit bc4b253b2c793a2fce6614ee7fadf1713f558776
Author: Steven Danneman steven.danne...@isilon.com
Date: Wed Aug 26 10:36:48 2009 -0700
s3/debug: make SPENGO OID list appear under one debug header
commit 5469866242f0dfbdc7260c86cfca196b10e4af21
Author: Steven Danneman steven.danne...@isilon.com
Date: Wed Jul 29 16:13:44 2009 -0700
s3/winbindd: Remove unnecessary check for NULL SID
There's a known bug in some Windows implementations of
DsEnumerateDomainTrusts() where domain SIDs are not returned for
transitively trusted domains within the same forest.
Jerry originally worked around this in the winbindd parent by checking
for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved
these checks into the child process in commit 3bdfcbac making the
initial patch unecessary.
I've removed it and added a clarifying comment to the child process.
If ever this SID is needed we could add an extra DsEnumerateDomainTrusts()
call in trusted_domains() as suggested by the Microsoft KB.
---
Summary of changes:
source3/include/proto.h |1 +
source3/lib/sharesec.c |2 +-
source3/libsmb/cliconnect.c |5 -
source3/smbd/server.c|9 +
source3/winbindd/winbindd_ads.c |6 +-
source3/winbindd/winbindd_util.c |9 ++---
6 files changed, 22 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 50ac834..0da8c25 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -721,6 +721,7 @@ struct named_mutex *grab_named_mutex(TALLOC_CTX *mem_ctx,
const char *name,
/* The following definitions come from lib/sharesec.c */
+bool share_info_db_init(void);
SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32
def_access);
SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize);
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index a1d30f1..799d983 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -37,7 +37,7 @@ static int delete_fn(struct db_record *rec, void *priv)
return 0;
}
-static bool share_info_db_init(void)
+bool share_info_db_init(void)
{
const char *vstring = INFO/version;
int32 vers_id;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 7726611..239dfc8 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1010,7 +1010,10 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state
*cli, const char *user,
/* make sure the server understands kerberos */
for (i=0;OIDs[i];i++) {
- DEBUG(3,(got OID=%s\n, OIDs[i]));
+ if (i == 0)
+ DEBUG(3,(got OID=%s\n, OIDs[i]));
+ else
+ DEBUGADD(3,(got OID=%s\n, OIDs[i]));
if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
strcmp(OIDs[i], OID_KERBEROS5) == 0) {
cli-got_kerberos_mechanism = True;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index ace3124..09ad8d8 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1218,6 +1218,15 @@ extern void build_options(bool screen);
return -1;
}
+ /* Open the share_info.tdb here, so we don't have to open
+ after the fork on every single connection. This is a small
+ performance improvment and reduces the total number of system
+ fds used. */
+ if (!share_info_db_init()) {
+ DEBUG(0,(ERROR: failed to load share info db.\n));
+ exit(1);
+ }
+
/* only start the background queue daemon if we are
running as a daemon -- bad things will happen if
smbd is launched via inetd and we fork a copy of
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1186-g425386f
The branch, master has been updated
via 425386ff6141bba2e7b1d8f3c27e96aaf1c5cb95 (commit)
via 3ed33813bb6aa1ca932372c2a2ce36152b6af50b (commit)
from 74218726e89c297eb957b9df989dd42fd1601742 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 425386ff6141bba2e7b1d8f3c27e96aaf1c5cb95
Author: Andrew Bartlett abart...@samba.org
Date: Wed Aug 26 15:59:00 2009 +1000
s4:ldb Add ldb_ldif_write_string() and python wrappers
This allows us to turn a python LdbMessage back into a string.
Andrew Bartlett
commit 3ed33813bb6aa1ca932372c2a2ce36152b6af50b
Author: Andrew Bartlett abart...@samba.org
Date: Wed Aug 26 15:01:12 2009 +1000
s4:ldb Add hooks to get/set the flags on a ldb_message_element
Also add tests to prove that we got this correct, and correct the
existing tests which used the wrong constants.
