Re: [Samba] Samba-PDC: One fresh installed XP-Machine can't load the Profiles
John Doe schrieb: From: Daniel Spannbauer d...@marco.de But one freh installed XP-Machine can't load my profile. Tried? [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters] RequireSignOrSeal=dword: Yes, tried that. But it's the same result. Joining the domian works fine, but my profile is not loaded. I always get a temporary Profile. Regards Daniel JD -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email d...@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join w2k3 SP1 to samba 3 domain.
09/09/2009 00:51:59:650 NetpManageMachineAccountWithSid: NetUserAdd on '\\PDC' for 'DEVSRV01$' failed: 0x8b0 09/09/2009 00:51:59:655 NetpSetMachineAccountPasswordAndTypeEx: Broken account type 0x11 -- error out 09/09/2009 00:51:59:657 NetpManageMachineAccountWithSid: status of attempting to set password on '\\PDC' for 'DEVSRV01$': 0x524 09/09/2009 00:51:59:657 NetpJoinDomain: status of creating account: 0x524 09/09/2009 00:51:59:657 NetpJoinDomain: initiaing a rollback due to earlier errors It definitely looks like it can't set the machine password. ... When you add the Windows machine to the domain it should ask you for a username and password, so use one that has lots of access :-) Cheers, Adam. Hi, my user is a domain admin, ie. a member of group RID 512. When I try to join the domain, I'm prompted for username and password. This means that the Windows server has successfully located the Samba PDC using Wins resolution. So far so good, but when I enter my credentials I get the error message after 3-5 secs. Could it be that my Samba users is badly setup? I'm using tdbsam password backend. I performed the following procedure when I created my Samba users: ## Add essential Samba groups sudo groupadd --gid 512 smb-domain-admins sudo groupadd --gid 513 smb-domain-users sudo groupadd --gid 514 smb-domain-guests sudo groupadd --gid 515 smb-domain-computers ## Add Samba group mapping sudo net groupmap add ntgroup=Domain Admins unixgroup=smb-domain-admins rid=512 sudo net groupmap add ntgroup=Domain Users unixgroup=smb-domain-users rid=513 sudo net groupmap add ntgroup=Domain Guests unixgroup=smb-domain-guests rid=514 sudo net groupmap add ntgroup=Domain Computers unixgroup=smb-domain-computers rid=515 ## Add Samba domain admin sudo useradd -g 512 -d /dev/null -s /bin/false devadm sudo passwd devadm sudo pdbedit -a -u devadm ## Add Samba machine account sudo useradd -g 515 -d /dev/null -s /bin/false devsrv01$ sudo pdbedit -a -u devsrv01$ Here is a dump of smb.conf, using testparm: Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = DEVNET netbios name = PDC passdb backend = tdbsam:/etc/samba/passdb.tdb log level = 2 log file = /var/log/samba/samba.log name resolve order = wins load printers = No disable spoolss = Yes logon path = logon home = domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes [netlogon] path = /var/lib/samba/netlogon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] unable to join w2k3 SP1 to samba 3 domain.
Emil, could you please open a bug about this on bugzilla.samba.org and include your C:\windows\debug\netsetup.log file ? I would like to reproduce that and see what is going wrong. Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org Hello Günther, I'll be glad to do that! However, I do realise that my Samba version 3.0.28a is very old. Please let me know on which product I should post my bug report. Thank you, Emil Konow -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.4.1 Available for Download
= I don't know anything about music. In my line you don't have to. Elvis Presley = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.1 include: o Fix authentication on member servers without Winbind (bug #6650). o Nautilus fails to copy files from an SMB share (bug #6649). o Fix connections of Win98 clients (bug #6551). o Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). o Fix Winbind authentication issue (bug #6646). ## Changes ### Changes since 3.4.0 --- o Michael Adam ob...@samba.org * BUG 6650: Fix authentication on member servers without Winbind. o Jeremy Allison j...@samba.org * BUG 6437: Make open_udp_socket() IPv6 clean. * BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. * BUG 6551: Fix connections of Win98 clients. * BUG 6564: SetPrinter fails (panics) as non root. * BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. * BUG 6649: Nautilus fails to copy files from an SMB share. * BUG 6651: Fix smbd SIGSEGV when breaking oplocks. * BUG 6673: Fix 'smbpasswd' with unix password sync = yes. o Yannick Bergeron burgerg...@hotmail.com * Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to allow AIX to call sys_getgrouplist only once. o Günther Deschner g...@samba.org * BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. * BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. * BUG 6680: Fix authentication failure from Windows 7 when domain joined. * BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs. o Olaf Flebbe fle...@nix.science-computing.de * BUG 6655: Fix 'smbcontrol smbd ping'. o Björn Jacke b...@sernet.de * BUG 6105: Make linking of rpcclient --as-needed safe. o Matt Kraai mkr...@beckman.com * BUG 6630: Fix opening of sockets on QNX. o Robert LeBlanc rob...@leblancnet.us * BUG 6700: Use dns domain name when needing to guess server principal. o Volker Lendecke v...@samba.org * BUG 5886: Fix password change propagation with ldapsam. * BUG 6585: Fix unqualified net join. * BUG 6611: Fix a valgrind error in chain_reply. * BUG 6646: Fix Winbind authentication issue. * Fix linking on Solaris. o Stefan Metzmacher me...@samba.org * BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. * BUG 6532: Fix the build with external talloc. * BUG 6538: Cancel all locks that are made before the first failure. * BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. * BUG 6651: Fix smbd SIGSEGV when breaking oplocks. * BUG 6664: Fix truncation of the session key. o Tim Prouty tpro...@samba.org * BUG 6620: Fix a bug in renames of directories. o Rusty Russell ru...@rustcorp.com.au * BUG 6601: Avoid global fd limits. o SATOH Fumiyasu fumi...@osstech.co.jp * BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. o Simo Sorce i...@samba.org * BUG 6693: Check we read off the complete event from inotify. o Peter Volkov p...@gentoo.org * BUG 6105: Make linking of cifs.upcall --as-needed safe. o TAKEDA Yasuma yas...@osstech.co.jp * BUG 5879: Update LDAP schema for Netscape DS 5. o Bo Yang boy...@samba.org * BUG 6560: Fix lookupname. * BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. * BUG 6688: Fix crash in 'net usershare list'. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.1.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpsfJeTh58D7.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba update 3.0.14a to 3.2.5 - machine needs unix account!?!
Hi list, i've updated from 3.0.14a to 3.2.5 using a PDC-LDAP-setup. With 3.0.14a the Primary Group SID value was taken from LDAP's machine account entry. #pdbedit -Lv machine$ -d 10 ... ... smbldap_search: base = [o=mybase], filter = [((uid=machine$)(objectclass=sambaSamAccount))], scope = [2] init_sam_from_ldap: Entry found for user: machine$ pdb_set_username: setting username machine$, was pdb_set_domain: setting domain MYDOM, was pdb_set_nt_username: setting nt username machine$, was pdb_set_user_sid_from_string: setting user sid S-mysid-7842 pdb_set_user_sid: setting user sid S-mysid-7842 pdb_set_group_sid_from_string: setting group sid S-mysid-515 pdb_set_group_sid: setting group sid S-mysid-515 ... ... The 3.2.5 try's to resolv the unix-account to get the group! The pdb_set_group_sid are missing! To workarround i've modifyed my libnss_ldap.conf to include the computers-tree of my ldap. We have much scripts that itterate our users by getent passwd|while read so it's not possible to keep all machines as unix-accounts! Why has this changed? Ist there any way to get the old style back? Thanks a lot! Regards, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Compiling 3.4.0 on SPARC Solaris 9
I've been trying to compile Samba 3.4.0 on a Solaris 9 server. However, when I run configure, it is only creating a Makefile-noincludes, not the standard Makefile. Looking at the config.log file, there are lines that suggest that it can't find the libiconv libraries. These are installed (version 1.11) in /usr/local so I tried re-running configure with the option --with-libiconv=/usr/local. However, this also fails as conftest now will not compile. Thanks in advance for any suggestions. Nigel Pain The Scottish Government Corporate Systems Support Information Systems and Information Services (ISIS) Victoria Quay EDINBURGH EH6 6QQ UK Tel +44 131 244 7237 Mob. +44 7795 618362 Mailto:nigel.p...@scotland.gsi.gov.uk Website: http://www.scotland.gov.uk Pedal for Scotland 2009: Glasgow to Edinburgh, 13th September for Maggie's Centres http://www.maggiescentres.org/ . Please sponsor me: http://www.justgiving.com/nigel_pain This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return. Communications with the Scottish Government may be monitored or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of the Scottish Government. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by CableWireless in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Restart Winbind
On Tue, Sep 8, 2009 at 6:32 PM, Adam Nielsen adam.niel...@uq.edu.au wrote: BTW, The corresponding log I see on winbind log is... tdb(/var/lib/samba/winbindd_cache.tdb): tdb_rec_read bad magic 0x42424242 at offset=1151980 [2009/09/04 10:37:25, 1] lib/util_tdb.c:tdb_validate_and_backup(1437) tdb '/var/lib/samba/winbindd_cache.tdb' is invalid Usually, removing the tdb files and restarting winbind fixes the issue. It'd probably be helpful if - assuming you're running a recent Samba version - you can attach to the winbind process with GDB when it gets stuck and post a backtrace, so that the devs can see exactly where the problem is. No doubt the corrupted .tdb files are causing an infinite loop somewhere. What version of Samba are you running? Cheers, Adam. Samba version is 3.2.4. I am in the process of upgrading to 3.2.8 that may solve the issue. I wish I can put gdb, but when tdb files get corrupted, I cant login to the host even as a local user on console. Winbind seems to be locking the whole authentication stream. I don't understand why even the local user cant login. Thats the I'm working on a script to run w/ cron, so that when winbind consumes more than 40% cpu, I want to restart the cpu. I wanted to ask another question on the same subject. When I start the winbind using the init script, it forks 4 processes. The pid on /var/run/winbindd.pid is the parent process. So is that the pid I need to monitor to capture the true cpu utilization? ~LA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 13:33:33 -0400 (EDT) Christoph Lameter c...@linux-foundation.org wrote: On Wed, 9 Sep 2009, Jeff Layton wrote: Unfortunately I doubt there's much you can do from your client to prevent that (if that is the case). There may be a way to turn off oplocks on the server side, but that may very well be even worse for performance. Also note that these hiccups occur when simply doing an ls we are not accessing or writing files. Hmm... The hiccups you posted in the original email happened during a QPathInfo call (somewhat similar to a NFS GETATTR). I wouldn't think that would cause an oplock break, but I suppose it might. The server might decide that it needs to revoke the oplock in order to retrieve accurate size, LastWriteTime (aka mtime), etc. It could also be a windows bug... Here's an excerpt from an IRC conversation on this in #samba-technical, that might give a little info: 13:42 jlayton would a QPathInfo call cause an oplock break? 13:42 jlayton (typically)? 13:47 sdann jlayton, no it shouldn't, as it's path based and could be done with a stat() call. Only an open() or brl() operation should break an oplock. 13:48 jlayton ok, good to know -- thx 13:49 jlayton sdann: actually though, I'm asking about win2k3 server... 13:49 jlayton do you know whether it might break the oplock on a qpathinfo? 13:49 jlayton i.e. to get accurate size info, for instance 13:50 sdann well in general, only opens, writes (truncate included), and byte-range-lock ops break oplocks 13:50 sdann so any kind of meta-data request should not 13:51 jlayton hmm ok, one of the linux-kernel guys is seeing QPathInfo calls go out to win2k3 server and the server waits 5s before responding 13:51 jlayton my initial thought was oplock break to another client is causing the stall, but maybe it's something else 13:51 coffeedude sdann, SetFileInfo (allocationInfo and EndofFile) will as well. 13:51 jlayton I'm pretty sure this is QPathInfo call 13:52 sdann a quick torture test in source4/torture/raw/oplock.c would solve the issue :) 13:52 coffeedude jlayton, internally in Windows, the NTFS interface is handle based so I assume the server does a NtCreateFile(), QueryInformationFile(), CloseFile(). 13:52 jlayton ahhh maybe so 13:52 coffeedude jlayton, the internal opens should done with FILE_READ_ATTRIBUTES so they don't cause a break but it could be a Windows bug. 13:53 jlayton sounds plausible 13:53 jlayton coffeedude, sdann: thanks! 13:53 coffeedude jlayton, any open with nothing other than FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES or SYNCHRONIZE should nto cause an oplock break either. 13:53 sdann coffeedude, yeah that's certainly possible 13:53 coffeedude jlayton, any open with nothing other than FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES or SYNCHRONIZE should nto cause an oplock break either. 13:53 sdann coffeedude, yeah that's certainly possible 13:53 coffeedude sdann, only know cause I've done it :) I'd probably start with sniffing traffic at the server side and see if you can correlate the stalls with traffic to other hosts (oplock breaks in particular). If so then maybe consider patching the server or testing with a different flavor of windows. -- Jeff Layton jlay...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 13:28:24 -0400 (EDT) Christoph Lameter c...@linux-foundation.org wrote: On Wed, 9 Sep 2009, Jeff Layton wrote: That'll stop your client from requesting oplocks, but that won't prevent others from doing so. If my suspicion is correct, then another client is holding an oplock and the server needs to break it before it can reply to yours. Unfortunately I doubt there's much you can do from your client to prevent that (if that is the case). There may be a way to turn off oplocks on the server side, but that may very well be even worse for performance. Hmmm... We can look at that. Another interesting tidbit is that I have never seen this from a 64 bit Linux kernel. Only occurs with 32 bit kernels it seems. That sounds rather strange. Maybe we do have a bug of some sort? The thing to do might be to get a binary capture of the 32-bit traffic around the time of the stalls. We could then inspect the packets and see whether we have something wrong in there. -- Jeff Layton jlay...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba wants chdir
Hallo, Michael, Du meintest am 01.09.09: 2009/8/31 Helmut Hullen hul...@t-online.de: [...] Aug 31 10:09:28 Server smbd[20793]: chdir (/home/adm) failed [...] b) which machine or program asks chdir /home/adm? That's a DOS command, no Linux command. There is a Unix system call called chdir(). I suspect that this is what smbd is referring to. Hmmm - never seen. But that's no proof of inexistence. strings /usr/sbin/smbd | grep chdir tells make_connection_with_chdir chdir (%s) failed make_connection_with_chdir Failed to chdir to / on chroot to %s And there is the above error message - ok. /home/adm exists, it's a Samba share. What user is smbd running as? (ps aux | grep smbd) Owner: root Who owns /home/adm and what are the permissions? /home: root:root 755 /home/adm: adm:lehrer 755 Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Compiling 3.4.0 on SPARC Solaris 9
Hi 2009/9/9 nigel.p...@scotland.gsi.gov.uk: I've been trying to compile Samba 3.4.0 on a Solaris 9 server. However, when I run configure, it is only creating a Makefile-noincludes, not the standard Makefile. Looking at the config.log file, there are lines that suggest that it can't find the libiconv libraries. These are installed (version 1.11) in /usr/local so I tried re-running configure with the option --with-libiconv=/usr/local. However, this also fails as conftest now will not compile. Thanks in advance for any suggestions. 3.4.1 was just announced earlier today. One of the things it lists as changed from 3.4.0 is: * Fix linking on Solaris. Although that doesn't sound like the problem you're running into (I don't think) it might be a good idea to try 3.4.1 anyway. Also, perhaps if you paste the part of the config.log where the libiconv test fails into your next e-mail someone will be figure out what's wrong. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Authentication from Vista?