Andrew Bartlett
---
Summary of changes:
source4/lib/ldb/common/ldb_ldif.c | 40 ++
source4/lib/ldb/include/ldb.h | 14
source4/lib/ldb/pyldb.c | 64 +++
source4/lib/ldb/tests/python/api.py | 48 +++---
4 files changed, 160 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/common/ldb_ldif.c
b/source4/lib/ldb/common/ldb_ldif.c
index d890ff8..30370e6 100644
--- a/source4/lib/ldb/common/ldb_ldif.c
+++ b/source4/lib/ldb/common/ldb_ldif.c
@@ -759,3 +759,43 @@ int ldb_ldif_write_file(struct ldb_context *ldb, FILE *f,
const struct ldb_ldif
state.f = f;
return ldb_ldif_write(ldb, fprintf_file, state, ldif);
}
+
+/*
+ wrapper around ldif_write() for a string
+*/
+struct ldif_write_string_state {
+ char *string;
+};
+
+static int ldif_printf_string(void *private_data, const char *fmt, ...)
PRINTF_ATTRIBUTE(2, 3);
+
+static int ldif_printf_string(void *private_data, const char *fmt, ...)
+{
+ struct ldif_write_string_state *state =
+ (struct ldif_write_string_state *)private_data;
+ va_list ap;
+ size_t oldlen = strlen(state-string);
+ va_start(ap, fmt);
+
+ state-string = talloc_vasprintf_append(state-string, fmt, ap);
+ va_end(ap);
+ if (!state-string) {
+ return -1;
+ }
+
+ return strlen(state-string) - oldlen;
+}
+
+char *ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+ const struct ldb_ldif *ldif)
+{
+ struct ldif_write_string_state state;
+ state.string = talloc_strdup(mem_ctx, );
+ if (!state.string) {
+ return NULL;
+ }
+ if (ldb_ldif_write(ldb, ldif_printf_string, state, ldif) == -1) {
+ return NULL;
+ }
+ return state.string;
+}
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 20f0f9c..8972fc8 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -1450,6 +1450,20 @@ struct ldb_ldif *ldb_ldif_read_string(struct ldb_context
*ldb, const char **s);
int ldb_ldif_write_file(struct ldb_context *ldb, FILE *f, const struct
ldb_ldif *msg);
/**
+ Write an LDIF message to a string
+
+ \param ldb the ldb context (from ldb_init())
+ \param mem_ctx the talloc context on which to attach the string)
+ \param msg the message to write out
+
+ \return the string containing the LDIF, or NULL on error
+
+ \sa ldb_ldif_read_string for the reader equivalent to this function.
+*/
+char * ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+ const struct ldb_ldif *msg);
+
+/**
Base64 encode a buffer
\param mem_ctx the memory context that the result is allocated
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index 67e1d5c..3f7fa2f 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -813,6 +813,41 @@ static PyObject *ldb_ldif_to_pyobject(struct ldb_ldif
*ldif)
}
+static PyObject *py_ldb_write_ldif(PyLdbMessageObject *self, PyObject *args)
+{
+ int changetype;
+ PyObject *py_msg;
+ struct ldb_ldif ldif;
+ PyObject *ret;
+ char *string;
+ TALLOC_CTX *mem_ctx;
+
+ if (!PyArg_ParseTuple(args, Oi, py_msg, changetype))
+ return NULL;
+
+ if (!PyLdbMessage_Check(py_msg)) {
+ PyErr_SetString(PyExc_TypeError, Expected Ldb Message for
msg);
+ return NULL;
+ }
+
+ ldif.msg = PyLdbMessage_AsMessage(py_msg);
+ ldif.changetype = changetype;
+
+ mem_ctx = talloc_new(NULL);
+
+ string = ldb_ldif_write_string(PyLdb_AsLdbContext(self), mem_ctx,
ldif);
+ if (!string) {
+ PyErr_SetString(PyExc_KeyError, Failed to generate
Build status as of Wed Aug 26 06:00:01 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-08-25 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-08-26 00:00:34.0 -0600 @@ -1,11 +1,11 @@ -Build status as of Tue Aug 25 06:00:02 2009 +Build status as of Wed Aug 26 06:00:01 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 ccache 2 1 0 distcc 0 0 0 -ldb 25 25 0 +ldb 24 24 0 libreplace 22 11 0 lorikeet 0 0 0 pidl 1 1 0 @@ -14,9 +14,9 @@ samba-docs 0 0 0 samba-web0 0 0 samba_3_current 0 0 0 -samba_3_master 23 23 2 -samba_3_next 23 23 1 -samba_4_0_test 25 25 1 -talloc 23 23 0 -tdb 19 19 0 +samba_3_master 22 22 2 +samba_3_next 22 21 1 +samba_4_0_test 24 24 3 +talloc 24 24 0 +tdb 21 21 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1187-g1a97bd9
The branch, master has been updated via 1a97bd915dfe90b40ec03617af3d8d25483af9c9 (commit) from 425386ff6141bba2e7b1d8f3c27e96aaf1c5cb95 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1a97bd915dfe90b40ec03617af3d8d25483af9c9 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 26 17:31:44 2009 +1000 s4:provision Ensure that @OPTIONS is mirrored into each partition The previous patches to the provision system cut down on the number of reconnects, and disabled the partition handling for part of the process. This means we lost the setting of @OPTIONS as a replicated attribute into the partitions. Andrew Bartlett --- Summary of changes: source4/scripting/python/samba/provision.py |4 source4/setup/provision_init.ldif |3 --- source4/setup/provision_options.ldif|3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 source4/setup/provision_options.ldif Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index a8cedaf..0a3a44f 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -842,6 +842,10 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, # And now we can connect to the DB - the schema won't be loaded from the DB samdb.connect(path) + +# Load @OPTIONS +samdb.load_ldif_file_add(setup_path(provision_options.ldif)) + if fill == FILL_DRS: return samdb diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index e2e7d09..4d71d96 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -1,6 +1,3 @@ -dn: @OPTIONS -checkBaseOnSearch: TRUE - dn: @KLUDGEACL passwordAttribute: clearTextPassword passwordAttribute: userPassword diff --git a/source4/setup/provision_options.ldif b/source4/setup/provision_options.ldif new file mode 100644 index 000..7625cc7 --- /dev/null +++ b/source4/setup/provision_options.ldif @@ -0,0 +1,3 @@ +dn: @OPTIONS +checkBaseOnSearch: TRUE + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1189-gda99e3a
The branch, master has been updated
via da99e3a724b493ba47a06d0704b891819ad16647 (commit)
via 3544e685ade5b331e473c8680d42a748d9389125 (commit)
from 1a97bd915dfe90b40ec03617af3d8d25483af9c9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit da99e3a724b493ba47a06d0704b891819ad16647
Author: Jeff Layton jlay...@redhat.com
Date: Wed Aug 26 06:26:02 2009 -0400
cifs.upcall: make using ip address conditional on new option
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton jlay...@redhat.com
commit 3544e685ade5b331e473c8680d42a748d9389125
Author: Jeff Layton jlay...@redhat.com
Date: Wed Aug 26 06:15:42 2009 -0400
cifs.upcall: switch to getopt_long
...to allow long option names.