On Sep 6, 9:20=A0pm, Volker Lendecke volker.lende...@sernet.de wrote: I very much doubt security=3Dshare works with ntlmv2. Please use security=3Duser. Thanks Volker - that did the trick! I'd used security=share as the man pages suggested that this was the appropriate setting when most shares were meant to be for guest access, and says it is tricky providing guest access with security=user. In fact, simply setting the map to guest parameter to Bad User does the trick. Regards, Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba wants chdir
Hello Helmut :) 2009/9/1 Helmut Hullen hul...@t-online.de: Hallo, Michael, Du meintest am 01.09.09: 2009/8/31 Helmut Hullen hul...@t-online.de: [...] Aug 31 10:09:28 Server smbd[20793]: chdir (/home/adm) failed [...] b) which machine or program asks chdir /home/adm? That's a DOS command, no Linux command. There is a Unix system call called chdir(). I suspect that this is what smbd is referring to. Hmmm - never seen. But that's no proof of inexistence. Well on Debian and Ubuntu the manpage is in the manpages-dev package: $ man -w chdir /usr/share/man/man2/chdir.2.gz $ dpkg -S /usr/share/man/man2/chdir.2.gz manpages-dev: /usr/share/man/man2/chdir.2.gz $ man 2 chdir CHDIR(2) Linux Programmer's Manual CHDIR(2) NAME chdir, fchdir - change working directory SYNOPSIS #include unistd.h int chdir(const char *path); int fchdir(int fd); [...] CONFORMING TO SVr4, 4.4BSD, POSIX.1-2001. [...] strings /usr/sbin/smbd | grep chdir tells make_connection_with_chdir chdir (%s) failed make_connection_with_chdir Failed to chdir to / on chroot to %s And there is the above error message - ok. /home/adm exists, it's a Samba share. What user is smbd running as? (ps aux | grep smbd) Owner: root Who owns /home/adm and what are the permissions? /home: root:root 755 /home/adm: adm:lehrer 755 OK, that's strange. Anybody should be able to change directory to /home/adm, unless there's something else preventing it, like ACLs or SELinux or Samba is chrooted so it's looking for /path/to/chroot/home/adm instead of /home/adm. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 17:27:57 -0400 (EDT) Christoph Lameter c...@linux-foundation.org wrote: On Wed, 9 Sep 2009, Jeff Layton wrote: That sounds rather strange. Maybe we do have a bug of some sort? The thing to do might be to get a binary capture of the 32-bit traffic around the time of the stalls. We could then inspect the packets and see whether we have something wrong in there. Capture attached. Well, I can see the delays in the capture, but the snarflen for the capture is a little too small to tell much else. Can you redo the capture with a larger snarflen (maybe -s 512 or so)? Also, were you able to tell anything from a server-side capture? Is the server issuing oplock breaks at those times? Cheers, Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Rejoin BDC to domain?
We recently replaced a failing PDC, and it seems to be working just fine: # net rpc testjoin Join to 'OURDOMAIN' is OK # net lookup dc OURDOMAIN 172.16.1.40 But the BDC now seems to be having problems. We cannot get new workstations (in the subnet with the BDC) to join the domain, and while logged into the BDC, we get: # net rpc testjoin Unable to find a suitable server Join to domain 'OURDOMAIN' is not valid # net lookup dc # blank This BDC was working fine before we replaced the PDC, and I tried: net rpc getsid -S OURDOMAIN -I 172.16.1.40 -U admin%password which says it grabbed the SID. Do I need to rejoin the BDC to the domain? Thanks for any help, Brian H binaryno...@gmail.com http://www.binarynomad.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] TOSHAG-Passdb.xml translate finished and some typo found
Now, TOSHARG-Passdb.xml translate to Japanese finished(3.4.0 base). And some typo found. Many people ask why Samba cannot simply use the UNIX password database. Windows requires passwords that are encrypted in its own format. The UNIX passwords can't be converted to Windows? UNIX-style encrypted passwords. Because of that, you can't use the standard UNIX user database, and you have to store the LanMan and NT hashes somewhere else. indextermprimarychallenge/response mechanis/primary/indexterm mechanism indextermprimaryclear-text/primary/indexterm indextermprimaryencrypted/primary/indexterm indextermprimarynegotiate/primary/indexterm All current releases of Microsoft SMB/CIFS clients support authentication via the Some people are confused when reference is made to literalsmbpasswd/literal because the name refers to a storage mechanism for SambaSAMAccount information, but it is also the name of a utility tool. That tool is destined to eventually be replaced by new functionality that is being added to the commandnet/command toolset (see link linkend=NetCommandthe Net Command/link. - forgot ) The commandsmbpasswd/command utility is similar to the commandpasswd/command and commandyppasswd/command programs. It maintains the two 32 byte password fields in the passdb backend. This utility operates independently of the actual account and password storage methods used (as specified by the parameterpassdb backend/parameter in the smb.conf; file. - forgot ) The POSIX and sambaSamAccount components of computer (machine) accounts are both used by Samba. Thus, machine accounts are treated inside Samba in the same way that Windows NT4/200X treats them. A user account and a machine account are indistinquishable from each other, except that - indistinguishable the machine account ends in a $ character, as do trust accounts. Domain global policy controls available in Windows NT4 compared with Samba is shown in link linkend=policycontrolsNT4 Domain v's Samba Policy Controls/link. --vs ? itemizedlist listitemparaLogin ID./para/listitem listitemparaUNIX UID./para/listitem listitem paraMicrosoft LanManager password hash (password converted to upper-case thenhashed./para _ need ) /listitem The first problem is that all lookups must be performed sequentially. Given that there are approximately two lookups per domain logon (one during intial logon validation -- initial and one for a session connection setup, such as when mapping a network drive or printer ), this is a performance bottleneck for large sites. What is needed is an indexed approach such as that used in databases. paraquoteI've installed Samba, but now I can't log on with my UNIX account! /quote/para paraMake sure your user has been added to the current Samba smbconfoption name=passdb backend/. Read the link linkend=acctmgmttoolsAccount Management Tools,/link for unnecessary thing - details./para -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Computers Software Operations Unit Shiba,Minato,Tokyo Open Source Software Platform Development Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Sep 9 06:00:01 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-09-08 00:00:41.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-09-09 00:00:02.0 -0600 @@ -1,22 +1,22 @@ -Build status as of Tue Sep 8 06:00:02 2009 +Build status as of Wed Sep 9 06:00:01 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 2 1 0 +ccache 3 1 0 distcc 0 0 0 ldb 26 26 0 -libreplace 1 1 0 +libreplace 2 1 0 lorikeet 0 0 0 pidl 1 1 0 ppp 0 0 0 -rsync26 11 0 +rsync27 11 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 0 0 0 -samba_3_master 24 24 1 -samba_3_next 2 2 0 -samba_4_0_test 26 26 1 -talloc 7 7 0 -tdb 23 23 0 +samba_3_current 22 21 0 +samba_3_master 24 24 2 +samba_3_next 23 22 0 +samba_4_0_test 27 26 10 +talloc 2 2 0 +tdb 24 24 0
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-109-g939b936
The branch, master has been updated via 939b936d1af9a5221922864ad579bf50157b957b (commit) from dca7afb799477a34f704c04397a6afa1ee6b9973 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 939b936d1af9a5221922864ad579bf50157b957b Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 9 17:04:16 2009 +1000 s4/repl: added refresh of repsTo I've found that w2k3 deletes the repsTo records we carefully created in the vampire join if we don't refresh them frequently. After about 30mins all 3 repsTo records are gone. This patch adds automatic refresh of the repsTo by calling DSReplicaUpdateRefs every time we do a sync cycle with the server --- Summary of changes: source4/dsdb/repl/drepl_out_helpers.c | 88 - 1 files changed, 87 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index c292c6d..59b3176 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -33,6 +33,7 @@ #include librpc/gen_ndr/ndr_drsblobs.h #include libcli/composite/composite.h #include auth/gensec/gensec.h +#include param/param.h struct dreplsrv_out_drsuapi_state { struct composite_context *creq; @@ -355,6 +356,8 @@ static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req) dreplsrv_op_pull_source_apply_changes_send(st, r, ctr_level, ctr1, ctr6); } +static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st); + static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_source_state *st, struct drsuapi_DsGetNCChanges *r, uint32_t ctr_level, @@ -430,7 +433,12 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s return; } - composite_done(c); + /* now we need to update the repsTo record for this partition + on the server. These records are initially established when + we join the domain, but they quickly expire. We do it here + so we can use the already established DRSUAPI pipe + */ + dreplsrv_update_refs_send(st); } WERROR dreplsrv_op_pull_source_recv(struct composite_context *c) @@ -442,3 +450,81 @@ WERROR dreplsrv_op_pull_source_recv(struct composite_context *c) talloc_free(c); return ntstatus_to_werror(status); } + +/* + receive a UpdateRefs reply + */ +static void dreplsrv_update_refs_recv(struct rpc_request *req) +{ + struct dreplsrv_op_pull_source_state *st = talloc_get_type(req-async.private_data, + struct dreplsrv_op_pull_source_state); + struct composite_context *c = st-creq; + struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(req-ndr.struct_ptr, + struct drsuapi_DsReplicaUpdateRefs); + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) { + DEBUG(0,(UpdateRefs failed with %s for %s %s\n, +nt_errstr(c-status), +r-in.req.req1.dest_dsa_dns_name, +r-in.req.req1.naming_context-dn)); + return; + } + + if (!W_ERROR_IS_OK(r-out.result)) { + DEBUG(0,(UpdateRefs failed with %s for %s %s\n, +win_errstr(r-out.result), +r-in.req.req1.dest_dsa_dns_name, +r-in.req.req1.naming_context-dn)); + composite_error(c, werror_to_ntstatus(r-out.result)); + return; + } + + DEBUG(4,(UpdateRefs OK for %s %s\n, +r-in.req.req1.dest_dsa_dns_name, +r-in.req.req1.naming_context-dn)); + + composite_done(c); +} + +/* + send a UpdateRefs request to refresh our repsTo record on the server + */ +static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st) +{ + struct composite_context *c = st-creq; + struct dreplsrv_service *service = st-op-service; + struct dreplsrv_partition *partition = st-op-source_dsa-partition; + struct dreplsrv_drsuapi_connection *drsuapi = st-op-source_dsa-conn-drsuapi; + struct rpc_request *req; + struct drsuapi_DsReplicaUpdateRefs *r; + char *ntds_guid_str; + char *ntds_dns_name; + + r = talloc(st, struct drsuapi_DsReplicaUpdateRefs); + if (composite_nomem(r, c)) return; + + ntds_guid_str = GUID_string(r, service-ntds_guid); + if (composite_nomem(ntds_guid_str, c)) return; + + /*
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-110-g8640293
The branch, master has been updated via 8640293fabb0fd0fe92b814411577dcdb449100d (commit) from 939b936d1af9a5221922864ad579bf50157b957b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8640293fabb0fd0fe92b814411577dcdb449100d Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 9 18:04:07 2009 +1000 s4/repl: implement DsReplicaSync This patch implements DsReplicaSync by passing the call via irpc to the repl server task. The repl server then triggers an immediate replication of the specified partition. This means we no longer need to set a small value for dreplsrv:periodic_interval to force frequent DRS replication. We can now wait for the DC to send us a ReplicaSync msg for any partition that changes, and we immediately sync that partition. --- Summary of changes: source4/dsdb/repl/drepl_out_pull.c | 16 ++ source4/dsdb/repl/drepl_service.c | 26 ++ source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 31 ++ 3 files changed, 68 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index c66c5bb..54dbd29 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -79,6 +79,22 @@ WERROR dreplsrv_schedule_pull_replication(struct dreplsrv_service *s, TALLOC_CTX return WERR_OK; } + +/* force an immediate of the specified partition by GUID */ +WERROR dreplsrv_schedule_partition_pull_by_guid(struct dreplsrv_service *s, TALLOC_CTX *mem_ctx, + struct GUID *guid) +{ + struct dreplsrv_partition *p; + + for (p = s-partitions; p; p = p-next) { + if (GUID_compare(p-nc.guid, guid) == 0) { + return dreplsrv_schedule_partition_pull(s, p, mem_ctx); + } + } + + return WERR_NOT_FOUND; +} + static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op) { struct repsFromTo1 *rf = op-source_dsa-repsFrom1; diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c index 27572af..eb49da3 100644 --- a/source4/dsdb/repl/drepl_service.c +++ b/source4/dsdb/repl/drepl_service.c @@ -106,6 +106,30 @@ static WERROR dreplsrv_connect_samdb(struct dreplsrv_service *service, struct lo } /* + DsReplicaSync messages from the DRSUAPI server are forwarded here + */ +static NTSTATUS drepl_replica_sync(struct irpc_message *msg, + struct drsuapi_DsReplicaSync *r) +{ + struct dreplsrv_service *service = talloc_get_type(msg-private_data, + struct dreplsrv_service); + WERROR werr; + struct GUID *guid = r-in.req.req1.naming_context-guid; + + werr = dreplsrv_schedule_partition_pull_by_guid(service, msg, guid); + if (W_ERROR_IS_OK(werr)) { + DEBUG(3,(drepl_replica_sync: forcing sync of partition %s\n, +GUID_string(msg, guid))); + dreplsrv_run_pending_ops(service); + } else { + DEBUG(3,(drepl_replica_sync: failed setup of sync of partition %s - %s\n, +GUID_string(msg, guid), win_errstr(werr))); + return NT_STATUS_INTERNAL_ERROR; + } + return NT_STATUS_OK; +} + +/* startup the dsdb replicator service task */ static void dreplsrv_task_init(struct task_server *task) @@ -173,6 +197,8 @@ static void dreplsrv_task_init(struct task_server *task) } irpc_add_name(task-msg_ctx, dreplsrv); + + IRPC_REGISTER(task-msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service); } /* diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index a9c7eb7..73cc8cb 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -29,6 +29,7 @@ #include lib/ldb/include/ldb_errors.h #include param/param.h #include librpc/gen_ndr/ndr_drsblobs.h +#include messaging/irpc.h /* drsuapi_DsBind @@ -228,12 +229,32 @@ static WERROR dcesrv_drsuapi_DsUnbind(struct dcesrv_call_state *dce_call, TALLOC drsuapi_DsReplicaSync */ static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct drsuapi_DsReplicaSync *r) + struct drsuapi_DsReplicaSync *r) { - /* TODO: implement this call correct! -* for now we just say yes, -* because we have no output parameter -*/ + struct server_id *repld; + struct irpc_request *ireq; + +
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-111-g269fe99