Signed-off-by: Jeff Layton jlay...@redhat.com
---
Summary of changes:
client/cifs.upcall.c | 68 ++---
docs-xml/manpages-3/cifs.upcall.8.xml | 15 +--
2 files changed, 56 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c
index c89df9c..1645322 100644
--- a/client/cifs.upcall.c
+++ b/client/cifs.upcall.c
@@ -27,6 +27,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
#include includes.h
#include keyutils.h
+#include getopt.h
#include cifs_spnego.h
@@ -153,9 +154,9 @@ handle_krb5_mech(const char *oid, const char *principal,
DATA_BLOB *secblob,
#define DKD_HAVE_IP0x8
#define DKD_HAVE_UID 0x10
#define DKD_HAVE_PID 0x20
-#define DKD_MUSTHAVE_SET (DKD_HAVE_IP|DKD_HAVE_VERSION|DKD_HAVE_SEC)
+#define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
-static struct decoded_args {
+struct decoded_args {
int ver;
char*hostname;
char*ip;
@@ -353,10 +354,16 @@ ip_to_fqdn(const char *addrstr, char *host, size_t
hostlen)
static void
usage(void)
{
- syslog(LOG_INFO, Usage: %s [-v] key_serial, prog);
- fprintf(stderr, Usage: %s [-v] key_serial\n, prog);
+ syslog(LOG_INFO, Usage: %s [-t] [-v] key_serial, prog);
+ fprintf(stderr, Usage: %s [-t] [-v] key_serial\n, prog);
}
+const struct option long_options[] = {
+ { trust-dns, 0, NULL, 't' },
+ { version,0, NULL, 'v' },
+ { NULL, 0, NULL, 0 }
+};
+
int main(const int argc, char *const argv[])
{
struct cifs_spnego_msg *keydata = NULL;
@@ -366,19 +373,24 @@ int main(const int argc, char *const argv[])
size_t datalen;
unsigned int have;
long rc = 1;
- int c;
- char *buf, *princ, *ccname = NULL;
- char hostbuf[NI_MAXHOST];
+ int c, try_dns = 0;
+ char *buf, *princ = NULL, *ccname = NULL;
+ char hostbuf[NI_MAXHOST], *host;
struct decoded_args arg = { };
const char *oid;
+ hostbuf[0] = '\0';
+
openlog(prog, 0, LOG_DAEMON);
- while ((c = getopt(argc, argv, cv)) != -1) {
+ while ((c = getopt_long(argc, argv, ctv, long_options, NULL)) != -1) {
switch (c) {
case 'c':
/* legacy option -- skip it */
break;
+ case 't':
+ try_dns++;
+ break;
case 'v':
printf(version: %s\n, CIFSSPNEGO_VERSION);
goto out;
@@ -446,21 +458,18 @@ int main(const int argc, char *const argv[])
if (have DKD_HAVE_PID)
ccname = get_krb5_ccname(arg.pid);
- if (have DKD_HAVE_IP) {
- rc = ip_to_fqdn(arg.ip, hostbuf, sizeof(hostbuf));
- if (rc)
- goto out;
- }
+ host = arg.hostname;
// do mech specific authorization
switch (arg.sec) {
case MS_KRB5:
case KRB5:
+retry_new_hostname:
/* for cifs/ service name + terminating 0 */
- datalen = strnlen(hostbuf, sizeof(hostbuf)) + 5 + 1;
+ datalen = strlen(host) + 5 + 1;
princ = SMB_XMALLOC_ARRAY(char, datalen);
if (!princ) {
- rc = 1;
+
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1190-gb824b1b
The branch, master has been updated
via b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088 (commit)
from da99e3a724b493ba47a06d0704b891819ad16647 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088
Author: Volker Lendecke v...@samba.org
Date: Wed Aug 26 14:56:41 2009 +0200
Add a parameter to disable the automatic creation of krb5.conf files
This is necessary because MIT 1.5 can't deal with certain types (Tree Root)
of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a krb5 conf include, but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
---
Summary of changes:
docs-xml/smbdotconf/winbind/createkrb5conf.xml | 24
source3/include/proto.h|1 +
source3/libads/kerberos.c |7 ++-
source3/param/loadparm.c | 12
4 files changed, 43 insertions(+), 1 deletions(-)
create mode 100644 docs-xml/smbdotconf/winbind/createkrb5conf.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/winbind/createkrb5conf.xml
b/docs-xml/smbdotconf/winbind/createkrb5conf.xml
new file mode 100644
index 000..3881824
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/createkrb5conf.xml
@@ -0,0 +1,24 @@
+samba:parameter name=create krb5 conf
+ context=G
+ type=string
+advanced=1 developer=0
+ xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
+description
+
+ para
+ Setting this paramter to value type=exampleno/value prevents
+ winbind from creating custom krb5.conf files. Winbind normally does
+ this because the krb5 libraries are not AD-site-aware and thus would
+ pick any domain controller out of potentially very many. Winbind
+ is site-aware and makes the krb5 libraries use a local DC by
+ creating its own krb5.conf files.
+ /para
+ para
+ Preventing winbind from doing this might become necessary if you
+ have to add special options into your system-krb5.conf that winbind
+ does not see.
+ /para
+
+/description
+value type=defaultyes/value
+/samba:parameter
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 44f6685..50ac834 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3998,6 +3998,7 @@ bool lp_winbind_refresh_tickets(void);
bool lp_winbind_offline_logon(void);
bool lp_winbind_normalize_names(void);
bool lp_winbind_rpc_only(void);
+bool lp_create_krb5_conf(void);
const char **lp_idmap_domains(void);
const char *lp_idmap_backend(void);
char *lp_idmap_alloc_backend(void);
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index e161863..c1e6c4a 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -817,7 +817,7 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
const char *sitename,
struct sockaddr_storage *pss)
{
- char *dname = lock_path(smb_krb5);
+ char *dname;
char *tmpname = NULL;
char *fname = NULL;
char *file_contents = NULL;
@@ -828,6 +828,11 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
char *realm_upper = NULL;
bool result = false;
+ if (!lp_create_krb5_conf()) {
+ return false;
+ }
+
+ dname = lock_path(smb_krb5);
if (!dname) {
return false;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3598471..c91f676 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -199,6 +199,7 @@ struct global {
bool bWinbindOfflineLogon;
bool bWinbindNormalizeNames;
bool bWinbindRpcOnly;
+ bool bCreateKrb5Conf;
char *szIdmapBackend;
char *szIdmapAllocBackend;
char *szAddShareCommand;
@@ -4588,6 +4589,15 @@ static struct parm_struct parm_table[] = {
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = create krb5 conf,
+ .type = P_BOOL,
+ .p_class= P_GLOBAL,
+ .ptr= Globals.bCreateKrb5Conf,
+ .special= NULL,
+ .enum_list
[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-63-2-gbd991fc
The branch, v3-2-ctdb has been updated
via bd991fc0f7eb98cc9ba8fcea34b46aecf1de6019 (commit)
from 1d87081ae30d4b38b6459e95e206fc9d2fb9498f (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb
- Log -
commit bd991fc0f7eb98cc9ba8fcea34b46aecf1de6019
Author: Volker Lendecke v...@samba.org
Date: Wed Aug 26 14:56:41 2009 +0200
Add a parameter to disable the automatic creation of krb5.conf files
This is necessary because MIT 1.5 can't deal with certain types (Tree Root)
of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a krb5 conf include, but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
---
Summary of changes:
docs-xml/smbdotconf/winbind/createkrb5conf.xml | 24
source/libads/kerberos.c |7 ++-
source/param/loadparm.c| 12
3 files changed, 42 insertions(+), 1 deletions(-)
create mode 100644 docs-xml/smbdotconf/winbind/createkrb5conf.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/winbind/createkrb5conf.xml
b/docs-xml/smbdotconf/winbind/createkrb5conf.xml
new file mode 100644
index 000..3881824
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/createkrb5conf.xml
@@ -0,0 +1,24 @@
+samba:parameter name=create krb5 conf
+ context=G
+ type=string
+advanced=1 developer=0
+ xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
+description
+
+ para
+ Setting this paramter to value type=exampleno/value prevents
+ winbind from creating custom krb5.conf files. Winbind normally does
+ this because the krb5 libraries are not AD-site-aware and thus would
+ pick any domain controller out of potentially very many. Winbind
+ is site-aware and makes the krb5 libraries use a local DC by
+ creating its own krb5.conf files.