The branch, master has been updated via 269fe99a62371fb9540d886f7cc619450c5b5c8d (commit) from 8640293fabb0fd0fe92b814411577dcdb449100d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 269fe99a62371fb9540d886f7cc619450c5b5c8d Author: Nadezhda Ivanova nadezhda.ivan...@postpath.com Date: Thu Sep 3 14:39:40 2009 +0300 Added admin_session method. The purpose of admin_session is to be able to execute parts of provisioning as the user Administrator in order to have the correct group and owner in the security descriptors. To be used for provisioning and tests only. --- Summary of changes: source4/auth/pyauth.c | 23 source4/auth/session.h |4 + source4/auth/system_session.c | 191 +++ source4/scripting/python/samba/provision.py |6 +- 4 files changed, 223 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c index 04880b7..5bb775a 100644 --- a/source4/auth/pyauth.c +++ b/source4/auth/pyauth.c @@ -21,6 +21,8 @@ #include pyauth.h #include auth/system_session_proto.h #include param/pyparam.h +#include libcli/security/security.h + PyTypeObject PyAuthSession = { .tp_name = AuthSession, @@ -70,9 +72,30 @@ static PyObject *py_system_session_anon(PyObject *module, PyObject *args) return PyAuthSession_FromSession(session); } +static PyObject *py_admin_session(PyObject *module, PyObject *args) +{ + PyObject *py_lp_ctx; + PyObject *py_sid; + struct loadparm_context *lp_ctx = NULL; + struct auth_session_info *session; + struct dom_sid *domain_sid = NULL; + if (!PyArg_ParseTuple(args, OO, py_lp_ctx, py_sid)) + return NULL; + + lp_ctx = lp_from_py_object(py_lp_ctx); + if (lp_ctx == NULL) + return NULL; + + domain_sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); + session = admin_session(NULL, lp_ctx, domain_sid); + + return PyAuthSession_FromSession(session); +} + static PyMethodDef py_auth_methods[] = { { system_session, (PyCFunction)py_system_session, METH_VARARGS, NULL }, { system_session_anonymous, (PyCFunction)py_system_session_anon, METH_VARARGS, NULL }, + { admin_session, (PyCFunction)py_admin_session, METH_VARARGS, NULL }, { NULL }, }; diff --git a/source4/auth/session.h b/source4/auth/session.h index 15570c4..ca47af3 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -62,5 +62,9 @@ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx); +struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + struct dom_sid *domain_sid); + #endif /* _SAMBA_AUTH_SESSION_H */ diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index 07b0060..8e22bd8 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -303,3 +303,194 @@ NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, } +/* Create server info for the Administrator account. This should only be used + * during provisioning when we need to impersonate Administrator but + * the account has not been created yet */ + +static NTSTATUS create_admin_token(TALLOC_CTX *mem_ctx, + struct dom_sid *user_sid, + struct dom_sid *group_sid, + int n_groupSIDs, + struct dom_sid **groupSIDs, + struct security_token **token) +{ + struct security_token *ptoken; + int i; + + ptoken = security_token_initialise(mem_ctx); + NT_STATUS_HAVE_NO_MEMORY(ptoken); + + ptoken-sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 3); + NT_STATUS_HAVE_NO_MEMORY(ptoken-sids); + + ptoken-user_sid = talloc_reference(ptoken, user_sid); + ptoken-group_sid = talloc_reference(ptoken, group_sid); + ptoken-privilege_mask = 0; + + ptoken-sids[0] = ptoken-user_sid; + ptoken-sids[1] = ptoken-group_sid; + ptoken-sids[2] = dom_sid_parse_talloc(ptoken-sids, SID_NT_AUTHENTICATED_USERS); + NT_STATUS_HAVE_NO_MEMORY(ptoken-sids[2]); + ptoken-num_sids = 3; + + + for (i = 0; i n_groupSIDs; i++) { + size_t check_sid_idx; + for (check_sid_idx = 1; +check_sid_idx ptoken-num_sids; +
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1246-g1f6f0fc
The branch, v3-4-test has been updated via 1f6f0fc92b1bb487fb99ac1e9c96f8f09adb9fbc (commit) from d5098d7372fb3ab5991df5ce6daa994372934b39 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 1f6f0fc92b1bb487fb99ac1e9c96f8f09adb9fbc Author: Günther Deschner g...@samba.org Date: Wed Sep 9 02:29:58 2009 +0200 s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal. Patch from Robert LeBlanc rob...@leblancnet.us. Thanks! Guenther --- Summary of changes: source3/winbindd/winbindd_cm.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 09a12d0..4571f22 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -856,7 +856,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, machine_krb5_principal, machine_password, lp_workgroup(), - domain-name); + domain-alt_name); if (!ADS_ERR_OK(ads_status)) { DEBUG(4,(failed kerberos session setup with %s\n, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5350-gcd920dc
The branch, v3-3-test has been updated via cd920dcff320a097bcc46a9468a78cedca6fb2be (commit) from e7e1e1887e79e4dcbd8836b775e387751c44f318 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit cd920dcff320a097bcc46a9468a78cedca6fb2be Author: Günther Deschner g...@samba.org Date: Wed Sep 9 02:29:58 2009 +0200 s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal. Patch from Robert LeBlanc rob...@leblancnet.us. Thanks! Guenther --- Summary of changes: source/winbindd/winbindd_cm.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c index bc3db08..0c53112 100644 --- a/source/winbindd/winbindd_cm.c +++ b/source/winbindd/winbindd_cm.c @@ -857,7 +857,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, machine_krb5_principal, machine_password, lp_workgroup(), - domain-name); + domain-alt_name); if (!ADS_ERR_OK(ads_status)) { DEBUG(4,(failed kerberos session setup with %s\n, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1280-g95cc5af
The branch, v3-4-test has been updated via 95cc5af5fd6150f3c54cd344b66393dbc186c2df (commit) via 6b9d518b9f1244c99fbaa2812886d02635caff14 (commit) via a9890fb49d2372edbf2050134bb21450d98ff7f6 (commit) via 161e20843054ecc5745e967da2a9d08ed09229d0 (commit) via 1108225c1316521bf2bb59c9b99b030440af0002 (commit) via 5cc105ac513164d66d4661a41d1daa99f28ab928 (commit) via 792ab5c34a20bd2b292b642dc96cae62e5ad1ce0 (commit) via bd28ae54a635667096e4a0d1010a1c3cce59712f (commit) via fdcc157d51cce8561df37fa9eed39332772bacb9 (commit) via c78d2a86f7410b6e09d0c326233e06f09dfc6ddb (commit) via 4c63af17eda7e22fd6c258524204a44879006db7 (commit) via 1157ff3353b528d285f456d8e946d98bf202a560 (commit) via 6e8becce900e7686dcd81307722105d175103c06 (commit) via 0a14a3daa8c1f6d402865b8b1f24d91c64085176 (commit) via f6d54b0db737f3474820b491488c68de41e8e659 (commit) via 80d62cc788211cf2783e315359f832a95b88cdc5 (commit) via 5a66d5776923647169ab2ae816f6a632b0f4e8aa (commit) via 620dde3a0fa246ebac35e64f1a99f56415b15e97 (commit) via be0191b0c416f2fbf03d2cdb0a5ea3e8ce3d58e9 (commit) via 3ee857b058780fd3df915d8dab3e7d4ede682ce8 (commit) via 1e460e95956e9c1352ad9879ed2a9833b96b8746 (commit) via 6c002a988bd37cc04b488d78c910540b19cac88e (commit) via 5543fc2599b3ec7e3a676f95d8283d0f55113ec5 (commit) via 000d2835d78b6beb6db573a1946346e01de2ff7d (commit) via 8d988b165d373d074b8be321bcc9c20a8e85a6fc (commit) via d0ab357d3bae114bda2d678049e89272614da713 (commit) via ce80afbe3ad7534d659109e60874540531738aaf (commit) via 1d0e302bc49c77542fa39a18d995268e8685d141 (commit) via 30acc30ce5c01a30a96a6ce80ab99576574d8196 (commit) via c20026a9afe1527f6442e8eedf669d199d8cdb26 (commit) via 49c97fb7a1bc49b160677fc7fae69b05bd6161a4 (commit) via 915a516da4ef536d09075e14959cfa7e866f7e7b (commit) via 01a4ec433627fe36c9eef7a8f1a7f45b86eb8262 (commit) via 6e968a6f12de83be431e6244c34bb3cecf52ee42 (commit) from 1f6f0fc92b1bb487fb99ac1e9c96f8f09adb9fbc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 95cc5af5fd6150f3c54cd344b66393dbc186c2df Author: Jeremy Allison j...@samba.org Date: Thu Sep 3 07:40:48 2009 -0700 Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal was pending (caused by a kernel oplock break from a local file open), and the client closed the file and then re-opened another file which happened to use the same file descriptor as the file just closed, then theoretically the oplock break requests could be processed on the wrong fd. Here's why this should be very rare.. Processing a pending signal always take precedence over an incoming network reque st, so as long as the client close request is non-chained then the break signal should always be harmlessly processed *before* the open can be called. If the open is chained onto the close, and the fd on the new open is the same as the old closed fd, then it's possible this race will occur. However, all that will happen is that we'll lose the oplock on this file. A shame, but not a fatal event. Jeremy. (cherry picked from commit bdc7bdb0d3e02d04477906dbda8995bc5789ce22) commit 6b9d518b9f1244c99fbaa2812886d02635caff14 Author: Jeremy Allison j...@samba.org Date: Mon Aug 24 21:14:52 2009 -0700 Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks. Should help track if we get invoked with an invalid fd from the signal handler. Jeremy. (cherry picked from commit 213546103749c30dbb3ad8472872b9a8fad34205) commit a9890fb49d2372edbf2050134bb21450d98ff7f6 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 4 12:56:39 2009 +0200 tevent: change version to 0.9.8 after some critical bugs have been fixed metze (cherry picked from commit 1bb68402a2e37f39118e039ac69e03ba66f2) commit 161e20843054ecc5745e967da2a9d08ed09229d0 Author: Jeremy Allison j...@samba.org Date: Thu Sep 3 07:38:21 2009 -0700 Another part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer wrap to work correctly at the 32 bit boundary. Thanks to Petr Vandrovec p...@vandrovec.name for this. (cherry picked
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1281-g91a5b85
The branch, v3-4-test has been updated via 91a5b8561e2f13f77fa5648f7cc373aff1701954 (commit) from 95cc5af5fd6150f3c54cd344b66393dbc186c2df (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit 91a5b8561e2f13f77fa5648f7cc373aff1701954 Author: Jeremy Allison j...@samba.org Date: Tue Sep 8 16:22:46 2009 -0700 Fix bug 6673 - smbpasswd does not work with unix password sync = yes. Revert change from 3.3 - 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. --- Summary of changes: source3/include/proto.h|2 +- source3/lib/util_sock.c| 42 +- source3/libsmb/clientgen.c |2 +- source3/smbd/chgpasswd.c |2 +- source3/smbd/process.c |4 ++-- 5 files changed, 30 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 18555bc..85619ee 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1373,7 +1373,7 @@ ssize_t read_udp_v4_socket(int fd, char *buf, size_t len, struct sockaddr_storage *psa); -NTSTATUS read_socket_with_timeout(int fd, char *buf, +NTSTATUS read_fd_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt, unsigned int time_out, size_t *size_ret); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 43ea8b5..da79aca 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -490,13 +490,15 @@ ssize_t read_udp_v4_socket(int fd, } / - Read data from a socket with a timout in msec. + Read data from a file descriptor with a timout in msec. mincount = if timeout, minimum to read before returning maxcount = number to be read. time_out = timeout in milliseconds + NB. This can be called with a non-socket fd, don't change + sys_read() to sys_recv() or other socket call. / -NTSTATUS read_socket_with_timeout(int fd, char *buf, +NTSTATUS read_fd_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt, unsigned int time_out, size_t *size_ret) @@ -519,10 +521,10 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf, } while (nread mincnt) { - readret = sys_recv(fd, buf + nread, maxcnt - nread, 0); + readret = sys_read(fd, buf + nread, maxcnt - nread); if (readret == 0) { - DEBUG(5,(read_socket_with_timeout: + DEBUG(5,(read_fd_with_timeout: blocking read. EOF from client.\n)); return NT_STATUS_END_OF_FILE; } @@ -531,12 +533,12 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf, if (fd == get_client_fd()) { /* Try and give an error message * saying what client failed. */ - DEBUG(0,(read_socket_with_timeout: + DEBUG(0,(read_fd_with_timeout: client %s read error = %s.\n, get_peer_addr(fd,addr,sizeof(addr)), strerror(errno) )); } else { - DEBUG(0,(read_socket_with_timeout: + DEBUG(0,(read_fd_with_timeout: read error = %s.\n, strerror(errno) )); } @@ -569,12 +571,12 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf, if (fd == get_client_fd()) { /* Try and give an error message saying * what client failed. */ - DEBUG(0,(read_socket_with_timeout: timeout + DEBUG(0,(read_fd_with_timeout: timeout
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1282-gee70079
The branch, v3-4-test has been updated via ee70079d08acf23cf7c342f09a7db4f5fc7ca95e (commit) from 91a5b8561e2f13f77fa5648f7cc373aff1701954 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit ee70079d08acf23cf7c342f09a7db4f5fc7ca95e Author: SATOH Fumiyasu fumi...@osstech.co.jp Date: Tue Sep 8 16:07:17 2009 -0700 Fix bug 6496 - libsmbclient: MS-DFS: cannot follow multibyte char link name. A server returns a byte of consumed path in UCS2, not UNIX charset. --- Summary of changes: source3/include/proto.h |2 +- source3/libsmb/clidfs.c | 52 ++ 2 files changed, 39 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 85619ee..d33a019 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2371,7 +2371,7 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, const char *path, CLIENT_DFS_REFERRAL**refs, size_t *num_refs, - uint16 *consumed); + size_t *consumed); bool cli_resolve_path(TALLOC_CTX *ctx, const char *mountpt, const struct user_auth_info *dfs_auth_info, diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 98b96cf..5e944f1 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -603,16 +603,19 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, const char *path, CLIENT_DFS_REFERRAL**refs, size_t *num_refs, - uint16 *consumed) + size_t *consumed) { unsigned int data_len = 0; unsigned int param_len = 0; uint16 setup = TRANSACT2_GET_DFS_REFERRAL; - char *param; + char *param = NULL; char *rparam=NULL, *rdata=NULL; char *p; char *endp; size_t pathlen = 2*(strlen(path)+1); + smb_ucs2_t *path_ucs; + char *consumed_path = NULL; + uint16_t consumed_ucs; uint16 num_referrals; CLIENT_DFS_REFERRAL *referrals = NULL; bool ret = false; @@ -622,11 +625,12 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, param = SMB_MALLOC_ARRAY(char, 2+pathlen+2); if (!param) { - return false; + goto out; } SSVAL(param, 0, 0x03); /* max referral level */ p = param[2]; + path_ucs = (smb_ucs2_t *)p; p += clistr_push(cli, p, path, pathlen, STR_TERMINATE); param_len = PTR_DIFF(p, param); @@ -637,16 +641,13 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, param, param_len, 2,/* param, length, max */ NULL, 0, cli-max_xmit /* data, length, max */ )) { - SAFE_FREE(param); - return false; + goto out; } - SAFE_FREE(param); - if (!cli_receive_trans(cli, SMBtrans2, rparam, param_len, rdata, data_len)) { - return false; + goto out; } if (data_len 4) { @@ -655,9 +656,30 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, endp = rdata + data_len; - *consumed = SVAL(rdata, 0); + consumed_ucs = SVAL(rdata, 0); num_referrals = SVAL(rdata, 2); + /* consumed_ucs is the number of bytes +* of the UCS2 path consumed not counting any +* terminating null. We need to convert +* back to unix charset and count again +* to get the number of bytes consumed from +* the incoming path. */ + + if (pull_string_talloc(talloc_tos(), + NULL, + 0, + consumed_path, + path_ucs, + consumed_ucs, + STR_UNICODE) == 0) { + goto out; + } + if (consumed_path == NULL) { + goto out; + } + *consumed = strlen(consumed_path); + if (num_referrals != 0) { uint16 ref_version; uint16 ref_size; @@ -714,6 +736,8 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, out: + TALLOC_FREE(consumed_path); + SAFE_FREE(param); SAFE_FREE(rdata); SAFE_FREE(rparam); return ret; @@ -732,7 +756,7 @@ bool cli_resolve_path(TALLOC_CTX *ctx, { CLIENT_DFS_REFERRAL *refs = NULL; size_t num_refs = 0; - uint16 consumed; + size_t consumed = 0; struct cli_state *cli_ipc = NULL; char *dfs_path = NULL; char *cleanpath = NULL; @@ -840,13 +864,13 @@ bool
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1283-gabc676b
The branch, v3-4-test has been updated via abc676bcd5eec40946c2e851345a6e973bf2cbea (commit) from ee70079d08acf23cf7c342f09a7db4f5fc7ca95e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit abc676bcd5eec40946c2e851345a6e973bf2cbea Author: Karolin Seeger ksee...@samba.org Date: Wed Sep 9 12:53:36 2009 +0200 WHATSNEW: Update changes since 3.4.0. Karolin --- Summary of changes: WHATSNEW.txt | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6e3a393..cd75945 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -36,6 +36,8 @@ o Jeremy Allison j...@samba.org * BUG 6564: SetPrinter fails (panics) as non root. * BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. * BUG 6649: Nautilus fails to copy files from an SMB share. +* BUG 6651: Fix smbd SIGSEGV when breaking oplocks. +* BUG 6673: Fix 'smbpasswd' with unix password sync = yes. o Yannick Bergeron burgerg...@hotmail.com @@ -62,6 +64,10 @@ o Matt Kraai mkr...@beckman.com * BUG 6630: Fix opening of sockets on QNX. +o Robert LeBlanc rob...@leblancnet.us +* BUG 6700: Use dns domain name when needing to guess server principal. + + o Volker Lendecke v...@samba.org * BUG 5886: Fix password change propagation with ldapsam. * BUG 6585: Fix unqualified net join. @@ -74,6 +80,7 @@ o Stefan Metzmacher me...@samba.org * BUG 6532: Fix the build with external talloc. * BUG 6538: Cancel all locks that are made before the first failure. * BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. +* BUG 6651: Fix smbd SIGSEGV when breaking oplocks. * BUG 6664: Fix truncation of the session key. @@ -85,6 +92,10 @@ o Rusty Russell ru...@rustcorp.com.au * BUG 6601: Avoid global fd limits. +o SATOH Fumiyasu fumi...@osstech.co.jp +* BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. + + o Simo Sorce i...@samba.org * BUG 6693: Check we read off the complete event from inotify. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-stable updated - release-3-4-0-99-g74ec776
The branch, v3-4-stable has been updated via 74ec7766bf036b0acbf80e8030dec8427ee6a71d (commit) via 66d0c3bbd2933896d3ebd7ad5b261e8e0d96315c (commit) via 47270bbdb8616c6b6bfeaadc36d5f59cf01f9837 (commit) via ba729050e682b8173ddb2cbb640b4d22c046c0a4 (commit) via e30b60ede56b2ccf59d820f39d379c52d04c20d2 (commit) via b1bbb87c3a02fc2ccb0091084dc1898a0d120b8b (commit) via 4b9362d563c578ab497170a3a1657b70504df1bc (commit) via 5805ecffe1f5fe5cb92836d159c761849c018eed (commit) via 581a85eeb1cbed45d2eddee20fab1a168fdb1518 (commit) via b413921e53550e92d6cf764f5e4c837b8d5f5df1 (commit) via c1011b3a21298fcde7a81a23412b3e2450e15942 (commit) via ce31ae860d25823f7b5b3140b74e8d83af9d6ed5 (commit) via 3dbdc27d14f159aa0db16615924a91efb960d951 (commit) via 8913575e96a562c2fe155610b18d11dc9b389d8c (commit) via 352d0021464242ba8b346a7a9713618fee60dd22 (commit) via c42edf194ecde7445ace1cd06a1b2ee2e710dc22 (commit) via e2c61000e74ecfbcf302a88a681002854ddc1884 (commit) via 4c567abae090df75e016cc0679958c404aea4962 (commit) via cdabbec91a6a739daaebd6d7a5a285026d01537a (commit) via 055d9ba4e4f9fd6a98b5c0b1f087f04b6672a211 (commit) via c6b8826c713b5fc7ad9b7213d7fd8bfc8ef0b71c (commit) via 611ed97a0ffee73a232cacc961235f3bb4e8044c (commit) via c28574bf378cbec8f186d4f36337b3ae450de7db (commit) via 00f260ce27388310c9324a8ed5369082b93b (commit) via b7d674ad39b048960463c1108e8443d367b14005 (commit) via bf11f9c9e9bb345920275cd568a680a6146633f2 (commit) via a9c76046516e9122d673798241f5fd774a7d1296 (commit) via 6b802602c99d7534d0c1178b199ac119b268971a (commit) via 6a6f07ceac1e0e4c00be9869713e7200755aae64 (commit) via c9594333e595c1f84c003e0a6c33a25f4226d765 (commit) via ee8bb50d32830138434344f5363ff23fccce016e (commit) via 3405c58d507b14b0be4aadd29d5d4bfa0d67e24c (commit) via 9af470e45b5171d934155e75658816337e917bed (commit) via c259082c32142c0f0dac999a4384b8e5fb7b6a49 (commit) via 784672fc8a2ae983fac35c03caccedf261470cf9 (commit) via 996597e7a4468ff9e79efd29a320b6f5c98d5faa (commit) via 418fb51e85ffc36a01daa04fe0d1263cbf6a1872 (commit) via 51b088dc5c3a8421d11aed352e5463f8551035c3 (commit) from c84c8a4dbb680c0348e4816478fc2e7ad866c065 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit 74ec7766bf036b0acbf80e8030dec8427ee6a71d Author: Karolin Seeger ksee...@samba.org Date: Wed Sep 9 12:53:36 2009 +0200 WHATSNEW: Update changes since 3.4.0. Karolin (cherry picked from commit abc676bcd5eec40946c2e851345a6e973bf2cbea) commit 66d0c3bbd2933896d3ebd7ad5b261e8e0d96315c Author: SATOH Fumiyasu fumi...@osstech.co.jp Date: Tue Sep 8 16:07:17 2009 -0700 Fix bug 6496 - libsmbclient: MS-DFS: cannot follow multibyte char link name. A server returns a byte of consumed path in UCS2, not UNIX charset. (cherry picked from commit ee70079d08acf23cf7c342f09a7db4f5fc7ca95e) commit 47270bbdb8616c6b6bfeaadc36d5f59cf01f9837 Author: Jeremy Allison j...@samba.org Date: Tue Sep 8 16:22:46 2009 -0700 Fix bug 6673 - smbpasswd does not work with unix password sync = yes. Revert change from 3.3 - 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. (cherry picked from commit 91a5b8561e2f13f77fa5648f7cc373aff1701954) commit ba729050e682b8173ddb2cbb640b4d22c046c0a4 Author: Jeremy Allison j...@samba.org Date: Thu Sep 3 07:40:48 2009 -0700 Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal was pending (caused by a kernel oplock break from a local file open), and the client closed the file and then re-opened another file which happened to use the same file descriptor as the file just closed, then theoretically the oplock break requests could be processed on the wrong fd. Here's why this should be very rare.. Processing a pending signal always take precedence over an
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-113-g9721b1b
The branch, master has been updated via 9721b1b7c0599e0fd2c49c07c3c69ed0fd76b343 (commit) via 51baffab5fffa2b50f540ffd0053d957172dfcb0 (commit) from 269fe99a62371fb9540d886f7cc619450c5b5c8d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9721b1b7c0599e0fd2c49c07c3c69ed0fd76b343 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 9 21:00:48 2009 +1000 s4:drs level_out is a pointer DsAddEntry now seems to work for simple tests commit 51baffab5fffa2b50f540ffd0053d957172dfcb0 Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 9 21:00:01 2009 +1000 s4:drs split addentry and getncchanges into separate files These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow --- Summary of changes: source4/rpc_server/config.mk|2 + source4/rpc_server/drsuapi/addentry.c | 81 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 292 +-- source4/rpc_server/drsuapi/dcesrv_drsuapi.h | 12 + source4/rpc_server/drsuapi/drsutil.c| 63 ++- source4/rpc_server/drsuapi/getncchanges.c | 215 source4/rpc_server/drsuapi/updaterefs.c |2 +- 7 files changed, 375 insertions(+), 292 deletions(-) create mode 100644 source4/rpc_server/drsuapi/addentry.c create mode 100644 source4/rpc_server/drsuapi/getncchanges.c Changeset truncated at 500 lines: diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk index d5aff84..f60f833 100644 --- a/source4/rpc_server/config.mk +++ b/source4/rpc_server/config.mk @@ -185,6 +185,8 @@ PRIVATE_DEPENDENCIES = \ dcerpc_drsuapi_OBJ_FILES = $(rpc_serversrcdir)/drsuapi/dcesrv_drsuapi.o \ $(rpc_serversrcdir)/drsuapi/updaterefs.o \ + $(rpc_serversrcdir)/drsuapi/getncchanges.o \ + $(rpc_serversrcdir)/drsuapi/addentry.o \ $(rpc_serversrcdir)/drsuapi/drsutil.o diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c new file mode 100644 index 000..8d94a29 --- /dev/null +++ b/source4/rpc_server/drsuapi/addentry.c @@ -0,0 +1,81 @@ +/* + Unix SMB/CIFS implementation. + + implement the DsAddEntry call + + Copyright (C) Stefan Metzmacher 2009 + Copyright (C) Andrew Tridgell 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include librpc/gen_ndr/ndr_drsuapi.h +#include rpc_server/dcerpc_server.h +#include rpc_server/common/common.h +#include dsdb/samdb/samdb.h +#include lib/ldb/include/ldb_errors.h +#include param/param.h +#include librpc/gen_ndr/ndr_drsblobs.h +#include auth/auth.h +#include rpc_server/drsuapi/dcesrv_drsuapi.h + +/* + drsuapi_DsAddEntry +*/ +WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, +struct drsuapi_DsAddEntry *r) +{ + WERROR status; + struct drsuapi_bind_state *b_state; + struct dcesrv_handle *h; + uint32_t num = 0; + struct drsuapi_DsReplicaObjectIdentifier2 *ids = NULL; + + if (DEBUGLVL(4)) { + NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsAddEntry, NDR_IN, r); + } + + /* TODO: check which out level the client supports */ + + ZERO_STRUCTP(r-out.ctr); + *r-out.level_out = 3; + r-out.ctr-ctr3.level = 1; + r-out.ctr-ctr3.error = talloc_zero(mem_ctx, union drsuapi_DsAddEntryError); + + DCESRV_PULL_HANDLE_WERR(h, r-in.bind_handle, DRSUAPI_BIND_HANDLE); + b_state = h-data; + + switch (r-in.level) { + case 2: + status = dsdb_origin_objects_commit(b_state-sam_ctx, + mem_ctx, + r-in.req-req2.first_object, + num, + ids); + if (!W_ERROR_IS_OK(status)) { + r-out.ctr-ctr3.error-info1.status = status; + W_ERROR_NOT_OK_RETURN(status); + } + + r-out.ctr-ctr3.count =
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-114-ge595ba2
The branch, master has been updated via e595ba2105bcf81004c7255f38604df52bed779a (commit) from 9721b1b7c0599e0fd2c49c07c3c69ed0fd76b343 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e595ba2105bcf81004c7255f38604df52bed779a Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 9 21:26:17 2009 +1000 s4/drs: broke out the core of the getncchanges code It is easier to understand without the heavy nesting --- Summary of changes: source4/rpc_server/drsuapi/getncchanges.c | 177 - 1 files changed, 96 insertions(+), 81 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 25221d4..0447141 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -34,37 +34,103 @@ /* drsuapi_DsGetNCChanges */ +static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItemEx *obj, + struct ldb_message *msg, + struct ldb_context *sam_ctx, + struct ldb_dn *ncRoot_dn, + struct dsdb_schema *schema) +{ + const struct ldb_val *md_value; + int i; + struct ldb_dn *obj_dn; + + if (ldb_dn_compare(ncRoot_dn, msg-dn) == 0) { + obj-is_nc_prefix = true; + obj-parent_object_guid = NULL; + } else { + obj-is_nc_prefix = false; + obj-parent_object_guid = talloc(obj, struct GUID); + *obj-parent_object_guid = samdb_result_guid(msg, parentGUID); + } + obj-next_object = NULL; + + obj-meta_data_ctr = talloc(obj, struct drsuapi_DsReplicaMetaDataCtr); + md_value = ldb_msg_find_ldb_val(msg, replPropertyMetaData); + if (md_value) { + struct replPropertyMetaDataBlob md; + enum ndr_err_code ndr_err; + ndr_err = ndr_pull_struct_blob(md_value, obj, + lp_iconv_convenience(ldb_get_opaque(sam_ctx, loadparm)), md, + (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return WERR_DS_DRA_INTERNAL_ERROR; + } + + if (md.version != 1) { + return WERR_DS_DRA_INTERNAL_ERROR; + } + + obj-meta_data_ctr-count = md.ctr.ctr1.count; + obj-meta_data_ctr-meta_data = talloc_array(obj, struct drsuapi_DsReplicaMetaData, md.ctr.ctr1.count); + for (i=0; imd.ctr.ctr1.count; i++) { + obj-meta_data_ctr-meta_data[i].originating_change_time = md.ctr.ctr1.array[i].originating_change_time; + obj-meta_data_ctr-meta_data[i].version = md.ctr.ctr1.array[i].version; + obj-meta_data_ctr-meta_data[i].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id; + obj-meta_data_ctr-meta_data[i].originating_usn = md.ctr.ctr1.array[i].originating_usn; + } + } else { + obj-meta_data_ctr-meta_data = talloc(obj, struct drsuapi_DsReplicaMetaData); + obj-meta_data_ctr-count = 0; + } + obj-object.identifier = talloc(obj, struct drsuapi_DsReplicaObjectIdentifier); + obj_dn = ldb_msg_find_attr_as_dn(sam_ctx, obj, msg, distinguishedName); + obj-object.identifier-dn = ldb_dn_get_linearized(obj_dn); + obj-object.identifier-guid = GUID_zero(); + ZERO_STRUCT(obj-object.identifier-sid); + + obj-object.attribute_ctr.num_attributes = msg-num_elements; + /* Exclude non-replicate attributes from the responce.*/ + for (i=0; imsg-num_elements; i++) { + const struct dsdb_attribute *sa; + sa = dsdb_attribute_by_lDAPDisplayName(schema, msg-elements[i].name); + if (sa sa-systemFlags SYSTEM_FLAG_CR_NTDS_NC) { + ldb_msg_remove_attr(msg, msg-elements[i].name); + obj-object.attribute_ctr.num_attributes--; + } + } + obj-object.attribute_ctr.attributes = talloc_array(obj, struct drsuapi_DsReplicaAttribute, + obj-object.attribute_ctr.num_attributes); + for (i=0; iobj-object.attribute_ctr.num_attributes; i++) { + dsdb_attribute_ldb_to_drsuapi(sam_ctx, schema,msg-elements[i], obj, + obj-object.attribute_ctr.attributes[i]); +
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1284-ga4f9583
The branch, v3-4-test has been updated via a4f9583ce364fad963cc154f0229cb57ec0043d2 (commit) from abc676bcd5eec40946c2e851345a6e973bf2cbea (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit a4f9583ce364fad963cc154f0229cb57ec0043d2 Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 12:24:08 2009 +0200 s3:libsmb: Correctly chew keepalive packets Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner g...@samba.org Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). --- Summary of changes: source3/libsmb/async_smb.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 066ac7b..07d832e 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -923,6 +923,12 @@ static void handle_incoming_pdu(struct cli_state *cli) } } + if ((raw_pdu_len == 4) (CVAL(pdu, 0) == SMBkeepalive)) { + DEBUG(10, (Got keepalive\n)); + TALLOC_FREE(pdu); + return; + } + status = validate_smb_crypto(cli, pdu); if (!NT_STATUS_IS_OK(status)) { goto invalidate_requests; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-stable updated - release-3-4-0-100-g2e90008
The branch, v3-4-stable has been updated via 2e900086e86da37ff49978537ef67d5b9fad9a2e (commit) from 74ec7766bf036b0acbf80e8030dec8427ee6a71d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit 2e900086e86da37ff49978537ef67d5b9fad9a2e Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 12:24:08 2009 +0200 s3:libsmb: Correctly chew keepalive packets Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner g...@samba.org Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). (cherry picked from commit a4f9583ce364fad963cc154f0229cb57ec0043d2) --- Summary of changes: source3/libsmb/async_smb.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 066ac7b..07d832e 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -923,6 +923,12 @@ static void handle_incoming_pdu(struct cli_state *cli) } } + if ((raw_pdu_len == 4) (CVAL(pdu, 0) == SMBkeepalive)) { + DEBUG(10, (Got keepalive\n)); + TALLOC_FREE(pdu); + return; + } + status = validate_smb_crypto(cli, pdu); if (!NT_STATUS_IS_OK(status)) { goto invalidate_requests; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5351-g28674fc