+ /para
+ para
+ Preventing winbind from doing this might become necessary if you
+ have to add special options into your system-krb5.conf that winbind
+ does not see.
+ /para
+
+/description
+value type=defaultyes/value
+/samba:parameter
diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c
index dd89d7c..8b974bc 100644
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@@ -839,7 +839,7 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
const char *sitename,
struct sockaddr_storage *pss)
{
- char *dname = talloc_asprintf(NULL, %s/smb_krb5, lp_lockdir());
+ char *dname;
char *tmpname = NULL;
char *fname = NULL;
char *file_contents = NULL;
@@ -849,6 +849,11 @@ bool create_local_private_krb5_conf_for_domain(const char
*realm,
int fd;
char *realm_upper = NULL;
+ if (!lp_create_krb5_conf()) {
+ return False;
+ }
+
+ dname = talloc_asprintf(NULL, %s/smb_krb5, lp_lockdir());
if (!dname) {
return False;
}
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index d711489..441fc62 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -195,6 +195,7 @@ struct global {
bool bWinbindOfflineLogon;
bool bWinbindNormalizeNames;
bool bWinbindRpcOnly;
+ bool bCreateKrb5Conf;
char *szIdmapBackend;
char *szIdmapAllocBackend;
char *szAddShareCommand;
@@ -4445,6 +4446,15 @@ static struct parm_struct parm_table[] = {
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = create krb5 conf,
+ .type = P_BOOL,
+ .p_class= P_GLOBAL,
+ .ptr= Globals.bCreateKrb5Conf,
+ .special= NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
@@ -4740,6 +4750,7 @@ static void init_globals(bool first_time_only)
#endif
Globals.bUnixExtensions = True;
Globals.bResetOnZeroVC = False;
+ Globals.bCreateKrb5Conf = true;
/* hostname lookups can be very expensive and are broken on
a large number of sites (tridge) */
@@ -5061,6 +5072,7 @@
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1195-gf2fa9e6
The branch, master has been updated via f2fa9e62466fa8a6cc6a53172da6c8b24d51874d (commit) from 2cbacd5e1039fd5dbef001bd3b8add5f4de361c8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f2fa9e62466fa8a6cc6a53172da6c8b24d51874d Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 26 08:10:35 2009 +0200 s4:heimdal_build: lib/hcrypto/evp-aes-cts.o belongs to HEIMDAL_HCRYPTO metze --- Summary of changes: source4/heimdal_build/internal.mk |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/internal.mk b/source4/heimdal_build/internal.mk index 439f94a..61159ab 100644 --- a/source4/heimdal_build/internal.mk +++ b/source4/heimdal_build/internal.mk @@ -350,7 +350,6 @@ HEIMDAL_KRB5_OBJ_FILES = \ $(heimdalsrcdir)/lib/krb5/heim_err.o \ $(heimdalsrcdir)/lib/krb5/k524_err.o \ $(heimdalsrcdir)/lib/krb5/krb_err.o \ - $(heimdalsrcdir)/lib/hcrypto/evp-aes-cts.o \ $(heimdalbuildsrcdir)/krb5-glue.o $(eval $(call heimdal_proto_header_template, \ @@ -430,6 +429,7 @@ HEIMDAL_HCRYPTO_OBJ_FILES = \ $(heimdalsrcdir)/lib/hcrypto/ui.o \ $(heimdalsrcdir)/lib/hcrypto/evp.o \ $(heimdalsrcdir)/lib/hcrypto/evp-hcrypto.o \ + $(heimdalsrcdir)/lib/hcrypto/evp-aes-cts.o \ $(heimdalsrcdir)/lib/hcrypto/pkcs5.o \ $(heimdalsrcdir)/lib/hcrypto/pkcs12.o \ $(heimdalsrcdir)/lib/hcrypto/rand.o \ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1194-g2cbacd5
The branch, master has been updated
via 2cbacd5e1039fd5dbef001bd3b8add5f4de361c8 (commit)
from 9930a12cf534af8ec42db32ca6ad7c75d2799f75 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2cbacd5e1039fd5dbef001bd3b8add5f4de361c8
Author: Günther Deschner g...@samba.org
Date: Wed Aug 26 11:35:40 2009 +0200
s3-netlogon: let get_md4pw() return a struct dom_sid.
Guenther
---
Summary of changes:
source3/rpc_server/srv_netlog_nt.c | 12 +---
1 files changed, 5 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_netlog_nt.c
b/source3/rpc_server/srv_netlog_nt.c
index 01b2398..e7ee3f3 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -285,7 +285,7 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
**/
static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
- uint16_t sec_chan_type, uint32_t *rid)
+ uint16_t sec_chan_type, struct dom_sid *sid)
{
struct samu *sampass = NULL;
const uint8 *pass;
@@ -381,9 +381,7 @@ static NTSTATUS get_md4pw(struct samr_Password *md4pw,
const char *mach_acct,
memcpy(md4pw-hash, pass, 16);
dump_data(5, md4pw-hash, 16);
- if (rid) {
- *rid = pdb_get_user_rid(sampass);
- }
+ sid_copy(sid, pdb_get_user_sid(sampass));
TALLOC_FREE(sampass);
@@ -468,7 +466,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
uint32_t in_neg_flags = *r-in.negotiate_flags;
struct netr_Credential srv_chal_out;
const char *fn;
- uint32_t rid;
+ struct dom_sid sid;
struct samr_Password mach_pwd;
/* According to Microsoft (see bugid #6099)
@@ -538,7 +536,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
status = get_md4pw(mach_pwd,
r-in.account_name,
r-in.secure_channel_type,
- rid);
+ sid);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,(%s: failed to get machine password for
account %s: %s\n,
@@ -582,7 +580,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
p-dc);
unbecome_root();
- *r-out.rid = rid;
+ sid_peek_rid(sid, r-out.rid);
status = NT_STATUS_OK;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1193-g9930a12
The branch, master has been updated
via 9930a12cf534af8ec42db32ca6ad7c75d2799f75 (commit)
via aabe5773966cf9805f8f3ddce39f543fe4cbe6f7 (commit)
via 91ef692d7d21cfcc486a0b9c4a1a35ae54bc5d7d (commit)
from b824b1b7bf19b4b8c64b7c2c5a6a1d3287820088 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9930a12cf534af8ec42db32ca6ad7c75d2799f75
Author: Günther Deschner g...@samba.org
Date: Tue Mar 24 18:33:28 2009 +0100
schannel: add generated files.
Guenther
commit aabe5773966cf9805f8f3ddce39f543fe4cbe6f7
Author: Günther Deschner g...@samba.org
Date: Mon Mar 23 14:08:09 2009 +0100
schannel: move schannel.idl to main directory.
Guenther
commit 91ef692d7d21cfcc486a0b9c4a1a35ae54bc5d7d
Author: Günther Deschner g...@samba.org
Date: Wed Aug 26 14:46:17 2009 +0200
netlogon: make netr_NegotiateFlags a public bitmap.