The branch, v3-3-test has been updated via 28674fcda7aaf839fdf5704e4133a0bd3a3f93a2 (commit) from cd920dcff320a097bcc46a9468a78cedca6fb2be (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 28674fcda7aaf839fdf5704e4133a0bd3a3f93a2 Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 12:24:08 2009 +0200 s3:libsmb: Correctly chew keepalive packets Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner g...@samba.org Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). --- Summary of changes: source/libsmb/async_smb.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/async_smb.c b/source/libsmb/async_smb.c index a1896e1..3418788 100644 --- a/source/libsmb/async_smb.c +++ b/source/libsmb/async_smb.c @@ -238,6 +238,12 @@ static void handle_incoming_pdu(struct cli_state *cli) } + if ((raw_pdu_len == 4) (CVAL(pdu, 0) == SMBkeepalive)) { + DEBUG(10, (Got keepalive\n)); + TALLOC_FREE(pdu); + return; + } + /* * TODO: Handle oplock break requests */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1285-ga871168
The branch, v3-4-test has been updated via a87116873bdbb4301f35b1d3f6bc8596f96be975 (commit) from a4f9583ce364fad963cc154f0229cb57ec0043d2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log - commit a87116873bdbb4301f35b1d3f6bc8596f96be975 Author: Karolin Seeger ksee...@samba.org Date: Wed Sep 9 14:24:08 2009 +0200 WHATSNEW: Update changes. Karolin --- Summary of changes: WHATSNEW.txt |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cd75945..c066e4b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -13,7 +13,7 @@ Major enhancements in Samba 3.4.1 include: o Nautilus fails to copy files from an SMB share (bug #6649). o Fix connections of Win98 clients (bug #6551). o Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). - + o Fix Winbind authentication issue (bug #6646). ## @@ -72,6 +72,7 @@ o Volker Lendecke v...@samba.org * BUG 5886: Fix password change propagation with ldapsam. * BUG 6585: Fix unqualified net join. * BUG 6611: Fix a valgrind error in chain_reply. +* BUG 6646: Fix Winbind authentication issue. * Fix linking on Solaris. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-4-stable updated - release-3-4-0-101-gd7b0695
The branch, v3-4-stable has been updated via d7b06955393e92255f807db0ef4786e9037d31ec (commit) from 2e900086e86da37ff49978537ef67d5b9fad9a2e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable - Log - commit d7b06955393e92255f807db0ef4786e9037d31ec Author: Karolin Seeger ksee...@samba.org Date: Wed Sep 9 14:24:08 2009 +0200 WHATSNEW: Update changes. Karolin (cherry picked from commit a87116873bdbb4301f35b1d3f6bc8596f96be975) --- Summary of changes: WHATSNEW.txt |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cd75945..c066e4b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -13,7 +13,7 @@ Major enhancements in Samba 3.4.1 include: o Nautilus fails to copy files from an SMB share (bug #6649). o Fix connections of Win98 clients (bug #6551). o Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). - + o Fix Winbind authentication issue (bug #6646). ## @@ -72,6 +72,7 @@ o Volker Lendecke v...@samba.org * BUG 5886: Fix password change propagation with ldapsam. * BUG 6585: Fix unqualified net join. * BUG 6611: Fix a valgrind error in chain_reply. +* BUG 6646: Fix Winbind authentication issue. * Fix linking on Solaris. -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag release-3-4-1 created - release-3-4-1
The annotated tag, release-3-4-1 has been created at da16a1f7e8b54dc057bb74c47d430490612a918e (tag) tagging d7b06955393e92255f807db0ef4786e9037d31ec (commit) replaces release-3-4-0 tagged by Karolin Seeger on Wed Sep 9 14:42:31 2009 +0200 - Log - tag release-3-4-1 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBKp6K9bzORW2Vot+oRAhXAAJ45hC/LBhbM8OOVptvqP9Y4D7hOuACfdfOx vJd2eh45qo3WECL4RFXOPT4= =lbrB -END PGP SIGNATURE- Andrew Tridgell (1): fixed a logic bug in the tevent nesting code Björn Jacke (1): s3: make linking of rpcclient --as-needed safe Bo Yang (4): s3: To correctly handle upn s3: check in .po files for pam_winbind. s3: Unable to browse DFS when using kerberos in libsmbclient s3: Fix crsh in net usershare list Eric Sandall (1): For tevent to install tevent_util.h Günther Deschner (8): s3-spoolss: Fix Bug #6568: _spoolss_GetPrintProcessorDirectory() implementation. s3-spoolss: fix crash bug in spoolss_addprinterex_level_2. s3-ldap: Fix Bug #5879. Update LDAP schema for Netscape DS 5. wbclient: Fix Bug #6680: always activate handling of large ( 256 byte) ntlmv2 blobs in wbcAuthenticateUserEx(). s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user. s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs. s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal. tevent: avoid using reserved c++ word. Jelmer Vernooij (6): Fix build with external talloc. tevent: Don't install headers, since we don't install a shared lib either (from Samba). (cherry picked from commit 06864b4469f5f3d77637f8e6c97ec0558289cd29) Update copies of config.guess and config.sub. (cherry picked from commit 6230eb94af2305f479db3b76479a0dc841c3d1d5) tevent: Install tevent_internal.h in the standalone build. tevent: Define TALLOC_FREE() if it's not defined yet, to allow building with released versions of talloc. (cherry picked from commit 72b744f38ebb9f9576c05c7bb0a00de26697ec8f) tevent/python: Makefile was still trying to build some non AC_SUBST python targets Jeremy Allison (15): s3/util_sock: Make open_udp_socket() IPv6 clean. Fix bug #6551 - win98 clients cannot connect after server upgrade to samba-3.4.0. The values of vuid and tid were not being correctly updated in the struct smb_request when passed to chain_reply inside sessionsetupX and tconX. Jeremy. Fix bug #6564 - SetPrinter fails (panics) as non root. Missing become_root()/unbecome_root() around reload_services. Jeremy. Fix bug #6506 - SMBD server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. s3/cldap: Improve debug messages. Correctly implement SMB_INFO_STANDARD setfileinfo. Fix bug 6638 - ADS Domain Member: Computer Mgr can not set share ACLs Add good error message for share modification denial. Jeremy. Fix Red Hat bugzilla bug : https://bugzilla.redhat.com/show_bug.cgi?id=516165 When tallocing a memory block for the state in a tevent_req struct, ensure it's zeroed out. Vl Metze please check. Jeremy. (cherry picked from commit 7be1d727a31b34debbcf8faa1e0bea92d145) Change to talloc_zero_size instead of extra memset. Jeremy. (cherry picked from commit 5927ca7067a0ead65c00042a62545b0d940f2b2a) Fix for bug 6651 - smbd SIGSEGV when breaking oplocks. Based on a patch submitted by Petr Vandrovec p...@vandrovec.name. Multiple pending signals with siginfo_t's weren't being handled correctly leading to smbd abort with kernel oplock signals. Jeremy (cherry picked from commit ba52f18bfecfd7b0ba22c4ad9e9b5bfd18f34c93) Another part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer wrap to work correctly at the 32 bit boundary. Thanks to Petr Vandrovec p...@vandrovec.name for this. (cherry picked from commit c97698e762b1ea8d7133f04ae85676a6f135) Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks. Should help track if we get invoked with an invalid fd from the signal handler. Jeremy. (cherry picked from commit 213546103749c30dbb3ad8472872b9a8fad34205) Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal
svn commit: samba-web r1321 - in trunk: . devel history
Author: kseeger Date: 2009-09-09 07:13:52 -0600 (Wed, 09 Sep 2009) New Revision: 1321 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1321 Log: Announce Samba 3.4.1 Karolin Added: trunk/history/samba-3.4.1.html Modified: trunk/devel/index.html trunk/header_columns.html trunk/history/header_history.html trunk/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2009-08-29 01:28:46 UTC (rev 1320) +++ trunk/devel/index.html 2009-09-09 13:13:52 UTC (rev 1321) @@ -20,8 +20,8 @@ 3.0.x and 2.2.x versions of Samba, which are no longer in active development. /p -pThe latest production release is emSamba 3.4.0/em (a -href=/samba/history/samba-3.4.0.htmlrelease notes/a and a +pThe latest production release is emSamba 3.4.1/em (a +href=/samba/history/samba-3.4.1.htmlrelease notes/a and a href=/samba/download/download/a)./p pWith the release of Samba 3.4.0, the 3.3 series has been turned into Modified: trunk/header_columns.html === --- trunk/header_columns.html 2009-08-29 01:28:46 UTC (rev 1320) +++ trunk/header_columns.html 2009-09-09 13:13:52 UTC (rev 1321) @@ -130,9 +130,9 @@ div class=releases h4Current Stable Release/h4 ul -lia href=/samba/ftp/stable/samba-3.4.0.tar.gzSamba 3.4.0 (gzipped)/a/li -lia href=/samba/history/samba-3.4.0.htmlRelease Notes/a/li -lia href=/samba/ftp/stable/samba-3.4.0.tar.ascSignature/a/li +lia href=/samba/ftp/stable/samba-3.4.1.tar.gzSamba 3.4.1 (gzipped)/a/li +lia href=/samba/history/samba-3.4.1.htmlRelease Notes/a/li +lia href=/samba/ftp/stable/samba-3.4.1.tar.ascSignature/a/li /ul h4Historical/h4 Modified: trunk/history/header_history.html === --- trunk/history/header_history.html 2009-08-29 01:28:46 UTC (rev 1320) +++ trunk/history/header_history.html 2009-09-09 13:13:52 UTC (rev 1321) @@ -77,6 +77,7 @@ div class=notes h6Release Notes/h6 ul +lia href=samba-3.4.1.htmlsamba-3.4.1/a/li lia href=samba-3.4.0.htmlsamba-3.4.0/a/li lia href=samba-3.3.7.htmlsamba-3.3.7/a/li lia href=samba-3.3.6.htmlsamba-3.3.6/a/li Added: trunk/history/samba-3.4.1.html === --- trunk/history/samba-3.4.1.html (rev 0) +++ trunk/history/samba-3.4.1.html 2009-09-09 13:13:52 UTC (rev 1321) @@ -0,0 +1,133 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 3.4.1 Available for Download/H2 + +p +pre + = + Release Notes for Samba 3.4.1 +September 9, 2009 + = + + +This is the latest stable release of Samba 3.4. + + +Major enhancements in Samba 3.4.1 include: + + o Fix authentication on member servers without Winbind (bug #6650). + o Nautilus fails to copy files from an SMB share (bug #6649). + o Fix connections of Win98 clients (bug #6551). + o Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). + o Fix Winbind authentication issue (bug #6646). + + +## +Changes +### + +Changes since 3.4.0 +--- + + +o Michael Adam lt;ob...@samba.orggt; +* BUG 6650: Fix authentication on member servers without Winbind. + + +o Jeremy Allison lt;j...@samba.orggt; +* BUG 6437: Make open_udp_socket() IPv6 clean. +* BUG 6506: Smbd server doesn't set EAs when a file is overwritten in + NT_TRANSACT_CREATE. +* BUG 6551: Fix connections of Win98 clients. +* BUG 6564: SetPrinter fails (panics) as non root. +* BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. +* BUG 6649: Nautilus fails to copy files from an SMB share. +* BUG 6651: Fix smbd SIGSEGV when breaking oplocks. +* BUG 6673: Fix 'smbpasswd' with unix password sync = yes. + + +o Yannick Bergeron lt;burgerg...@hotmail.comgt; +* Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to + allow AIX to call sys_getgrouplist only once. + + +o Guuml;nther Deschner lt;g...@samba.orggt; +* BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. +* BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. +* BUG 6680: Fix authentication failure from Windows 7 when domain joined. +* BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs. + + +o Olaf Flebbe lt;fle...@nix.science-computing.degt; +* BUG 6655: Fix 'smbcontrol smbd ping'. + + +o Bjouml;rn Jacke
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-115-ga84a823
The branch, master has been updated via a84a82335c8a76885f1637be391dff0b1c25734e (commit) from e595ba2105bcf81004c7255f38604df52bed779a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a84a82335c8a76885f1637be391dff0b1c25734e Author: Andrew Tridgell tri...@samba.org Date: Wed Sep 9 23:38:51 2009 +1000 s4:drs match the meta_data and attributes array These two arrays need to be in sync, as they are walked in sync by the client --- Summary of changes: source4/rpc_server/drsuapi/getncchanges.c | 62 +--- 1 files changed, 46 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 0447141..1455b6b 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -43,6 +43,7 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem const struct ldb_val *md_value; int i; struct ldb_dn *obj_dn; + struct replPropertyMetaDataBlob md; if (ldb_dn_compare(ncRoot_dn, msg-dn) == 0) { obj-is_nc_prefix = true; @@ -57,7 +58,6 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem obj-meta_data_ctr = talloc(obj, struct drsuapi_DsReplicaMetaDataCtr); md_value = ldb_msg_find_ldb_val(msg, replPropertyMetaData); if (md_value) { - struct replPropertyMetaDataBlob md; enum ndr_err_code ndr_err; ndr_err = ndr_pull_struct_blob(md_value, obj, lp_iconv_convenience(ldb_get_opaque(sam_ctx, loadparm)), md, @@ -81,28 +81,57 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem } else { obj-meta_data_ctr-meta_data = talloc(obj, struct drsuapi_DsReplicaMetaData); obj-meta_data_ctr-count = 0; + ZERO_STRUCT(md); } obj-object.identifier = talloc(obj, struct drsuapi_DsReplicaObjectIdentifier); obj_dn = ldb_msg_find_attr_as_dn(sam_ctx, obj, msg, distinguishedName); obj-object.identifier-dn = ldb_dn_get_linearized(obj_dn); obj-object.identifier-guid = GUID_zero(); ZERO_STRUCT(obj-object.identifier-sid); - - obj-object.attribute_ctr.num_attributes = msg-num_elements; - /* Exclude non-replicate attributes from the responce.*/ - for (i=0; imsg-num_elements; i++) { + + obj-object.attribute_ctr.num_attributes = obj-meta_data_ctr-count; + obj-object.attribute_ctr.attributes = talloc_array(obj, struct drsuapi_DsReplicaAttribute, + obj-object.attribute_ctr.num_attributes); + + /* +* Note that the meta_data array and the attributes array must +* be the same size and in the same order +*/ + for (i=0; iobj-object.attribute_ctr.num_attributes; i++) { const struct dsdb_attribute *sa; - sa = dsdb_attribute_by_lDAPDisplayName(schema, msg-elements[i].name); - if (sa sa-systemFlags SYSTEM_FLAG_CR_NTDS_NC) { - ldb_msg_remove_attr(msg, msg-elements[i].name); + struct ldb_message_element *el; + WERROR werr; + + sa = dsdb_attribute_by_attributeID_id(schema, md.ctr.ctr1.array[i].attid); + if (!sa) { + DEBUG(0,(Unable to find attributeID %u in schema\n, md.ctr.ctr1.array[i].attid)); + return WERR_DS_DRA_INTERNAL_ERROR; + } + + el = ldb_msg_find_element(msg, sa-lDAPDisplayName); + if (el == NULL) { + DEBUG(0,(No element '%s' for attributeID %u in message\n, +sa-lDAPDisplayName, md.ctr.ctr1.array[i].attid)); + /* we really should find it, but let's try to +* cope for now by going to the next one +*/ + memmove(obj-meta_data_ctr-meta_data[i], obj-meta_data_ctr-meta_data[i+1], + sizeof(obj-meta_data_ctr-meta_data[i])*(obj-object.attribute_ctr.num_attributes-(i+1))); + memmove(md.ctr.ctr1.array[i], md.ctr.ctr1.array[i+1], + sizeof(md.ctr.ctr1.array[i])*(obj-object.attribute_ctr.num_attributes-(i+1))); obj-object.attribute_ctr.num_attributes--; + i--; + obj-meta_data_ctr-count--; + continue; + } + + werr = dsdb_attribute_ldb_to_drsuapi(sam_ctx,
svn commit: samba-web r1322 - branches/samba-web-2.0 trunk