Guenther
---
Summary of changes:
librpc/gen_ndr/ndr_netlogon.c |4 +-
librpc/gen_ndr/ndr_netlogon.h |2 +
librpc/gen_ndr/ndr_schannel.c | 279 +++
librpc/gen_ndr/ndr_schannel.h | 19 ++
librpc/gen_ndr/schannel.h | 41
librpc/idl/netlogon.idl |2 +-
{source4/librpc = librpc}/idl/schannel.idl |0
source4/librpc/config.mk|2 +-
8 files changed, 345 insertions(+), 4 deletions(-)
create mode 100644 librpc/gen_ndr/ndr_schannel.c
create mode 100644 librpc/gen_ndr/ndr_schannel.h
create mode 100644 librpc/gen_ndr/schannel.h
rename {source4/librpc = librpc}/idl/schannel.idl (100%)
Changeset truncated at 500 lines:
diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c
index e7a4121..95964ca 100644
--- a/librpc/gen_ndr/ndr_netlogon.c
+++ b/librpc/gen_ndr/ndr_netlogon.c
@@ -6467,13 +6467,13 @@ _PUBLIC_ void
ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, con
}
}
-static enum ndr_err_code ndr_push_netr_NegotiateFlags(struct ndr_push *ndr,
int ndr_flags, uint32_t r)
+_PUBLIC_ enum ndr_err_code ndr_push_netr_NegotiateFlags(struct ndr_push *ndr,
int ndr_flags, uint32_t r)
{
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
return NDR_ERR_SUCCESS;
}
-static enum ndr_err_code ndr_pull_netr_NegotiateFlags(struct ndr_pull *ndr,
int ndr_flags, uint32_t *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_NegotiateFlags(struct ndr_pull *ndr,
int ndr_flags, uint32_t *r)
{
uint32_t v;
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, v));
diff --git a/librpc/gen_ndr/ndr_netlogon.h b/librpc/gen_ndr/ndr_netlogon.h
index f1b2501..63e9c71 100644
--- a/librpc/gen_ndr/ndr_netlogon.h
+++ b/librpc/gen_ndr/ndr_netlogon.h
@@ -191,6 +191,8 @@ void ndr_print_netr_NETLOGON_INFO_4(struct ndr_print *ndr,
const char *name, con
void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const
char *name, const union netr_CONTROL_QUERY_INFORMATION *r);
void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name,
enum netr_LogonControlCode r);
void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char
*name, const union netr_CONTROL_DATA_INFORMATION *r);
+enum ndr_err_code ndr_push_netr_NegotiateFlags(struct ndr_push *ndr, int
ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_netr_NegotiateFlags(struct ndr_pull *ndr, int
ndr_flags, uint32_t *r);
void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name,
uint32_t r);
void ndr_print_SyncStateEnum(struct ndr_print *ndr, const char *name, enum
SyncStateEnum r);
void ndr_print_netr_ChangeLogFlags(struct ndr_print *ndr, const char *name,
uint16_t r);
diff --git a/librpc/gen_ndr/ndr_schannel.c b/librpc/gen_ndr/ndr_schannel.c
new file mode 100644
index 000..7646f81
--- /dev/null
+++ b/librpc/gen_ndr/ndr_schannel.c
@@ -0,0 +1,279 @@
+/* parser auto-generated by pidl */
+
+#include includes.h
+#include ../librpc/gen_ndr/ndr_schannel.h
+
+#include librpc/gen_ndr/ndr_netlogon.h
+#include librpc/gen_ndr/ndr_nbt.h
+static enum ndr_err_code ndr_push_schannel_bind_3(struct ndr_push *ndr, int
ndr_flags, const struct schannel_bind_3 *r)
+{
+ if (ndr_flags NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ {
+ uint32_t _flags_save_string = ndr-flags;
+ ndr_set_flags(ndr-flags,
LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+ NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r-domain));
+ ndr-flags = _flags_save_string;
+ }
+ {
+ uint32_t _flags_save_string = ndr-flags;
+ ndr_set_flags(ndr-flags,
LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
+