Author: kseeger Date: 2009-09-09 08:17:31 -0600 (Wed, 09 Sep 2009) New Revision: 1322 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1322 Log: Fix typo Karolin Modified: branches/samba-web-2.0/archives.html trunk/archives.html Changeset: Modified: branches/samba-web-2.0/archives.html === --- branches/samba-web-2.0/archives.html2009-09-09 13:13:52 UTC (rev 1321) +++ branches/samba-web-2.0/archives.html2009-09-09 14:17:31 UTC (rev 1322) @@ -71,7 +71,7 @@ br / h3Search the Lists/h3 -blockquotebInportant:/b Currently the Samba mailing list archives hosted here on samba.org do not support searching./blockquote +blockquotebImportant:/b Currently the Samba mailing list archives hosted here on samba.org do not support searching./blockquote blockquoteHowever, you can access a searchable copy of the archives at a href=http://marc.theaimsgroup.com/;http://marc.theaimsgroup.com//a, a href=http://groups.google.com/;groups.google.com/a, and a href=http://mail-archive.com/;mail-archive.com/a./blockquote Modified: trunk/archives.html === --- trunk/archives.html 2009-09-09 13:13:52 UTC (rev 1321) +++ trunk/archives.html 2009-09-09 14:17:31 UTC (rev 1322) @@ -71,7 +71,7 @@ br / h3Search the Lists/h3 -blockquotebInportant:/b Currently the Samba mailing list archives hosted here on samba.org do not support searching./blockquote +blockquotebImportant:/b Currently the Samba mailing list archives hosted here on samba.org do not support searching./blockquote blockquoteHowever, you can access a searchable copy of the archives at a href=http://marc.info/;http://marc.info//a, a href=http://groups.google.com/;groups.google.com/a, and a href=http://mail-archive.com/;mail-archive.com/a./blockquote
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-117-gb65d6cf
The branch, master has been updated via b65d6cf0135785aa10857c107c3a094ce170bbf7 (commit) via 557cc460f24e00dc6ede087772a5800e39e4ea63 (commit) from a84a82335c8a76885f1637be391dff0b1c25734e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b65d6cf0135785aa10857c107c3a094ce170bbf7 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 01:27:12 2009 +1000 s4/drs: when we don't find an attribute use zero values thanks to metze for pointing this out commit 557cc460f24e00dc6ede087772a5800e39e4ea63 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 01:26:34 2009 +1000 s4/vampire: fixed i/j index mixup in vampire code --- Summary of changes: source4/libnet/libnet_vampire.c |6 +++--- source4/rpc_server/drsuapi/getncchanges.c | 29 ++--- 2 files changed, 13 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index ec1545e..5e516af 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -234,9 +234,9 @@ static NTSTATUS vampire_apply_schema(struct vampire_state *s, for (j=0; j a-value_ctr.num_values; j++) { uint32_t val = 0x; - if (a-value_ctr.values[i].blob - a-value_ctr.values[i].blob-length == 4) { - val = IVAL(a-value_ctr.values[i].blob-data,0); + if (a-value_ctr.values[j].blob + a-value_ctr.values[j].blob-length == 4) { + val = IVAL(a-value_ctr.values[j].blob-data,0); } if (val == DRSUAPI_OBJECTCLASS_attributeSchema) { diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 1455b6b..6e65e31 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -112,25 +112,16 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem if (el == NULL) { DEBUG(0,(No element '%s' for attributeID %u in message\n, sa-lDAPDisplayName, md.ctr.ctr1.array[i].attid)); - /* we really should find it, but let's try to -* cope for now by going to the next one -*/ - memmove(obj-meta_data_ctr-meta_data[i], obj-meta_data_ctr-meta_data[i+1], - sizeof(obj-meta_data_ctr-meta_data[i])*(obj-object.attribute_ctr.num_attributes-(i+1))); - memmove(md.ctr.ctr1.array[i], md.ctr.ctr1.array[i+1], - sizeof(md.ctr.ctr1.array[i])*(obj-object.attribute_ctr.num_attributes-(i+1))); - obj-object.attribute_ctr.num_attributes--; - i--; - obj-meta_data_ctr-count--; - continue; - } - - werr = dsdb_attribute_ldb_to_drsuapi(sam_ctx, schema, el, obj, - obj-object.attribute_ctr.attributes[i]); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,(Unable to convert %s to DRS object - %s\n, -sa-lDAPDisplayName, win_errstr(werr))); - return werr; + ZERO_STRUCT(obj-object.attribute_ctr.attributes[i]); + obj-object.attribute_ctr.attributes[i].attid = md.ctr.ctr1.array[i].attid; + } else { + werr = dsdb_attribute_ldb_to_drsuapi(sam_ctx, schema, el, obj, + obj-object.attribute_ctr.attributes[i]); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(0,(Unable to convert %s to DRS object - %s\n, +sa-lDAPDisplayName, win_errstr(werr))); + return werr; + } } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-118-gadca9f6
The branch, master has been updated via adca9f681cda79511c6974b47005316dc3889ebb (commit) from b65d6cf0135785aa10857c107c3a094ce170bbf7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit adca9f681cda79511c6974b47005316dc3889ebb Author: Björn Jacke b...@sernet.de Date: Wed Sep 9 19:13:32 2009 +0200 s3:examples:ldap: fix some OIDs in various schema files --- Summary of changes: examples/LDAP/samba-nds.schema |8 examples/LDAP/samba-schema-netscapeds4.x |6 +++--- examples/LDAP/samba-schema-netscapeds5.x |6 +++--- examples/LDAP/samba.schema.oc.IBM-DS |6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 8e8c5bc..901ac9b 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -328,22 +328,22 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain In dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' DESC 'Samba Configuration Section' SUP top AUXILIARY MAY ( description )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba Configuration Section' SUP top AUXILIARY MAY ( description )) dn: cn=schema changetype: modify diff --git a/examples/LDAP/samba-schema-netscapeds4.x b/examples/LDAP/samba-schema-netscapeds4.x index 9f40966..082471b 100644 --- a/examples/LDAP/samba-schema-netscapeds4.x +++ b/examples/LDAP/samba-schema-netscapeds4.x @@ -85,7 +85,7 @@ objectclass sambaDomain objectclass sambaUnixIdPool oid - 1.3.6.1.4.1.7165.1.2.2.7 + 1.3.6.1.4.1.7165.2.2.7 superior top requires @@ -94,7 +94,7 @@ objectclass sambaUnixIdPool objectclass sambaIdmapEntry oid - 1.3.6.1.4.1.7165.1.2.2.8 + 1.3.6.1.4.1.7165.2.2.8 superior top requires @@ -105,7 +105,7 @@ objectclass sambaIdmapEntry objectclass sambaSidEntry oid - 1.3.6.1.4.1.7165.1.2.2.9 + 1.3.6.1.4.1.7165.2.2.9 superior top requires diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x index 661521c..8125adc 100644 --- a/examples/LDAP/samba-schema-netscapeds5.x +++ b/examples/LDAP/samba-schema-netscapeds5.x @@ -32,9 +32,9 @@ aci: (targetattr = *)(version 3.0; acl SIE Group; allow (all)groupdn = ld objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-120-g4d7685c
The branch, master has been updated via 4d7685c1d493897096d5adae74c71f99398faeff (commit) via c091d4b08c23ba8c839e095d9ad3dbdbab5050f3 (commit) from adca9f681cda79511c6974b47005316dc3889ebb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4d7685c1d493897096d5adae74c71f99398faeff Author: Aravind Srinivasan asriniva...@isilon.com Date: Tue Sep 8 13:19:44 2009 -0700 s4/torture: add new SMB oplock tests * test if oplocks are granted when requesting delete-on-close * test how oplocks are broken by byte-range-lock requests commit c091d4b08c23ba8c839e095d9ad3dbdbab5050f3 Author: Aravind Srinivasan asriniva...@isilon.com Date: Tue Sep 8 13:12:26 2009 -0700 s4/torture: convert printf to torture_comment() Allows make test and other harnesses to print cleaner output. --- Summary of changes: source4/torture/raw/oplock.c | 414 +- 1 files changed, 406 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c index 3493a55..d512cb3 100644 --- a/source4/torture/raw/oplock.c +++ b/source4/torture/raw/oplock.c @@ -19,9 +19,12 @@ #include includes.h #include torture/torture.h +#include torture/smbtorture.h #include librpc/gen_ndr/security.h +#include librpc/gen_ndr/ndr_security.h #include libcli/raw/libcliraw.h #include libcli/raw/raw_proto.h +#include libcli/security/security.h #include libcli/libcli.h #include torture/util.h #include lib/events/events.h @@ -193,7 +196,8 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx, lp_iconv_convenience(tctx-lp_ctx), lp_gensec_settings(tctx, tctx-lp_ctx)); if (!NT_STATUS_IS_OK(status)) { - printf(Failed to open connection - %s\n, nt_errstr(status)); + torture_comment(tctx, Failed to open connection - %s\n, + nt_errstr(status)); return false; } @@ -594,7 +598,8 @@ static bool test_raw_oplock_exclusive6(struct torture_context *tctx, struct smbc io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname1; - torture_comment(tctx, EXCLUSIVE6: open a file with an exclusive oplock (share mode: none)\n); + torture_comment(tctx, EXCLUSIVE6: open a file with an exclusive + oplock (share mode: none)\n); ZERO_STRUCT(break_info); io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED | NTCREATEX_FLAGS_REQUEST_OPLOCK; @@ -603,14 +608,15 @@ static bool test_raw_oplock_exclusive6(struct torture_context *tctx, struct smbc fnum = io.ntcreatex.out.file.fnum; CHECK_VAL(io.ntcreatex.out.oplock_level, EXCLUSIVE_OPLOCK_RETURN); - torture_comment(tctx, rename should not generate a break but get a sharing violation\n); + torture_comment(tctx, rename should not generate a break but get a + sharing violation\n); ZERO_STRUCT(rn); rn.generic.level = RAW_RENAME_RENAME; rn.rename.in.pattern1 = fname1; rn.rename.in.pattern2 = fname2; rn.rename.in.attrib = 0; - printf(trying rename while first file open\n); + torture_comment(tctx, trying rename while first file open\n); status = smb_raw_rename(cli2-tree, rn); CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION); @@ -1922,7 +1928,7 @@ static bool test_raw_oplock_batch17(struct torture_context *tctx, struct smbcli_ rn.rename.in.pattern2 = fname2; rn.rename.in.attrib = 0; - printf(trying rename while first file open\n); + torture_comment(tctx, trying rename while first file open\n); status = smb_raw_rename(cli2-tree, rn); CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION); @@ -1993,7 +1999,7 @@ static bool test_raw_oplock_batch18(struct torture_context *tctx, struct smbcli_ rn.ntrename.in.flags= RENAME_FLAG_RENAME; rn.ntrename.in.old_name = fname1; rn.ntrename.in.new_name = fname2; - printf(trying rename while first file open\n); + torture_comment(tctx, trying rename while first file open\n); status = smb_raw_rename(cli2-tree, rn); CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION); @@ -3030,7 +3036,395 @@ static bool test_raw_oplock_stream1(struct torture_context *tctx, return ret; } -/* +static bool test_raw_oplock_doc(struct torture_context *tctx, + struct smbcli_state *cli) +{ + const char *fname = BASEDIR \\test_oplock_doc.dat; + NTSTATUS status; + bool ret = true; + union smb_open io; + uint16_t fnum=0; + + if
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-121-g7748d30
The branch, master has been updated via 7748d3098aa1d72aa62bfcca21148d9d5c9a4d25 (commit) from 4d7685c1d493897096d5adae74c71f99398faeff (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7748d3098aa1d72aa62bfcca21148d9d5c9a4d25 Author: Björn Jacke b...@sernet.de Date: Wed Sep 9 20:07:19 2009 +0200 s3:examples:ldap: allow substing search on more attributes in nds schema file --- Summary of changes: examples/LDAP/samba-nds.schema |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 901ac9b..2fc220f 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -35,7 +35,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) ## ## Password timestamps policies @@ -137,7 +137,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Conc dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) ## ## Primary group SID, compatible with ntSid -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-122-ga5cace1
The branch, master has been updated via a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6 (commit) from 7748d3098aa1d72aa62bfcca21148d9d5c9a4d25 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6 Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 21:58:47 2009 +0200 s3:smbd: Add a hidden parameter share:fake_fscaps This is needed to support some special app I've just come across where I had to set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There might be others to fake. This is definitely a Don't touch if you don't know what you're doing thing, so I decided to make this an undocumented parametric parameter. I know this sucks, so feel free to beat me up on this. But I don't think it will hurt. --- Summary of changes: source3/smbd/trans2.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index da23697..73873e0 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2982,6 +2982,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)st.st_ex_dev, (u /* Capabilities are filled in at connection time through STATVFS call */ additional_flags |= conn-fs_capabilities; + additional_flags |= lp_parm_int(conn-params-service, + share, fake_fscaps, + 0); SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH| FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK| -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-123-gf20c2e0
The branch, master has been updated via f20c2e0fd4e5bcf188b8fd6024ab146d707e933e (commit) from a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f20c2e0fd4e5bcf188b8fd6024ab146d707e933e Author: Jeremy Allison j...@samba.org Date: Wed Sep 9 13:54:47 2009 -0700 Fix compile in a usually non-selected define. Jeremy. --- Summary of changes: source3/modules/vfs_default.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index e78ddf2..408721a 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -139,7 +139,7 @@ static uint32_t vfswrap_fs_capabilities(struct vfs_handle_struct *handle, *p_ts_res = TIMESTAMP_SET_MSEC; #elif defined(HAVE_UTIME) /* utime only allows sec timestamps to be set. */ - *p_ts_res = TIMESTAMP_SET_SEC; + *p_ts_res = TIMESTAMP_SET_SECONDS; #endif /* TODO. Add a configure test for the Linux -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-124-ga224392
The branch, master has been updated via a224392649ffb81dc1d67f41a01dd983b76d513b (commit) from f20c2e0fd4e5bcf188b8fd6024ab146d707e933e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a224392649ffb81dc1d67f41a01dd983b76d513b Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 23:08:28 2009 +0200 s3:docs: Add info about how to obtain cifs module in cifs mount helper manpage --- Summary of changes: docs-xml/manpages-3/mount.cifs.8.xml |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/mount.cifs.8.xml b/docs-xml/manpages-3/mount.cifs.8.xml index 6810653..d00c19b 100644 --- a/docs-xml/manpages-3/mount.cifs.8.xml +++ b/docs-xml/manpages-3/mount.cifs.8.xml @@ -62,6 +62,14 @@ kernel log. the mounted resource is unmounted (usually via the umount utility). /para + para + emphasismount.cifs -V/emphasis command displays the version of cifs mount helper. + /para + para + + emphasismodinfo cifs/emphasis command displays the version of cifs module. + /para + /refsect1 refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated - release-4-0-0alpha8-1400-g40e76eb
The branch, v3-5-test has been updated via 40e76ebad2611516071f97a1c9f8e5bb2acf685f (commit) via c8b6d81aa82d4bd4a23332d9796617e78c20ec7f (commit) from 8d999676f7f5adf4e8a0b3ae1c2f52a68aa1a65c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 40e76ebad2611516071f97a1c9f8e5bb2acf685f Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 21:58:47 2009 +0200 s3:smbd: Add a hidden parameter share:fake_fscaps This is needed to support some special app I've just come across where I had to set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There might be others to fake. This is definitely a Don't touch if you don't know what you're doing thing, so I decided to make this an undocumented parametric parameter. I know this sucks, so feel free to beat me up on this. But I don't think it will hurt. commit c8b6d81aa82d4bd4a23332d9796617e78c20ec7f Author: Jeremy Allison j...@samba.org Date: Wed Sep 9 13:54:47 2009 -0700 Fix compile in a usually non-selected define. Jeremy. --- Summary of changes: source3/modules/vfs_default.c |2 +- source3/smbd/trans2.c |3 +++ 2 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index e78ddf2..408721a 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -139,7 +139,7 @@ static uint32_t vfswrap_fs_capabilities(struct vfs_handle_struct *handle, *p_ts_res = TIMESTAMP_SET_MSEC; #elif defined(HAVE_UTIME) /* utime only allows sec timestamps to be set. */ - *p_ts_res = TIMESTAMP_SET_SEC; + *p_ts_res = TIMESTAMP_SET_SECONDS; #endif /* TODO. Add a configure test for the Linux diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index da23697..73873e0 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2982,6 +2982,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n, (unsigned int)st.st_ex_dev, (u /* Capabilities are filled in at connection time through STATVFS call */ additional_flags |= conn-fs_capabilities; + additional_flags |= lp_parm_int(conn-params-service, + share, fake_fscaps, + 0); SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH| FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK| -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated - release-4-0-0alpha8-1401-gb20f27f
The branch, v3-5-test has been updated via b20f27ff40985a1fea2973e5a3532d58e65ca65b (commit) from 40e76ebad2611516071f97a1c9f8e5bb2acf685f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit b20f27ff40985a1fea2973e5a3532d58e65ca65b Author: Volker Lendecke v...@samba.org Date: Wed Sep 9 23:08:28 2009 +0200 s3:docs: Add info about how to obtain cifs module in cifs mount helper manpage --- Summary of changes: docs-xml/manpages-3/mount.cifs.8.xml |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/mount.cifs.8.xml b/docs-xml/manpages-3/mount.cifs.8.xml index 9383f3f..4f775e8 100644 --- a/docs-xml/manpages-3/mount.cifs.8.xml +++ b/docs-xml/manpages-3/mount.cifs.8.xml @@ -62,6 +62,14 @@ kernel log. the mounted resource is unmounted (usually via the umount utility). /para + para + emphasismount.cifs -V/emphasis command displays the version of cifs mount helper. + /para + para + + emphasismodinfo cifs/emphasis command displays the version of cifs module. + /para + /refsect1 refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-125-gb1dabb1
The branch, master has been updated via b1dabb11333a715b0e23e91eecaf29933ea383a7 (commit) from a224392649ffb81dc1d67f41a01dd983b76d513b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b1dabb11333a715b0e23e91eecaf29933ea383a7 Author: Endi Sukma Dewata edew...@redhat.com Date: Wed Sep 9 12:45:24 2009 -0400 s4: Use SASL authentication against Fedora DS. 1. During instance creation the provisioning script will import the SASL mapping for samba-admin. It's done here due to missing config schema preventing adding the mapping via ldapi. 2. After that it will use ldif2db to import the cn=samba-admin user as the target of SASL mapping. 3. Then it will start FDS and continue to do provisioning using the Directory Manager with simple bind. 4. The SASL credentials will be stored in secrets.ldb, so when Samba server runs later it will use the SASL credentials. 5. After the provisioning is done (just before stopping the slapd) it will use the DM over direct ldapi to delete the default SASL mappings included automatically by FDS, leaving just the new samba-admin mapping. 6. Also before stopping slapd it will use the DM over direct ldapi to set the ACL on the root entries of the user, configuration, and schema partitions. The ACL will give samba-admin the full access to these partitions. Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source4/scripting/python/samba/provision.py | 73 +-- source4/setup/fedorads-partitions.ldif | 15 ++ source4/setup/fedorads-samba.ldif | 10 source4/setup/fedorads-sasl.ldif|9 +++ source4/setup/fedorads.inf |1 + source4/setup/schema_samba4.ldif| 18 --- 6 files changed, 103 insertions(+), 23 deletions(-) create mode 100644 source4/setup/fedorads-samba.ldif create mode 100644 source4/setup/fedorads-sasl.ldif Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 778271f..e12d639 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -37,6 +37,7 @@ import param import registry import samba import subprocess +import ldb import shutil from credentials import Credentials, DONT_USE_KERBEROS @@ -106,6 +107,7 @@ class ProvisionPaths(object): self.memberofconf = None self.fedoradsinf = None self.fedoradspartitions = None +self.fedoradssasl = None self.olmmron = None self.olmmrserveridsconf = None self.olmmrsyncreplconf = None @@ -120,6 +122,7 @@ class ProvisionNames(object): self.domaindn = None self.configdn = None self.schemadn = None +self.sambadn = None self.ldapmanagerdn = None self.dnsdomain = None self.realm = None @@ -139,7 +142,7 @@ class ProvisionResult(object): class Schema(object): def __init__(self, setup_path, schemadn=None, - serverdn=None): + serverdn=None, sambadn=None, ldap_backend_type=None): Load schema for the SamDB from the AD schema files and samba4_schema.ldif :param samdb: Load a schema into a SamDB. @@ -343,6 +346,10 @@ def provision_paths_from_lp(lp, dnsdomain): fedorads.inf) paths.fedoradspartitions = os.path.join(paths.ldapdir, fedorads-partitions.ldif) +paths.fedoradssasl = os.path.join(paths.ldapdir, + fedorads-sasl.ldif) +paths.fedoradssamba = os.path.join(paths.ldapdir, +fedorads-samba.ldif) paths.olmmrserveridsconf = os.path.join(paths.ldapdir, mmr_serverids.conf) paths.olmmrsyncreplconf = os.path.join(paths.ldapdir, @@ -369,7 +376,7 @@ def provision_paths_from_lp(lp, dnsdomain): def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None, rootdn=None, domaindn=None, configdn=None, -schemadn=None, serverdn=None, sitename=None): +schemadn=None, serverdn=None, sitename=None, sambadn=None): Guess configuration settings to use. if hostname is None: @@ -421,6 +428,8 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, configdn = CN=Configuration, + rootdn if schemadn is None: schemadn = CN=Schema, + configdn +if sambadn is None: +sambadn = CN=Samba if sitename is None:
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-129-g3adbbae
The branch, master has been updated via 3adbbaee3b613725516a8855d8cd460db56ecf1a (commit) via 0807251154344f93f5aaf6838f62945056b24693 (commit) via 3671c9e99179b22b42acb61bfa751ab93714fdd2 (commit) via 7c5ce719ebb5b0247e479b3293acb4c56402fa57 (commit) from b1dabb11333a715b0e23e91eecaf29933ea383a7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3adbbaee3b613725516a8855d8cd460db56ecf1a Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 12:09:01 2009 +1000 s4: regenerate drsuapi IDL commit 0807251154344f93f5aaf6838f62945056b24693 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 12:08:15 2009 +1000 s4/schema: teach the schema_syntax code how to encode/decode more attributes We were trying to encode strings like 'top' as integers, without first looking them up in our schema. We need special handling for all the attributes that contain attributeID_id or governsID_id fields that should be translated first before encoding. commit 3671c9e99179b22b42acb61bfa751ab93714fdd2 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 12:06:20 2009 +1000 s4/schema: don't crash if we don't have subClassOf commit 7c5ce719ebb5b0247e479b3293acb4c56402fa57 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 12:05:50 2009 +1000 s4/drsuapi: tech the IDL about some more key attribute names --- Summary of changes: librpc/gen_ndr/drsuapi.h | 16 + librpc/gen_ndr/ndr_drsuapi.c |8 +++ librpc/idl/drsuapi.idl |8 +++ source4/dsdb/schema/schema_inferiors.c |9 ++- source4/dsdb/schema/schema_syntax.c| 104 5 files changed, 143 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/drsuapi.h b/librpc/gen_ndr/drsuapi.h index fc1da82..b4888a0 100644 --- a/librpc/gen_ndr/drsuapi.h +++ b/librpc/gen_ndr/drsuapi.h @@ -294,8 +294,12 @@ enum drsuapi_DsAttributeId DRSUAPI_ATTRIBUTE_member=0x001f, DRSUAPI_ATTRIBUTE_instanceType=0x00020001, DRSUAPI_ATTRIBUTE_whenCreated=0x00020002, + DRSUAPI_ATTRIBUTE_possSuperiors=0x00020008, DRSUAPI_ATTRIBUTE_hasMasterNCs=0x0002000e, + DRSUAPI_ATTRIBUTE_subClassOf=0x00020015, DRSUAPI_ATTRIBUTE_governsID=0x00020016, + DRSUAPI_ATTRIBUTE_mustContain=0x00020018, + DRSUAPI_ATTRIBUTE_mayContain=0x00020019, DRSUAPI_ATTRIBUTE_attributeID=0x0002001e, DRSUAPI_ATTRIBUTE_attributeSyntax=0x00020020, DRSUAPI_ATTRIBUTE_isSingleValued=0x00020021, @@ -310,6 +314,7 @@ enum drsuapi_DsAttributeId DRSUAPI_ATTRIBUTE_oMSyntax=0x000200e7, DRSUAPI_ATTRIBUTE_ntSecurityDescriptor=0x00020119, DRSUAPI_ATTRIBUTE_searchFlags=0x0002014e, + DRSUAPI_ATTRIBUTE_auxiliaryClass=0x0002015f, DRSUAPI_ATTRIBUTE_lDAPDisplayName=0x000201cc, DRSUAPI_ATTRIBUTE_name=0x00090001, DRSUAPI_ATTRIBUTE_userAccountControl=0x00090008, @@ -330,6 +335,9 @@ enum drsuapi_DsAttributeId DRSUAPI_ATTRIBUTE_trustAuthIncoming=0x00090081, DRSUAPI_ATTRIBUTE_trustAuthOutgoing=0x00090087, DRSUAPI_ATTRIBUTE_lmPwdHistory=0x000900a0, + DRSUAPI_ATTRIBUTE_systemPossSuperiors=0x000900c3, + DRSUAPI_ATTRIBUTE_systemMayContain=0x000900c4, + DRSUAPI_ATTRIBUTE_systemMustContain=0x000900c5, DRSUAPI_ATTRIBUTE_sAMAccountName=0x000900dd, DRSUAPI_ATTRIBUTE_sAMAccountType=0x0009012e, DRSUAPI_ATTRIBUTE_fSMORoleOwner=0x00090171, @@ -358,8 +366,12 @@ enum drsuapi_DsAttributeId #define DRSUAPI_ATTRIBUTE_member ( 0x001f ) #define DRSUAPI_ATTRIBUTE_instanceType ( 0x00020001 ) #define DRSUAPI_ATTRIBUTE_whenCreated ( 0x00020002 ) +#define DRSUAPI_ATTRIBUTE_possSuperiors ( 0x00020008 ) #define DRSUAPI_ATTRIBUTE_hasMasterNCs ( 0x0002000e ) +#define DRSUAPI_ATTRIBUTE_subClassOf ( 0x00020015 ) #define DRSUAPI_ATTRIBUTE_governsID ( 0x00020016 ) +#define DRSUAPI_ATTRIBUTE_mustContain ( 0x00020018 ) +#define DRSUAPI_ATTRIBUTE_mayContain ( 0x00020019 ) #define DRSUAPI_ATTRIBUTE_attributeID ( 0x0002001e ) #define DRSUAPI_ATTRIBUTE_attributeSyntax ( 0x00020020 ) #define DRSUAPI_ATTRIBUTE_isSingleValued ( 0x00020021 ) @@ -374,6 +386,7 @@ enum drsuapi_DsAttributeId #define DRSUAPI_ATTRIBUTE_oMSyntax ( 0x000200e7 ) #define DRSUAPI_ATTRIBUTE_ntSecurityDescriptor ( 0x00020119 ) #define DRSUAPI_ATTRIBUTE_searchFlags ( 0x0002014e ) +#define DRSUAPI_ATTRIBUTE_auxiliaryClass ( 0x0002015f ) #define DRSUAPI_ATTRIBUTE_lDAPDisplayName ( 0x000201cc ) #define DRSUAPI_ATTRIBUTE_name ( 0x00090001 ) #define DRSUAPI_ATTRIBUTE_userAccountControl ( 0x00090008 ) @@ -394,6 +407,9 @@ enum drsuapi_DsAttributeId #define DRSUAPI_ATTRIBUTE_trustAuthIncoming ( 0x00090081 ) #define
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-130-ga11bb14
The branch, master has been updated via a11bb148f7cdef7ec58ca79393938e7085f5b540 (commit) from 3adbbaee3b613725516a8855d8cd460db56ecf1a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a11bb148f7cdef7ec58ca79393938e7085f5b540 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 12:14:53 2009 +1000 s4/torture: don't mix declarations and code --- Summary of changes: source4/torture/raw/oplock.c | 44 +- 1 files changed, 22 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c index d512cb3..1eaa7e2 100644 --- a/source4/torture/raw/oplock.c +++ b/source4/torture/raw/oplock.c @@ -2880,6 +2880,28 @@ static bool test_raw_oplock_stream1(struct torture_context *tctx, NTCREATEX_FLAGS_REQUEST_BATCH_OPLOCK | NTCREATEX_FLAGS_EXTENDED; uint32_t exclusive_req = NTCREATEX_FLAGS_REQUEST_OPLOCK | NTCREATEX_FLAGS_EXTENDED; + /* Try some permutations of taking oplocks on streams. */ +#define NSTREAM_OPLOCK_RESULTS 8 + struct { + const char *fname; + bool open_base_file; + uint32_t oplock_req; + uint32_t oplock_granted; + } stream_oplock_results[NSTREAM_OPLOCK_RESULTS] = { + /* Request oplock on stream without the base file open. */ + {fname_stream, false, batch_req, NO_OPLOCK_RETURN}, + {fname_default_stream, false, batch_req, NO_OPLOCK_RETURN}, + {fname_stream, false, exclusive_req, EXCLUSIVE_OPLOCK_RETURN}, + {fname_default_stream, false, exclusive_req, EXCLUSIVE_OPLOCK_RETURN}, + + /* Request oplock on stream with the base file open. */ + {fname_stream, true, batch_req, NO_OPLOCK_RETURN}, + {fname_default_stream, true, batch_req, NO_OPLOCK_RETURN}, + {fname_stream, true, exclusive_req, EXCLUSIVE_OPLOCK_RETURN}, + {fname_default_stream, true, exclusive_req, LEVEL_II_OPLOCK_RETURN}, + + }; + /* Only passes against windows at the moment. */ if (torture_setting_bool(tctx, samba3, false) || @@ -2923,28 +2945,6 @@ static bool test_raw_oplock_stream1(struct torture_context *tctx, /* Change the disposition to open now that the file has been created. */ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; - /* Try some permutations of taking oplocks on streams. */ -#define NSTREAM_OPLOCK_RESULTS 8 - struct { - const char *fname; - bool open_base_file; - uint32_t oplock_req; - uint32_t oplock_granted; - } stream_oplock_results[NSTREAM_OPLOCK_RESULTS] = { - /* Request oplock on stream without the base file open. */ - {fname_stream, false, batch_req, NO_OPLOCK_RETURN}, - {fname_default_stream, false, batch_req, NO_OPLOCK_RETURN}, - {fname_stream, false, exclusive_req, EXCLUSIVE_OPLOCK_RETURN}, - {fname_default_stream, false, exclusive_req, EXCLUSIVE_OPLOCK_RETURN}, - - /* Request oplock on stream with the base file open. */ - {fname_stream, true, batch_req, NO_OPLOCK_RETURN}, - {fname_default_stream, true, batch_req, NO_OPLOCK_RETURN}, - {fname_stream, true, exclusive_req, EXCLUSIVE_OPLOCK_RETURN}, - {fname_default_stream, true, exclusive_req, LEVEL_II_OPLOCK_RETURN}, - - }; - for (i = 0; i NSTREAM_OPLOCK_RESULTS; i++) { const char *fname = stream_oplock_results[i].fname; bool open_base_file = stream_oplock_results[i].open_base_file; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-131-g22c4ffa
The branch, master has been updated via 22c4ffa398a4c4855f79c36e75fdf467cdd47184 (commit) from a11bb148f7cdef7ec58ca79393938e7085f5b540 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 22c4ffa398a4c4855f79c36e75fdf467cdd47184 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 10 12:25:25 2009 +1000 s4:provision Don't reference provision_backend when using LDB This broke in Endi's patch for Fedora DS support Andrew Bartlett --- Summary of changes: source4/scripting/python/samba/provision.py |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index e12d639..dafccb3 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1093,6 +1093,7 @@ def provision(setup_dir, message, session_info, schema = Schema(setup_path, schemadn=names.schemadn, serverdn=names.serverdn, sambadn=names.sambadn, ldap_backend_type=ldap_backend_type) +secrets_credentials = credentials provision_backend = None if ldap_backend_type: # We only support an LDAP backend over ldapi:// @@ -1112,6 +1113,7 @@ def provision(setup_dir, message, session_info, # Now use the backend credentials to access the databases credentials = provision_backend.credentials +secrets_credentials = provision_backend.adminCredentials # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): @@ -1124,7 +1126,7 @@ def provision(setup_dir, message, session_info, message(Setting up secrets.ldb) secrets_ldb = setup_secretsdb(paths.secrets, setup_path, session_info=session_info, - credentials=provision_backend.adminCredentials, lp=lp) + credentials=secrets_credentials, lp=lp) message(Setting up the registry) setup_registry(paths.hklm, setup_path, session_info, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-132-gc0efa51
The branch, master has been updated via c0efa5192956cfa7b53da54851409ec5cac07b8d (commit) from 22c4ffa398a4c4855f79c36e75fdf467cdd47184 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c0efa5192956cfa7b53da54851409ec5cac07b8d Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 12:42:57 2009 +1000 s4/provision: another fix for breakage from b1dabb1133 --- Summary of changes: source4/scripting/python/samba/provision.py | 14 -- 1 files changed, 8 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index dafccb3..ca38a85 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1114,6 +1114,7 @@ def provision(setup_dir, message, session_info, # Now use the backend credentials to access the databases credentials = provision_backend.credentials secrets_credentials = provision_backend.adminCredentials +ldapi_url = provision_backend.ldapi_uri # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): @@ -1219,17 +1220,18 @@ def provision(setup_dir, message, session_info, message(A Kerberos configuration suitable for Samba 4 has been generated at %s % paths.krb5conf) -ldapi_db = Ldb(provision_backend.ldapi_uri, lp=lp, credentials=credentials) +if provision_backend is not None: + ldapi_db = Ldb(provision_backend.ldapi_uri, lp=lp, credentials=credentials) -# delete default SASL mappings -res = ldapi_db.search(expression=(!(cn=samba-admin mapping)), base=cn=mapping,cn=sasl,cn=config, scope=SCOPE_ONELEVEL, attrs=[dn]) + # delete default SASL mappings + res = ldapi_db.search(expression=(!(cn=samba-admin mapping)), base=cn=mapping,cn=sasl,cn=config, scope=SCOPE_ONELEVEL, attrs=[dn]) -for i in range (0, len(res)): + for i in range (0, len(res)): dn = str(res[i][dn]) ldapi_db.delete(dn) -# configure aci -if ldap_backend_type == fedora-ds: +# configure aci + if ldap_backend_type == fedora-ds: aci = (targetattr = *) (version 3.0;acl full access to all by samba-admin;allow (all)(userdn = ldap:///CN=samba-admin,%s;);) % names.sambadn -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-134-g0c03232
The branch, master has been updated via 0c0323225948c33152357bf4202f17fc53aeccf4 (commit) via 78a5a5e665022c6625b18e2e99090f26e4edd2e9 (commit) from c0efa5192956cfa7b53da54851409ec5cac07b8d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0c0323225948c33152357bf4202f17fc53aeccf4 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 13:51:08 2009 +1000 s4/drs: correctly fill in the GUID of DRS objects commit 78a5a5e665022c6625b18e2e99090f26e4edd2e9 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 13:50:46 2009 +1000 s4: fix spelling --- Summary of changes: source4/rpc_server/drsuapi/getncchanges.c |2 +- source4/rpc_server/drsuapi/updaterefs.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 6e65e31..17bc3ca 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -86,7 +86,7 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem obj-object.identifier = talloc(obj, struct drsuapi_DsReplicaObjectIdentifier); obj_dn = ldb_msg_find_attr_as_dn(sam_ctx, obj, msg, distinguishedName); obj-object.identifier-dn = ldb_dn_get_linearized(obj_dn); - obj-object.identifier-guid = GUID_zero(); + obj-object.identifier-guid = samdb_result_guid(msg, objectGUID); ZERO_STRUCT(obj-object.identifier-sid); obj-object.attribute_ctr.num_attributes = obj-meta_data_ctr-count; diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index 2090dd5..a7712de 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -234,7 +234,7 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA } req = r-in.req.req1; - DEBUG(4,(DrReplicUpdateRefs for host '%s' with GUID %s options 0x%08x nc=%s\n, + DEBUG(4,(DsReplicaUpdateRefs for host '%s' with GUID %s options 0x%08x nc=%s\n, req-dest_dsa_dns_name, GUID_string(mem_ctx, req-dest_dsa_guid), req-options, drs_ObjectIdentifier_to_string(mem_ctx, req-naming_context))); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-135-g689a9b8
The branch, master has been updated via 689a9b88f9870687cd821a77184b95e16aa41ca9 (commit) from 0c0323225948c33152357bf4202f17fc53aeccf4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 689a9b88f9870687cd821a77184b95e16aa41ca9 Author: John H Terpstra j...@samba.org Date: Wed Sep 9 23:12:27 2009 -0500 OPC oota edits --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml index 8659437..b3879c4 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml @@ -253,7 +253,7 @@ Samba-3 introduces a number of new password backend capabilities. indextermprimaryconverted/primary/indexterm Many people ask why Samba cannot simply use the UNIX password database. Windows requires passwords that are encrypted in its own format. The UNIX passwords can't be converted to - UNIX-style encrypted passwords. Because of that, you can't use the standard UNIX user + Windows-style encrypted passwords. Because of that, you can't use the standard UNIX user database, and you have to store the LanMan and NT hashes somewhere else. /para @@ -369,7 +369,7 @@ Samba-3 introduces a number of new password backend capabilities. para indextermprimarySMB/CIFS/primary/indexterm indextermprimaryauthentication/primary/indexterm -indextermprimarychallenge/response mechanis/primary/indexterm +indextermprimarychallenge/response mechanism/primary/indexterm indextermprimaryclear-text/primary/indexterm indextermprimaryencrypted/primary/indexterm indextermprimarynegotiate/primary/indexterm @@ -845,7 +845,7 @@ attempts. Some people are confused when reference is made to literalsmbpasswd/literal because the name refers to a storage mechanism for SambaSAMAccount information, but it is also the name of a utility tool. That tool is destined to eventually be replaced by new functionality that -is being added to the commandnet/command toolset (see link linkend=NetCommandthe Net Command/link. +is being added to the commandnet/command toolset (see link linkend=NetCommandthe Net Command/link). /para sect2 @@ -861,7 +861,7 @@ is being added to the commandnet/command toolset (see link linkend=NetComm and commandyppasswd/command programs. It maintains the two 32 byte password fields in the passdb backend. This utility operates independently of the actual account and password storage methods used (as specified by the parameterpassdb - backend/parameter in the smb.conf; file. + backend/parameter in the smb.conf; file). /para para @@ -1228,7 +1228,7 @@ marvel$:1011:BF709959C3C94E0B3958B7B84A3BB6F3: listitemparaLogin ID./para/listitem listitemparaUNIX UID./para/listitem listitem - paraMicrosoft LanManager password hash (password converted to upper-case then hashed./para + paraMicrosoft LanManager password hash (password converted to upper-case then hashed)./para /listitem listitemparaMicrosoft NT password hash (hash of the case-preserved password)./para/listitem listitemparaSamba SAM Account Flags./para/listitem @@ -2655,7 +2655,7 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7 paraquoteI've installed Samba, but now I can't log on with my UNIX account! /quote/para paraMake sure your user has been added to the current Samba smbconfoption name=passdb backend/. - Read the link linkend=acctmgmttoolsAccount Management Tools,/link for details./para + Read the link linkend=acctmgmttoolsAccount Management Tools/link for details./para /sect2 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-136-ga08d173
The branch, master has been updated via a08d17342d0affa3769875ad87dadbb1f4161a06 (commit) from 689a9b88f9870687cd821a77184b95e16aa41ca9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a08d17342d0affa3769875ad87dadbb1f4161a06 Author: Andrew Tridgell tri...@samba.org Date: Thu Sep 10 14:27:47 2009 +1000 s4/drs: changed the UpdateRefs server to use the dn instead of the GUID Our vampire code sends a zero GUID in the updaterefs calls. Windows seems to ignore the GUID and use the DN in the naming context instead, so I have changed our UpdateRefs server implementation to do the same. With this change we can now vampire from s4-s4 successfully! Now to see if all the attributes came across correctly. --- Summary of changes: source4/rpc_server/drsuapi/updaterefs.c | 45 -- 1 files changed, 18 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index a7712de..92027ba 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -38,23 +38,15 @@ struct repsTo { /* load the repsTo structure for a given partition GUID */ -static WERROR uref_loadreps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct GUID *guid, +static WERROR uref_loadreps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct repsTo *reps) { - struct ldb_dn *dn; const char *attrs[] = { repsTo, NULL }; struct ldb_result *res; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); int i; struct ldb_message_element *el; - if (dsdb_find_dn_by_guid(sam_ctx, tmp_ctx, GUID_string(tmp_ctx, guid), dn) != LDB_SUCCESS) { - DEBUG(0,(drsuapi_addref: failed to find partition with GUID %s\n, -GUID_string(tmp_ctx, guid))); - talloc_free(tmp_ctx); - return WERR_DS_DRA_BAD_NC; - } - /* TODO: possibly check in the rootDSE to see that this DN is * one of our partition roots */ @@ -99,22 +91,14 @@ static WERROR uref_loadreps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, st /* save the repsTo structure for a given partition GUID */ -static WERROR uref_savereps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct GUID *guid, +static WERROR uref_savereps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, struct repsTo *reps) { - struct ldb_dn *dn; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); struct ldb_message *msg; struct ldb_message_element *el; int i; - if (dsdb_find_dn_by_guid(sam_ctx, tmp_ctx, GUID_string(tmp_ctx, guid), dn) != LDB_SUCCESS) { - DEBUG(0,(drsuapi_addref: failed to find partition with GUID %s\n, -GUID_string(tmp_ctx, guid))); - talloc_free(tmp_ctx); - return WERR_DS_DRA_BAD_NC; - } - msg = ldb_msg_new(tmp_ctx); msg-dn = dn; if (ldb_msg_add_empty(msg, repsTo, LDB_FLAG_MOD_REPLACE, el) != LDB_SUCCESS) { @@ -159,12 +143,12 @@ failed: add a replication destination for a given partition GUID */ static WERROR uref_add_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, - struct GUID *guid, struct repsFromTo1 *dest) + struct ldb_dn *dn, struct repsFromTo1 *dest) { struct repsTo reps; WERROR werr; - werr = uref_loadreps(sam_ctx, mem_ctx, guid, reps); + werr = uref_loadreps(sam_ctx, mem_ctx, dn, reps); if (!W_ERROR_IS_OK(werr)) { return werr; } @@ -178,7 +162,7 @@ static WERROR uref_add_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, reps.r[reps.count].ctr.ctr1 = *dest; reps.count++; - werr = uref_savereps(sam_ctx, mem_ctx, guid, reps); + werr = uref_savereps(sam_ctx, mem_ctx, dn, reps); if (!W_ERROR_IS_OK(werr)) { return werr; } @@ -190,13 +174,13 @@ static WERROR uref_add_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, delete a replication destination for a given partition GUID */ static WERROR uref_del_dest(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, - struct GUID *guid, struct GUID *dest_guid) + struct ldb_dn *dn, struct GUID *dest_guid) { struct repsTo reps; WERROR werr; int i; - werr = uref_loadreps(sam_ctx, mem_ctx, guid, reps); + werr = uref_loadreps(sam_ctx, mem_ctx, dn, reps); if (!W_ERROR_IS_OK(werr)) { return werr;
[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-137-g5283ad1
The branch, master has been updated via 5283ad11bdd87daf2e9ed6d4644bfb1d8c978b04 (commit) from a08d17342d0affa3769875ad87dadbb1f4161a06 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5283ad11bdd87daf2e9ed6d4644bfb1d8c978b04 Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 10 15:50:32 2009 +1000 libcli:drsuapi Add function to encrypt data for transport over DRSUAPI This is for the server side of the GetNCChanges call. Andrew Bartlett --- Summary of changes: libcli/drsuapi/repl_decrypt.c | 102 + 1 files changed, 102 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c index 9d7c1b6..33dfbe5 100644 --- a/libcli/drsuapi/repl_decrypt.c +++ b/libcli/drsuapi/repl_decrypt.c @@ -3,6 +3,7 @@ Helper functions for applying replicated objects Copyright (C) Stefan Metzmacher me...@samba.org 2007 + Copyright (C) Andrew Bartlett abart...@samba.org 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -186,3 +187,104 @@ WERROR drsuapi_decrypt_attribute(TALLOC_CTX *mem_ctx, return WERR_OK; } + +WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, + const DATA_BLOB *gensec_skey, + bool rid_crypt, + uint32_t rid, + DATA_BLOB *in, + DATA_BLOB *out) +{ + DATA_BLOB rid_crypt_out = data_blob(NULL, 0); + DATA_BLOB confounder; + + struct MD5Context md5; + uint8_t _enc_key[16]; + DATA_BLOB enc_key; + + DATA_BLOB enc_buffer; + + uint32_t crc32_calc; + + /* +* users with rid == 0 should not exist +*/ + if (rid_crypt rid == 0) { + return WERR_DS_DRA_INVALID_PARAMETER; + } + + /* +* The following rid_crypt obfuscation isn't session specific +* and not really needed here, because we allways know the rid of the +* user account. +* +* some attributes with this 'additional encryption' include +* dBCSPwd, unicodePwd, ntPwdHistory, lmPwdHistory +* +* But for the rest of samba it's easier when we remove this static +* obfuscation here +*/ + if (rid_crypt) { + uint32_t i, num_hashes; + rid_crypt_out = data_blob_talloc(mem_ctx, in-data, in-length); + W_ERROR_HAVE_NO_MEMORY(rid_crypt_out.data); + + if ((rid_crypt_out.length % 16) != 0) { + return WERR_DS_DRA_INVALID_PARAMETER; + } + + num_hashes = rid_crypt_out.length / 16; + for (i = 0; i num_hashes; i++) { + uint32_t offset = i * 16; + sam_rid_crypt(rid, in-data + offset, rid_crypt_out.data + offset, 1); + } + in = rid_crypt_out; + } + + /* +* the first 16 bytes at the beginning are the confounder +* followed by the 4 byte crc32 checksum +*/ + + enc_buffer = data_blob_talloc(mem_ctx, NULL, in-length+20); + if (!enc_buffer.data) { + talloc_free(rid_crypt_out.data); + return WERR_NOMEM; + }; + + confounder = data_blob_const(enc_buffer.data, 16); + generate_random_buffer(confounder.data, confounder.length); + + /* +* build the encryption key md5 over the session key followed +* by the confounder +* +* here the gensec session key is used and +* not the dcerpc ncacn_ip_tcp SystemLibraryDTC key! +*/ + enc_key = data_blob_const(_enc_key, sizeof(_enc_key)); + MD5Init(md5); + MD5Update(md5, gensec_skey-data, gensec_skey-length); + MD5Update(md5, confounder.data, confounder.length); + MD5Final(enc_key.data, md5); + + /* +* the first 4 byte are the crc32 checksum +* of the remaining bytes +*/ + crc32_calc = crc32_calc_buffer(in-data, in-length); + SIVAL(enc_buffer.data, 4, crc32_calc); + + /* +* copy the plain buffer part and +* encrypt it using the created encryption key using arcfour +*/ + memcpy(enc_buffer.data+20, in-data, in-length); + talloc_free(rid_crypt_out.data); + + arcfour_crypt_blob(enc_buffer.data+20, enc_buffer.length-20, enc_key); + + *out = enc_buffer; + return WERR_OK; +} + -- Samba Shared Repository